cmd/tailscale: extend hostname validation (#7678)

In addition to checking the total hostname length, validate characters used in each DNS label and label length. Updates https://github.com/tailscale/corp/issues/10012 Signed-off-by: Anton Tolchanov <anton@tailscale.com>
2025-08-11 21:27:31 +00:00 · 2023-03-27 18:21:58 +01:00
parent 43f7ec48ca
commit 2a933c1903
4 changed files with 52 additions and 4 deletions
--- a/util/dnsname/dnsname.go
+++ b/util/dnsname/dnsname.go
@@ -214,6 +214,21 @@ func FirstLabel(hostname string) string {
 	return first
 }

+// ValidHostname checks if a string is a valid hostname.
+func ValidHostname(hostname string) error {
+	fqdn, err := ToFQDN(hostname)
+	if err != nil {
+		return err
+	}
+
+	for _, label := range strings.Split(fqdn.WithoutTrailingDot(), ".") {
+		if err := ValidLabel(label); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 var separators = map[byte]bool{
 	' ': true,
 	'.': true,
--- a/util/dnsname/dnsname_test.go
+++ b/util/dnsname/dnsname_test.go
@@ -185,6 +185,31 @@ func TestTrimSuffix(t *testing.T) {
 	}
 }

+func TestValidHostname(t *testing.T) {
+	tests := []struct {
+		hostname string
+		wantErr  string
+	}{
+		{"example", ""},
+		{"example.com", ""},
+		{" example", `must start with a letter or number`},
+		{"example-.com", `must end with a letter or number`},
+		{strings.Repeat("a", 63), ""},
+		{strings.Repeat("a", 64), `is too long, max length is 63 bytes`},
+		{strings.Repeat(strings.Repeat("a", 63)+".", 4), "is too long to be a DNS name"},
+		{"www.what🤦lol.example.com", "contains invalid character"},
+	}
+
+	for _, test := range tests {
+		t.Run(test.hostname, func(t *testing.T) {
+			err := ValidHostname(test.hostname)
+			if (err == nil) != (test.wantErr == "") || (err != nil && !strings.Contains(err.Error(), test.wantErr)) {
+				t.Fatalf("ValidHostname(%s)=%v; expected %v", test.hostname, err, test.wantErr)
+			}
+		})
+	}
+}
+
 var sinkFQDN FQDN

 func BenchmarkToFQDN(b *testing.B) {