dirmngr: Validate SRV records in WKD queries.

* dirmngr/server.c (proc_wkd_get): Check the returned SRV record names to mitigate rogue DNS servers. -- I am not sure wether this really is very useful because the security relies on a trustworthy DNS system anyway. However, that check is easy enough to do. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit ebe727ef596eefebb5eff7d03a98649ffc7ae3ee)
author: Werner Koch <[email protected]> 2018-07-27 10:23:38 +0000
committer: Werner Koch <[email protected]> 2018-07-29 16:39:49 +0000
commit: 8a98aa25bb4bdbfe53afd4534f6624454ca01ab0 (patch)
tree: 57b692bf8ffb3f59b456c6083a20f1ada6efbc2c
parent: common: New function to validate domain names. (diff)
download: gnupg-8a98aa25bb4bdbfe53afd4534f6624454ca01ab0.tar.gz
gnupg-8a98aa25bb4bdbfe53afd4534f6624454ca01ab0.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/dirmngr/server.c b/dirmngr/server.c
index b7cdb24c9..fcf0c1aaf 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -887,6 +887,18 @@ proc_wkd_get (ctrl_t ctrl, assuan_context_t ctx, char *line)
       if (err)
         goto leave;
 
+      /* Check for rogue DNS names.  */
+      for (i = 0; i < srvscount; i++)
+        {
+          if (!is_valid_domain_name (srvs[i].target))
+            {
+              err = gpg_error (GPG_ERR_DNS_ADDRESS);
+              log_error ("rogue openpgpkey SRV record for '%s'\n", domain);
+              xfree (srvs);
+              goto leave;
+            }
+        }
+
       /* Find the first target which also ends in DOMAIN or is equal
        * to DOMAIN.  */
       domainlen = strlen (domain);
author	Werner Koch <[email protected]>	2018-07-27 10:23:38 +0000
committer	Werner Koch <[email protected]>	2018-07-29 16:39:49 +0000
commit	8a98aa25bb4bdbfe53afd4534f6624454ca01ab0 (patch)
tree	57b692bf8ffb3f59b456c6083a20f1ada6efbc2c
parent	common: New function to validate domain names. (diff)
download	gnupg-8a98aa25bb4bdbfe53afd4534f6624454ca01ab0.tar.gz gnupg-8a98aa25bb4bdbfe53afd4534f6624454ca01ab0.zip