1 /* $OpenBSD: res_comp.c,v 1.14 2008/04/16 22:35:23 deraadt Exp $ */ 2 3 /* 4 * ++Copyright++ 1985, 1993 5 * - 6 * Copyright (c) 1985, 1993 7 * The Regents of the University of California. All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * - 33 * Portions Copyright (c) 1993 by Digital Equipment Corporation. 34 * 35 * Permission to use, copy, modify, and distribute this software for any 36 * purpose with or without fee is hereby granted, provided that the above 37 * copyright notice and this permission notice appear in all copies, and that 38 * the name of Digital Equipment Corporation not be used in advertising or 39 * publicity pertaining to distribution of the document or software without 40 * specific, written prior permission. 41 * 42 * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL 43 * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES 44 * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT 45 * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 46 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 47 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS 48 * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS 49 * SOFTWARE. 50 * - 51 * --Copyright-- 52 */ 53 54 #include <sys/types.h> 55 #include <sys/param.h> 56 #include <netinet/in.h> 57 #include <arpa/nameser.h> 58 59 #include <stdio.h> 60 #include <resolv.h> 61 #include <ctype.h> 62 63 #include <unistd.h> 64 #include <string.h> 65 66 static int dn_find(u_char *, u_char *, u_char **, u_char **); 67 68 /* 69 * Expand compressed domain name 'comp_dn' to full domain name. 70 * 'msg' is a pointer to the begining of the message, 71 * 'eomorig' points to the first location after the message, 72 * 'exp_dn' is a pointer to a buffer of size 'length' for the result. 73 * Return size of compressed name or -1 if there was an error. 74 */ 75 int 76 dn_expand(const u_char *msg, const u_char *eomorig, const u_char *comp_dn, 77 char *exp_dn, int length) 78 { 79 const u_char *cp; 80 char *dn; 81 int n, c; 82 char *eom; 83 int len = -1, checked = 0; 84 85 dn = exp_dn; 86 cp = comp_dn; 87 if (length > MAXHOSTNAMELEN-1) 88 length = MAXHOSTNAMELEN-1; 89 eom = exp_dn + length; 90 /* 91 * fetch next label in domain name 92 */ 93 while ((n = *cp++)) { 94 /* 95 * Check for indirection 96 */ 97 switch (n & INDIR_MASK) { 98 case 0: 99 if (dn != exp_dn) { 100 if (dn >= eom) 101 return (-1); 102 *dn++ = '.'; 103 } 104 if (dn+n >= eom) 105 return (-1); 106 checked += n + 1; 107 while (--n >= 0) { 108 if (((c = *cp++) == '.') || (c == '\\')) { 109 if (dn + n + 2 >= eom) 110 return (-1); 111 *dn++ = '\\'; 112 } 113 *dn++ = c; 114 if (cp >= eomorig) /* out of range */ 115 return (-1); 116 } 117 break; 118 119 case INDIR_MASK: 120 if (len < 0) 121 len = cp - comp_dn + 1; 122 cp = msg + (((n & 0x3f) << 8) | (*cp & 0xff)); 123 if (cp < msg || cp >= eomorig) /* out of range */ 124 return (-1); 125 checked += 2; 126 /* 127 * Check for loops in the compressed name; 128 * if we've looked at the whole message, 129 * there must be a loop. 130 */ 131 if (checked >= eomorig - msg) 132 return (-1); 133 break; 134 135 default: 136 return (-1); /* flag error */ 137 } 138 } 139 *dn = '\0'; 140 if (len < 0) 141 len = cp - comp_dn; 142 return (len); 143 } 144 145 /* 146 * Compress domain name 'exp_dn' into 'comp_dn'. 147 * Return the size of the compressed name or -1. 148 * 'length' is the size of the array pointed to by 'comp_dn'. 149 * 'dnptrs' is a list of pointers to previous compressed names. dnptrs[0] 150 * is a pointer to the beginning of the message. The list ends with NULL. 151 * 'lastdnptr' is a pointer to the end of the arrary pointed to 152 * by 'dnptrs'. Side effect is to update the list of pointers for 153 * labels inserted into the message as we compress the name. 154 * If 'dnptr' is NULL, we don't try to compress names. If 'lastdnptr' 155 * is NULL, we don't update the list. 156 */ 157 int 158 dn_comp(const char *exp_dn, u_char *comp_dn, int length, u_char **dnptrs, 159 u_char **lastdnptr) 160 { 161 u_char *cp, *dn; 162 int c, l; 163 u_char **cpp, **lpp, *sp, *eob; 164 u_char *msg; 165 166 dn = (u_char *)exp_dn; 167 cp = comp_dn; 168 eob = cp + length; 169 lpp = cpp = NULL; 170 if (dnptrs != NULL) { 171 if ((msg = *dnptrs++) != NULL) { 172 for (cpp = dnptrs; *cpp != NULL; cpp++) 173 ; 174 lpp = cpp; /* end of list to search */ 175 } 176 } else 177 msg = NULL; 178 for (c = *dn++; c != '\0'; ) { 179 /* look to see if we can use pointers */ 180 if (msg != NULL) { 181 if ((l = dn_find(dn-1, msg, dnptrs, lpp)) >= 0) { 182 if (cp+1 >= eob) 183 return (-1); 184 *cp++ = (l >> 8) | INDIR_MASK; 185 *cp++ = l % 256; 186 return (cp - comp_dn); 187 } 188 /* not found, save it */ 189 if (lastdnptr != NULL && cpp < lastdnptr-1) { 190 *cpp++ = cp; 191 *cpp = NULL; 192 } 193 } 194 sp = cp++; /* save ptr to length byte */ 195 do { 196 if (c == '.') { 197 c = *dn++; 198 break; 199 } 200 if (c == '\\') { 201 if ((c = *dn++) == '\0') 202 break; 203 } 204 if (cp >= eob) { 205 if (msg != NULL) 206 *lpp = NULL; 207 return (-1); 208 } 209 *cp++ = c; 210 } while ((c = *dn++) != '\0'); 211 /* catch trailing '.'s but not '..' */ 212 if ((l = cp - sp - 1) == 0 && c == '\0') { 213 cp--; 214 break; 215 } 216 if (l <= 0 || l > MAXLABEL) { 217 if (msg != NULL) 218 *lpp = NULL; 219 return (-1); 220 } 221 *sp = l; 222 } 223 if (cp >= eob) { 224 if (msg != NULL) 225 *lpp = NULL; 226 return (-1); 227 } 228 *cp++ = '\0'; 229 return (cp - comp_dn); 230 } 231 232 /* 233 * Skip over a compressed domain name. Return the size or -1. 234 */ 235 int 236 __dn_skipname(const u_char *comp_dn, const u_char *eom) 237 { 238 const u_char *cp; 239 int n; 240 241 cp = comp_dn; 242 while (cp < eom && (n = *cp++)) { 243 /* 244 * check for indirection 245 */ 246 switch (n & INDIR_MASK) { 247 case 0: /* normal case, n == len */ 248 cp += n; 249 continue; 250 case INDIR_MASK: /* indirection */ 251 cp++; 252 break; 253 default: /* illegal type */ 254 return (-1); 255 } 256 break; 257 } 258 if (cp > eom) 259 return (-1); 260 return (cp - comp_dn); 261 } 262 263 static int 264 mklower(int ch) 265 { 266 if (isascii(ch) && isupper(ch)) 267 return (tolower(ch)); 268 return (ch); 269 } 270 271 /* 272 * Search for expanded name from a list of previously compressed names. 273 * Return the offset from msg if found or -1. 274 * dnptrs is the pointer to the first name on the list, 275 * not the pointer to the start of the message. 276 */ 277 static int 278 dn_find(u_char *exp_dn, u_char *msg, u_char **dnptrs, u_char **lastdnptr) 279 { 280 u_char *dn, *cp, **cpp; 281 int n; 282 u_char *sp; 283 284 for (cpp = dnptrs; cpp < lastdnptr; cpp++) { 285 dn = exp_dn; 286 sp = cp = *cpp; 287 while ((n = *cp++)) { 288 /* 289 * check for indirection 290 */ 291 switch (n & INDIR_MASK) { 292 case 0: /* normal case, n == len */ 293 while (--n >= 0) { 294 if (*dn == '.') 295 goto next; 296 if (*dn == '\\') 297 dn++; 298 if (mklower(*dn++) != mklower(*cp++)) 299 goto next; 300 } 301 if ((n = *dn++) == '\0' && *cp == '\0') 302 return (sp - msg); 303 if (n == '.') 304 continue; 305 goto next; 306 307 case INDIR_MASK: /* indirection */ 308 cp = msg + (((n & 0x3f) << 8) | *cp); 309 break; 310 311 default: /* illegal type */ 312 return (-1); 313 } 314 } 315 if (*dn == '\0') 316 return (sp - msg); 317 next: ; 318 } 319 return (-1); 320 } 321 322 /* 323 * Verify that a domain name uses an acceptable character set. 324 */ 325 326 /* 327 * Note the conspicuous absence of ctype macros in these definitions. On 328 * non-ASCII hosts, we can't depend on string literals or ctype macros to 329 * tell us anything about network-format data. The rest of the BIND system 330 * is not careful about this, but for some reason, we're doing it right here. 331 */ 332 #define PERIOD 0x2e 333 #define hyphenchar(c) ((c) == 0x2d) 334 #define bslashchar(c) ((c) == 0x5c) 335 #define underscorechar(c) ((c) == 0x5f) 336 #define periodchar(c) ((c) == PERIOD) 337 #define asterchar(c) ((c) == 0x2a) 338 #define alphachar(c) (((c) >= 0x41 && (c) <= 0x5a) \ 339 || ((c) >= 0x61 && (c) <= 0x7a)) 340 #define digitchar(c) ((c) >= 0x30 && (c) <= 0x39) 341 342 #define borderchar(c) (alphachar(c) || digitchar(c)) 343 #define middlechar(c) (borderchar(c) || hyphenchar(c) || underscorechar(c)) 344 #define domainchar(c) ((c) > 0x20 && (c) < 0x7f) 345 346 int 347 res_hnok(const char *dn) 348 { 349 int pch = PERIOD, ch = *dn++; 350 351 while (ch != '\0') { 352 int nch = *dn++; 353 354 if (periodchar(ch)) { 355 ; 356 } else if (periodchar(pch)) { 357 if (!borderchar(ch)) 358 return (0); 359 } else if (periodchar(nch) || nch == '\0') { 360 if (!borderchar(ch)) 361 return (0); 362 } else { 363 if (!middlechar(ch)) 364 return (0); 365 } 366 pch = ch, ch = nch; 367 } 368 return (1); 369 } 370 371 /* 372 * hostname-like (A, MX, WKS) owners can have "*" as their first label 373 * but must otherwise be as a host name. 374 */ 375 int 376 res_ownok(const char *dn) 377 { 378 if (asterchar(dn[0])) { 379 if (periodchar(dn[1])) 380 return (res_hnok(dn+2)); 381 if (dn[1] == '\0') 382 return (1); 383 } 384 return (res_hnok(dn)); 385 } 386 387 /* 388 * SOA RNAMEs and RP RNAMEs can have any printable character in their first 389 * label, but the rest of the name has to look like a host name. 390 */ 391 int 392 res_mailok(const char *dn) 393 { 394 int ch, escaped = 0; 395 396 /* "." is a valid missing representation */ 397 if (*dn == '\0') 398 return(1); 399 400 /* otherwise <label>.<hostname> */ 401 while ((ch = *dn++) != '\0') { 402 if (!domainchar(ch)) 403 return (0); 404 if (!escaped && periodchar(ch)) 405 break; 406 if (escaped) 407 escaped = 0; 408 else if (bslashchar(ch)) 409 escaped = 1; 410 } 411 if (periodchar(ch)) 412 return (res_hnok(dn)); 413 return(0); 414 } 415 416 /* 417 * This function is quite liberal, since RFC 1034's character sets are only 418 * recommendations. 419 */ 420 int 421 res_dnok(const char *dn) 422 { 423 int ch; 424 425 while ((ch = *dn++) != '\0') 426 if (!domainchar(ch)) 427 return (0); 428 return (1); 429 } 430 431 /* 432 * Routines to insert/extract short/long's. 433 */ 434 435 u_int16_t 436 _getshort(const u_char *msgp) 437 { 438 u_int16_t u; 439 440 GETSHORT(u, msgp); 441 return (u); 442 } 443 444 #ifdef NeXT 445 /* 446 * nExt machines have some funky library conventions, which we must maintain. 447 */ 448 u_int16_t 449 res_getshort(msgp) 450 const u_char *msgp; 451 { 452 return (_getshort(msgp)); 453 } 454 #endif 455 456 u_int32_t 457 _getlong(const u_char *msgp) 458 { 459 u_int32_t u; 460 461 GETLONG(u, msgp); 462 return (u); 463 } 464 465 void 466 __putshort(u_int16_t s, u_char *msgp) 467 { 468 PUTSHORT(s, msgp); 469 } 470 471 void 472 __putlong(u_int32_t l, u_char *msgp) 473 { 474 PUTLONG(l, msgp); 475 } 476