From 813927e03e7e7f72a6aa9e3c6ab312ea4ed120c7 Mon Sep 17 00:00:00 2001
From: Miraty <miraty+git@antopie.org>
Date: Fri, 21 Apr 2023 19:01:46 +0200
Subject: [PATCH] Ensure domains are not too long

---
 fn/dns.php         | 5 +++--
 fn/ht.php          | 4 +++-
 pg-act/ns/edit.php | 2 +-
 pg-view/ns/caa.php | 2 +-
 4 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/fn/dns.php b/fn/dns.php
index 8a65cab..139cd70 100644
--- a/fn/dns.php
+++ b/fn/dns.php
@@ -8,7 +8,8 @@ function parseZoneFile($zone_content, $types, $filter_domain = false) {
 		$elements = preg_split('/[\t ]+/', $zone_line, 4);
 		if ($filter_domain !== false AND !str_ends_with($elements[0], $filter_domain))
 			continue; // Ignore records for other domains
-		if (!in_array($elements[2], $types, true)) continue; // Ignore records generated by Knot
+		if (!in_array($elements[2], $types, true))
+			continue; // Ignore records generated by Knot
 		array_push($parsed_zone_content, array_map('htmlspecialchars', $elements));
 	}
 	return $parsed_zone_content;
@@ -63,7 +64,7 @@ function checkIpFormat($ip) {
 }
 
 function checkAbsoluteDomainFormat($domain) { // If the domain must end with a dot
-	if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR preg_match('/^([a-z0-9_-]{1,63}\.){2,127}$/D', $domain) !== 1)
+	if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR preg_match('/^(?=^.{1,254}$)([a-z0-9_-]{1,63}\.){2,127}$/D', $domain) !== 1)
 		output(403, _('Domain malformed.'));
 }
 
diff --git a/fn/ht.php b/fn/ht.php
index 0fdbabf..3f49dd0 100644
--- a/fn/ht.php
+++ b/fn/ht.php
@@ -22,9 +22,11 @@ function htSetupUserFs($id) {
 		output(500, 'Can\'t create Tor keys directory.');
 }
 
+
+
 function checkDomainFormat($domain) {
 	// If the domain must end without a dot
-	if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR !preg_match('/^([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}$/D', $domain))
+	if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR !preg_match('/^(?=^.{1,254}$)([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}$/D', $domain))
 		output(403, _('Domain malformed.'));
 }
 
diff --git a/pg-act/ns/edit.php b/pg-act/ns/edit.php
index 174666b..cfb3eb9 100644
--- a/pg-act/ns/edit.php
+++ b/pg-act/ns/edit.php
@@ -17,7 +17,7 @@ if (isset($_POST['zone-content'])) { // Update zone
 		output(403, sprintf(_('The zone is limited to %s characters.'), ZONE_MAX_CHARACTERS));
 	foreach (explode("\r\n", $_POST['zone-content']) as $line) {
 		if ($line === '') continue;
-		if (preg_match('/^(?<domain>[a-z0-9@._-]+)(?:[\t ]+(?<ttl>[0-9]{1,16}))?(?:[\t ]+IN)?[\t ]+(?<type>[A-Z]{1,16})[\t ]+(?<value>.+)$/D', $line, $matches) !== 1)
+		if (preg_match('/^(?<domain>[a-z0-9@._-]{1,256})(?:[\t ]+(?<ttl>[0-9]{1,16}))?(?:[\t ]+IN)?[\t ]+(?<type>[A-Z]{1,16})[\t ]+(?<value>.+)$/D', $line, $matches) !== 1)
 			output(403, _('The following line does not match the expected format: ') . '<code>' . htmlspecialchars($line) . '</code>');
 		if (in_array($matches['type'], ALLOWED_TYPES, true) !== true)
 			output(403, sprintf(_('The %s type is not allowed.'), '<code>' . $matches['type'] . '</code>'));
diff --git a/pg-view/ns/caa.php b/pg-view/ns/caa.php
index fe3a3f9..f90e23a 100644
--- a/pg-view/ns/caa.php
+++ b/pg-view/ns/caa.php
@@ -6,7 +6,7 @@
 	<br>
 	<label for="tag"><?= _('Tag') ?></label>
 	<br>
-	<input id="tag" minlenght="1" maxlength="128" pattern="^[a-z]{1,128}$" placeholder="issue" name="tag" type="text">
+	<input id="tag" minlenght="1" maxlength="128" pattern="^[a-z]{1,127}$" placeholder="issue" name="tag" type="text">
 	<br>
 	<label for="value"><?= _('Value') ?></label>
 	<br>