From 3cd30245616016a657bffb2486bc815b134f18d4 Mon Sep 17 00:00:00 2001 From: Oli Date: Wed, 19 Jul 2023 12:45:10 +0200 Subject: [PATCH] fix: ensure case-insensitive comparison of CNAME records (#1956) Co-authored-by: Fernandez Ludovic --- challenge/dns01/cname.go | 8 ++++++-- challenge/dns01/cname_test.go | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 2 deletions(-) create mode 100644 challenge/dns01/cname_test.go diff --git a/challenge/dns01/cname.go b/challenge/dns01/cname.go index ab35ee84..26fe1501 100644 --- a/challenge/dns01/cname.go +++ b/challenge/dns01/cname.go @@ -1,12 +1,16 @@ package dns01 -import "github.com/miekg/dns" +import ( + "strings" + + "github.com/miekg/dns" +) // Update FQDN with CNAME if any. func updateDomainWithCName(r *dns.Msg, fqdn string) string { for _, rr := range r.Answer { if cn, ok := rr.(*dns.CNAME); ok { - if cn.Hdr.Name == fqdn { + if strings.EqualFold(cn.Hdr.Name, fqdn) { return cn.Target } } diff --git a/challenge/dns01/cname_test.go b/challenge/dns01/cname_test.go new file mode 100644 index 00000000..ae151f14 --- /dev/null +++ b/challenge/dns01/cname_test.go @@ -0,0 +1,35 @@ +package dns01 + +import ( + "strings" + "testing" + + "github.com/miekg/dns" + "github.com/stretchr/testify/assert" +) + +func Test_updateDomainWithCName_caseInsensitive(t *testing.T) { + qname := "_acme-challenge.uppercase-test.example.com." + cnameTarget := "_acme-challenge.uppercase-test.cname-target.example.com." + + msg := &dns.Msg{ + MsgHdr: dns.MsgHdr{ + Authoritative: true, + }, + Answer: []dns.RR{ + &dns.CNAME{ + Hdr: dns.RR_Header{ + Name: strings.ToUpper(qname), // CNAME names are case-insensitive + Rrtype: dns.TypeCNAME, + Class: dns.ClassINET, + Ttl: 3600, + }, + Target: cnameTarget, + }, + }, + } + + fqdn := updateDomainWithCName(msg, qname) + + assert.Equal(t, cnameTarget, fqdn) +}