Incorrect handling of max domain length in host

[nuclight]

In a discussion about nsd which led to separate issue to check maximum domain length, a bug in host was found:

$ host a123456789b123456789c123456789d123456789e123456789f123456789g12.a123456789b123456789c123456789d123456789e123456789f123456789g12.a123456789b123456789c123456789d123456789e123456789f123456789g12.a123456789b123456789c123456789d123456789e123456789f1234567.com ;; connection timed out; no servers could be reached

... is parsed by host, though it is 1 char longer then allowed. BTW, drill reports error correctly. Then,

$ host a123456789b123456789c123456789d123456789e123456789f123456789g12.a123456789b123456789c123456789d123456789e123456789f123456789g12.a123456789b123456789c123456789d123456789e123456789f123456789g12.a123456789b123456789c123456789d123456789e123456789f123456.com host: '(null)' is not a legal name (Domainname length overflow)

while it is already in allowed length by standard. Moreover, trying to cut characters one by one of rightmost label before .com still produces overflow error! Until about 246 characters long.

This is host from FreeBSD 11.4, that is, ldns/util.h:#define LDNS_VERSION "1.6.17"

[Jakker]

I'm afraid you are mistaken, ldns is not used for the host command (/usr/bin/host nor the ports/packages version).

[nuclight]

It is:

strings -n 4 /usr/bin/host | grep ldns | wc -l
     109

https://github.com/freebsd/freebsd-src/blob/main/usr.bin/host/Makefile

[Jakker]

The /usr/bin/host is not part of ldns but FreeBSD. It is apparently using a private version of the library.

ldd /usr/bin/host
/usr/bin/host:
    libprivateldns.so.5 => /usr/lib/libprivateldns.so.5 (0x80024a000)
    libc.so.7 => /lib/libc.so.7 (0x8002ad000)
    libssl.so.111 => /usr/lib/libssl.so.111 (0x8006bf000)
    libcrypto.so.111 => /lib/libcrypto.so.111 (0x800757000)
    libthr.so.3 => /lib/libthr.so.3 (0x800a4b000)

[nuclight]

Hmm, seems it is really separate project, my mistake... but btw "private" is just FreeBSD's convention for imported into base versions to not clash with installed from ports/packages if someone wants more fresh version.

[wtoorop]

Thanks, yes, a 246 byte length limit for a dname does not feel like it has anything to do with ldns. Closing ticket.

[magv]

Hi, all. This might be a bug in LDNS after all.

Here's a test program:

#include <ldns/ldns.h>
#include <stdio.h>
int
main(int argc, char *argv[])
{
    ldns_rdf *dname;
    ldns_status status;
    if ((status = ldns_str2rdf_dname(&dname, argv[1])) != LDNS_STATUS_OK) {
        printf("ldns_str2rdf_dname failed: %s\n", ldns_get_errorstr_by_id(status));
    } else{
        printf("ldns_str2rdf_dname succeeded\n");
        printf("ldns_rdf2str returns <%s>\n", ldns_rdf2str(dname));
    }
    return 0;
}

Here's what I get from it with the input from the original message:

$ ./test a123456789b123456789c123456789d123456789e123456789f123456789g12.a123456789b123456789c123456789d123456789e123456789f123456789g12.a123456789b123456789c123456789d123456789e123456789f123456789g12.a123456789b123456789c123456789d123456789e123456789f1234567.com
ldns_str2rdf_dname succeeded
ldns_rdf2str returns <(null)>

It is because ldns_str2rdf_dname succeeds instead of returning something like LDNS_STATUS_DOMAINNAME_OVERFLOW, ldns-host thinks everything's OK, and does what it does.

[magv]

So should this issue be reopened?

[wtoorop]

No, sorry for not responding earlier, but this has already been resolved on the develop branch:

$ ./test  a123456789b123456789c123456789d123456789e123456789f123456789g12.a123456789b123456789c123456789d123456789e123456789f123456789g12.a123456789b123456789c123456789d123456789e123456789f123456789g12.a123456789b123456789c123456789d123456789e123456789f1234567.com
ldns_str2rdf_dname failed: Domainname length overflow

[magv]

Oh, I see. Thanks. Then I guess a new release is due at some point soon? Once that happens, @nuclight, would you push for FreeBSD to update the bundled ldns version too?