[reactos] 01/01: [DNSAPI] DnsQuery_W: Check names for invalid characters before querying the dns resolver.
18 Jan
2020
18 Jan
'20
2:04 p.m.
https://git.reactos.org/?p=reactos.git;a=commitdiff;h=0a274da7cdea108b81036…
commit 0a274da7cdea108b810362deaf05fcb34f9d92c9
Author: Eric Kohl <eric.kohl(a)reactos.org>
AuthorDate: Sat Jan 18 15:02:18 2020 +0100
Commit: Eric Kohl <eric.kohl(a)reactos.org>
CommitDate: Sat Jan 18 15:03:12 2020 +0100
[DNSAPI] DnsQuery_W: Check names for invalid characters before querying the dns
resolver.
---
dll/win32/dnsapi/query.c | 51 +++++++++++++++++++++++++-----------------------
1 file changed, 27 insertions(+), 24 deletions(-)
diff --git a/dll/win32/dnsapi/query.c b/dll/win32/dnsapi/query.c
index c92f9a14441..6dbe665473e 100644
--- a/dll/win32/dnsapi/query.c
+++ b/dll/win32/dnsapi/query.c
@@ -475,6 +475,7 @@ DnsQuery_W(LPCWSTR Name,
{
DWORD dwRecords = 0;
PDNS_RECORDW pRecord = NULL;
+ size_t NameLen, i;
DNS_STATUS Status = ERROR_SUCCESS;
DPRINT("DnsQuery_W()\n");
@@ -494,6 +495,31 @@ DnsQuery_W(LPCWSTR Name,
return ERROR_SUCCESS;
}
+ /*
+ * Check allowed characters
+ * According to RFC a-z,A-Z,0-9,-,_, but can't start or end with - or _
+ */
+ NameLen = wcslen(Name);
+ if (Name[0] == L'-' || Name[0] == L'_' || Name[NameLen - 1] ==
L'-' ||
+ Name[NameLen - 1] == L'_' || wcsstr(Name, L"..") != NULL)
+ {
+ return ERROR_INVALID_NAME;
+ }
+
+ i = 0;
+ while (i < NameLen)
+ {
+ if (!((Name[i] >= L'a' && Name[i] <= L'z') ||
+ (Name[i] >= L'A' && Name[i] <= L'Z') ||
+ (Name[i] >= L'0' && Name[i] <= L'9') ||
+ Name[i] == L'-' || Name[i] == L'_' || Name[i] ==
L'.'))
+ {
+ return DNS_ERROR_INVALID_NAME_CHAR;
+ }
+
+ i++;
+ }
+
RpcTryExcept
{
Status = R_ResolverQuery(NULL,
@@ -635,7 +661,7 @@ Query_Main(LPCWSTR Name,
int adns_error;
adns_answer *answer;
LPSTR CurrentName;
- unsigned i, CNameLoop;
+ unsigned CNameLoop;
PFIXED_INFO network_info;
ULONG network_info_blen = 0;
DWORD network_info_result;
@@ -680,29 +706,6 @@ Query_Main(LPCWSTR Name,
0);
NameLen--;
- /* Check allowed characters
- * According to RFC a-z,A-Z,0-9,-,_, but can't start or end with - or _
- */
- if (AnsiName[0] == '-' || AnsiName[0] == '_' || AnsiName[NameLen
- 1] == '-' ||
- AnsiName[NameLen - 1] == '_' || strstr(AnsiName, "..") !=
NULL)
- {
- RtlFreeHeap(RtlGetProcessHeap(), 0, AnsiName);
- return ERROR_INVALID_NAME;
- }
- i = 0;
- while (i < NameLen)
- {
- if (!((AnsiName[i] >= 'a' && AnsiName[i] <=
'z') ||
- (AnsiName[i] >= 'A' && AnsiName[i] <=
'Z') ||
- (AnsiName[i] >= '0' && AnsiName[i] <=
'9') ||
- AnsiName[i] == '-' || AnsiName[i] == '_' || AnsiName[i]
== '.'))
- {
- RtlFreeHeap(RtlGetProcessHeap(), 0, AnsiName);
- return DNS_ERROR_INVALID_NAME_CHAR;
- }
- i++;
- }
-
network_info_result = GetNetworkParams(NULL, &network_info_blen);
network_info = (PFIXED_INFO)RtlAllocateHeap(RtlGetProcessHeap(), 0,
(size_t)network_info_blen);
if (NULL == network_info)
1757
days inactive
1757
days old
0 comments
1 participants
participants (1)
-
Eric Kohl