From 8a8703a1a7bde3457682c27db3e7d63856bd0cbc Mon Sep 17 00:00:00 2001
From: Mateusz Poliwczak <mpoliwczak34@gmail.com>
Date: Thu, 18 May 2023 15:38:40 +0200
Subject: [PATCH] reject names with dots inside label

---
 dns/dnsmessage/message.go      | 10 ++++++++++
 dns/dnsmessage/message_test.go |  9 +++++++++
 2 files changed, 19 insertions(+)

diff --git a/dns/dnsmessage/message.go b/dns/dnsmessage/message.go
index 69c611bda..1577d4a19 100644
--- a/dns/dnsmessage/message.go
+++ b/dns/dnsmessage/message.go
@@ -260,6 +260,7 @@ var (
 	errReserved           = errors.New("segment prefix is reserved")
 	errTooManyPtr         = errors.New("too many pointers (>10)")
 	errInvalidPtr         = errors.New("invalid pointer")
+	errInvalidName        = errors.New("invalid dns name")
 	errNilResouceBody     = errors.New("nil resource body")
 	errResourceLen        = errors.New("insufficient data for resource body length")
 	errSegTooLong         = errors.New("segment length too long")
@@ -2034,6 +2035,15 @@ Loop:
 			if endOff > len(msg) {
 				return off, errCalcLen
 			}
+
+			// Reject names containing dots.
+			// See issue golang/go#56246
+			for _, v := range msg[currOff:endOff] {
+				if v == '.' {
+					return off, errInvalidName
+				}
+			}
+
 			name = append(name, msg[currOff:endOff]...)
 			name = append(name, '.')
 			currOff = endOff
diff --git a/dns/dnsmessage/message_test.go b/dns/dnsmessage/message_test.go
index ef5326db8..ce2716e42 100644
--- a/dns/dnsmessage/message_test.go
+++ b/dns/dnsmessage/message_test.go
@@ -211,6 +211,15 @@ func TestName(t *testing.T) {
 	}
 }
 
+func TestNameWithDotsUnpack(t *testing.T) {
+	name := []byte{3, 'w', '.', 'w', 2, 'g', 'o', 3, 'd', 'e', 'v', 0}
+	var n Name
+	_, err := n.unpack(name, 0)
+	if err != errInvalidName {
+		t.Fatalf("expected %v, got %v", errInvalidName, err)
+	}
+}
+
 func TestNamePackUnpack(t *testing.T) {
 	const suffix = ".go.dev."
 	var longDNSPrefix = strings.Repeat("verylongdomainlabel.", 20)