This pull request makes the name.decode function to be stricter about what kind of data it accepts:
Check that there's enough packet data to read before each step (reading the label header, reading label data, pointer decoding). Raise an error when there's not enough packet data.
Ensure that the maximum total name length is 253 (when counting the separator dots). Raise an error when it seems like the name will be longer.
The two most significant bits of label headers bytes must either be both set or be both unset. Raise an error when encountering a label header byte that doesn't adhere to this rule.
This also effectively limits the length of a single label to 63 bytes.
Require pointers to always point to prior data (based on a reading of RFC 1035, section 4.1.4). Raise an error when a pointer doesn't adhere to this rule.
Fix a corner case where a valid compressed name got suffixed with two extra dots.
Make the whole function non-recursive.
This pull request also adds tests aimed to catch these cases.
Without to these checks it's possible to craft packets that take advantage of name.decode to cause Node.js to run out of memory when processing a ~60 kilobyte packet that takes advantage of infinite pointer loops and unlimited name lengths:
Just for full disclosure: Prior to making this pull request I confirmed from @mafintosh over Twitter DMs whether it's okay to submit this PR publicly š
This pull request makes the
name.decode
function to be stricter about what kind of data it accepts:This pull request also adds tests aimed to catch these cases.
Without to these checks it's possible to craft packets that take advantage of
name.decode
to cause Node.js to run out of memory when processing a ~60 kilobyte packet that takes advantage of infinite pointer loops and unlimited name lengths:Just for full disclosure: Prior to making this pull request I confirmed from @mafintosh over Twitter DMs whether it's okay to submit this PR publicly š