plugin/rewrite: prevent illegal names (#1972)

Log and returns an error when the name rewrite creates a name that is illegal. Add test in name_test.go to see if an error is returned. Possible followup could be the only check this if a name-rewrite is done. Fixes: #1638 Signed-off-by: Miek Gieben <miek@miek.nl>
2025-10-31 10:13:14 -04:00 · 2018-07-13 14:32:07 +01:00
parent 8d9cf95ee8
commit d9b9a955ba
6 changed files with 63 additions and 10 deletions
--- a/plugin/rewrite/rewrite.go
+++ b/plugin/rewrite/rewrite.go
@@ -44,6 +44,13 @@ func (rw Rewrite) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg
 	for _, rule := range rw.Rules {
 		switch result := rule.Rewrite(ctx, state); result {
 		case RewriteDone:
+			if !validName(state.Req.Question[0].Name) {
+				x := state.Req.Question[0].Name
+				log.Errorf("Invalid name after rewrite: %s", x)
+				state.Req.Question[0] = wr.originalQuestion
+				return dns.RcodeServerFailure, fmt.Errorf("invalid name after rewrite: %s", x)
+			}
+
 			respRule := rule.GetResponseRule()
 			if respRule.Active == true {
 				wr.ResponseRewrite = true