diff options
| author | Thiago Macieira <thiago.macieira@intel.com> | 2023-05-12 16:23:32 -0700 |
|---|---|---|
| committer | Thiago Macieira <thiago.macieira@intel.com> | 2023-05-16 19:31:37 -0700 |
| commit | 06830bd78d2cf43b9d544e3792711cbb60d1c27a (patch) | |
| tree | 440935e350040f373beb30c3dfe1c080bf68be24 | |
| parent | 37f1fb78eeb107d593f9a7bf0491466a1c60e068 (diff) | |
| download | qtbase-06830bd78d2cf43b9d544e3792711cbb60d1c27a.tar.gz | |
QDnsLookup: reject looking up domain names that are too long
Both the libresolv and the Win32 API operate in 32-bit quantities, so we
could be aliasing with low values. In any case, RFC 1035 limits to 255.
Various objects and parameters in the DNS have size limits. They are
listed below. Some could be easily changed, others are more
fundamental.
labels 63 octets or less
names 255 octets or less
Pick-to: 6.5
Change-Id: I3e3bfef633af4130a03afffd175e8957cd860bef
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
| -rw-r--r-- | src/network/kernel/qdnslookup.cpp | 4 | ||||
| -rw-r--r-- | src/network/kernel/qdnslookup_p.h | 1 |
2 files changed, 4 insertions, 1 deletions
diff --git a/src/network/kernel/qdnslookup.cpp b/src/network/kernel/qdnslookup.cpp index 2d9ada7f41..04662acece 100644 --- a/src/network/kernel/qdnslookup.cpp +++ b/src/network/kernel/qdnslookup.cpp @@ -977,10 +977,12 @@ void QDnsLookupRunnable::run() QDnsLookupReply reply; // Validate input. - if (requestName.isEmpty()) { + if (qsizetype n = requestName.size(); n > MaxDomainNameLength || n == 0) { reply.error = QDnsLookup::InvalidRequestError; reply.errorString = tr("Invalid domain name"); emit finished(reply); + if (n) + qWarning("QDnsLookup: domain name being looked up is too long (%lld bytes)", n); return; } diff --git a/src/network/kernel/qdnslookup_p.h b/src/network/kernel/qdnslookup_p.h index 3b0c476c2a..522cb7d073 100644 --- a/src/network/kernel/qdnslookup_p.h +++ b/src/network/kernel/qdnslookup_p.h @@ -31,6 +31,7 @@ QT_BEGIN_NAMESPACE //#define QDNSLOOKUP_DEBUG +constexpr qsizetype MaxDomainNameLength = 255; constexpr quint16 DnsPort = 53; class QDnsLookupRunnable; |