Commit Graph

105 Commits

Author SHA1 Message Date
Florian Weimer
108bc4049f CVE-2016-10739: getaddrinfo: Fully parse IPv4 address strings [BZ #20018]
The IPv4 address parser in the getaddrinfo function is changed so that
it does not ignore trailing whitespace and all characters after it.
For backwards compatibility, the getaddrinfo function still recognizes
legacy name syntax, such as 192.000.002.010 interpreted as 192.0.2.8
(octal).

This commit does not change the behavior of inet_addr and inet_aton.
gethostbyname already had additional sanity checks (but is switched
over to the new __inet_aton_exact function for completeness as well).

To avoid sending the problematic query names over DNS, commit
6ca53a2453 ("resolv: Do not send queries
for non-host-names in nss_dns [BZ #24112]") is needed.
2019-01-21 21:26:03 +01:00
Joseph Myers
04277e02d7 Update copyright dates with scripts/update-copyrights.
* All files with FSF copyright notices: Update copyright dates
	using scripts/update-copyrights.
	* locale/programs/charmap-kw.h: Regenerated.
	* locale/programs/locfile-kw.h: Likewise.
2019-01-01 00:11:28 +00:00
Joseph Myers
688903eb3e Update copyright dates with scripts/update-copyrights.
* All files with FSF copyright notices: Update copyright dates
	using scripts/update-copyrights.
	* locale/programs/charmap-kw.h: Regenerated.
	* locale/programs/locfile-kw.h: Likewise.
2018-01-01 00:32:25 +00:00
Florian Weimer
5670c4ab25 resolv: Fix memory leak with OOM during resolv.conf parsing [BZ #22095] 2017-09-06 15:20:25 +02:00
Florian Weimer
aef16cc8a4 resolv: Automatically reload a changed /etc/resolv.conf file [BZ #984]
This commit enhances the stub resolver to reload the configuration
in the per-thread _res object if the /etc/resolv.conf file has
changed.  The resolver checks whether the application has modified
_res and will not overwrite the _res object in that case.

The struct resolv_context mechanism is used to check the
configuration file only once per name lookup.
2017-07-03 21:06:23 +02:00
Florian Weimer
a1c4eb8794 resolv: Mirror the entire resolver configuration in struct resolv_conf
This commit adds the remaining unchanging members (which are loaded
from /etc/resolv.conf) to struct resolv_conf.

The extended name server list is currently not used by the stub
resolver.  The switch depends on a cleanup: The _u._ext.nssocks
array stores just a single socket, and needs to be replaced with
a single socket value.

(The compatibility gethostname implementation does not use the
extended addres sort list, either.  Updating the compat code is
not worthwhile.)
2017-07-03 21:03:21 +02:00
Florian Weimer
3f853f22c8 resolv: Lift domain search list limits [BZ #19569] [BZ #21475]
This change uses the extended resolver state in struct resolv_conf to
store the search list.  If applications have not patched the _res
object directly, this extended search list will be used by the stub
resolver during name resolution.
2017-07-03 21:01:42 +02:00
Florian Weimer
f30a54b21b resolv: Introduce struct resolv_conf with extended resolver state
This change provides additional resolver configuration state which
is not exposed through the _res ABI.  It reuses the existing
initstamp field in the supposedly-private part of _res.  Some effort
is undertaken to avoid memory safety issues introduced by applications
which directly patch the _res object.

With this commit, only the initstamp field is moved into struct
resolv_conf.  Additional members will be added later, eventually
migrating the entire resolver configuration.
2017-07-03 20:57:28 +02:00
Florian Weimer
b606c6ce66 resolv: Remove source argument fron res_options 2017-06-30 11:32:19 +02:00
Florian Weimer
e6b4e2de6d resolv: Call _res_hconf_init from __res_vinit
Many callers of __res_maybe_init also call _res_hconf_init.
Additional calls to the latter do not hurt because the function
does its work only once.  (/etc/hosts.conf is not reloaded or
even checked for changes.)  This means that we can simplify the
code by calling _res_hconf_init directly from __res_vinit.
2017-06-27 09:26:46 +02:00
Florian Weimer
b1e7c13cc5 resolv: Clean up declarations of the __res_initstamp variable 2017-06-23 17:52:55 +02:00
Florian Weimer
89f187a40f resolv: Use getline for configuration file reading in res_vinit_1 2017-06-19 14:24:24 +02:00
Florian Weimer
ea4924ce5b resolv: Report allocation errors in __res_vinit 2017-06-19 14:24:24 +02:00
Florian Weimer
4c4480eecb resolv: Reformat res_vinit and related functions to GNU style
Also remove some obsolete comments.
2017-06-19 14:24:24 +02:00
Florian Weimer
94f094f22b resolv: Introduce is_sort_mask and call it from res_vinit 2017-06-19 14:24:24 +02:00
Florian Weimer
e68111fbd6 resolv: Remove DEBUG preprocessor conditionals from res_setoptions 2017-06-19 14:24:24 +02:00
Florian Weimer
e4e5b57d23 resolv: Move _res deallocation functions to their own file 2017-06-19 14:24:23 +02:00
Florian Weimer
26bf5a1029 resolv: Move res_randomid to its own file 2017-06-19 14:24:23 +02:00
Florian Weimer
ca3d65ff69 resolv: Make __res_vinit hidden
And remove unnecessary separate declarations.
2017-06-19 14:24:23 +02:00
Florian Weimer
bee05c9d58 resolv: Replace __builtin_expect with __glibc_unlikely/__glibc_likely 2017-04-19 14:29:24 +02:00
Florian Weimer
b76e065991 resolv: Deprecate the "inet6" option and RES_USE_INET6 [BZ #19582] 2016-12-31 18:55:14 +01:00
Florian Weimer
5140d036f9 resolv: Remove RES_USEBSTRING and its implementation [BZ #20629]
In ns_name_ntop, the NS_CMPRSFLGS check is no longer needed because
labellen (called earlier) already rejects everything which is not
a plain label (compression references and extended label types).
2016-10-07 17:41:59 +02:00
Florian Weimer
7ec47a85d8 resolv: Remove RES_NOIP6DOTINT and its implementation 2016-10-07 17:41:59 +02:00
Florian Weimer
bfbd1de159 resolv: Deprecate unimplemented flags
RES_AAONLY, RES_PRIMARY, RES_NOCHECKNAME, RES_KEEPTSIG result
in compile-time warnings.  Some of these flags are still used in
applications.
2016-10-07 17:41:45 +02:00
Florian Weimer
6815a33d53 resolv: Remove unsupported hook functions from the API [BZ #20016] 2016-09-21 16:30:27 +02:00
Florian Weimer
80d8cb91de inet: Add __inet6_scopeid_pton function [BZ #20611]
__inet6_scopeid_pton implements strict validation of numeric scope IDs.
Use it in getaddrinfo and __res_vinit.
2016-09-15 15:46:30 +02:00
Florian Weimer
fd37b5a78a resolv: Remove _LIBC_REENTRANT 2016-09-13 15:08:37 +02:00
Florian Weimer
ed3c7876cc resolv: Reindent preprocessor conditionals following cleanups 2016-04-28 16:53:56 +02:00
Florian Weimer
e01eef67ba resolv: Assorted preprocessor cleanups 2016-04-28 13:58:18 +02:00
Florian Weimer
18b36f5dcf resolv: Remove RFC1535 conditionals 2016-04-28 12:53:51 +02:00
Florian Weimer
74a6983155 resolv: Remove RESOLVSORT preprocess conditionals 2016-04-28 12:53:51 +02:00
Florian Weimer
c99c925b8b resolv: Remove _LIBC conditionals 2016-04-28 12:53:49 +02:00
Florian Weimer
1f32be054b resolv: Remove SCCS and RCS keywords 2016-04-28 12:53:49 +02:00
Andreas Schwab
5e7fdabd7d Fix resource leak in resolver (bug 19257)
The number of currently defined nameservers is stored in ->nscount,
whereas ->_u._ext.nscount is set by __libc_res_nsend only after local
initializations.
2016-03-15 13:15:54 +01:00
Florian Weimer
aff8c7a9a7 res_ninit: Update comment
Since commit e66e7419a6 (Actually make
it possible to user the default name server.), the default is
INADDR_LOOPBACK, not INADDR_ANY.
2016-02-19 17:00:47 +01:00
Rob Wu
b674b82109 resolv: Reset defdname before use in __res_vinit [BZ #19369]
Resetting defdname (default domain name) before use in __res_vinit
ensures that the default domain name is correctly set to a default
value when it is not set by the LOCALDOMAIN environment variable or
the "domain" or "search" parameters in resolv.conf

Tested using the steps from:
https://sourceware.org/bugzilla/show_bug.cgi?id=19369
2015-12-29 13:28:04 -05:00
Joseph Myers
85231522bb Convert a few more function definitions to prototype style.
This patch converts a few more function definitions in glibc from
old-style K&R to prototype style.  This is sufficient to build and
test on x86_64 and x86 with -Wold-style-definition (I'll test on some
more architectures before proposing the actual addition of
-Wold-style-definition).

Tested for x86_64 and x86 with -Wold-style-definition in use
(testsuite - this patch affects files containing assertions).

	* io/fts.c (fts_open): Convert to prototype-style function
	definition.
	* malloc/mcheck.c (mcheck): Likewise.
	(mcheck_pedantic): Likewise.
	* posix/regexec.c (re_search_2_stub): Likewise.  Use
	internal_function.
	(re_search_internal): Likewise.
	* resolv/res_init.c [RESOLVSORT] (net_mask): Convert to
	prototype-style function definition.
	* sunrpc/clnt_udp.c (clntudp_call): Likewise.
	* sunrpc/pmap_rmt.c (clnt_broadcast): Likewise.
	* sunrpc/rpcsvc/rusers.x (xdr_utmp): Likewise.
	(xdr_utmpptr): Likewise.
	(xdr_utmparr): Likewise.
	(xdr_utmpidle): Likewise.
	(xdr_utmpidleptr): Likewise.
	(xdr_utmpidlearr): Likewise.
2015-10-21 11:57:23 +00:00
Andreas Schwab
2212c1420c Simplify handling of nameserver configuration in resolver
Remove use of ext.nsmap member of struct __res_state and always use
an identity mapping betwen the nsaddr_list array and the ext.nsaddrs
array.  The fact that a nameserver has an IPv6 address is signalled by
setting nsaddr_list[].sin_family to zero.
2015-05-21 15:16:37 +02:00
Aurelien Jarno
38949026b3 resolv: fix rotate option
The rotate option doesn't work correctly, and only send the query to the
same server (the second in the list). The rotation code in itself is not
broken, but the nsaddrs structure is reinitialized each time at the
beginning of __libc_res_nsend unless RES_STAYOPEN is enabled.

This is due to a call to __res_iclose from the end of __libc_res_nsend
when answers from the name server have been received. This function
closes all the sockets, but doesn't free the addresses (it can do that,
but in that case the second argument is false).

This patch change the code of __res_iclose to clear statp->_u._ext.nsinit
 only when the addresses are actually freed.

	* resolv/res_init.c (__res_iclose): Only clear nsinit if the
	addresses have been freed.
2015-01-06 09:00:20 -08:00
Aurelien Jarno
5fe55e9c65 resolv: improve comments about nserv and nservall
The current comments concerning nserv and nservall are not really clear
and lead to confusion when reviewing an already complex code. Improve
them, there real meaning have been confirmed by a code analysis.

	* resolv/res_init.c (__res_vinit): Improve comments about nserv
	and nservall.
2015-01-06 09:00:20 -08:00
Joseph Myers
8ac5a76a99 Fix resolver inet_* namespace (bug 17722).
Parts of the resolver brought in by pthreads (at least) use inet_*
functions that aren't in the 1995/6 edition of POSIX that introduced
pthreads (or in one case, use __inet_aton which is then defined in the
same file as non-weak inet_addr).  This patch fixes this by making the
affected functions into weak alias for __inet_* and using those names
in the problematic resolver code.

Tested for x86_64 (testsuite, and that disassembly of installed shared
libraries is unchanged by the patch).

	[BZ #17722]
	* inet/inet_mkadr.c (inet_makeaddr): Rename to __inet_makeaddr and
	define as weak alias of __inet_makeaddr.
	* resolv/inet_addr.c (inet_addr): Rename to __inet_addr and define
	as weak alias of __inet_addr.
	* resolv/inet_pton.c (inet_pton): Rename to __inet_pton and define
	as weak alias of __inet_pton.  Use libc_hidden_weak.
	* include/arpa/inet.h (__inet_pton): Declare.  Use
	libc_hidden_proto.
	(inet_makeaddr): Don't use libc_hidden_proto.
	(__inet_makeaddr): Declare.  Use libc_hidden_proto.
	* resolv/res_init.c (__res_vinit): Use __inet_pton instead of
	inet_pton.  Use __inet_makeaddr instead of inet_makeaddr.
	* conform/Makefile (test-xfail-POSIX/pthread.h/linknamespace):
	Remove variable.
	(test-xfail-POSIX/sched.h/linknamespace): Likewise.
	(test-xfail-POSIX/time.h/linknamespace): Likewise.
2014-12-17 18:09:11 +00:00
Joseph Myers
9a44d530c4 Fix resolver if_* namespace (bug 17717).
Resolver code, brought in by pthreads (at least), uses if_* interfaces
that weren't in POSIX before 2001, resulting in linknamespace
failures.  This patch changes those interfaces to be weak aliases of
__if_* and makes the resolver use __if_* directly.

Tested for x86_64 (testsuite, and that disassembly of installed shared
libraries is unchanged by this patch).

	[BZ #17717]
	* inet/if_index.c (if_nametoindex): Rename to __if_nametoindex and
	define as weak alias of __if_nametoindex.  Use libc_hidden_weak.
	(if_indextoname): Rename to __if_indextoname and define as weak
	alias of __if_indextoname.  Use libc_hidden_weak.
	(if_freenameindex): Rename to __if_freenameindex and define as
	weak alias of __if_freenameindex.
	(if_nameindex): Rename to __if_nameindex and define as weak alias
	of __if_nameindex.
	* sysdeps/mach/hurd/if_index.c (if_nametoindex): Rename to
	__if_nametoindex and define as weak alias of __if_nametoindex.
	Use libc_hidden_weak.
	(if_freenameindex): Rename to __if_freenameindex and define as
	weak alias of __if_freenameindex.
	(if_nameindex): Rename to __if_nameindex and define as weak alias
	of __if_nameindex.
	(if_indextoname): Rename to __if_indextoname and define as weak
	alias of __if_indextoname.  Use libc_hidden_weak.
	* sysdeps/unix/sysv/linux/if_index.c (if_nametoindex): Rename to
	__if_nametoindex and define as weak alias of __if_nametoindex.
	Use libc_hidden_weak.
	(if_freenameindex): Rename to __if_freenameindex and define as
	weak alias of __if_freenameindex.  Use libc_hidden_weak.
	(if_nameindex_netlink): Use __if_freenameindex instead of
	if_freenameindex.
	(if_nameindex): Rename to __if_nameindex and define as weak alias
	of __if_nameindex.  Use libc_hidden_weak.
	(if_indextoname): Rename to __if_indextoname and define as weak
	alias of __if_indextoname.  Use libc_hidden_weak.
	* include/net/if.h [!_ISOMAC] (__if_nametoindex): Declare and use
	libc_hidden_proto.
	[!_ISOMAC] (__if_freenameindex): Likewise.
	* resolv/res_init.c (__res_vinit): Use __if_nametoindex instead of
	if_nametoindex.
	* conform/Makefile (test-xfail-XPG4/grp.h/linknamespace): Remove
	variable.
	(test-xfail-XPG4/pwd.h/linknamespace): Likewise.
	(test-xfail-UNIX98/aio.h/linknamespace): Likewise.
	(test-xfail-UNIX98/grp.h/linknamespace): Likewise.
	(test-xfail-UNIX98/pthread.h/linknamespace): Likewise.
	(test-xfail-UNIX98/pwd.h/linknamespace): Likewise.
	(test-xfail-UNIX98/sched.h/linknamespace): Likewise.
	(test-xfail-UNIX98/time.h/linknamespace): Likewise.
2014-12-16 18:18:49 +00:00
Joseph Myers
84e5e75640 Fix fgets_unlocked namespace issues (bug 17664).
Various POSIX functions bring in res_init.o, res_hconf.o or
mntent_r.o, which use fgets_unlocked, which is not a POSIX function.
This patch arranges for them to use __fgets_unlocked instead.  (The
IS_IN (libc) conditional in rec_hconf.c is needed because that file is
also used in nscd.)

Tested for x86_64 (testsuite, and that disassembly of installed shared
libraries is unchanged by the patch except for an assertion line
number).  Note that most of the linknamespace tests that failed
because of fgets_unlocked from the resolver also fail because of other
symbols brought in by the resolver, so the number of XFAILs this
removes is limited.  Also note that fgets_unlocked failures for
unistd.h for XPG3/XPG4 showed up that actually unistd.h is declaring
too much for XPG3/XPG4 (bug 17665) - there is no actual need to make
getusershell.c use __fgets_unlocked (at least as regards formal
standards are concerned; maybe it should still change for
namespace-cleanness of _DEFAULT_SOURCE) because the functions there
aren't actually in any of the supported standards; the correct fix for
those failures will be to stop the *usershell* functions appearing in
unistd.h for XPG3/XPG4.

	[BZ #17664]
	* misc/mntent_r.c (__getmntent_r): Use __fgets_unlocked instead of
	fgets_unlocked.
	* resolv/res_hconf.c [IS_IN (libc)] (fgets_unlocked): Define to
	__fgets_unlocked.
	* resolv/res_init.c (__res_vinit): Use __fgets_unlocked instead of
	fgets_unlocked.
	* conform/Makefile (test-xfail-XPG4/sys/statvfs.h/linknamespace):
	Remove variable.
	(test-xfail-POSIX/sys/mman.h/linknamespace): Likewise.
	(test-xfail-UNIX98/sys/mman.h/linknamespace): Likewise.
	(test-xfail-UNIX98/sys/statvfs.h/linknamespace): Likewise.
	(test-xfail-XOPEN2K/sys/mman.h/linknamespace): Likewise.
	(test-xfail-XOPEN2K/sys/statvfs.h/linknamespace): Likewise.
	(test-xfail-POSIX2008/sys/mman.h/linknamespace): Likewise.
	(test-xfail-POSIX2008/sys/statvfs.h/linknamespace): Likewise.
	(test-xfail-XOPEN2K8/sys/mman.h/linknamespace): Likewise.
	(test-xfail-XOPEN2K8/sys/statvfs.h/linknamespace): Likewise.
2014-12-02 21:31:24 +00:00
Ondřej Bílka
a1ffb40e32 Use glibc_likely instead __builtin_expect. 2014-02-10 15:07:12 +01:00
Joseph Myers
2e09a79ada Avoid use of "register" as optimization hint. 2013-06-07 22:24:35 +00:00
Ryan S. Arnold
e054f49430 Add #include <stdint.h> for uint[32|64]_t usage (except installed headers). 2013-05-16 11:32:54 -05:00
Ross Lagerwall
ad8ac1bd6a Open /etc/resolv.conf with FD_CLOEXEC 2011-12-17 14:43:40 -05:00
Andreas Schwab
9be9bfcc9d Properly tokenize nameserver line for servers with IPv6 address 2011-08-04 15:50:48 -04:00
Ulrich Drepper
652ffab113 Make resolv.conf parsing more compact 2011-05-29 22:07:49 -04:00
Ulrich Drepper
16985fd0c7 Recognize use-vc option in resolv.conf 2011-05-29 21:43:33 -04:00