CVE-2020-10745: ndr_dns: do not allow consecutive dots

The empty subdomain component is reserved for the root domain, which we
should only (and always) see at the end of the list. That is, we expect
"example.com.", but never "example..com".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

librpc/ndr/ndr_dns_utils.c

@@ -58,6 +58,12 @@ enum ndr_err_code ndr_push_dns_string_list(struct ndr_push *ndr,
 					      (unsigned)complen);
 		}
 
+		if (complen == 0 && s[complen] == '.') {
+			return ndr_push_error(ndr, NDR_ERR_STRING,
+					      "component length is 0 "
+					      "(consecutive dots)");
+		}
+
 		compname = talloc_asprintf(ndr, "%c%*.*s",
 						(unsigned char)complen,
 						(unsigned char)complen,

selftest/knownfail.d/dns_packet

@@ -1,2 +1 @@
-samba.tests.dns_packet.samba.tests.dns_packet.TestDnsPackets.test_127_very_dotty_components
 samba.tests.dns_packet.samba.tests.dns_packet.TestNbtPackets.test_127_very_dotty_components

selftest/knownfail.d/ndr_dns_nbt

@@ -1,4 +1,3 @@
-librpc.ndr.ndr_dns_nbt.test_ndr_dns_string_all_dots
 librpc.ndr.ndr_dns_nbt.test_ndr_dns_string_half_dots
 librpc.ndr.ndr_dns_nbt.test_ndr_nbt_string_all_dots
 librpc.ndr.ndr_dns_nbt.test_ndr_nbt_string_half_dots