search

watson / bonjour

A Bonjour/Zeroconf protocol implementation in JavaScript
MIT License
623 stars 144 forks source link

malformed when max length is exceeded #11

Closed mh-cbon closed 8 years ago

mh-cbon commented 8 years ago

Hi,

I just tried to use the txt records to share a PGP public key.

It all gone very bad.

The packets received was malformed, see (i will deliberately put \n for readability)

announce sent

bonjour-publish -H 127.0.0.1 -P 8081 -T http "Bonjour chat" --txt \
'{"name":"somccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc \
ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc \
ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc \
cccccccccccccccccce"}'

announce received

{"addresses":[],"name":"Bonjour chat","fqdn": \
"Bonjour chat._http._tcp.local","host":"127.0.0.1", \
"port":8081,"type":"http","protocol":"tcp","subtypes":[], \
"rawTxt":{"type":"Buffer","data": \
[5,110,97,109,101,61,115,111,109,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99, \
99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99, \
99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99, \
99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99, \
99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99 \
,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99, \
99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99, \
99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99, \
99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99, \
99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,101]},"txt": \
{"name":"","omcccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc \
ccccccccccccccccccccccccccccccccccccccccccccccc":true,"ccccccccccccccccccccccccc \
cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc \
cccc":true,"cccccccccccccccccccccccccccccccccccccce":true}}

As you can see the txt record is kind of weird. Also i notice it s missing the very first character.

Maybe it s only my router. I m unsure where that come from.

watson commented 8 years ago

Bonjour uses DNS-Based Service Discovery which dictates certain rules about the format of the TXT record. One of which says that:

The format of the data within a DNS TXT record is one or more strings, packed together in memory without any intervening gaps or padding bytes for word alignment.

And then goes on to add:

The format of each constituent string within the DNS TXT record is a single length byte, followed by 0-255 bytes of text data.

So since only a single byte is used to hold the length of the string, the string it self can't be more than 255 bytes. So if you try to parse a TXT record that doesn't follow these rules, the result is unpredictable.

The entire TXT record can't be more than 65,535 bytes totally.

watson commented 8 years ago

This module uses dns-txt to encode and decode TXT records. I've just added a test to the module to show that decoding works just up to the limit of 255, but breaks after that: https://github.com/watson/dns-txt/commit/ed0e92389b70e715bec9e45ff83c487cff21c089

mh-cbon commented 8 years ago

got it, thanks!