From 137eba4e40ca417f90093813ea5bf82dccee136a Mon Sep 17 00:00:00 2001 From: Jukka Rissanen Date: Thu, 27 Mar 2025 14:19:46 +0200 Subject: [PATCH] net: dns: Check compression flag properly Allow only 0xc (0b11) as two highest bit to mark the compression when parsing the CNAME response. See RFC 9267 ch. 2 for details. Signed-off-by: Jukka Rissanen --- subsys/net/lib/dns/dns_pack.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/subsys/net/lib/dns/dns_pack.c b/subsys/net/lib/dns/dns_pack.c index 7d3388daad6..a1efc20f81a 100644 --- a/subsys/net/lib/dns/dns_pack.c +++ b/subsys/net/lib/dns/dns_pack.c @@ -386,7 +386,7 @@ int dns_copy_qname(uint8_t *buf, uint16_t *len, uint16_t size, lb_size = msg[pos]; /* pointer */ - if (lb_size > DNS_LABEL_MAX_SIZE) { + if ((lb_size & NS_CMPRSFLGS) == NS_CMPRSFLGS) { uint8_t mask = DNS_LABEL_MAX_SIZE; if (pos + 1 >= msg_size) { @@ -409,6 +409,9 @@ int dns_copy_qname(uint8_t *buf, uint16_t *len, uint16_t size, } continue; + } else if (lb_size & NS_CMPRSFLGS) { + rc = -EINVAL; + break; } /* validate that the label (i.e. size + elements), @@ -498,7 +501,7 @@ static int dns_unpack_name(const uint8_t *msg, int maxlen, const uint8_t *src, } while ((val = *curr_src++)) { - if (val & NS_CMPRSFLGS) { + if ((val & NS_CMPRSFLGS) == NS_CMPRSFLGS) { /* Follow pointer */ int pos;