Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate hostnames in DNS responses and discard from malicious servers #406

Merged
merged 2 commits into from
Jun 20, 2021
Merged

Validate hostnames in DNS responses and discard from malicious servers #406

merged 2 commits into from
Jun 20, 2021

Conversation

bradh352
Copy link
Member

DNS servers could intentionally return malformed DNS responses that could cause client-side issues (like XSS). Attempt to identify such responses and throw them away and return EBADRESP.

It is not clear if there are any legitimate use cases where a DNS response might return a non-validly formatted hostname.

@bradh352
To prevent possible users having XSS issues due to intentionally malf…
91f8786 
…ormed DNS replies, validate hostnames returned in responses and return EBADRESP if they are not valid.

It is not clear what legitimate issues this may cause at this point.
@bradh352
be more restrictive on character sets
087e2e7
@bradh352
Copy link
Member Author

@bagder any reservations about doing this?

@bradh352 bradh352 merged commit c9b6c60 into c-ares:master Jun 20, 2021
@Ayase-252 Ayase-252 mentioned this pull request Aug 17, 2021
Closed
@AdamMajer AdamMajer mentioned this pull request Sep 8, 2021
Closed
AdamMajer
AdamMajer reviewed Sep 8, 2021
View reviewed changes
src/lib/ares_expand_name.c
return 1;
if (ch >= '0' && ch <= '9')
return 1;
if (ch == '-' || ch == '.')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

. is not a valid character for hostnames

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

function name is misleading, its validating a full domain name response which can include .

@bradh352 bradh352 deleted the validate_hostname branch October 9, 2021 17:01
kylebevans added a commit to kylebevans/c-ares that referenced this pull request Nov 11, 2021
@kylebevans
406 - Validate hostnames in DNS responses
3179732 
Update the new cares parse ns, ptr, and soa to have the
is_hostname parameter passed to ares__expand_name_for_response.

This is to make sure the fix for issue c-ares#406 is applied.
@rb-cohen rb-cohen mentioned this pull request Mar 1, 2022
Closed
sergepetrenko pushed a commit to tarantool/c-ares that referenced this pull request Jul 29, 2022
@bradh352 @sergepetrenko
Validate hostnames in DNS responses and discard from malicious servers (
515e031 
c-ares#406)

To prevent possible users having XSS issues due to intentionally malformed DNS replies, validate hostnames returned in responses and return EBADRESP if they are not valid.

It is not clear what legitimate issues this may cause at this point.

Bug Reported By: philipp.jeitner@sit.fraunhofer.de
Fix By: Brad House (@bradh352)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AdamMajer AdamMajer AdamMajer left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bradh352 @AdamMajer