[GH-ISSUE #1963] Zone parses time/TTL string (parse_time) panic when parsing a too long TTL string. #832

New issue

Closed

opened 2026-03-16 00:28:34 +03:00 by kerem · 1 comment

kerem commented

2026-03-16 00:28:34 +03:00

Owner

Originally created by @kynehc on GitHub (Jun 9, 2023).
Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/1963

Describe the bug
Zone parses time/TTL string (parse_time) panic when parsing a too long TTL string like "7102w", instead of resulting in an Err.

To Reproduce

use trust_dns_proto::serialize::txt::Parser;
    
assert_eq!(Parser::parse_time("7102w").unwrap(), 0);

or feed a zone file

#[test]
fn test_zone_parse() {
        let domain = Name::from_str("parameter.origin.org.").unwrap();

        let zone_data = r#"$ORIGIN origin.org.
@	IN	SOA	dns1.origin.org.	hostmaster.origin.org. (
			1 
			6h 
			1h 
			7102w 
			1d ) 
		     
		           
	IN	NS	dns1.origin.org.       
	IN	NS	dns2.origin.org.        
	
	
	IN	MX	10	mail.origin.org.       
	IN	MX	20	mail2.origin.org.        

	
dns1	IN	A	10.0.1.1
dns2	IN	A	10.0.1.2	
"#;

        let lexer = Lexer::new(zone_data);
        let result = Parser::new().parse(lexer, Some(domain));

Expected behavior
When parsing an invalid zone, we expected an Err, but instead trust-dns panics:

thread 'main' panicked at 'attempt to multiply with overflow', crates/proto/src/serialize/txt/zone.rs:435:30
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

System:

OS: macOS
Architecture: intel x64
Version: main
rustc version: 1.69.0

Version:
Crate: client
Version: main

Additional context

The problem is due to a potential arithmetic overflow in parse_time(). github.com/bluejekyll/trust-dns@d3e8222468/crates/proto/src/serialize/txt/zone.rs (LL412-L435)

Originally created by @kynehc on GitHub (Jun 9, 2023). Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/1963 **Describe the bug** Zone parses time/TTL string (parse_time) panic when parsing a too long TTL string like "7102w", instead of resulting in an Err. **To Reproduce** ``` use trust_dns_proto::serialize::txt::Parser; assert_eq!(Parser::parse_time("7102w").unwrap(), 0); ``` or feed a zone file ``` #[test] fn test_zone_parse() { let domain = Name::from_str("parameter.origin.org.").unwrap(); let zone_data = r#"$ORIGIN origin.org. @ IN SOA dns1.origin.org. hostmaster.origin.org. ( 1 6h 1h 7102w 1d ) IN NS dns1.origin.org. IN NS dns2.origin.org. IN MX 10 mail.origin.org. IN MX 20 mail2.origin.org. dns1 IN A 10.0.1.1 dns2 IN A 10.0.1.2 "#; let lexer = Lexer::new(zone_data); let result = Parser::new().parse(lexer, Some(domain)); ``` **Expected behavior** When parsing an invalid zone, we expected an Err, but instead trust-dns panics: ``` thread 'main' panicked at 'attempt to multiply with overflow', crates/proto/src/serialize/txt/zone.rs:435:30 note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace ``` **System:** - OS: macOS - Architecture: intel x64 - Version: main - rustc version: 1.69.0 **Version:** Crate: client Version: main **Additional context** The problem is due to a potential arithmetic overflow in parse_time(). https://github.com/bluejekyll/trust-dns/blob/d3e822246859ab0aaa92cd2a7eeeb79e60891e00/crates/proto/src/serialize/txt/zone.rs#LL412-L435