mirror of
https://github.com/RGBCube/serenity
synced 2025-07-25 21:27:35 +00:00
LookupServer: Randomize the 0x20 bit in DNS request ASCII characters
This adds a bit of extra entropy to DNS requests, making it harder to spoof a valid response. Suggested by @zecke in #10.
This commit is contained in:
parent
02be23cf81
commit
b4d55b16b6
1 changed files with 23 additions and 1 deletions
|
@ -1,7 +1,9 @@
|
|||
#include "DNSRequest.h"
|
||||
#include "DNSPacket.h"
|
||||
#include <AK/BufferStream.h>
|
||||
#include <AK/StringBuilder.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <ctype.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
#define C_IN 1
|
||||
|
@ -14,7 +16,27 @@ DNSRequest::DNSRequest()
|
|||
void DNSRequest::add_question(const String& name, u16 record_type)
|
||||
{
|
||||
ASSERT(m_questions.size() <= UINT16_MAX);
|
||||
m_questions.empend(name, record_type, C_IN);
|
||||
|
||||
if (name.is_empty())
|
||||
return;
|
||||
|
||||
// Randomize the 0x20 bit in every ASCII character.
|
||||
StringBuilder builder;
|
||||
for (size_t i = 0; i < name.length(); ++i) {
|
||||
u8 ch = name[i];
|
||||
if (isalpha(ch)) {
|
||||
if (arc4random_uniform(2))
|
||||
ch |= 0x20;
|
||||
else
|
||||
ch &= ~0x20;
|
||||
}
|
||||
builder.append(ch);
|
||||
}
|
||||
|
||||
if (name[name.length() - 1] != '.')
|
||||
builder.append('.');
|
||||
|
||||
m_questions.empend(builder.to_string(), record_type, C_IN);
|
||||
}
|
||||
|
||||
ByteBuffer DNSRequest::to_byte_buffer() const
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue