Issue 716626 link

Starred by 8 users

Issue metadata

Status:	Duplicate
Merged:	issue 496468
Owner:	palmer@chromium.org
Closed:	Jun 2017
Cc:	rsleevi@chromium.org
Components:	Internals>Network>DNS
EstimatedDays:	----
NextAction:	----
OS:	Linux , Android , Windows , Chrome , Mac , Fuchsia
Pri:	3
Type:	Launch-OWP
Launch-Accessibility:	----
Launch-Exp-Leadership:	----
Launch-Leadership:	----
Launch-Legal:	----
Launch-M-Approved:	----
Launch-M-Target:	60-Stable
Launch-Privacy:	----
Launch-Security:	----
Launch-Test:	----
Launch-UI:	----
Rollout-Type:	----
OWP-Standards-Compatibility Restrict-AddIssueComment-EditIssue OWP-Design-No OWP-Type-ChangeBehavior M-60

Restricted

Only users with EditIssue permission may comment.

Deprecate And Remove Support For Invalid DNS Names

Project Member Reported by palmer@chromium.org, Apr 28 2017

Issue description

Change description:

We have a security vulnerability that is rather long in the tooth (https://bugs.chromium.org/p/chromium/issues/detail?id=695474&desc=2, not yet public) that depends, in part, on our DNS resolver’s willingness to attempt to resolve arbitrary garbage strings, including strings that could not ever be valid hostnames.

I propose to remove support for such requests in our DNS resolution code, and attempt only to resolve legal hostnames (“preferred name syntax”). Additionally, I propose we accept underscores (_) in names. (See the measurement CL.)

Note that IDNs are Punycode on the wire, and hence are expressed in preferred name syntax.

Changes to API surface:

Don't issue DNS queries for names that contain characters other than what |IsValidHostLabelCharacter| would allow. That function is defined in https://codereview.chromium.org/2739203003.

Links:

Discussion to come on blink-dev.

Support in other browsers:

I don't know yet. Will test.