From 875ee704dd76b12e5db9ad5c9ae5f2a23b4a4a86 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Thu, 14 Oct 2021 08:05:25 +0200 Subject: [PATCH] MINOR: resolvers: fix the resolv_dn_label_to_str() API about trailing zero This function suffers from the same API issue as its sibling that does the opposite direction, it demands that the input string is zero-terminated *and* that its length *including* the trailing zero is passed on input, forcing callers to pass length + 1, and itself to use that length - 1 everywhere internally. This patch addressess this. There is a single caller, which is the location of the previous bug, so it should probably be backported at least to keep the code consistent across versions. Note that the function is called dns_dn_label_to_str() in 2.3 and earlier. --- src/resolvers.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/src/resolvers.c b/src/resolvers.c index 66f032913..ec50d1992 100644 --- a/src/resolvers.c +++ b/src/resolvers.c @@ -780,7 +780,7 @@ srv_found: const char *msg = NULL; char hostname[DNS_MAX_NAME_SIZE+1]; - if (resolv_dn_label_to_str(item->target, item->data_len+1, + if (resolv_dn_label_to_str(item->target, item->data_len, hostname, sizeof(hostname)) == -1) { HA_SPIN_UNLOCK(SERVER_LOCK, &srv->lock); continue; @@ -1620,12 +1620,14 @@ int resolv_get_ip_from_response(struct resolv_response *r_res, return (currentip_found ? RSLV_UPD_NO : RSLV_UPD_SRVIP_NOT_FOUND); } -/* Turns a domain name label into a string. +/* Turns a domain name label into a string: 3www7haproxy3org into www.haproxy.org * - * must be a null-terminated string. must include the terminating - * null byte. must be allocated and its size must be passed in . + * contains the input label of bytes long and does not need to be + * null-terminated. must be allocated large enough to contain a full host + * name plus the trailing zero, and the allocated size must be passed in + * . * - * In case of error, -1 is returned, otherwise, the number of bytes copied in + * In case of error, -1 is returned, otherwise, the number of bytes copied in * (including the terminating null byte). */ int resolv_dn_label_to_str(const char *dn, int dn_len, char *str, int str_len) @@ -1633,11 +1635,11 @@ int resolv_dn_label_to_str(const char *dn, int dn_len, char *str, int str_len) char *ptr; int i, sz; - if (str_len < dn_len - 1) + if (str_len < dn_len) return -1; ptr = str; - for (i = 0; i < dn_len-1; ++i) { + for (i = 0; i < dn_len; ++i) { sz = dn[i]; if (i) *ptr++ = '.';