igniterealtime / Smack

53%

master: 40%

LAST BUILD ON BRANCH dnslabel-null-byte

branch: dnslabel-null-byte

CHANGE BRANCH

x

Reset

• dnslabel-null-byte
• 373f4936a399d6f8ba6dea2321924337cea23653
• 3a6410008d055f32b48eb77e1e42857e27e4c7c3
• 4.2
• 4.3
• 4.3_MUC-leave-without-nickname
• 4.4
• 651f217d269739a82d742b8577f0a5f633957585
• 7dae440b1e84d0f7a13c7f25da7a630172c8eda2
• 8b3e5276506b3361c5f64bb6d09c954892a4363b
• 94cf066d5243af4c4ae03ecada8097e5c9bd9ae8
• 983d51047167d64c21c142832b766162d18eacb3
• 9dca40606f2641c58b8454635226ec628c204872
• Fishbowler-xep-0045-coverage-part2
• MUC_revoke-membership-in-membersonly-room
• SINT_roster-presence-based
• SMACK-879
• SMACK-908_debugger-tabs
• SMACK-935_Websocket-open-element
• SMACK-943_Mediated-invitations
• SMACK-945_Actor-nick-in-XML
• SMACK-946_Data-Form-unset-value
• SMACK-947_MucConfigFormManager-admin-support
• SMACK-948_MUC-API-consistency
• SMACK-949_MUC-join-state-after-destroy
• SMACK-950_MUC-destroy-password
• SMACK-957_PubSub-service-detection
• aa083c0681eda9c3ca3bf66f5d8dfd21e0ead7b7
• ad-hoc-improved
• add_muc_tests
• append-approach-public
• bb39b18ba3e89e9ce8033f5c46ba2b2f0a5636fa
• bookmarks-empty-nick
• break-loop-in-webscoket-disconnect
• buildsystem-bumps
• bumpLibSignal
• bumpPGPainless
• bumpPgpainless
• c244d90ba51ef7e9a1af046f1301a4090b7a7d7c
• caps-dataform-ordering
• cb-adr/98d530819
• ceef0e8cded5e2b1875b1efe32bb08fa6ea7a3fa
• ci-junit
• ci-run-sinttest-against-openfire
• core_unique-id-for-threads
• coveralls
• debugger-context
• dev
• disco_feature-compare-fix
• disco_sdi-backwards-compat
• doc_updates
• docs-to-javadoc
• enhanced-debugger-performance
• errorprone
• f1908b1f83be41eeea5647f296c45c26d8807fc2
• feature/multiversion_mam_support
• file_metadata
• fillable-forms-only-require-list-fields-to-have-value-set
• fix-bosh-config-ipaddress
• fix-destroy
• fix-dsa-asn-encoding
• fix-npe-in-fillableform
• fix-npe-when-missing-x
• flow
• form-field-registry
• gh-readonly-queue/master/pr-517-2dc12db6f47da02aec2f40a11a57b11fe34982ec
• gh-readonly-queue/master/pr-519-36d6ff29950c04e4322c4ce0a3707acd5e54fd33
• gh-readonly-queue/master/pr-535-f6c85d9fb3a4d8baa96d48dc428b53974d9fdba5
• gh-readonly-queue/master/pr-537-50eb94850d156c37c2f103c9067d339bcfa3016b
• gh-readonly-queue/master/pr-549-92f1fe647bbbe2b1e8de8c7ffccc3a390dd8e459
• gh-readonly-queue/master/pr-550-507345ed7a993ae339c9d26ed8e55c6e17c24e33
• gh-readonly-queue/master/pr-561-24782558d60ddf7ef285a89ca93108d8bf2a1402
• gh-readonly-queue/master/pr-563-7eabdaf8f72a57db691267dc0ace51fe94a7de77
• gh-readonly-queue/master/pr-564-0469185b62f6058db77648a086dc3bbf8d4138c9
• gh-readonly-queue/master/pr-567-38dd64835f21859a932b0b9306f59ec62e246878
• gh-readonly-queue/master/pr-568-19b20fefeca69cccc3637e01ec2f151a054a3351
• gh-readonly-queue/master/pr-570-097ab20485c3644d9195581a931915696f96ab81
• gh-readonly-queue/master/pr-573-9055878748e4811e6d712ff7e22c7c48658463d1
• gh-readonly-queue/master/pr-575-282d63da36049746410cfc0462169900e29fd071
• gh-readonly-queue/master/pr-578-50a04d85564a84aecadae88174f50ef79ad8b2da
• gh-readonly-queue/master/pr-579-d204d24223964fbcfba560817df6c8a40b7ebe4c
• gh-readonly-queue/master/pr-580-e3d12eed940e3b9ef9125c140db285cc3d67abaf
• gh-readonly-queue/master/pr-581-e504bc23cfe601e4e414aac1aff54c8f3d69c67f
• gh-readonly-queue/master/pr-583-7139a432914fe05e3fb134d2630eaf6d2f3429c8
• gh-readonly-queue/master/pr-584-211cf342a473db62207a00515051052ba915602c
• gh-readonly-queue/master/pr-585-78814d2f864dae4e5a6c7969742071e0f1397628
• gh-readonly-queue/master/pr-586-6b300ec279605025e9b65d0b9000087d72c86ad2
• gh-readonly-queue/master/pr-587-355cc4eb53547f2bff7cdf62e33fa1a869c2f6fc
• gh-readonly-queue/master/pr-588-37f4f3567501ab3b07bcd669c526fffec21fcba0
• gh-readonly-queue/master/pr-589-2e94599d58e243a618efbd02542364003e5bafaf
• gh-readonly-queue/master/pr-590-8a71029fbcd2b15fa4c13afdbc597101527eb153
• gh-readonly-queue/master/pr-591-1bba38decd668d663871be0c2d68aa6da7a455d6
• gh-readonly-queue/master/pr-593-6ae8234d255bcf6e19a5faf50d70a2892f35b0b4
• gh-readonly-queue/master/pr-594-0db1c7a988b678cd3806186373d1db3d4e930af2
• gh-readonly-queue/master/pr-597-5cbcd676457ca9429f3788ab7e77681171fbc50d
• gh-readonly-queue/master/pr-598-cf8a8466e444041f7169bd6b86ed492390b2f056
• gh-readonly-queue/master/pr-599-98ff4d8a6508bae34da980ce1299dd2f3fcbdd4f
• gh-readonly-queue/master/pr-601-47d4cbe0943bd0355b6d1d6c840d830536b60af9
• gh-readonly-queue/master/pr-603-a4eb5a7b010c1de3b6648b983cea1c2cfdbb7179
• gh-readonly-queue/master/pr-605-d27fef0baefe03f3543f51ccf748902260814a29
• gh-readonly-queue/master/pr-606-9a87643429f89dd805c73c4b11ed9b3412e24dd2
• gh-readonly-queue/master/pr-607-8fcfe2cc33bb1b0c04d9092596e816e61356c80e
• gh-readonly-queue/master/pr-610-2019e0d94324520532a2ce19bddfd6d37c254c08
• gh-readonly-queue/master/pr-612-fc2f258310e4b10213cfd63dc9997a52251d2101
• gh-readonly-queue/master/pr-614-854f847db3d8e405a70e511295ea2c748153ef22
• gh-readonly-queue/master/pr-616-9c4fcc093167098a46ed85a24d7f03a72fec176d
• gh-readonly-queue/master/pr-618-300106edb5e15bf35b684b75fc7f98fc8485bfcd
• gh-readonly-queue/master/pr-621-6c7e88f3a0d4c7b9dd12bb92af15cac564819318
• gh-readonly-queue/master/pr-622-7024151f5d21d57ba7908299501995d228e637a2
• gh-readonly-queue/master/pr-623-3dfd90dc34663a080b960b0bbdaf896e81751aac
• gh-readonly-queue/master/pr-624-5633d0e6c2d253529ed99d85930189be70801bd8
• gh-readonly-queue/master/pr-625-b44ade562ad08100fdeda14650f7af6d837a82b7
• gh-readonly-queue/master/pr-627-63e25bc8cd2ebe513d7ab02c681c5c3ec6f8b6d5
• gh-readonly-queue/master/pr-634-5d2ca5d7d32ff48504e84e2ed789af64a629bb34
• gh-readonly-queue/master/pr-636-55400633c83bf69be7628f6871f7b9e9432389db
• gh-readonly-queue/master/pr-639-220faa9d3d02210728066b320b4dd05ad48cdd69
• gh-readonly-queue/master/pr-640-b0f0ee2330bbc0dd087f9fc8b05da7f3c65a5a7c
• gh-readonly-queue/master/pr-641-c35443928cb8926f4c2a0f76479e41626d147100
• gh-readonly-queue/master/pr-642-a7037b58cf9b93c6fb1c41cca53674f984fcbee1
• gh-readonly-queue/master/pr-643-77819e072b9c460528571fc3db7e4a47620a7851
• gh-readonly-queue/master/pr-645-2cc77b4df3be30cd30b33ea9defbda84483e0e3f
• gh-readonly-queue/master/pr-646-7ca5fb156bedc9e856b5c1ba6b8d7922ffc95744
• gh-readonly-queue/master/pr-646-afb197f26095fc280f1c380365965a0d23a1134e
• gh-readonly-queue/master/pr-646-dda8003f85d33700990ce421861af59d8f19cbba
• gh-readonly-queue/master/pr-650-4e5ac745a607cc4ee20d97ed31b36944d96846ab
• gh-readonly-queue/master/pr-651-6fe95f4ddd711b187114fe87669ff6109e05b672
• gh-readonly-queue/master/pr-655-bfc7f3d65b6c7d1270d52c84346f1238cb0f5fdb
• gh-readonly-queue/master/pr-656-0c49660396e7bfe92ef5eefe55d28dd6d8d78fcc
• gh-readonly-queue/master/pr-657-1b22fe23d42c31ae24ad575bd695a15d35655e9c
• gh-readonly-queue/master/pr-658-4b5d45f3e8a15803868cc61338cb6b6370ca3e2d
• gh-readonly-queue/master/pr-659-7f51d10d92c7387a8cbcc2106d761a8092baf46d
• gh-readonly-queue/master/pr-660-43b536a9350c252f6cc08b87ac72a2ac3819a555
• gh-readonly-queue/master/pr-661-8ac3b0c1712aa421938f2b0ffb15933205583fc2
• gh-readonly-queue/master/pr-662-9c516d26ed9ea4b4109e0735ce253e85cd5ee535
• gh-readonly-queue/master/pr-663-8cac5f860e6d766e99ef3c142f2d4e6392c1cfbb
• gh-readonly-queue/master/pr-664-198495fbfb9e2c77411c69fa33494da18d638eaf
• gh-readonly-queue/master/pr-665-3aca28f5b75737d8ed00fd8eb6c3cc3395ff0bea
• gh-readonly-queue/master/pr-668-e4509fe836a54eae1a1f23a7a63e84e3c5800137
• gh-readonly-queue/master/pr-669-b952619a77f68d68fd4bb3ec86664870d8acb37d
• gh-readonly-queue/master/pr-670-1a850b060cb19d14a10c1fb89ebd2f96858409f5
• gh-readonly-queue/master/pr-672-4c0dd2beca0841dd9a4002a248f61374101d5e41
• gh-readonly-queue/master/pr-673-2edaad7c279e9ed539b886a8baa1e35796d191c2
• gh-readonly-queue/master/pr-674-35d164260cee76632050b2d4b462bdd2fb7d87af
• gh-readonly-queue/master/pr-677-c45847c624590690b88e862cd17a13c7290dd327
• gh-readonly-queue/master/pr-678-4df451495b479df9c7a3803d07e366f6d34644ff
• gh-readonly-queue/master/pr-681-fd2da2795ffb52f443e9ecfb1020ba19c2486002
• gh-readonly-queue/master/pr-682-2a914c10124430c6a8f7334e92c2566df5641153
• gh-readonly-queue/master/pr-683-ba69ada07ca94871f4b68c9b89a9e8f3a57be4e0
• gh-readonly-queue/master/pr-684-df5d14a5065f353d205ee782a0388da09ac127c1
• gh-readonly-queue/master/pr-685-2609540451551bafc21752ab0b4ba1916270e32e
• gha-publishing
• github-actions
• github-ci
• gradle-7
• gradlew
• guusdk-patch-1
• intellij-icon
• javadoc-all
• jxmpp-context
• master
• master-ignite
• message_builder
• muc-bare-jid
• muc-change-subject-error
• muc-destroy-leave-race
• mux-race-condition
• patch-1
• path
• pep_features
• pgpainless_0_2_0
• pubsub-sinttests
• ramabit.avatar
• ramabit.avatar_2
• readme-badge
• remove-bintray
• remove-caps-changed-listener
• remove-legacy-iqprovider
• safe-char-sequence
• sdm-feature
• send-non-blocking
• sint-abstract-muc-contract-change
• sint-lowlevel-connectiondescriptors
• sint-rosterutil-errormessage
• sint-specref-version
• sint-versions-for-tests
• sint_accountmanager-securitymode
• sint_add-host-config
• sint_add-ignite-to-default-scanner
• sint_assertequals-argument-order
• sint_assertresult-multisync
• sint_configurable-testresultprocessor
• sint_custom_debugger
• sint_dir-create
• sint_execution-order
• sint_fix-annotation-read
• sint_human-readable-assertion-messages
• sint_ibr
• sint_improve-notinroster
• sint_muc-check-creation-permission
• sint_muc-defaultaffilition-order
• sint_muc-guarantee-order
• sint_muc-occupant-race
• sint_ox-cleanup
• sint_roster-cleanup
• sint_simpleresultsyncpoint-assertion
• sint_subscription
• sint_subscription_linting_fix
• sint_syncpoint_timeoutmessage
• sint_tagging
• sint_testnotpossible-message-fix
• sint_trim-config
• sint_wait-for-filter-to-propagate
• sinttes_typo
• sinttest-assert-result
• sinttest-debugger-config
• sinttest-ibr
• sinttest-improve-message
• sinttest-muc-join-leave-cycle
• sinttest-uncon-con-source
• sinttest_fail-on-impossible
• sinttest_lowlevel-accountreg
• sinttest_muc-feature-check
• sinttest_rosterintegrationtest-npe
• sinttest_specref-normalization-access
• sinttest_specref-normalization-dash
• smackx_package-info-copypaste-bugs
• stateless_file_sharing
• the-the
• typo
• typo-2
• typo_seearch
• vanniktech-maven-publish
• websocket-default-port
• websocket-fragility
• xdata-roomsecret-fix
• xep-0045-coverage-part1
• xep-0045-coverage-part2
• xep-0045-coverage-part3
• xep-0045-coverage-part4

Sanitize DNS labels (and names) in toString()

The c-ares library was recently affected by an issue where a string
potentially containing a null byte (and other non-printable
characters) was handed to the user (CVE-2021-3672) [1].

This, and furhter DNS related attacks, where presented by Jeitner and
Shulman at USENIX Security '21 [2]. I currently believe that MiniDNS
is not affected by the attacks shown in the paper. Mostly because
MiniDNS has dedicated classes for DnsName and DnsLabel. And especially
the former, DnsName, implements an equal() method that is not based on
the pure String comparision, but instead compres bytes of the
serialized labels. I think that this should render most of the attacks
of the paper ineffective. However, I did not had time to thoroughly
review the paper and MiniDNS' code base, and perform some experiments.

For now, this changes the String representation of DnsName and
DnsLabel to a format where "malicious" characters are explicitly
escaped. Note that the "dangerous" DnsName/DnsLabel representation can
still be retrieved, however a Javadoc comment was added, that nobody
is going to read, hinting towards the security implications of using
the unescaped representation.

1: https://www.openwall.com/lists/oss-security/2021/08/10/1
2: Jeitner, Philipp and Haya Shulman. “Injection Attacks Reloaded: Tunnelling
Malicious Payloads over DNS”. In: 30th USENIX Security Symposium (USENIX
Security 21). USENIX Association, Aug. 2021, pp. 3165–3182. isbn: 978-1-
939133-24-3. url: https://www.usenix.org/conference/usenixsecurity21/
presentation/jeitner