mirror of
https://github.com/anope/anope.git
synced 2026-07-02 05:46:38 +02:00
Check name validity after unpackname() to check for bad names in questins and ptr/cname rdata
This commit is contained in:
@@ -26,6 +26,11 @@ namespace
|
||||
*/
|
||||
class Packet : public Query
|
||||
{
|
||||
static bool IsValidName(const Anope::string &name)
|
||||
{
|
||||
return name.find_first_not_of("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.-") == Anope::string::npos;
|
||||
}
|
||||
|
||||
void PackName(unsigned char *output, unsigned short output_size, unsigned short &pos, const Anope::string &name)
|
||||
{
|
||||
if (pos + name.length() + 2 > output_size)
|
||||
@@ -116,6 +121,9 @@ class Packet : public Query
|
||||
if (pos + 4 > input_size)
|
||||
throw SocketException("Unable to unpack question");
|
||||
|
||||
if (!IsValidName(question.name))
|
||||
throw SocketException("Invalid question name");
|
||||
|
||||
question.type = static_cast<QueryType>(input[pos] << 8 | input[pos + 1]);
|
||||
pos += 2;
|
||||
|
||||
@@ -179,6 +187,10 @@ class Packet : public Query
|
||||
case QUERY_PTR:
|
||||
{
|
||||
record.rdata = this->UnpackName(input, input_size, pos);
|
||||
|
||||
if (!IsValidName(record.rdata))
|
||||
throw SocketException("Invalid cname/ptr record data");
|
||||
|
||||
break;
|
||||
}
|
||||
default:
|
||||
|
||||
Reference in New Issue
Block a user