From e74052ea712dffc44565d81536f368db4790f232 Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Thu, 5 Sep 2024 15:11:21 +0200 Subject: [PATCH] '{&dns}' is as valid as '{?dns}' in a SVCB's dohpath See for example section 1.2. "Levels and Expression Types" of rfc6570. --- lib/dns/rdata/in_1/svcb_64.c | 6 ++++-- tests/dns/rdata_test.c | 2 ++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/dns/rdata/in_1/svcb_64.c b/lib/dns/rdata/in_1/svcb_64.c index 1045cf9c51..754e3ef71f 100644 --- a/lib/dns/rdata/in_1/svcb_64.c +++ b/lib/dns/rdata/in_1/svcb_64.c @@ -158,7 +158,7 @@ svcb_validate(uint16_t key, isc_region_t *region) { /* * Minimum valid dohpath is "/{?dns}" as * it MUST be relative (leading "/") and - * MUST contain "{?dns}". + * MUST contain "{?dns}" or "{&dns}". */ if (region->length < 7) { return DNS_R_FORMERR; @@ -173,8 +173,10 @@ svcb_validate(uint16_t key, isc_region_t *region) { { return DNS_R_FORMERR; } - /* MUST contain "{?dns}" */ + /* MUST contain "{?dns}" or "{&dns}" */ if (strnstr((char *)region->base, "{?dns}", + region->length) == NULL && + strnstr((char *)region->base, "{&dns}", region->length) == NULL) { return DNS_R_FORMERR; diff --git a/tests/dns/rdata_test.c b/tests/dns/rdata_test.c index 6830b3b071..de7a6b44e8 100644 --- a/tests/dns/rdata_test.c +++ b/tests/dns/rdata_test.c @@ -2701,6 +2701,8 @@ ISC_RUN_TEST_IMPL(https_svcb) { "1 example.net. key7=\"/{?dns}\""), TEXT_VALID_LOOPCHG(1, "1 example.net. dohpath=/some/path{?dns}", "1 example.net. key7=\"/some/path{?dns}\""), + TEXT_VALID_LOOPCHG(1, "1 example.net. dohpath=/some/path?key=value{&dns}", + "1 example.net. key7=\"/some/path?key=value{&dns}\""), TEXT_INVALID("1 example.com. dohpath=no-slash"), TEXT_INVALID("1 example.com. dohpath=/{?notdns}"), TEXT_INVALID("1 example.com. dohpath=/notvariable"),