DHCP: Sanitize incoming hostnames for RFC1053 conformance

rsmarples · rsmarples · commit b9f41445c0f2 · 2025-12-16T17:25:48.000Z
Meross Smart Ambient Light
This product is clearly not RFC2132 compliant, so we need to
sanitize the incoming hostnames.

Add tests to ensure we can fix pretty much anything provided it
starts with a valid character.
diff --git a/.clang-tidy b/.clang-tidy
diff --git a/Makefile b/Makefile
@@ -17,7 +17,7 @@ DISTSIGN=	${DISTFILE}.asc
 
 CLEANFILES+=	*.tar.xz
 
-.PHONY:		hooks import import-bsd
+.PHONY:		hooks import import-bsd test
 
 .SUFFIXES:	.in
 
@@ -116,4 +116,7 @@ _import-src: clean
 import-src:
 	${MAKE} _import-src DESTDIR=`if [ -n "${DESTDIR}" ]; then echo "${DESTDIR}"; else  echo /tmp/${DISTPREFIX}; fi`
 
+test:
+	${MAKE} -C test $@
+
 include Makefile.inc
diff --git a/src/.clang-format-ignore b/src/.clang-format-ignore
diff --git a/src/common.c b/src/common.c
@@ -210,6 +210,92 @@ encode_rfc1035(const char *src, uint8_t *dst)
 	return len;
 }
 
+/* Returns zero if the src is completely valid, otherwise non-zero. */
+int
+sanitize_rfc1035(char *src)
+{
+	char *start, *p, *l;
+	int err = 0;
+	size_t nlabels = 1;
+
+	for (start = p = src; *p != '\0'; p++) {
+		if (p - start > NS_MAXCDNAME) {
+			*p = '\0';
+			errno = E2BIG;
+			return -1;
+		}
+		if (isalpha((int)*p) || isdigit((int)*p))
+			continue;
+
+		if (*p == '.') {
+			if (p == src || ++nlabels > NS_MAXLABELS) {
+				*p = '\0';
+				err = 1;
+				break;
+			}
+
+			/* Find the last non invalid character.
+			 * We know at least the start is valid. */
+			for (l = p - 1; l >= src; l--) {
+				if (*l != '-')
+					break;
+			}
+			/* We need to remove the last invalid charaters. */
+			if (l != p - 1) {
+				l++;
+				memmove(l, p, strlen(p) + 1);
+				p = l;
+				err = 1;
+			}
+			/* Ensure the label doesn't exceed limits */
+			if (p - src > NS_MAXLABEL) {
+				memmove(src + NS_MAXLABEL, p, strlen(p) + 1);
+				p = src + NS_MAXLABEL;
+				err = 1;
+			}
+			/* src now points to the new label. */
+			src = p + 1;
+			continue;
+		}
+
+		/* Invalid character.
+		 * If at the start of a label, just stop */
+		if (p == src) {
+			*p = '\0';
+			err = 1;
+			break;
+		}
+		/* Replace with a - */
+		*p = '-';
+		err = 1;
+	}
+
+	/* Find the last non invalid character.
+	 * We know at least the start is valid. */
+	for (l = p - 1; l >= src; l--) {
+		if (*l != '-')
+			break;
+	}
+	if (l != p - 1) {
+		*(l + 1) = '\0';
+		err = 1;
+	}
+
+	/* Trim any trailing dot */
+	if (*l == '.') {
+		*l-- = '\0';
+		err = 1;
+	}
+
+	/* Ensure the label doesn't exceed limits */
+	if (l + 1 - src >= NS_MAXLABEL) {
+		*(src + NS_MAXLABEL) = '\0';
+		err = 1;
+	}
+
+	return err;
+}
+
 const char *
 hwaddr_ntoa(const void *hwaddr, size_t hwlen, char *buf, size_t buflen)
 {
diff --git a/src/common.h b/src/common.h
@@ -91,6 +91,7 @@
 
 ssize_t decode_rfc1035(char *, size_t, const uint8_t *, size_t);
 size_t encode_rfc1035(const char *, uint8_t *);
+int sanitize_rfc1035(char *);
 const char *hwaddr_ntoa(const void *, size_t, char *, size_t);
 size_t hwaddr_aton(uint8_t *, const char *);
 struct in_addr;
diff --git a/src/dhcp.c b/src/dhcp.c
@@ -1578,6 +1578,11 @@ dhcp_handlebootp(struct interface *ifp, struct bootp *bootp, size_t len,
 			if (lease->dl_hostname[0] != '\0')
 				lease->dl_flags |= DL_HOSTNAME;
 		}
+		if (lease->dl_flags & DL_HOSTNAME) {
+			sanitize_rfc1035(lease->dl_hostname);
+			if (lease->dl_hostname[0] == '\0')
+				lease->dl_flags &= ~DL_HOSTNAME;
+		}
 		break;
 	}
 
diff --git a/test/Makefile b/test/Makefile
@@ -0,0 +1,38 @@
+TOP=		..
+include		${TOP}/iconfig.mk
+
+CSTD?=		c11
+CFLAGS+=	-std=${CSTD}
+CPPFLAGS+=	-I${TOP} -I${TOP}/src -I ${TOP}/vendor
+LDFLAGS+=	-rdynamic
+
+DEPEND!=	test -e .depend && echo ".depend" || echo ""
+
+HOSTNAME_SRCS=	hostname.c ../src/common.c
+HOSTNAME_OBJS+= ${HOSTNAME_SRCS:.c=.o}
+
+SRCS=		${HOSTNAME_SRCS}
+OBJS=		${HOSTNAME_OBJS}
+
+CLEANFILES+=	*.tar.xz
+
+
+all: ${TOP}/config.h hostname
+	for x in ${SUBDIRS}; do cd $$x; ${MAKE} $@ || exit $$?; cd ..; done
+
+.c.o:
+	${CC} ${CFLAGS} ${CPPFLAGS} -c $< -o $@
+
+hostname: ${HOSTNAME_OBJS}
+	${CC} ${LDFLAGS} -o $@ ${HOSTNAME_OBJS} ${LDADD}
+
+test: hostname
+	./hostname
+
+clean:
+	rm -f -- ${OBJS} hostname ${hostname}.core ${HOSTNAME_OBJS} ${CLEANFILES}
+	for x in ${SUBDIRS}; do cd $$x; ${MAKE} $@ || exit $$?; cd ..; done
+
+lint: _lint
+
+include ${TOP}/src/Makefile.inc
diff --git a/test/hostname b/test/hostname
diff --git a/test/hostname.c b/test/hostname.c
@@ -0,0 +1,86 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "common.h"
+
+static void
+test(const char *src, const char *expect)
+{
+	char *h = strdup(src);
+
+	if (h == NULL) {
+		(void)fprintf(stderr, "strdup %s", src);
+		exit(EXIT_FAILURE);
+	}
+
+	sanitize_rfc1035(h);
+	if (strcmp(h, expect) != 0) {
+		(void)fprintf(stderr, "%s: %s != %s\n", src, expect, h);
+		(void)fprintf(stderr, "HOSTNAME TEST FAILURE\n");
+		exit(EXIT_FAILURE);
+	}
+	(void)fprintf(stderr, "%s: %s\n", src, expect);
+}
+
+int
+main(void)
+{
+	char tst[2048], expect[2048];
+	size_t i, j;
+
+	(void)fprintf(stderr, "TESTING WE CAN SANITIZE HOSTNAMES FOR RFC1035\n");
+
+	test("valid.hostname", "valid.hostname");
+	test("invalid hostname", "invalid-hostname");
+	test(" invalid hostname", "");
+	test("invalid hostname ", "invalid-hostname");
+	test("valid.invalid hostname.valid", "valid.invalid-hostname.valid");
+	test("valid. invalid hostname.valid", "valid");
+	test("valid.invalid hostname .invalid .valid",
+	    "valid.invalid-hostname.invalid.valid");
+	test(".invalid hostname ", "");
+	test("invalid hostname.", "invalid-hostname");
+	test("invalid hostname. ", "invalid-hostname");
+	test("invalid hostname..", "invalid-hostname");
+
+	/* Test for one character too long for a max label */
+	test(
+	    "valid.1234567890123456789012345678901234567890123456789012345678901234",
+	    "valid.123456789012345678901234567890123456789012345678901234567890123");
+	test(
+	    "valid.1234567890123456789012345678901234567890123456789012345678901234.valid",
+	    "valid.123456789012345678901234567890123456789012345678901234567890123.valid");
+
+	/* Test for one too many labels */
+	for (i = 0, j = 0; j < 128; i++) {
+		if (i % 2 == 0)
+			tst[i] = 'a';
+		else {
+			tst[i] = '.';
+			j++;
+		}
+	}
+	tst[i] = '\0';
+	memcpy(expect, tst, i);
+	// Expect to be trimmed by one
+	expect[i - 1] = '\0';
+	test(tst, expect);
+
+	/* Test for one character too big for the whole domain. */
+	for (i = 0, j = 0; i <= 256; i++, j++) {
+		if (j == 63) {
+			tst[i] = '.';
+			j = 0;
+		} else
+			tst[i] = 'a';
+	}
+	tst[i] = '\0';
+	memcpy(expect, tst, i);
+	// Expect to be trimmed by one
+	expect[i - 1] = '\0';
+	test(tst, expect);
+
+	(void)fprintf(stderr, "HOSTNAME TESTS PASS\n");
+	exit(EXIT_SUCCESS);
+}

Original file line number	Diff line number	Diff line change
`@@ -1578,6 +1578,11 @@ dhcp_handlebootp(struct interface ifp, struct bootp bootp, size_t len,`
`1578`	`1578`	`if (lease->dl_hostname[0] != '\0')`
`1579`	`1579`	`lease->dl_flags \|= DL_HOSTNAME;`
`1580`	`1580`	`}`
	`1581`	`+ if (lease->dl_flags & DL_HOSTNAME) {`
	`1582`	`+ sanitize_rfc1035(lease->dl_hostname);`
	`1583`	`+ if (lease->dl_hostname[0] == '\0')`
	`1584`	`+ lease->dl_flags &= ~DL_HOSTNAME;`
	`1585`	`+ }`
`1581`	`1586`	`break;`
`1582`	`1587`	`}`
`1583`	`1588`