igniterealtime / Smack / #2526
53%
master: 40%

LAST BUILD BRANCH: patch-1
DEFAULT BRANCH: master
Ran
Jobs 1
Files 140
Run time 3min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
#2526

push

other

Sanitize DNS labels (and names) in toString()

The c-ares library was recently affected by an issue where a string
potentially containing a null byte (and other non-printable
characters) was handed to the user (CVE-2021-3672) [1].

This, and furhter DNS related attacks, where presented by Jeitner and
Shulman at USENIX Security '21 [2]. I currently believe that MiniDNS
is not affected by the attacks shown in the paper. Mostly because
MiniDNS has dedicated classes for DnsName and DnsLabel. And especially
the former, DnsName, implements an equal() method that is not based on
the pure String comparision, but instead compres bytes of the
serialized labels. I think that this should render most of the attacks
of the paper ineffective. However, I did not had time to thoroughly
review the paper and MiniDNS' code base, and perform some experiments.

For now, this changes the String representation of DnsName and
DnsLabel to a format where "malicious" characters are explicitly
escaped. Note that the "dangerous" DnsName/DnsLabel representation can
still be retrieved, however a Javadoc comment was added, that nobody
is going to read, hinting towards the security implications of using
the unescaped representation.

1: https://www.openwall.com/lists/oss-security/2021/08/10/1
2: Jeitner, Philipp and Haya Shulman. “Injection Attacks Reloaded: Tunnelling
Malicious Payloads over DNS”. In: 30th USENIX Security Symposium (USENIX
Security 21). USENIX Association, Aug. 2021, pp. 3165–3182. isbn: 978-1-
939133-24-3. url: https://www.usenix.org/conference/usenixsecurity21/
presentation/jeitner

2952 of 5568 relevant lines covered (53.02%)

0.53 hits per line

Jobs
ID Job ID Ran Files Coverage
1 #2526.1 0
53.02
Source Files on build #2526