dirmngr: Validate SRV records in WKD queries.

* dirmngr/server.c (proc_wkd_get): Check the returned SRV record names to mitigate rogue DNS servers. -- I am not sure wether this really is very useful because the security relies on a trustworthy DNS system anyway. However, that check is easy enough to do. Signed-off-by: Werner Koch <[email protected]>
author: Werner Koch <[email protected]> 2018-07-27 10:23:38 +0000
committer: Werner Koch <[email protected]> 2018-07-27 10:24:23 +0000
commit: ebe727ef596eefebb5eff7d03a98649ffc7ae3ee (patch)
tree: 6d3c7666fa084d11705a40aa872cc31bbbb9bcb6 /dirmngr/server.c
parent: common: New function to validate domain names. (diff)
download: gnupg-ebe727ef596eefebb5eff7d03a98649ffc7ae3ee.tar.gz
gnupg-ebe727ef596eefebb5eff7d03a98649ffc7ae3ee.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/dirmngr/server.c b/dirmngr/server.c
index 33ce4cfe3..2519fd601 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -887,6 +887,18 @@ proc_wkd_get (ctrl_t ctrl, assuan_context_t ctx, char *line)
       if (err)
         goto leave;
 
+      /* Check for rogue DNS names.  */
+      for (i = 0; i < srvscount; i++)
+        {
+          if (!is_valid_domain_name (srvs[i].target))
+            {
+              err = gpg_error (GPG_ERR_DNS_ADDRESS);
+              log_error ("rogue openpgpkey SRV record for '%s'\n", domain);
+              xfree (srvs);
+              goto leave;
+            }
+        }
+
       /* Find the first target which also ends in DOMAIN or is equal
        * to DOMAIN.  */
       domainlen = strlen (domain);
author	Werner Koch <[email protected]>	2018-07-27 10:23:38 +0000
committer	Werner Koch <[email protected]>	2018-07-27 10:24:23 +0000
commit	ebe727ef596eefebb5eff7d03a98649ffc7ae3ee (patch)
tree	6d3c7666fa084d11705a40aa872cc31bbbb9bcb6 /dirmngr/server.c
parent	common: New function to validate domain names. (diff)
download	gnupg-ebe727ef596eefebb5eff7d03a98649ffc7ae3ee.tar.gz gnupg-ebe727ef596eefebb5eff7d03a98649ffc7ae3ee.zip