Date: Tue, 16 Dec 2025 23:39:32 +0000 From: Mark Johnston <markj@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 6759fbb1a553 - stable/15 - rtsold: Validate entries in domain search lists Message-ID: <6941edb4.22ce1.21527294@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch stable/15 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=6759fbb1a553a4af1a344e266970613ac49622ab commit 6759fbb1a553a4af1a344e266970613ac49622ab Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2025-12-15 20:50:08 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2025-12-16 23:39:27 +0000 rtsold: Validate entries in domain search lists Reported by: Kevin Day <kevin@your.org> Approved by: so Security: FreeBSD-SA-25:12.rtsold Security: CVE-2025-14558 (cherry picked from commit bf804f69dd94b3c98962618b4ad3b48a35bff2ff) --- usr.sbin/rtsold/rtsol.c | 46 ++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 40 insertions(+), 6 deletions(-) diff --git a/usr.sbin/rtsold/rtsol.c b/usr.sbin/rtsold/rtsol.c index 79928932ca5c..a7d5a44a7d44 100644 --- a/usr.sbin/rtsold/rtsol.c +++ b/usr.sbin/rtsold/rtsol.c @@ -776,6 +776,41 @@ call_script(const char *const argv[], struct script_msg_head_t *sm_head) argv[0], status); } +#define PERIOD 0x2e +#define hyphenchar(c) ((c) == 0x2d) +#define periodchar(c) ((c) == PERIOD) +#define alphachar(c) (((c) >= 0x41 && (c) <= 0x5a) || \ + ((c) >= 0x61 && (c) <= 0x7a)) +#define digitchar(c) ((c) >= 0x30 && (c) <= 0x39) + +#define borderchar(c) (alphachar(c) || digitchar(c)) +#define middlechar(c) (borderchar(c) || hyphenchar(c)) + +static int +res_hnok(const char *dn) +{ + int pch = PERIOD, ch = *dn++; + + while (ch != '\0') { + int nch = *dn++; + + if (periodchar(ch)) { + ; + } else if (periodchar(pch)) { + if (!borderchar(ch)) + return (0); + } else if (periodchar(nch) || nch == '\0') { + if (!borderchar(ch)) + return (0); + } else { + if (!middlechar(ch)) + return (0); + } + pch = ch, ch = nch; + } + return (1); +} + /* Decode domain name label encoding in RFC 1035 Section 3.1 */ static size_t dname_labeldec(char *dst, size_t dlen, const char *src) @@ -804,12 +839,11 @@ dname_labeldec(char *dst, size_t dlen, const char *src) } *dst = '\0'; - /* - * XXX validate that domain name only contains valid characters - * for two reasons: 1) correctness, 2) we do not want to pass - * possible malicious, unescaped characters like `` to a script - * or program that could be exploited that way. - */ + if (!res_hnok(dst_origin)) { + warnmsg(LOG_INFO, __func__, + "invalid domain name '%s' was ignored", dst_origin); + return (0); + } return (src - src_origin); }help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6941edb4.22ce1.21527294>