Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-08-02 20:36:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

[DNSAPI] DnsQuery_W: Check names for invalid characters before querying the dns resolver.

Browse source
This commit is contained in:
Eric Kohl 2020-01-18 15:02:18 +01:00
parent e2560a5cad
commit 0a274da7cd
1 changed files with 27 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

51
dll/win32/dnsapi/query.c
View file

@ -475,6 +475,7 @@ DnsQuery_W(LPCWSTR Name,
{ {
DWORD dwRecords = 0; DWORD dwRecords = 0;
PDNS_RECORDW pRecord = NULL; PDNS_RECORDW pRecord = NULL;
size_t NameLen, i;
DNS_STATUS Status = ERROR_SUCCESS; DNS_STATUS Status = ERROR_SUCCESS;
DPRINT("DnsQuery_W()\n"); DPRINT("DnsQuery_W()\n");
@ -494,6 +495,31 @@ DnsQuery_W(LPCWSTR Name,
return ERROR_SUCCESS; return ERROR_SUCCESS;
} }
/*
* Check allowed characters
* According to RFC a-z,A-Z,0-9,-,_, but can't start or end with - or _
*/
NameLen = wcslen(Name);
if (Name[0] == L'-' || Name[0] == L'_' || Name[NameLen - 1] == L'-' ||
Name[NameLen - 1] == L'_' || wcsstr(Name, L"..") != NULL)
{
return ERROR_INVALID_NAME;
}
i = 0;
while (i < NameLen)
{
if (!((Name[i] >= L'a' && Name[i] <= L'z') ||
(Name[i] >= L'A' && Name[i] <= L'Z') ||
(Name[i] >= L'0' && Name[i] <= L'9') ||
Name[i] == L'-' || Name[i] == L'_' || Name[i] == L'.'))
{
return DNS_ERROR_INVALID_NAME_CHAR;
}
i++;
}
RpcTryExcept RpcTryExcept
{ {
Status = R_ResolverQuery(NULL, Status = R_ResolverQuery(NULL,
@ -635,7 +661,7 @@ Query_Main(LPCWSTR Name,
int adns_error; int adns_error;
adns_answer *answer; adns_answer *answer;
LPSTR CurrentName; LPSTR CurrentName;
unsigned i, CNameLoop; unsigned CNameLoop;
PFIXED_INFO network_info; PFIXED_INFO network_info;
ULONG network_info_blen = 0; ULONG network_info_blen = 0;
DWORD network_info_result; DWORD network_info_result;
@ -680,29 +706,6 @@ Query_Main(LPCWSTR Name,
0); 0);
NameLen--; NameLen--;
/* Check allowed characters
* According to RFC a-z,A-Z,0-9,-,_, but can't start or end with - or _
*/
if (AnsiName[0] == '-' || AnsiName[0] == '_' || AnsiName[NameLen - 1] == '-' ||
AnsiName[NameLen - 1] == '_' || strstr(AnsiName, "..") != NULL)
{
RtlFreeHeap(RtlGetProcessHeap(), 0, AnsiName);
return ERROR_INVALID_NAME;
}
i = 0;
while (i < NameLen)
{
if (!((AnsiName[i] >= 'a' && AnsiName[i] <= 'z') ||
(AnsiName[i] >= 'A' && AnsiName[i] <= 'Z') ||
(AnsiName[i] >= '0' && AnsiName[i] <= '9') ||
AnsiName[i] == '-' || AnsiName[i] == '_' || AnsiName[i] == '.'))
{
RtlFreeHeap(RtlGetProcessHeap(), 0, AnsiName);
return DNS_ERROR_INVALID_NAME_CHAR;
}
i++;
}
network_info_result = GetNetworkParams(NULL, &network_info_blen); network_info_result = GetNetworkParams(NULL, &network_info_blen);
network_info = (PFIXED_INFO)RtlAllocateHeap(RtlGetProcessHeap(), 0, (size_t)network_info_blen); network_info = (PFIXED_INFO)RtlAllocateHeap(RtlGetProcessHeap(), 0, (size_t)network_info_blen);
if (NULL == network_info) if (NULL == network_info)