> On 10. Feb 2022, at 23:26, Maxime Devos <maximede...@telenet.be> wrote: > > Schanzenbach, Martin schreef op ma 07-02-2022 om 19:02 [+0000]: >>>> LEGACY HOSTNAME >>>> A UTF-8 string (which is not 0-terminated) representing the >>>> legacy hostname. >>> >>> What happens if it contaings \0, or ends with two dots, does that >> mean >>> the LEHO record is invalid and must be rejected? If it is in >> punycode, >>> why say ‘A UTF-8 string’ instead of ’an ASCII string’? >> >> It is not in punycode. It is just a UTF-8 string. >> Why is it not 0-terminated? TBH I am not sure, probably to save a >> byte :) > > Some context on this question about nul characters. > > Consider a C application that is asked to contact http://i.hate.c, > a website about the use of "\0" in C software. i.hate.c has a LEHO > record with value "foo\0bar.com" (and some VPN or AAAA record). > > Perhaps the HTTP spec disallows \0 in the "Host" header, > and the C application hence gives some kind of error message > about not being able to contact i.hate.c. No problem in this case. > > Perhaps the C applications assumes that GNS will only return ‘proper’ > hostnames, add a \0 to the end of the record, and > use strlen("foo\0bar.com") (= 3) to determine how large a buffer needs > to be calculated, and copy "foo\0bar.com" (the whole thing of size 12 > (including terminating\0)) into the buffer that's only of size 3, > resulting in a buffer overflow. > > (Variants of) the second scenario seems plausible to me. > > As such, I would recommend forbidding \0 bytes in GNS, > or mentioning problems involving \0 in a section ‘Security > considerations’.
While I understand the problem GNS defines strings to be UTF-8 (notwithstanding punycode exceptions). You can't have UTF-8 strings with a zero terminator without having it mean exactly that: A string termination. Yes, you can say "but what if it is not a UTF-8 string", but that is not really the problem of the GNS spec. It normatively defines it as such and the implementation must comply (with UTF-8). See also https://en.wikipedia.org/wiki/Null-terminated_string section in "Character encoding". BR > > Greetings, > Maxime.
signature.asc
Description: Message signed with OpenPGP
