[PATCH 1/2] udhcpd: sanitize invalid hostnames to match rfcs

Tue Oct 20 09:51:51 UTC 2015

On October 20, 2015 6:20:17 AM GMT+02:00, Isaac Dunham <ibid.ag at gmail.com> wrote:
>On Mon, Oct 19, 2015 at 10:52:27AM +0200, walter harms wrote:
>> 
>> 
>> Am 18.10.2015 23:26, schrieb Isaac Dunham:
>> > On Sun, Oct 18, 2015 at 07:55:38PM +0200, walter harms wrote:
>> >>
>> >>
>> >> Am 18.10.2015 07:54, schrieb Isaac Dunham:
>> >>> RFC952/RFC1123 limit the characters in a hostname for a node to
>> >>> [-a-zA-Z0-9], with '-' being legal only in the middle; we were
>> >>> accepting everything from ' ' to '~'.
>> >>> (As a byproduct of this, the hostname in dumpleases can now be
>safely
>> >>> used from scripts without sanitization.)
>> >>
>> >> since several tools check for hostnames,
>> >> maybe it is useful to make this a function ?
>> > 
>> > What this does is not  simply 'check for validity'; it *makes* a
>hostname
>> > valid, which is not what most tools need.
>> > It also is exclusively for leaf node names, rather than an FQDN
>(ie,
>> > '.' is not valid here).
>> > 
>> > It would be possible to design a function that can check or fix the
>> > hostname depending how it's called, though I wonder if that's
>> > doing too much in a single call.
>> > 
>> > It would probably have to be something like this:
>> > 
>> > #define HOSTCHECK_LEAF	0x1 //leaf hostname-no '.' allowed
>> > #define HOSTCHECK_FIX	0x2 //fix-replace invalid chars with '-'/'X'
>> > 
>> > //return NULL if valid, pointer to first invalid char otherwise
>> > char * validate_hostname(char *p, int flags);
>> > 
>> > This does not handle transforming a URL via punycode, of course.
>> > 
>> > Would such an interface be desireable?
>> 
>> note: i did not make an inventory if this is needed by other
>>       programms but i can imagine that with 'hostname' it would be
>useful.
>
>RFCs only apply to networking; a local hostname need not conform.
>udhcpc and dnsd might be able to use it.
>Other networking tools (that do DNS lookups) could use it, or could
>simply trust that if the user inputs an invalid name, either the DNS
>system will catch it or it will resolve despite the standards.
>
>> for a bit more flexibility:
>>         int status=valid_hostname(char *in, char **out, int flags);
>> 
>I'd assume 'status' is bytes invalid, 'out' is somewhere to store a
>sanitized hostname, and flags is as above.
>Or is 'status' the offset of the first invalid byte?
>Is 'out' to store a pointer to an invalid char?
>
>The reason I proposed the above:
>-the return value works as both a logical test:
>	if((status = validate_hostname(host, 0))) /* error handler */;
> and as a usable error:
>	printf("error: '%c' is not valid in a hostname\n", *status);
>-in the context of the code I modified, it *must* be sanitized in
>place:
> the hostname is a char[20] buffer that is part of a struct, and
> dumpleases relies on that fact.
>
>> In a first step it would be sufficient to move this code into a
>function
>> and then look for more uses.
>
>Due to the subtle variations in what we need to cover, a function
>*will*
>be larger than the inline code, and will also require thought as to
>what
>it should cover.
>I don't think it's sensible to move it into a function before
>determining
>what it should do, and that it really is useful.

bugs.busybox.net/3979#c2

I wouldn't support broken names, it doesn't make real sense.

HTH,
>
>Thanks,
>Isaac Dunham
>_______________________________________________
>busybox mailing list
>busybox at busybox.net
>http://lists.busybox.net/mailman/listinfo/busybox