Closed Bug 1713562 Opened 3 years ago Closed 3 years ago

Validate ECH public names

Categories

(NSS :: Libraries, enhancement, P3)

Product:
NSS
Component:
Libraries
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: mt, Assigned: mt)

Details

Attachments

(2 files)

Bug 1713562 - Validate ECH public names, r?bbeurdouche
48 bytes, text/x-phabricator-request
Details | Review
Bug 1713562 - Fix test leak, r?bbeurdouche
48 bytes, text/x-phabricator-request
Details | Review

The spec has been updated to require that public_name is a series of LDH labels (according to RFC 1023 and RFC 1134 definitions) but the value cannot be an IPv4 address. This is annoying, but necessary. Otherwise, we could end up with different parts of the system not agreeing on whether a name represents a DNS name or an IP address.

The text is not in the version of the draft we support, but the additional validation is worth including ahead of the next draft.

In implementing this, I discovered that we leak on the server if multiple configurations are provided for the same socket, so that's getting fixed too.

Severity: -- → S2
Status: NEW → ASSIGNED
Priority: -- → P3

Depends on D115969

There's a r+ patch which didn't land and no activity in this bug for 2 weeks.
:mt, could you have a look please?
For more information, please visit auto_nag documentation.

Flags: needinfo?(mt)
Flags: needinfo?(bbeurdouche)

Just waiting on review, that's all. (Low priority.)

Flags: needinfo?(mt)

OK, that was silly, I was just waiting for the release to pass before landing this.

Flags: needinfo?(bbeurdouche)

https://hg.mozilla.org/projects/nss/rev/ac81f721cbbfa013c4abbe83ceb2f67b958c1384

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.68
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: