letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add explicit CAA RDATA length check

This commit is contained in:
Roland Shoemaker 2015-05-29 21:39:25 +01:00
parent 8846fd2c90
commit 5c235e0000
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
va/caa-util.go
View File

@ -7,6 +7,8 @@ package va
import ( import (
"encoding/hex" "encoding/hex"
"errors"
"strconv"
"strings" "strings"
"time" "time"
@ -140,10 +142,20 @@ func getCaa(client *dns.Client, server string, domain string, alias bool) ([]*CA
var CAAs []*CAA var CAAs []*CAA
for _, answer := range r.Answer { for _, answer := range r.Answer {
if answer.Header().Rrtype == dns.TypeCAA { if answer.Header().Rrtype == dns.TypeCAA {
caaLenStr := strings.Fields(answer.String())[5]
caaLen, err := strconv.Atoi(caaLenStr)
if err != nil {
return nil, err
}
caaData, err := hex.DecodeString(answer.String()[len(answer.String())-int(answer.Header().Rdlength*2):]) caaData, err := hex.DecodeString(answer.String()[len(answer.String())-int(answer.Header().Rdlength*2):])
if err != nil { if err != nil {
return nil, err return nil, err
} }
if caaLen != len(caaData) {
// Malformed record
err = errors.New("RDATA length field doesn't match RDATA length")
return nil, err
}
CAAs = append(CAAs, newCAA([]byte(caaData))) CAAs = append(CAAs, newCAA([]byte(caaData)))
} }
} }