From f8acac653e104e90f06dd8c774ccd9d14b531546 Mon Sep 17 00:00:00 2001 From: Valentine Krasnobaeva Date: Wed, 10 Sep 2025 18:30:19 +0200 Subject: [PATCH] BUG/MINOR: resolvers: always normalize FQDN from response RFC1034 states the following: By convention, domain names can be stored with arbitrary case, but domain name comparisons for all present domain functions are done in a case-insensitive manner, assuming an ASCII character set, and a high order zero bit. This means that you are free to create a node with label "A" or a node with label "a", but not both as brothers; you could refer to either using "a" or "A". In practice, most DNS resolvers normalize domain labels (i.e., convert them to lowercase) before performing searches or comparisons to ensure this requirement is met. While HAProxy normalizes the domain name in the request, it currently does not do so for the response. Commit 75cc653 ("MEDIUM: resolvers: replace bogus resolv_hostname_cmp() with memcmp()") intentionally removed the `tolower()` conversion from `resolv_hostname_cmp()` for safety and performance reasons. This commit re-introduces the necessary normalization for FQDNs received in the response. The change is made in `resolv_read_name()`, where labels are processed as an unsigned char string, allowing `tolower()` to be applied safely. Since a typical FQDN has only 3-4 labels, replacing `memcpy()` with an explicit copy that also applies `tolower()` should not introduce a significant performance degradation. This patch addresses the rare edge case, as most resolvers perform this normalization themselves. This fixes the GitHub issue #3102. This fix may be backported in all stable versions since 2.5 included 2.5. --- src/resolvers.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/resolvers.c b/src/resolvers.c index 9306996f4..c2da2315c 100644 --- a/src/resolvers.c +++ b/src/resolvers.c @@ -649,7 +649,9 @@ int resolv_read_name(unsigned char *buffer, unsigned char *bufend, /* +1 to take label len + label string */ label_len++; - memcpy(dest, reader, label_len); + for (n = 0; n < label_len; n++) { + dest[n] = tolower(reader[n]); + } dest += label_len; nb_bytes += label_len;