[GH-ISSUE #1447] Panic when domain search causes names to exceed 255 bytes #677

New issue

Closed

opened 2026-03-15 23:47:16 +03:00 by kerem · 1 comment

kerem commented

2026-03-15 23:47:16 +03:00

Owner

Originally created by @olix0r on GitHub (Apr 10, 2021).
Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/1447

We've instrumented fuzz testing in the linkerd2-proxy repo, which has surfaced a panic in trust-dns. We've encountered panics via at least Hash and Display invocations on trust_dns_proto::rr::domain::Name.

thread '<unnamed>' panicked at 'slice index starts at 251 but ends at 0', /home/ver/.cargo/registry/src/github.com-1ecc6299db9ec823/trust-dns-proto-0.20.1/src/rr/domain/name.rs:948:15
stack backtrace:
   0: rust_begin_unwind
             at /rustc/07e0e2ec268c140e607e1ac7f49f145612d0f597/library/std/src/panicking.rs:493:5
   1: core::panicking::panic_fmt
             at /rustc/07e0e2ec268c140e607e1ac7f49f145612d0f597/library/core/src/panicking.rs:92:14
   2: core::slice::index::slice_index_order_fail
             at /rustc/07e0e2ec268c140e607e1ac7f49f145612d0f597/library/core/src/slice/index.rs:48:5
   3: <trust_dns_proto::rr::domain::name::LabelIter as core::iter::traits::iterator::Iterator>::next
   4: <trust_dns_proto::rr::domain::name::Name as core::hash::Hash>::hash
   5: hashbrown::map::HashMap<K,V,S,A>::get_inner
   6: trust_dns_resolver::hosts::Hosts::lookup_static_host
   7: trust_dns_resolver::lookup_ip::hosts_lookup::{{closure}}
   8: trust_dns_resolver::lookup_ip::rt_then_swap::{{closure}}
   9: trust_dns_resolver::lookup_ip::ipv4_then_ipv6::{{closure}}
  10: trust_dns_resolver::lookup_ip::strategic_lookup::{{closure}}
  11: <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll
  12: <trust_dns_resolver::lookup_ip::LookupIpFuture<C,E> as core::future::future::Future>::poll
  13: trust_dns_resolver::async_resolver::AsyncResolver<C,P>::lookup_ip::{{closure}}
  14: linkerd_dns::Resolver::resolve_a::{{closure}}
  15: linkerd_dns::fuzz_logic::fuzz_entry::{{closure}}

This appears to be caused by appending search-path domains to names that are near the max expected length of 255 bytes.

To Reproduce

The following code panics:

        let n = Name::from_ascii("Llocainvannnnnnaxgtezqzqznnnnnn1na.nnntnninvannnnnnaxgtezqzqznnnnnn1na.nnntnnnnnnnaxgtezqzqznnnnnn1na.nnntnaaaaaaaaaaaaaaaaaaaaaaaaiK.iaaaaaaaaaaaaaaaaaaaaaaaaiKa.innnnnaxgtezqzqznnnnnn1na.nnntnaaaaaaaaaaaaaaaaaaaaaaaaiK.iaaaaaaaaaaaaaaaaaaaaaaaaiKa.in").unwrap();
        let sfx = Name::from_ascii("xxxxxxx.yyyyy.zzz").unwrap();
        let fqdn = n.append_domain(&sfx);
        format!("{}", fqdn); // panics

See github.com/olix0r/trust-dns@b80930eac1 which adds a test that fails.

Expected behavior

I'm not sure whether it's appropriate to make append_domain (etc) fallible, or whether length handling should be more flexible; but, ultimately, trust-dns should handle this case gracefully.

System:

OS: linux
Architecture: x86_64
rustc version: 1.51.0

Version:
Crate: proto
Version: 0.20.1

cc @DavidKorczynski @hawkw

Originally created by @olix0r on GitHub (Apr 10, 2021). Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/1447 We've instrumented fuzz testing in the `linkerd2-proxy` repo, which has surfaced a panic in `trust-dns`. We've encountered panics via at least `Hash` and `Display` invocations on `trust_dns_proto::rr::domain::Name`. ``` thread '<unnamed>' panicked at 'slice index starts at 251 but ends at 0', /home/ver/.cargo/registry/src/github.com-1ecc6299db9ec823/trust-dns-proto-0.20.1/src/rr/domain/name.rs:948:15 stack backtrace: 0: rust_begin_unwind at /rustc/07e0e2ec268c140e607e1ac7f49f145612d0f597/library/std/src/panicking.rs:493:5 1: core::panicking::panic_fmt at /rustc/07e0e2ec268c140e607e1ac7f49f145612d0f597/library/core/src/panicking.rs:92:14 2: core::slice::index::slice_index_order_fail at /rustc/07e0e2ec268c140e607e1ac7f49f145612d0f597/library/core/src/slice/index.rs:48:5 3: <trust_dns_proto::rr::domain::name::LabelIter as core::iter::traits::iterator::Iterator>::next 4: <trust_dns_proto::rr::domain::name::Name as core::hash::Hash>::hash 5: hashbrown::map::HashMap<K,V,S,A>::get_inner 6: trust_dns_resolver::hosts::Hosts::lookup_static_host 7: trust_dns_resolver::lookup_ip::hosts_lookup::{{closure}} 8: trust_dns_resolver::lookup_ip::rt_then_swap::{{closure}} 9: trust_dns_resolver::lookup_ip::ipv4_then_ipv6::{{closure}} 10: trust_dns_resolver::lookup_ip::strategic_lookup::{{closure}} 11: <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll 12: <trust_dns_resolver::lookup_ip::LookupIpFuture<C,E> as core::future::future::Future>::poll 13: trust_dns_resolver::async_resolver::AsyncResolver<C,P>::lookup_ip::{{closure}} 14: linkerd_dns::Resolver::resolve_a::{{closure}} 15: linkerd_dns::fuzz_logic::fuzz_entry::{{closure}} ``` This appears to be caused by appending search-path domains to names that are near the max expected length of 255 bytes. **To Reproduce** The following code panics: ```rust let n = Name::from_ascii("Llocainvannnnnnaxgtezqzqznnnnnn1na.nnntnninvannnnnnaxgtezqzqznnnnnn1na.nnntnnnnnnnaxgtezqzqznnnnnn1na.nnntnaaaaaaaaaaaaaaaaaaaaaaaaiK.iaaaaaaaaaaaaaaaaaaaaaaaaiKa.innnnnaxgtezqzqznnnnnn1na.nnntnaaaaaaaaaaaaaaaaaaaaaaaaiK.iaaaaaaaaaaaaaaaaaaaaaaaaiKa.in").unwrap(); let sfx = Name::from_ascii("xxxxxxx.yyyyy.zzz").unwrap(); let fqdn = n.append_domain(&sfx); format!("{}", fqdn); // panics ``` See https://github.com/olix0r/trust-dns/commit/b80930eac15dc752c364c2448846f30b077e3d89 which adds a test that fails. **Expected behavior** I'm not sure whether it's appropriate to make `append_domain` (etc) fallible, or whether length handling should be more flexible; but, ultimately, trust-dns should handle this case gracefully. **System:** - OS: linux - Architecture: x86_64 - rustc version: 1.51.0 **Version:** Crate: proto Version: 0.20.1 cc @DavidKorczynski @hawkw