Skip to content

Commit

Permalink
Asterisks should be allowed in host validation as CNAMEs may referenc…
Browse files Browse the repository at this point in the history
…e wildcard domains

CloudFlare appears to use this logic in CNAMEs as per
nodejs/node#42171

Fixes: #457
Fix By: Brad House (@bradh352)
  • Loading branch information
bradh352 committed Mar 2, 2022
1 parent 320b99b commit b5a3d96
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions src/lib/ares_expand_name.c
Original file line number Diff line number Diff line change
Expand Up @@ -64,14 +64,16 @@ static int ares__isprint(int ch)
* - underscores which are used in SRV records.
* - Forward slashes such as are used for classless in-addr.arpa
* delegation (CNAMEs)
* - Asterisks may be used for wildcard domains in CNAMEs as seen in the
* real world.
* While RFC 2181 section 11 does state not to do validation,
* that applies to servers, not clients. Vulnerabilities have been
* reported when this validation is not performed. Security is more
* important than edge-case compatibility (which is probably invalid
* anyhow). */
static int is_hostnamech(int ch)
{
/* [A-Za-z0-9-._/]
/* [A-Za-z0-9-*._/]
* Don't use isalnum() as it is locale-specific
*/
if (ch >= 'A' && ch <= 'Z')
Expand All @@ -80,7 +82,7 @@ static int is_hostnamech(int ch)
return 1;
if (ch >= '0' && ch <= '9')
return 1;
if (ch == '-' || ch == '.' || ch == '_' || ch == '/')
if (ch == '-' || ch == '.' || ch == '_' || ch == '/' || ch == '*')
return 1;

return 0;
Expand Down

0 comments on commit b5a3d96

Please sign in to comment.