c-ares/5c995d5.patch

From 5c995d50b05a2c374ae021012afa6f8f4cf2957e Mon Sep 17 00:00:00 2001
From: bradh352 <brad@brad-house.com>
Date: Wed, 8 Sep 2021 07:38:44 -0400
Subject: [PATCH] ares_expand_name should allow underscores (_) as SRV records
 legitimately use them

c-ares 1.17.2 introduced response validation to prevent a security issue, however
it did not have (_) listed as a valid character for domain name responses which
caused issues when a CNAME referenced a SRV record which contained underscores.

While RFC2181 section 11 does explicitly state not to do validation, that applies
to servers not clients.

Fixes: #424
Fix By: Brad House (@bradh352)
---
 src/lib/ares_expand_name.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/lib/ares_expand_name.c b/src/lib/ares_expand_name.c
index a62c982e..db262ab4 100644
--- a/src/lib/ares_expand_name.c
+++ b/src/lib/ares_expand_name.c
@@ -59,10 +59,16 @@ static int ares__isprint(int ch)
   return 0;
 }
 
-/* Character set allowed by hostnames */
+/* Character set allowed by hostnames.  This is to include the normal
+ * domain name character set plus underscores which are used in SRV
+ * records.  While RFC 2181 section 11 does state not to do validation,
+ * that applies to servers, not clients.  Vulnerabilities have been
+ * reported when this validation is not performed.  Security is more
+ * important than edge-case compatibility (which is probably invalid
+ * anyhow). */
 static int is_hostnamech(int ch)
 {
-  /* [A-Za-z0-9-.]
+  /* [A-Za-z0-9-._]
    * Don't use isalnum() as it is locale-specific
    */
   if (ch >= 'A' && ch <= 'Z')
@@ -71,7 +77,7 @@ static int is_hostnamech(int ch)
     return 1;
   if (ch >= '0' && ch <= '9')
     return 1;
-  if (ch == '-' || ch == '.')
+  if (ch == '-' || ch == '.' || ch == '_')
     return 1;
 
   return 0;