RFC 6763 Non-Compliance: Instance Name Not Escaped in ServiceInfo::new() #418
Description
mDNS Instance Name Escaping Issue
The mdns-sd library does not escape special characters (dots . and backslashes \) in the Instance Name parameter when constructing Service Instance Names, violating RFC 6763 Section 4.3 requirements.
RFC 6763 Requirements
According to RFC 6763 Section 4.1.1, the DNS Instance name can contain almost any characters, including dots.
4.1.1. Instance Names
The <Instance> portion of the Service Instance Name is a user-
friendly name consisting of arbitrary Net-Unicode text [RFC5198]. It
MUST NOT contain ASCII control characters (byte values 0x00-0x1F and
0x7F) [RFC20] but otherwise is allowed to contain any characters,
without restriction, including spaces, uppercase, lowercase,
punctuation -- including dots -- accented characters, non-Roman text,
and anything else that may be represented using Net-Unicode.
According to RFC 6763 Section 4.3:
4.3. Internal Handling of Names
If client software takes the <Instance>, <Service>, and <Domain>
portions of a Service Instance Name and internally concatenates them
together into a single string, then because the <Instance> portion is
allowed to contain any characters, including dots, appropriate
precautions MUST be taken to ensure that DNS label boundaries are
properly preserved. Client software can do this in a variety of
ways, such as character escaping.
This document RECOMMENDS that if concatenating the three portions of
a Service Instance Name, any dots in the <Instance> portion be
escaped following the customary DNS convention for text files: by
preceding literal dots with a backslash (so "." becomes "\.").
Likewise, any backslashes in the <Instance> portion should also be
escaped by preceding them with a backslash (so "\" becomes "\\").
Having done this, the three components of the name may be safely
concatenated. The backslash-escaping allows literal dots in the name
(escaped) to be distinguished from label-separator dots (not
escaped), and the resulting concatenated string may be safely passed
to standard DNS APIs like res_query(), which will interpret the
backslash-escaped string as intended.
This document specifies that if concatenating the three portions of a Service Instance Name, any dots in the portion must be escaped following the customary DNS convention for text files: by preceding literal dots with a backslash (so "." becomes "\."). Likewise, any backslashes in the portion should also be escaped by preceding them with a backslash (so "\" becomes "\\").
Current Library Behavior
In mdns-sd/src/service_info.rs, the ServiceInfo::new() function performs direct string concatenation without escaping:
let fullname = format!("{my_name}.{ty_domain}");This creates incorrect DNS label boundaries when the Instance Name contains dots or backslashes.
In reality, it is unlikely that anyone would insert dots into the DNS instance name, but this could be an improvement to the library in order to comply with this specification.
There is also no sanitizer on the hostname (RFC 952/1123), which is quite strict. Could it be that this library is responsible for ensuring that all strings comply with the specifications?