1 /* $NetBSD: ns_name.c,v 1.9 2012/03/13 21:13:39 christos Exp $ */ 2 3 /* 4 * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") 5 * Copyright (c) 1996,1999 by Internet Software Consortium. 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT 17 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #ifndef lint 21 static const char rcsid[] = "$Id: ns_name.c,v 1.11 2009/01/23 19:59:16 each Exp $"; 22 #endif 23 24 #include "port_before.h" 25 26 #include <sys/types.h> 27 28 #include <netinet/in.h> 29 #include <arpa/nameser.h> 30 31 #include <assert.h> 32 #include <errno.h> 33 #include <resolv.h> 34 #include <string.h> 35 #include <ctype.h> 36 #include <stdlib.h> 37 #include <limits.h> 38 39 #include "port_after.h" 40 41 #ifdef SPRINTF_CHAR 42 # define SPRINTF(x) ((int)strlen(sprintf/**/x)) 43 #else 44 # define SPRINTF(x) (sprintf x) 45 #endif 46 47 #define NS_TYPE_ELT 0x40 /*%< EDNS0 extended label type */ 48 #define DNS_LABELTYPE_BITSTRING 0x41 49 50 /* Data. */ 51 52 static const char digits[] = "0123456789"; 53 54 static const char digitvalue[256] = { 55 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*16*/ 56 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*32*/ 57 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*48*/ 58 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, -1, -1, -1, -1, -1, -1, /*64*/ 59 -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*80*/ 60 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*96*/ 61 -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*112*/ 62 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*128*/ 63 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 64 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 65 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 66 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 67 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 68 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 69 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 70 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*256*/ 71 }; 72 73 /* Forward. */ 74 75 static int special(int); 76 static int printable(int); 77 static int dn_find(const u_char *, const u_char *, 78 const u_char * const *, 79 const u_char * const *); 80 static int encode_bitsring(const char **, const char *, 81 unsigned char **, unsigned char **, 82 unsigned const char *); 83 static int labellen(const u_char *); 84 static int decode_bitstring(const unsigned char **, 85 char *, const char *); 86 87 /* Public. */ 88 89 /*% 90 * Convert an encoded domain name to printable ascii as per RFC1035. 91 92 * return: 93 *\li Number of bytes written to buffer, or -1 (with errno set) 94 * 95 * notes: 96 *\li The root is returned as "." 97 *\li All other domains are returned in non absolute form 98 */ 99 int 100 ns_name_ntop(const u_char *src, char *dst, size_t dstsiz) 101 { 102 const u_char *cp; 103 char *dn, *eom; 104 u_char c; 105 u_int n; 106 int l; 107 108 cp = src; 109 dn = dst; 110 eom = dst + dstsiz; 111 112 while ((n = *cp++) != 0) { 113 if ((n & NS_CMPRSFLGS) == NS_CMPRSFLGS) { 114 /* Some kind of compression pointer. */ 115 errno = EMSGSIZE; 116 return (-1); 117 } 118 if (dn != dst) { 119 if (dn >= eom) { 120 errno = EMSGSIZE; 121 return (-1); 122 } 123 *dn++ = '.'; 124 } 125 if ((l = labellen(cp - 1)) < 0) { 126 errno = EMSGSIZE; /*%< XXX */ 127 return (-1); 128 } 129 if (dn + l >= eom) { 130 errno = EMSGSIZE; 131 return (-1); 132 } 133 if ((n & NS_CMPRSFLGS) == NS_TYPE_ELT) { 134 int m; 135 136 if (n != DNS_LABELTYPE_BITSTRING) { 137 /* XXX: labellen should reject this case */ 138 errno = EINVAL; 139 return (-1); 140 } 141 if ((m = decode_bitstring(&cp, dn, eom)) < 0) 142 { 143 errno = EMSGSIZE; 144 return (-1); 145 } 146 dn += m; 147 continue; 148 } 149 for (; l > 0; l--) { 150 c = *cp++; 151 if (special(c)) { 152 if (dn + 1 >= eom) { 153 errno = EMSGSIZE; 154 return (-1); 155 } 156 *dn++ = '\\'; 157 *dn++ = (char)c; 158 } else if (!printable(c)) { 159 if (dn + 3 >= eom) { 160 errno = EMSGSIZE; 161 return (-1); 162 } 163 *dn++ = '\\'; 164 *dn++ = digits[c / 100]; 165 *dn++ = digits[(c % 100) / 10]; 166 *dn++ = digits[c % 10]; 167 } else { 168 if (dn >= eom) { 169 errno = EMSGSIZE; 170 return (-1); 171 } 172 *dn++ = (char)c; 173 } 174 } 175 } 176 if (dn == dst) { 177 if (dn >= eom) { 178 errno = EMSGSIZE; 179 return (-1); 180 } 181 *dn++ = '.'; 182 } 183 if (dn >= eom) { 184 errno = EMSGSIZE; 185 return (-1); 186 } 187 *dn++ = '\0'; 188 assert(INT_MIN <= (dn - dst) && (dn - dst) <= INT_MAX); 189 return (int)(dn - dst); 190 } 191 192 /*% 193 * Convert a ascii string into an encoded domain name as per RFC1035. 194 * 195 * return: 196 * 197 *\li -1 if it fails 198 *\li 1 if string was fully qualified 199 *\li 0 is string was not fully qualified 200 * 201 * notes: 202 *\li Enforces label and domain length limits. 203 */ 204 int 205 ns_name_pton(const char *src, u_char *dst, size_t dstsiz) { 206 return (ns_name_pton2(src, dst, dstsiz, NULL)); 207 } 208 209 /* 210 * ns_name_pton2(src, dst, dstsiz, *dstlen) 211 * Convert a ascii string into an encoded domain name as per RFC1035. 212 * return: 213 * -1 if it fails 214 * 1 if string was fully qualified 215 * 0 is string was not fully qualified 216 * side effects: 217 * fills in *dstlen (if non-NULL) 218 * notes: 219 * Enforces label and domain length limits. 220 */ 221 int 222 ns_name_pton2(const char *src, u_char *dst, size_t dstsiz, size_t *dstlen) { 223 u_char *label, *bp, *eom; 224 int c, n, escaped, e = 0; 225 char *cp; 226 227 escaped = 0; 228 bp = dst; 229 eom = dst + dstsiz; 230 label = bp++; 231 232 while ((c = *src++) != 0) { 233 if (escaped) { 234 if (c == '[') { /*%< start a bit string label */ 235 if ((cp = strchr(src, ']')) == NULL) { 236 errno = EINVAL; /*%< ??? */ 237 return (-1); 238 } 239 if ((e = encode_bitsring(&src, cp + 2, 240 &label, &bp, eom)) 241 != 0) { 242 errno = e; 243 return (-1); 244 } 245 escaped = 0; 246 label = bp++; 247 if ((c = *src++) == 0) 248 goto done; 249 else if (c != '.') { 250 errno = EINVAL; 251 return (-1); 252 } 253 continue; 254 } 255 else if ((cp = strchr(digits, c)) != NULL) { 256 n = (int)(cp - digits) * 100; 257 if ((c = *src++) == 0 || 258 (cp = strchr(digits, c)) == NULL) { 259 errno = EMSGSIZE; 260 return (-1); 261 } 262 n += (int)(cp - digits) * 10; 263 if ((c = *src++) == 0 || 264 (cp = strchr(digits, c)) == NULL) { 265 errno = EMSGSIZE; 266 return (-1); 267 } 268 n += (int)(cp - digits); 269 if (n > 255) { 270 errno = EMSGSIZE; 271 return (-1); 272 } 273 c = n; 274 } 275 escaped = 0; 276 } else if (c == '\\') { 277 escaped = 1; 278 continue; 279 } else if (c == '.') { 280 c = (int)(bp - label - 1); 281 if ((c & NS_CMPRSFLGS) != 0) { /*%< Label too big. */ 282 errno = EMSGSIZE; 283 return (-1); 284 } 285 if (label >= eom) { 286 errno = EMSGSIZE; 287 return (-1); 288 } 289 *label = c; 290 /* Fully qualified ? */ 291 if (*src == '\0') { 292 if (c != 0) { 293 if (bp >= eom) { 294 errno = EMSGSIZE; 295 return (-1); 296 } 297 *bp++ = '\0'; 298 } 299 if ((bp - dst) > MAXCDNAME) { 300 errno = EMSGSIZE; 301 return (-1); 302 } 303 if (dstlen != NULL) 304 *dstlen = (bp - dst); 305 return (1); 306 } 307 if (c == 0 || *src == '.') { 308 errno = EMSGSIZE; 309 return (-1); 310 } 311 label = bp++; 312 continue; 313 } 314 if (bp >= eom) { 315 errno = EMSGSIZE; 316 return (-1); 317 } 318 *bp++ = (u_char)c; 319 } 320 c = (int)(bp - label - 1); 321 if ((c & NS_CMPRSFLGS) != 0) { /*%< Label too big. */ 322 errno = EMSGSIZE; 323 return (-1); 324 } 325 done: 326 if (label >= eom) { 327 errno = EMSGSIZE; 328 return (-1); 329 } 330 *label = c; 331 if (c != 0) { 332 if (bp >= eom) { 333 errno = EMSGSIZE; 334 return (-1); 335 } 336 *bp++ = 0; 337 } 338 if ((bp - dst) > MAXCDNAME) { /*%< src too big */ 339 errno = EMSGSIZE; 340 return (-1); 341 } 342 if (dstlen != NULL) 343 *dstlen = (bp - dst); 344 return (0); 345 } 346 347 /*% 348 * Convert a network strings labels into all lowercase. 349 * 350 * return: 351 *\li Number of bytes written to buffer, or -1 (with errno set) 352 * 353 * notes: 354 *\li Enforces label and domain length limits. 355 */ 356 357 int 358 ns_name_ntol(const u_char *src, u_char *dst, size_t dstsiz) 359 { 360 const u_char *cp; 361 u_char *dn, *eom; 362 u_char c; 363 u_int n; 364 int l; 365 366 cp = src; 367 dn = dst; 368 eom = dst + dstsiz; 369 370 if (dn >= eom) { 371 errno = EMSGSIZE; 372 return (-1); 373 } 374 while ((n = *cp++) != 0) { 375 if ((n & NS_CMPRSFLGS) == NS_CMPRSFLGS) { 376 /* Some kind of compression pointer. */ 377 errno = EMSGSIZE; 378 return (-1); 379 } 380 *dn++ = n; 381 if ((l = labellen(cp - 1)) < 0) { 382 errno = EMSGSIZE; 383 return (-1); 384 } 385 if (dn + l >= eom) { 386 errno = EMSGSIZE; 387 return (-1); 388 } 389 for (; l > 0; l--) { 390 c = *cp++; 391 if (isascii(c) && isupper(c)) 392 *dn++ = tolower(c); 393 else 394 *dn++ = c; 395 } 396 } 397 *dn++ = '\0'; 398 assert(INT_MIN <= (dn - dst) && (dn - dst) <= INT_MAX); 399 return (int)(dn - dst); 400 } 401 402 /*% 403 * Unpack a domain name from a message, source may be compressed. 404 * 405 * return: 406 *\li -1 if it fails, or consumed octets if it succeeds. 407 */ 408 int 409 ns_name_unpack(const u_char *msg, const u_char *eom, const u_char *src, 410 u_char *dst, size_t dstsiz) 411 { 412 return (ns_name_unpack2(msg, eom, src, dst, dstsiz, NULL)); 413 } 414 415 /* 416 * ns_name_unpack2(msg, eom, src, dst, dstsiz, *dstlen) 417 * Unpack a domain name from a message, source may be compressed. 418 * return: 419 * -1 if it fails, or consumed octets if it succeeds. 420 * side effect: 421 * fills in *dstlen (if non-NULL). 422 */ 423 int 424 ns_name_unpack2(const u_char *msg, const u_char *eom, const u_char *src, 425 u_char *dst, size_t dstsiz, size_t *dstlen) 426 { 427 const u_char *srcp, *dstlim; 428 u_char *dstp; 429 int n, len, checked, l; 430 431 len = -1; 432 checked = 0; 433 dstp = dst; 434 srcp = src; 435 dstlim = dst + dstsiz; 436 if (srcp < msg || srcp >= eom) { 437 errno = EMSGSIZE; 438 return (-1); 439 } 440 /* Fetch next label in domain name. */ 441 while ((n = *srcp++) != 0) { 442 /* Check for indirection. */ 443 switch (n & NS_CMPRSFLGS) { 444 case 0: 445 case NS_TYPE_ELT: 446 /* Limit checks. */ 447 if ((l = labellen(srcp - 1)) < 0) { 448 errno = EMSGSIZE; 449 return (-1); 450 } 451 if (dstp + l + 1 >= dstlim || srcp + l >= eom) { 452 errno = EMSGSIZE; 453 return (-1); 454 } 455 checked += l + 1; 456 *dstp++ = n; 457 memcpy(dstp, srcp, (size_t)l); 458 dstp += l; 459 srcp += l; 460 break; 461 462 case NS_CMPRSFLGS: 463 if (srcp >= eom) { 464 errno = EMSGSIZE; 465 return (-1); 466 } 467 if (len < 0) { 468 assert(INT_MIN <= (srcp - src + 1) && (srcp - src + 1) <= INT_MAX); 469 len = (int)(srcp - src + 1); 470 } 471 srcp = msg + (((n & 0x3f) << 8) | (*srcp & 0xff)); 472 if (srcp < msg || srcp >= eom) { /*%< Out of range. */ 473 errno = EMSGSIZE; 474 return (-1); 475 } 476 checked += 2; 477 /* 478 * Check for loops in the compressed name; 479 * if we've looked at the whole message, 480 * there must be a loop. 481 */ 482 if (checked >= eom - msg) { 483 errno = EMSGSIZE; 484 return (-1); 485 } 486 break; 487 488 default: 489 errno = EMSGSIZE; 490 return (-1); /*%< flag error */ 491 } 492 } 493 *dstp++ = 0; 494 if (dstlen != NULL) 495 *dstlen = dstp - dst; 496 if (len < 0) { 497 assert(INT_MIN <= (srcp - src) && (srcp - src) <= INT_MAX); 498 len = (int)(srcp - src); 499 } 500 return len; 501 } 502 503 /*% 504 * Pack domain name 'domain' into 'comp_dn'. 505 * 506 * return: 507 *\li Size of the compressed name, or -1. 508 * 509 * notes: 510 *\li 'dnptrs' is an array of pointers to previous compressed names. 511 *\li dnptrs[0] is a pointer to the beginning of the message. The array 512 * ends with NULL. 513 *\li 'lastdnptr' is a pointer to the end of the array pointed to 514 * by 'dnptrs'. 515 * 516 * Side effects: 517 *\li The list of pointers in dnptrs is updated for labels inserted into 518 * the message as we compress the name. If 'dnptr' is NULL, we don't 519 * try to compress names. If 'lastdnptr' is NULL, we don't update the 520 * list. 521 */ 522 int 523 ns_name_pack(const u_char *src, u_char *dst, int dstsiz, 524 const u_char **dnptrs, const u_char **lastdnptr) 525 { 526 u_char *dstp; 527 const u_char **cpp, **lpp, *eob, *msg; 528 const u_char *srcp; 529 int n, l, first = 1; 530 531 srcp = src; 532 dstp = dst; 533 eob = dstp + dstsiz; 534 lpp = cpp = NULL; 535 if (dnptrs != NULL) { 536 if ((msg = *dnptrs++) != NULL) { 537 for (cpp = dnptrs; *cpp != NULL; cpp++) 538 continue; 539 lpp = cpp; /*%< end of list to search */ 540 } 541 } else 542 msg = NULL; 543 544 /* make sure the domain we are about to add is legal */ 545 l = 0; 546 do { 547 int l0; 548 549 n = *srcp; 550 if ((n & NS_CMPRSFLGS) == NS_CMPRSFLGS) { 551 errno = EMSGSIZE; 552 return (-1); 553 } 554 if ((l0 = labellen(srcp)) < 0) { 555 errno = EINVAL; 556 return (-1); 557 } 558 l += l0 + 1; 559 if (l > MAXCDNAME) { 560 errno = EMSGSIZE; 561 return (-1); 562 } 563 srcp += l0 + 1; 564 } while (n != 0); 565 566 /* from here on we need to reset compression pointer array on error */ 567 srcp = src; 568 do { 569 /* Look to see if we can use pointers. */ 570 n = *srcp; 571 if (n != 0 && msg != NULL) { 572 l = dn_find(srcp, msg, (const u_char * const *)dnptrs, 573 (const u_char * const *)lpp); 574 if (l >= 0) { 575 if (dstp + 1 >= eob) { 576 goto cleanup; 577 } 578 *dstp++ = ((u_int32_t)l >> 8) | NS_CMPRSFLGS; 579 *dstp++ = l % 256; 580 assert(INT_MIN <= (dstp - dst) && (dstp - dst) <= INT_MAX); 581 return (int)(dstp - dst); 582 } 583 /* Not found, save it. */ 584 if (lastdnptr != NULL && cpp < lastdnptr - 1 && 585 (dstp - msg) < 0x4000 && first) { 586 *cpp++ = dstp; 587 *cpp = NULL; 588 first = 0; 589 } 590 } 591 /* copy label to buffer */ 592 if ((n & NS_CMPRSFLGS) == NS_CMPRSFLGS) { 593 /* Should not happen. */ 594 goto cleanup; 595 } 596 n = labellen(srcp); 597 if (dstp + 1 + n >= eob) { 598 goto cleanup; 599 } 600 memcpy(dstp, srcp, (size_t)n + 1); 601 srcp += n + 1; 602 dstp += n + 1; 603 } while (n != 0); 604 605 if (dstp > eob) { 606 cleanup: 607 if (msg != NULL) 608 *lpp = NULL; 609 errno = EMSGSIZE; 610 return (-1); 611 } 612 assert(INT_MIN <= (dstp - dst) && (dstp - dst) <= INT_MAX); 613 return (int)(dstp - dst); 614 } 615 616 /*% 617 * Expand compressed domain name to presentation format. 618 * 619 * return: 620 *\li Number of bytes read out of `src', or -1 (with errno set). 621 * 622 * note: 623 *\li Root domain returns as "." not "". 624 */ 625 int 626 ns_name_uncompress(const u_char *msg, const u_char *eom, const u_char *src, 627 char *dst, size_t dstsiz) 628 { 629 u_char tmp[NS_MAXCDNAME]; 630 int n; 631 632 if ((n = ns_name_unpack(msg, eom, src, tmp, sizeof tmp)) == -1) 633 return (-1); 634 if (ns_name_ntop(tmp, dst, dstsiz) == -1) 635 return (-1); 636 return (n); 637 } 638 639 /*% 640 * Compress a domain name into wire format, using compression pointers. 641 * 642 * return: 643 *\li Number of bytes consumed in `dst' or -1 (with errno set). 644 * 645 * notes: 646 *\li 'dnptrs' is an array of pointers to previous compressed names. 647 *\li dnptrs[0] is a pointer to the beginning of the message. 648 *\li The list ends with NULL. 'lastdnptr' is a pointer to the end of the 649 * array pointed to by 'dnptrs'. Side effect is to update the list of 650 * pointers for labels inserted into the message as we compress the name. 651 *\li If 'dnptr' is NULL, we don't try to compress names. If 'lastdnptr' 652 * is NULL, we don't update the list. 653 */ 654 int 655 ns_name_compress(const char *src, u_char *dst, size_t dstsiz, 656 const u_char **dnptrs, const u_char **lastdnptr) 657 { 658 u_char tmp[NS_MAXCDNAME]; 659 660 if (ns_name_pton(src, tmp, sizeof tmp) == -1) 661 return (-1); 662 return (ns_name_pack(tmp, dst, (int)dstsiz, dnptrs, lastdnptr)); 663 } 664 665 /*% 666 * Reset dnptrs so that there are no active references to pointers at or 667 * after src. 668 */ 669 void 670 ns_name_rollback(const u_char *src, const u_char **dnptrs, 671 const u_char **lastdnptr) 672 { 673 while (dnptrs < lastdnptr && *dnptrs != NULL) { 674 if (*dnptrs >= src) { 675 *dnptrs = NULL; 676 break; 677 } 678 dnptrs++; 679 } 680 } 681 682 /*% 683 * Advance *ptrptr to skip over the compressed name it points at. 684 * 685 * return: 686 *\li 0 on success, -1 (with errno set) on failure. 687 */ 688 int 689 ns_name_skip(const u_char **ptrptr, const u_char *eom) 690 { 691 const u_char *cp; 692 u_int n; 693 int l; 694 695 cp = *ptrptr; 696 while (cp < eom && (n = *cp++) != 0) { 697 /* Check for indirection. */ 698 switch (n & NS_CMPRSFLGS) { 699 case 0: /*%< normal case, n == len */ 700 cp += n; 701 continue; 702 case NS_TYPE_ELT: /*%< EDNS0 extended label */ 703 if ((l = labellen(cp - 1)) < 0) { 704 errno = EMSGSIZE; /*%< XXX */ 705 return (-1); 706 } 707 cp += l; 708 continue; 709 case NS_CMPRSFLGS: /*%< indirection */ 710 cp++; 711 break; 712 default: /*%< illegal type */ 713 errno = EMSGSIZE; 714 return (-1); 715 } 716 break; 717 } 718 if (cp > eom) { 719 errno = EMSGSIZE; 720 return (-1); 721 } 722 *ptrptr = cp; 723 return (0); 724 } 725 726 /* Find the number of octets an nname takes up, including the root label. 727 * (This is basically ns_name_skip() without compression-pointer support.) 728 * ((NOTE: can only return zero if passed-in namesiz argument is zero.)) 729 */ 730 ssize_t 731 ns_name_length(ns_nname_ct nname, size_t namesiz) { 732 ns_nname_ct orig = nname; 733 u_int n; 734 735 while (namesiz-- > 0 && (n = *nname++) != 0) { 736 if ((n & NS_CMPRSFLGS) != 0) { 737 errno = EISDIR; 738 return (-1); 739 } 740 if (n > namesiz) { 741 errno = EMSGSIZE; 742 return (-1); 743 } 744 nname += n; 745 namesiz -= n; 746 } 747 return (nname - orig); 748 } 749 750 /* Compare two nname's for equality. Return -1 on error (setting errno). 751 */ 752 int 753 ns_name_eq(ns_nname_ct a, size_t as, ns_nname_ct b, size_t bs) { 754 ns_nname_ct ae = a + as, be = b + bs; 755 int ac, bc; 756 757 while (ac = *a, bc = *b, ac != 0 && bc != 0) { 758 if ((ac & NS_CMPRSFLGS) != 0 || (bc & NS_CMPRSFLGS) != 0) { 759 errno = EISDIR; 760 return (-1); 761 } 762 if (a + ac >= ae || b + bc >= be) { 763 errno = EMSGSIZE; 764 return (-1); 765 } 766 if (ac != bc || strncasecmp((const char *) ++a, 767 (const char *) ++b, 768 (size_t)ac) != 0) 769 return (0); 770 a += ac, b += bc; 771 } 772 return (ac == 0 && bc == 0); 773 } 774 775 /* Is domain "A" owned by (at or below) domain "B"? 776 */ 777 int 778 ns_name_owned(ns_namemap_ct a, int an, ns_namemap_ct b, int bn) { 779 /* If A is shorter, it cannot be owned by B. */ 780 if (an < bn) 781 return (0); 782 783 /* If they are unequal before the length of the shorter, A cannot... */ 784 while (bn > 0) { 785 if (a->len != b->len || 786 strncasecmp((const char *) a->base, 787 (const char *) b->base, (size_t)a->len) != 0) 788 return (0); 789 a++, an--; 790 b++, bn--; 791 } 792 793 /* A might be longer or not, but either way, B owns it. */ 794 return (1); 795 } 796 797 /* Build an array of <base,len> tuples from an nname, top-down order. 798 * Return the number of tuples (labels) thus discovered. 799 */ 800 int 801 ns_name_map(ns_nname_ct nname, size_t namelen, ns_namemap_t map, int mapsize) { 802 u_int n; 803 int l; 804 805 n = *nname++; 806 namelen--; 807 808 /* Root zone? */ 809 if (n == 0) { 810 /* Extra data follows name? */ 811 if (namelen > 0) { 812 errno = EMSGSIZE; 813 return (-1); 814 } 815 return (0); 816 } 817 818 /* Compression pointer? */ 819 if ((n & NS_CMPRSFLGS) != 0) { 820 errno = EISDIR; 821 return (-1); 822 } 823 824 /* Label too long? */ 825 if (n > namelen) { 826 errno = EMSGSIZE; 827 return (-1); 828 } 829 830 /* Recurse to get rest of name done first. */ 831 l = ns_name_map(nname + n, namelen - n, map, mapsize); 832 if (l < 0) 833 return (-1); 834 835 /* Too many labels? */ 836 if (l >= mapsize) { 837 errno = ENAMETOOLONG; 838 return (-1); 839 } 840 841 /* We're on our way back up-stack, store current map data. */ 842 map[l].base = nname; 843 map[l].len = n; 844 return (l + 1); 845 } 846 847 /* Count the labels in a domain name. Root counts, so COM. has two. This 848 * is to make the result comparable to the result of ns_name_map(). 849 */ 850 int 851 ns_name_labels(ns_nname_ct nname, size_t namesiz) { 852 int ret = 0; 853 u_int n; 854 855 while (namesiz-- > 0 && (n = *nname++) != 0) { 856 if ((n & NS_CMPRSFLGS) != 0) { 857 errno = EISDIR; 858 return (-1); 859 } 860 if (n > namesiz) { 861 errno = EMSGSIZE; 862 return (-1); 863 } 864 nname += n; 865 namesiz -= n; 866 ret++; 867 } 868 return (ret + 1); 869 } 870 871 /* Private. */ 872 873 /*% 874 * Thinking in noninternationalized USASCII (per the DNS spec), 875 * is this characted special ("in need of quoting") ? 876 * 877 * return: 878 *\li boolean. 879 */ 880 static int 881 special(int ch) { 882 switch (ch) { 883 case 0x22: /*%< '"' */ 884 case 0x2E: /*%< '.' */ 885 case 0x3B: /*%< ';' */ 886 case 0x5C: /*%< '\\' */ 887 case 0x28: /*%< '(' */ 888 case 0x29: /*%< ')' */ 889 /* Special modifiers in zone files. */ 890 case 0x40: /*%< '@' */ 891 case 0x24: /*%< '$' */ 892 return (1); 893 default: 894 return (0); 895 } 896 } 897 898 /*% 899 * Thinking in noninternationalized USASCII (per the DNS spec), 900 * is this character visible and not a space when printed ? 901 * 902 * return: 903 *\li boolean. 904 */ 905 static int 906 printable(int ch) { 907 return (ch > 0x20 && ch < 0x7f); 908 } 909 910 /*% 911 * Thinking in noninternationalized USASCII (per the DNS spec), 912 * convert this character to lower case if it's upper case. 913 */ 914 static int 915 mklower(int ch) { 916 if (ch >= 0x41 && ch <= 0x5A) 917 return (ch + 0x20); 918 return (ch); 919 } 920 921 /*% 922 * Search for the counted-label name in an array of compressed names. 923 * 924 * return: 925 *\li offset from msg if found, or -1. 926 * 927 * notes: 928 *\li dnptrs is the pointer to the first name on the list, 929 *\li not the pointer to the start of the message. 930 */ 931 static int 932 dn_find(const u_char *domain, const u_char *msg, 933 const u_char * const *dnptrs, 934 const u_char * const *lastdnptr) 935 { 936 const u_char *dn, *cp, *sp; 937 const u_char * const *cpp; 938 u_int n; 939 940 for (cpp = dnptrs; cpp < lastdnptr; cpp++) { 941 sp = *cpp; 942 /* 943 * terminate search on: 944 * root label 945 * compression pointer 946 * unusable offset 947 */ 948 while (*sp != 0 && (*sp & NS_CMPRSFLGS) == 0 && 949 (sp - msg) < 0x4000) { 950 dn = domain; 951 cp = sp; 952 while ((n = *cp++) != 0) { 953 /* 954 * check for indirection 955 */ 956 switch (n & NS_CMPRSFLGS) { 957 case 0: /*%< normal case, n == len */ 958 n = labellen(cp - 1); /*%< XXX */ 959 if (n != *dn++) 960 goto next; 961 962 for (; n > 0; n--) 963 if (mklower(*dn++) != 964 mklower(*cp++)) 965 goto next; 966 /* Is next root for both ? */ 967 if (*dn == '\0' && *cp == '\0') { 968 assert(INT_MIN <= (sp - msg) && (sp - msg) <= INT_MAX); 969 return (int)(sp - msg); 970 } 971 if (*dn) 972 continue; 973 goto next; 974 case NS_CMPRSFLGS: /*%< indirection */ 975 cp = msg + (((n & 0x3f) << 8) | *cp); 976 break; 977 978 default: /*%< illegal type */ 979 errno = EMSGSIZE; 980 return (-1); 981 } 982 } 983 next: ; 984 sp += *sp + 1; 985 } 986 } 987 errno = ENOENT; 988 return (-1); 989 } 990 991 static int 992 decode_bitstring(const unsigned char **cpp, char *dn, const char *eom) 993 { 994 const unsigned char *cp = *cpp; 995 char *beg = dn, tc; 996 int b, blen, plen, i; 997 998 if ((blen = (*cp & 0xff)) == 0) 999 blen = 256; 1000 plen = (blen + 3) / 4; 1001 plen += (int)sizeof("\\[x/]") + (blen > 99 ? 3 : (blen > 9) ? 2 : 1); 1002 if (dn + plen >= eom) 1003 return (-1); 1004 1005 cp++; 1006 i = SPRINTF((dn, "\\[x")); 1007 if (i < 0) 1008 return (-1); 1009 dn += i; 1010 for (b = blen; b > 7; b -= 8, cp++) { 1011 i = SPRINTF((dn, "%02x", *cp & 0xff)); 1012 if (i < 0) 1013 return (-1); 1014 dn += i; 1015 } 1016 if (b > 4) { 1017 tc = *cp++; 1018 i = SPRINTF((dn, "%02x", tc & (0xff << (8 - b)))); 1019 if (i < 0) 1020 return (-1); 1021 dn += i; 1022 } else if (b > 0) { 1023 tc = *cp++; 1024 i = SPRINTF((dn, "%1x", 1025 (((u_int32_t)tc >> 4) & 0x0f) & (0x0f << (4 - b)))); 1026 if (i < 0) 1027 return (-1); 1028 dn += i; 1029 } 1030 i = SPRINTF((dn, "/%d]", blen)); 1031 if (i < 0) 1032 return (-1); 1033 dn += i; 1034 1035 *cpp = cp; 1036 assert(INT_MIN <= (dn - beg) && (dn - beg) <= INT_MAX); 1037 return (int)(dn - beg); 1038 } 1039 1040 static int 1041 encode_bitsring(const char **bp, const char *end, unsigned char **labelp, 1042 unsigned char ** dst, unsigned const char *eom) 1043 { 1044 int afterslash = 0; 1045 const char *cp = *bp; 1046 unsigned char *tp; 1047 char c; 1048 const char *beg_blen; 1049 char *end_blen = NULL; 1050 int value = 0, count = 0, tbcount = 0, blen = 0; 1051 1052 beg_blen = end_blen = NULL; 1053 1054 /* a bitstring must contain at least 2 characters */ 1055 if (end - cp < 2) 1056 return (EINVAL); 1057 1058 /* XXX: currently, only hex strings are supported */ 1059 if (*cp++ != 'x') 1060 return (EINVAL); 1061 if (!isxdigit((*cp) & 0xff)) /*%< reject '\[x/BLEN]' */ 1062 return (EINVAL); 1063 1064 for (tp = *dst + 1; cp < end && tp < eom; cp++) { 1065 switch((c = *cp)) { 1066 case ']': /*%< end of the bitstring */ 1067 if (afterslash) { 1068 if (beg_blen == NULL) 1069 return (EINVAL); 1070 blen = (int)strtol(beg_blen, &end_blen, 10); 1071 if (*end_blen != ']') 1072 return (EINVAL); 1073 } 1074 if (count) 1075 *tp++ = ((value << 4) & 0xff); 1076 cp++; /*%< skip ']' */ 1077 goto done; 1078 case '/': 1079 afterslash = 1; 1080 break; 1081 default: 1082 if (afterslash) { 1083 if (!isdigit(c&0xff)) 1084 return (EINVAL); 1085 if (beg_blen == NULL) { 1086 1087 if (c == '0') { 1088 /* blen never begings with 0 */ 1089 return (EINVAL); 1090 } 1091 beg_blen = cp; 1092 } 1093 } else { 1094 if (!isxdigit(c&0xff)) 1095 return (EINVAL); 1096 value <<= 4; 1097 value += digitvalue[(int)c]; 1098 count += 4; 1099 tbcount += 4; 1100 if (tbcount > 256) 1101 return (EINVAL); 1102 if (count == 8) { 1103 *tp++ = value; 1104 count = 0; 1105 } 1106 } 1107 break; 1108 } 1109 } 1110 done: 1111 if (cp >= end || tp >= eom) 1112 return (EMSGSIZE); 1113 1114 /* 1115 * bit length validation: 1116 * If a <length> is present, the number of digits in the <bit-data> 1117 * MUST be just sufficient to contain the number of bits specified 1118 * by the <length>. If there are insignificant bits in a final 1119 * hexadecimal or octal digit, they MUST be zero. 1120 * RFC2673, Section 3.2. 1121 */ 1122 if (blen > 0) { 1123 int traillen; 1124 1125 if (((blen + 3) & ~3) != tbcount) 1126 return (EINVAL); 1127 traillen = tbcount - blen; /*%< between 0 and 3 */ 1128 if (((value << (8 - traillen)) & 0xff) != 0) 1129 return (EINVAL); 1130 } 1131 else 1132 blen = tbcount; 1133 if (blen == 256) 1134 blen = 0; 1135 1136 /* encode the type and the significant bit fields */ 1137 **labelp = DNS_LABELTYPE_BITSTRING; 1138 **dst = blen; 1139 1140 *bp = cp; 1141 *dst = tp; 1142 1143 return (0); 1144 } 1145 1146 static int 1147 labellen(const u_char *lp) 1148 { 1149 int bitlen; 1150 u_char l = *lp; 1151 1152 if ((l & NS_CMPRSFLGS) == NS_CMPRSFLGS) { 1153 /* should be avoided by the caller */ 1154 return (-1); 1155 } 1156 1157 if ((l & NS_CMPRSFLGS) == NS_TYPE_ELT) { 1158 if (l == DNS_LABELTYPE_BITSTRING) { 1159 if ((bitlen = *(lp + 1)) == 0) 1160 bitlen = 256; 1161 return ((bitlen + 7 ) / 8 + 1); 1162 } 1163 return (-1); /*%< unknwon ELT */ 1164 } 1165 return (l); 1166 } 1167 1168 /*! \file */ 1169