check length of DNS records data field
Bernd Wurst commited on 2023-02-18 18:23:07
Zeige 1 geänderte Dateien mit 18 Einfügungen und 0 Löschungen.
- modules/dns/include/dnsinclude.php 84f221c..794398c
| ... | ... |
@@ -274,6 +274,9 @@ function save_dns_record($id, $record) |
| 274 | 274 |
if ($record['spec'] < 0) {
|
| 275 | 275 |
system_failure("invalid priority");
|
| 276 | 276 |
} |
| 277 |
+ if (strlen($record['data']) > 255) {
|
|
| 278 |
+ system_failure('data field is too long');
|
|
| 279 |
+ } |
|
| 277 | 280 |
verify_input_hostname($record['data']); |
| 278 | 281 |
if (! $record['data']) {
|
| 279 | 282 |
system_failure('MX hostname missing');
|
| ... | ... |
@@ -290,6 +293,9 @@ function save_dns_record($id, $record) |
| 290 | 293 |
$record['dyndns'] = null; |
| 291 | 294 |
$record['spec'] = null; |
| 292 | 295 |
$record['ip'] = null; |
| 296 |
+ if (strlen($record['data']) > 255) {
|
|
| 297 |
+ system_failure('data field is too long');
|
|
| 298 |
+ } |
|
| 293 | 299 |
verify_input_hostname($record['data']); |
| 294 | 300 |
if (! $record['data']) {
|
| 295 | 301 |
system_failure('destination host missing');
|
| ... | ... |
@@ -301,6 +307,9 @@ function save_dns_record($id, $record) |
| 301 | 307 |
$record['dyndns'] = null; |
| 302 | 308 |
$record['spec'] = null; |
| 303 | 309 |
$record['ip'] = null; |
| 310 |
+ if (strlen($record['data']) > 1024) {
|
|
| 311 |
+ system_failure('data field is too long');
|
|
| 312 |
+ } |
|
| 304 | 313 |
if (! $record['data']) {
|
| 305 | 314 |
system_failure('text entry missing');
|
| 306 | 315 |
} |
| ... | ... |
@@ -310,6 +319,9 @@ function save_dns_record($id, $record) |
| 310 | 319 |
$record['dyndns'] = null; |
| 311 | 320 |
$record['spec'] = max((int) $record['spec'], 1); |
| 312 | 321 |
$record['ip'] = null; |
| 322 |
+ if (strlen($record['data']) > 255) {
|
|
| 323 |
+ system_failure('data field is too long');
|
|
| 324 |
+ } |
|
| 313 | 325 |
if (! $record['data']) {
|
| 314 | 326 |
system_failure('text entry missing');
|
| 315 | 327 |
} |
| ... | ... |
@@ -318,6 +330,9 @@ function save_dns_record($id, $record) |
| 318 | 330 |
case 'caa': |
| 319 | 331 |
$record['dyndns'] = null; |
| 320 | 332 |
$record['ip'] = null; |
| 333 |
+ if (strlen($record['data']) > 255) {
|
|
| 334 |
+ system_failure('data field is too long');
|
|
| 335 |
+ } |
|
| 321 | 336 |
if (! $record['data']) {
|
| 322 | 337 |
system_failure('text entry missing');
|
| 323 | 338 |
} |
| ... | ... |
@@ -329,6 +344,9 @@ function save_dns_record($id, $record) |
| 329 | 344 |
if ($record['spec'] < 0) {
|
| 330 | 345 |
system_failure("invalid priority");
|
| 331 | 346 |
} |
| 347 |
+ if (strlen($record['data']) > 255) {
|
|
| 348 |
+ system_failure('data field is too long');
|
|
| 349 |
+ } |
|
| 332 | 350 |
if (! $record['data']) {
|
| 333 | 351 |
system_failure('SRV target missing');
|
| 334 | 352 |
} |
| 335 | 353 |