From b4d55b16b608c449e24052c6135f98a41a966c50 Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Sun, 26 Jan 2020 13:04:06 +0100
Subject: [PATCH] LookupServer: Randomize the 0x20 bit in DNS request ASCII
 characters

This adds a bit of extra entropy to DNS requests, making it harder to
spoof a valid response.

Suggested by @zecke in #10.
---
 Servers/LookupServer/DNSRequest.cpp | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/Servers/LookupServer/DNSRequest.cpp b/Servers/LookupServer/DNSRequest.cpp
index 5264caa0dd..f70fe02aff 100644
--- a/Servers/LookupServer/DNSRequest.cpp
+++ b/Servers/LookupServer/DNSRequest.cpp
@@ -1,7 +1,9 @@
 #include "DNSRequest.h"
 #include "DNSPacket.h"
 #include <AK/BufferStream.h>
+#include <AK/StringBuilder.h>
 #include <arpa/inet.h>
+#include <ctype.h>
 #include <stdlib.h>
 
 #define C_IN 1
@@ -14,7 +16,27 @@ DNSRequest::DNSRequest()
 void DNSRequest::add_question(const String& name, u16 record_type)
 {
     ASSERT(m_questions.size() <= UINT16_MAX);
-    m_questions.empend(name, record_type, C_IN);
+
+    if (name.is_empty())
+        return;
+
+    // Randomize the 0x20 bit in every ASCII character.
+    StringBuilder builder;
+    for (size_t i = 0; i < name.length(); ++i) {
+        u8 ch = name[i];
+        if (isalpha(ch)) {
+            if (arc4random_uniform(2))
+                ch |= 0x20;
+            else
+                ch &= ~0x20;
+        }
+        builder.append(ch);
+    }
+
+    if (name[name.length() - 1] != '.')
+        builder.append('.');
+
+    m_questions.empend(builder.to_string(), record_type, C_IN);
 }
 
 ByteBuffer DNSRequest::to_byte_buffer() const