From a6e7bb31bb78f2564c7793775c89f5cead205679 Mon Sep 17 00:00:00 2001 From: bradh352 Date: Wed, 2 Mar 2022 15:31:35 -0500 Subject: [PATCH] deps: cares: cherry-pick b5a3d96 Original commit message: Asterisks should be allowed in host validation as CNAMEs may reference wildcard domains CloudFlare appears to use this logic in CNAMEs as per https://github.com/nodejs/node/issues/42171 Fixes: https://github.com/c-ares/c-ares/issues/457 Fix By: Brad House (@bradh352) PR-URL: https://github.com/nodejs/node/pull/42216 Fixes: https://github.com/nodejs/node/issues/42171 Fixes: https://github.com/nodejs/node/issues/457 Refs: https://github.com/c-ares/c-ares/issues/457 Reviewed-By: Benjamin Gruenbaum Reviewed-By: Ben Noordhuis Reviewed-By: Colin Ihrig Reviewed-By: Darshan Sen Reviewed-By: Anna Henningsen Reviewed-By: Michael Dawson --- deps/cares/src/lib/ares_expand_name.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/deps/cares/src/lib/ares_expand_name.c b/deps/cares/src/lib/ares_expand_name.c index fcd88a2a42eb42..6c7a35a715bf47 100644 --- a/deps/cares/src/lib/ares_expand_name.c +++ b/deps/cares/src/lib/ares_expand_name.c @@ -64,6 +64,8 @@ static int ares__isprint(int ch) * - underscores which are used in SRV records. * - Forward slashes such as are used for classless in-addr.arpa * delegation (CNAMEs) + * - Asterisks may be used for wildcard domains in CNAMEs as seen in the + * real world. * While RFC 2181 section 11 does state not to do validation, * that applies to servers, not clients. Vulnerabilities have been * reported when this validation is not performed. Security is more @@ -71,7 +73,7 @@ static int ares__isprint(int ch) * anyhow). */ static int is_hostnamech(int ch) { - /* [A-Za-z0-9-._/] + /* [A-Za-z0-9-*._/] * Don't use isalnum() as it is locale-specific */ if (ch >= 'A' && ch <= 'Z') @@ -80,7 +82,7 @@ static int is_hostnamech(int ch) return 1; if (ch >= '0' && ch <= '9') return 1; - if (ch == '-' || ch == '.' || ch == '_' || ch == '/') + if (ch == '-' || ch == '.' || ch == '_' || ch == '/' || ch == '*') return 1; return 0;