[reactos] 01/01: [DNSAPI] DnsQuery_W: Check names for invalid characters before querying the dns resolver. - Ros-diffs

18 Jan 2020

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=0a274da7cdea108b810362...
commit 0a274da7cdea108b810362deaf05fcb34f9d92c9
Author:     Eric Kohl eric.kohl@reactos.org
AuthorDate: Sat Jan 18 15:02:18 2020 +0100
Commit:     Eric Kohl eric.kohl@reactos.org
CommitDate: Sat Jan 18 15:03:12 2020 +0100
[DNSAPI] DnsQuery_W: Check names for invalid characters before querying the dns resolver.
---
 dll/win32/dnsapi/query.c | 51 +++++++++++++++++++++++++-----------------------
 1 file changed, 27 insertions(+), 24 deletions(-)

diff --git a/dll/win32/dnsapi/query.c b/dll/win32/dnsapi/query.c
index c92f9a14441..6dbe665473e 100644
--- a/dll/win32/dnsapi/query.c
+++ b/dll/win32/dnsapi/query.c
@@ -475,6 +475,7 @@ DnsQuery_W(LPCWSTR Name,
 {
     DWORD dwRecords = 0;
     PDNS_RECORDW pRecord = NULL;
+    size_t NameLen, i;
     DNS_STATUS Status = ERROR_SUCCESS;
DPRINT("DnsQuery_W()\n");
@@ -494,6 +495,31 @@ DnsQuery_W(LPCWSTR Name,
         return ERROR_SUCCESS;
     }
+    /*
+     * Check allowed characters
+     * According to RFC a-z,A-Z,0-9,-,_, but can't start or end with - or _
+     */
+    NameLen = wcslen(Name);
+    if (Name[0] == L'-' || Name[0] == L'_' || Name[NameLen - 1] == L'-' ||
+        Name[NameLen - 1] == L'_' || wcsstr(Name, L"..") != NULL)
+    {
+        return ERROR_INVALID_NAME;
+    }
+
+    i = 0;
+    while (i < NameLen)
+    {
+        if (!((Name[i] >= L'a' && Name[i] <= L'z') ||
+              (Name[i] >= L'A' && Name[i] <= L'Z') ||
+              (Name[i] >= L'0' && Name[i] <= L'9') ||
+              Name[i] == L'-' || Name[i] == L'_' || Name[i] == L'.'))
+        {
+            return DNS_ERROR_INVALID_NAME_CHAR;
+        }
+
+        i++;
+    }
+
     RpcTryExcept
     {
         Status = R_ResolverQuery(NULL,
@@ -635,7 +661,7 @@ Query_Main(LPCWSTR Name,
     int adns_error;
     adns_answer *answer;
     LPSTR CurrentName;
-    unsigned i, CNameLoop;
+    unsigned CNameLoop;
     PFIXED_INFO network_info;
     ULONG network_info_blen = 0;
     DWORD network_info_result;
@@ -680,29 +706,6 @@ Query_Main(LPCWSTR Name,
                             0);
         NameLen--;
-        /* Check allowed characters
-        * According to RFC a-z,A-Z,0-9,-,_, but can't start or end with - or _
-        */
-        if (AnsiName[0] == '-' || AnsiName[0] == '_' || AnsiName[NameLen - 1] == '-' ||
-            AnsiName[NameLen - 1] == '_' || strstr(AnsiName, "..") != NULL)
-        {
-            RtlFreeHeap(RtlGetProcessHeap(), 0, AnsiName);
-            return ERROR_INVALID_NAME;
-        }
-        i = 0;
-        while (i < NameLen)
-        {
-            if (!((AnsiName[i] >= 'a' && AnsiName[i] <= 'z') ||
-                  (AnsiName[i] >= 'A' && AnsiName[i] <= 'Z') ||
-                  (AnsiName[i] >= '0' && AnsiName[i] <= '9') ||
-                  AnsiName[i] == '-' || AnsiName[i] == '_' || AnsiName[i] == '.'))
-            {
-                RtlFreeHeap(RtlGetProcessHeap(), 0, AnsiName);
-                return DNS_ERROR_INVALID_NAME_CHAR;
-            }
-            i++;
-        }
-
         network_info_result = GetNetworkParams(NULL, &network_info_blen);
         network_info = (PFIXED_INFO)RtlAllocateHeap(RtlGetProcessHeap(), 0, (size_t)network_info_blen);
         if (NULL == network_info)

    