Adds compression pointer loop detection in Domain parsing (#87)

* Adds compression pointer loop detection in Domain parsing This adds a simple loop detection to the Domain parsing method. Whenever a pointer offset has been seen before, the function aborts by throwing an exception. This prevents an infinite loop that could cause a DoS attack by a specially crafted DNS response packet. * Fix style Co-authored-by: Mirza Kapetanovic <mirza.kapetanovic@gmail.com>
kapetan · Nov 24, 2021 · 18d8c5d · 18d8c5d
1 parent cf7105a
commit 18d8c5d
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 4 deletions.
diff --git a/DNS/Protocol/Domain.cs b/DNS/Protocol/Domain.cs
@@ -28,9 +28,10 @@ public static Domain FromArray(byte[] message, int offset, out int endOffset) {
             bool endOffsetAssigned = false;
             endOffset = 0;
             byte lengthOrPointer;
+            HashSet<int> visitedOffsetPointers = new HashSet<int>();
 
             while ((lengthOrPointer = message[offset++]) > 0) {
-                // Two heighest bits are set (pointer)
+                // Two highest bits are set (pointer)
                 if (lengthOrPointer.GetBitValueAt(6, 2) == 3) {
                     if (!endOffsetAssigned) {
                         endOffsetAssigned = true;
@@ -40,8 +41,15 @@ public static Domain FromArray(byte[] message, int offset, out int endOffset) {
                     ushort pointer = lengthOrPointer.GetBitValueAt(0, 6);
                     offset = (pointer << 8) | message[offset];
 
+                    if (visitedOffsetPointers.Contains(offset)) {
+                        throw new ArgumentException("Compression pointer loop detected");
+                    }
+                    visitedOffsetPointers.Add(offset);
+
                     continue;
-                } else if (lengthOrPointer.GetBitValueAt(6, 2) != 0) {
+                }
+
+                if (lengthOrPointer.GetBitValueAt(6, 2) != 0) {
                     throw new ArgumentException("Unexpected bit pattern in label length");
                 }
 

diff --git a/Tests/Fixtures/Domain/pointer-loop b/Tests/Fixtures/Domain/pointer-loop
diff --git a/Tests/Protocol/ParseDomainTest.cs b/Tests/Protocol/ParseDomainTest.cs
@@ -1,8 +1,9 @@
-using Xunit;
+using System;
+using Xunit;
 using DNS.Protocol;
 
 namespace DNS.Tests.Protocol {
-    
+
     public class ParseDomainTest {
         [Fact]
         public void EmptyDomain() {
@@ -91,5 +92,12 @@ public void PointerDomainWithMultipleLabelsPreceededByHeader() {
             Assert.Equal(16, domain.Size);
             Assert.Equal(30, endOffset);
         }
+
+        [Fact]
+        public void PointerDomainLoopDetection() {
+            int endOffset = 0;
+            byte[] content = Helper.ReadFixture("Domain", "pointer-loop");
+            Assert.Throws<ArgumentException>(() => Domain.FromArray(content, 16, out endOffset));
+        }
     }
 }