Allow '/' as a valid character for a returned name

As of c-ares 1.17.2, a CNAME an in-addr.arpa delegation broke due to not allowing '/'. This needs to be allowed to not break valid functionality. Fixes Bug: #427 Reported By: Adrian (@leftshift) Fix By: Brad House (@bradh352)
3 years ago · b035ed8a5e
parent 2227f6982b
commit b035ed8a5e
1 changed files with 7 additions and 4 deletions
--- a/src/lib/ares_expand_name.c
+++ b/src/lib/ares_expand_name.c
@ -60,15 +60,18 @@ static int ares__isprint(int ch)
 }

 /* Character set allowed by hostnames.  This is to include the normal
- * domain name character set plus underscores which are used in SRV
- * records.  While RFC 2181 section 11 does state not to do validation,
+ * domain name character set plus:
+ *  - underscores which are used in SRV records.
+ *  - Forward slashes such as are used for classless in-addr.arpa 
+ *    delegation (CNAMEs)
+ * While RFC 2181 section 11 does state not to do validation,
 * that applies to servers, not clients.  Vulnerabilities have been
 * reported when this validation is not performed.  Security is more
 * important than edge-case compatibility (which is probably invalid
 * anyhow). */
 static int is_hostnamech(int ch)
 {
-  /* [A-Za-z0-9-._]
+  /* [A-Za-z0-9-._/]
   * Don't use isalnum() as it is locale-specific
   */
  if (ch >= 'A' && ch <= 'Z')
@ -77,7 +80,7 @@ static int is_hostnamech(int ch)
    return 1;
  if (ch >= '0' && ch <= '9')
    return 1;
-  if (ch == '-' || ch == '.' || ch == '_')
+  if (ch == '-' || ch == '.' || ch == '_' || ch == '/')
    return 1;

  return 0;