diff options
author | Yawning Angel <yawning@schwanenlied.me> | 2015-07-27 12:58:40 +0000 |
---|---|---|
committer | Yawning Angel <yawning@schwanenlied.me> | 2015-07-27 12:58:40 +0000 |
commit | da6aa7bfa5014b980a93b38024d16b32720dc67a (patch) | |
tree | e52002264a73a0c7292f4bdf5203507efd26b795 /src | |
parent | 5be36a46cab7626c52e0c50e55ca73703698e399 (diff) | |
download | tor-da6aa7bfa5014b980a93b38024d16b32720dc67a.tar.gz tor-da6aa7bfa5014b980a93b38024d16b32720dc67a.zip |
Allow a single trailing `.` when validating FQDNs from SOCKS.
URI syntax (and DNS syntax) allows for a single trailing `.` to
explicitly distinguish between a relative and absolute
(fully-qualified) domain name. While this is redundant in that RFC 1928
DOMAINNAME addresses are *always* fully-qualified, certain clients
blindly pass the trailing `.` along in the request.
Fixes bug 16674; bugfix on 0.2.6.2-alpha.
Diffstat (limited to 'src')
-rw-r--r-- | src/common/util.c | 6 | ||||
-rw-r--r-- | src/test/test_util.c | 12 |
2 files changed, 18 insertions, 0 deletions
diff --git a/src/common/util.c b/src/common/util.c index 618e6a1b6a..1aac4fc3d1 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -1056,6 +1056,12 @@ string_is_valid_hostname(const char *string) break; } + /* Allow a single terminating '.' used rarely to indicate domains + * are FQDNs rather than relative. */ + if ((c_sl_idx > 0) && (c_sl_idx + 1 == c_sl_len) && !*c) { + continue; + } + do { if ((*c >= 'a' && *c <= 'z') || (*c >= 'A' && *c <= 'Z') || diff --git a/src/test/test_util.c b/src/test/test_util.c index 0f64c26e01..2bffb17bfd 100644 --- a/src/test/test_util.c +++ b/src/test/test_util.c @@ -4285,7 +4285,19 @@ test_util_hostname_validation(void *arg) // comply with a ~30 year old standard. tt_assert(string_is_valid_hostname("core3_euw1.fabrik.nytimes.com")); + // Firefox passes FQDNs with trailing '.'s directly to the SOCKS proxy, + // which is redundant since the spec states DOMAINNAME addresses are fully + // qualified. While unusual, this should be tollerated. + tt_assert(string_is_valid_hostname("core9_euw1.fabrik.nytimes.com.")); + tt_assert(!string_is_valid_hostname("..washingtonpost.is.better.com")); + tt_assert(!string_is_valid_hostname("so.is..ft.com")); + tt_assert(!string_is_valid_hostname("...")); + // XXX: do we allow single-label DNS names? + // We shouldn't for SOCKS (spec says "contains a fully-qualified domain name" + // but only test pathologically malformed traling '.' cases for now. + tt_assert(!string_is_valid_hostname(".")); + tt_assert(!string_is_valid_hostname("..")); done: return; |