fix: escape dots and special characters in DNS label text representation #36

New Issue

Closed

opened 2026-04-07 02:20:52 +08:00 by razvandimescu · 0 comments

razvandimescu commented 2026-04-07 02:20:52 +08:00 (Migrated from github.com)

Copy Link

Bug

Reported by fanf2 on HN: read_qname pushes raw bytes from wire format labels without escaping special characters. A label containing a dot (byte 0x2E) produces ambiguous text output.

Example: Wire format [8]exa.mple[3]com[0] (two labels) → currently outputs exa.mple.com (looks like three labels). Should output exa\.mple.com.

Root cause

src/buffer.rs line 123-125:

let str_buffer = self.get_range(pos, len as usize)?;
for &b in str_buffer {
    outstr.push(b.to_ascii_lowercase() as char);
}

Raw bytes pushed directly without escaping.

Fix needed

read_qname — escape per RFC 1035 §5.1:

• Dots inside labels: \.
• Backslashes: \\
• Non-printable bytes (< 0x21 or > 0x7E): \DDD (3-digit decimal)

write_qname — parse escaped characters when splitting labels:

• Don't split on \. (escaped dot)
• Unescape \\ and \DDD sequences

Impact

Low in practice — real-world domains don't contain dots in labels. But it's a correctness issue that could cause wire format round-trip failures with adversarial input.

Credit: fanf2 (HN)

## Bug Reported by [fanf2 on HN](https://news.ycombinator.com/item?id=47612321): `read_qname` pushes raw bytes from wire format labels without escaping special characters. A label containing a dot (byte `0x2E`) produces ambiguous text output. **Example:** Wire format `[8]exa.mple[3]com[0]` (two labels) → currently outputs `exa.mple.com` (looks like three labels). Should output `exa\.mple.com`. ## Root cause `src/buffer.rs` line 123-125: ```rust let str_buffer = self.get_range(pos, len as usize)?; for &b in str_buffer { outstr.push(b.to_ascii_lowercase() as char); } ``` Raw bytes pushed directly without escaping. ## Fix needed **`read_qname`** — escape per RFC 1035 §5.1: - Dots inside labels: `\.` - Backslashes: `\\` - Non-printable bytes (< 0x21 or > 0x7E): `\DDD` (3-digit decimal) **`write_qname`** — parse escaped characters when splitting labels: - Don't split on `\.` (escaped dot) - Unescape `\\` and `\DDD` sequences ## Impact Low in practice — real-world domains don't contain dots in labels. But it's a correctness issue that could cause wire format round-trip failures with adversarial input. Credit: fanf2 (HN)

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

fix/self-resolver-loop

fix/allowlist-parent-unblocks

fix/windows-clippy-and-ci

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.0

v0.11.0

v0.10.3

v0.10.2

v0.10.1

v0.10.0

v0.9.1

v0.9.0

v0.8.0

v0.7.3

v0.7.2

v0.7.1

v0.7.0

v0.6.0

v0.5.0

v0.4.0

v0.3.1

v0.3.0

v0.2.1

v0.2.0

Labels

Clear labels

bug

Something isn't working

dependencies

Pull requests that update a dependency file

docker

Pull requests that update docker code

documentation

Improvements or additions to documentation

duplicate

This issue or pull request already exists

enhancement

New feature or request

github_actions

Pull requests that update GitHub Actions code

good first issue

Good for newcomers

help wanted

Extra attention is needed

invalid

This doesn't seem right

question

Further information is requested

rust

Pull requests that update rust code

wontfix

This will not be worked on

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

dearsky

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: dearsky/numa#36