Commit Graph

117 Commits

Author SHA1 Message Date
Joseph Myers
6d7e8eda9b Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
Joseph Myers
a3708cf6b0 Avoid use of atoi in some places in libc
This patch is split out of
<https://sourceware.org/pipermail/libc-alpha/2022-December/144122.html>.

atoi has undefined behavior on out-of-range input, which makes it
problematic to use anywhere in glibc that might be processing input
out-of-range for atoi but not specified to produce undefined behavior
for the function calling atoi.  Change some uses of atoi to call
strtol instead; this avoids the undefined behavior, though there is no
guarantee that the overflow handling of strtol is really right in
those places either.  This also serves to avoid localplt test failures
given an installed header redirection for strtol (which means that the
call from the inline atoi implementation doesn't end up at a hidden
alias from libc_hidden_proto).

Certainly, the use of atoi is questionable in argp-help.c (shared with
gnulib, so shouldn't depend on glibc implementation details, and
processing user-provided input), and maybe also in argp-parse.c (I'm
not sure what that code in argp-parse.c is meant to be used for).  I
also changed inet/rexec.c and resolv/res_init.c similarly to use
strtol to avoid such localplt failures, although given those files (in
those versions) are only used in glibc it's not problematic for them
to rely on the specific behavior of glibc's atoi on out-of-range input
(in the absence of compiler optimizations based on the undefined
behavior) in the same way it's problematic for gnulib code to do so.

There may be other uses of atoi (or atol or atoll), in any of glibc's
installed code, for which it would also be appropriate to avoid the
undefined behavior on out-of-range input; this patch only fixes the
specific cases needed to avoid localplt failures.

Tested for x86_64.
2022-12-19 14:45:44 +00:00
Florian Weimer
f282cdbe7f resolv: Implement no-aaaa stub resolver option
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2022-06-24 18:18:44 +02:00
Paul Eggert
581c785bf3 Update copyright dates with scripts/update-copyrights
I used these shell commands:

../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")

and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 7061 files FOO.

I then removed trailing white space from math/tgmath.h,
support/tst-support-open-dev-null-range.c, and
sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following
obscure pre-commit check failure diagnostics from Savannah.  I don't
know why I run into these diagnostics whereas others evidently do not.

remote: *** 912-#endif
remote: *** 913:
remote: *** 914-
remote: *** error: lines with trailing whitespace found
...
remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
2022-01-01 11:40:24 -08:00
Paul Eggert
2b778ceb40 Update copyright dates with scripts/update-copyrights
I used these shell commands:

../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")

and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
2021-01-02 12:17:34 -08:00
Florian Weimer
631cf64bc1 Move implementation of <file_change_detection.h> into a C file
file_change_detection_for_stat partially initialize
struct file_change_detection in some cases, when the size member
alone determines the outcome of all comparisons.  This results
in maybe-uninitialized compiler warnings in case of sufficiently
aggressive inlining.

Once the implementation is moved into a separate C file, this kind
of inlining is no longer possible, so the compiler warnings are gone.
2020-02-18 13:44:48 +01:00
Florian Weimer
dd0b4df329 resolv: Enhance __resolv_conf_load to capture file change data
The data is captured after reading the file.  This allows callers
to check the change data against an earlier measurement.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2020-02-14 08:14:03 +01:00
Florian Weimer
a1a20f0292 resolv: Fix file handle leak in __resolv_conf_load [BZ #25429]
res_vinit_1 did not close the stream on errors, only on success.
This change moves closing the stream to __resolv_conf_load, for both
the success and error cases.

Fixes commit 89f187a40f ("resolv: Use
getline for configuration file reading in res_vinit_1") and commit
3f853f22c8 ("resolv: Lift domain search
list limits [BZ #19569] [BZ #21475]"), where memory allocation was
introduced into res_vinit_1.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2020-02-14 08:13:58 +01:00
Joseph Myers
d614a75396 Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
Florian Weimer
446997ff14 resolv: Implement trust-ad option for /etc/resolv.conf [BZ #20358]
This introduces a concept of trusted name servers, for which the
AD bit is passed through to applications.  For untrusted name
servers (the default), the AD bit in responses are cleared, to
provide a safe default.

This approach is very similar to the one suggested by Pavel Šimerda
in <https://bugzilla.redhat.com/show_bug.cgi?id=1164339#c15>.

The DNS test framework in support/ is enhanced with support for
setting the AD bit in responses.

Tested on x86_64-linux-gnu.

Change-Id: Ibfe0f7c73ea221c35979842c5c3b6ed486495ccc
2019-11-27 20:54:37 +01:00
Paul Eggert
5a82c74822 Prefer https to http for gnu.org and fsf.org URLs
Also, change sources.redhat.com to sourceware.org.
This patch was automatically generated by running the following shell
script, which uses GNU sed, and which avoids modifying files imported
from upstream:

sed -ri '
  s,(http|ftp)(://(.*\.)?(gnu|fsf|sourceware)\.org($|[^.]|\.[^a-z])),https\2,g
  s,(http|ftp)(://(.*\.)?)sources\.redhat\.com($|[^.]|\.[^a-z]),https\2sourceware.org\4,g
' \
  $(find $(git ls-files) -prune -type f \
      ! -name '*.po' \
      ! -name 'ChangeLog*' \
      ! -path COPYING ! -path COPYING.LIB \
      ! -path manual/fdl-1.3.texi ! -path manual/lgpl-2.1.texi \
      ! -path manual/texinfo.tex ! -path scripts/config.guess \
      ! -path scripts/config.sub ! -path scripts/install-sh \
      ! -path scripts/mkinstalldirs ! -path scripts/move-if-change \
      ! -path INSTALL ! -path  locale/programs/charmap-kw.h \
      ! -path po/libc.pot ! -path sysdeps/gnu/errlist.c \
      ! '(' -name configure \
            -execdir test -f configure.ac -o -f configure.in ';' ')' \
      ! '(' -name preconfigure \
            -execdir test -f preconfigure.ac ';' ')' \
      -print)

and then by running 'make dist-prepare' to regenerate files built
from the altered files, and then executing the following to cleanup:

  chmod a+x sysdeps/unix/sysv/linux/riscv/configure
  # Omit irrelevant whitespace and comment-only changes,
  # perhaps from a slightly-different Autoconf version.
  git checkout -f \
    sysdeps/csky/configure \
    sysdeps/hppa/configure \
    sysdeps/riscv/configure \
    sysdeps/unix/sysv/linux/csky/configure
  # Omit changes that caused a pre-commit check to fail like this:
  # remote: *** error: sysdeps/powerpc/powerpc64/ppc-mcount.S: trailing lines
  git checkout -f \
    sysdeps/powerpc/powerpc64/ppc-mcount.S \
    sysdeps/unix/sysv/linux/s390/s390-64/syscall.S
  # Omit change that caused a pre-commit check to fail like this:
  # remote: *** error: sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S: last line does not end in newline
  git checkout -f sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S
2019-09-07 02:43:31 -07:00
Florian Weimer
3f8b44be0a resolv: Remove support for RES_USE_INET6 and the inet6 option
This functionality was deprecated in glibc 2.25.

This commit only includes the core changes to remove the
functionality.  It does not remove the RES_USE_INET6 handling in the
individual NSS service modules and the res_use_inet6 function.
These changes will happen in future commits.
2019-04-08 10:56:22 +02:00
Florian Weimer
108bc4049f CVE-2016-10739: getaddrinfo: Fully parse IPv4 address strings [BZ #20018]
The IPv4 address parser in the getaddrinfo function is changed so that
it does not ignore trailing whitespace and all characters after it.
For backwards compatibility, the getaddrinfo function still recognizes
legacy name syntax, such as 192.000.002.010 interpreted as 192.0.2.8
(octal).

This commit does not change the behavior of inet_addr and inet_aton.
gethostbyname already had additional sanity checks (but is switched
over to the new __inet_aton_exact function for completeness as well).

To avoid sending the problematic query names over DNS, commit
6ca53a2453 ("resolv: Do not send queries
for non-host-names in nss_dns [BZ #24112]") is needed.
2019-01-21 21:26:03 +01:00
Joseph Myers
04277e02d7 Update copyright dates with scripts/update-copyrights.
* All files with FSF copyright notices: Update copyright dates
	using scripts/update-copyrights.
	* locale/programs/charmap-kw.h: Regenerated.
	* locale/programs/locfile-kw.h: Likewise.
2019-01-01 00:11:28 +00:00
Joseph Myers
688903eb3e Update copyright dates with scripts/update-copyrights.
* All files with FSF copyright notices: Update copyright dates
	using scripts/update-copyrights.
	* locale/programs/charmap-kw.h: Regenerated.
	* locale/programs/locfile-kw.h: Likewise.
2018-01-01 00:32:25 +00:00
Florian Weimer
5670c4ab25 resolv: Fix memory leak with OOM during resolv.conf parsing [BZ #22095] 2017-09-06 15:20:25 +02:00
Florian Weimer
aef16cc8a4 resolv: Automatically reload a changed /etc/resolv.conf file [BZ #984]
This commit enhances the stub resolver to reload the configuration
in the per-thread _res object if the /etc/resolv.conf file has
changed.  The resolver checks whether the application has modified
_res and will not overwrite the _res object in that case.

The struct resolv_context mechanism is used to check the
configuration file only once per name lookup.
2017-07-03 21:06:23 +02:00
Florian Weimer
a1c4eb8794 resolv: Mirror the entire resolver configuration in struct resolv_conf
This commit adds the remaining unchanging members (which are loaded
from /etc/resolv.conf) to struct resolv_conf.

The extended name server list is currently not used by the stub
resolver.  The switch depends on a cleanup: The _u._ext.nssocks
array stores just a single socket, and needs to be replaced with
a single socket value.

(The compatibility gethostname implementation does not use the
extended addres sort list, either.  Updating the compat code is
not worthwhile.)
2017-07-03 21:03:21 +02:00
Florian Weimer
3f853f22c8 resolv: Lift domain search list limits [BZ #19569] [BZ #21475]
This change uses the extended resolver state in struct resolv_conf to
store the search list.  If applications have not patched the _res
object directly, this extended search list will be used by the stub
resolver during name resolution.
2017-07-03 21:01:42 +02:00
Florian Weimer
f30a54b21b resolv: Introduce struct resolv_conf with extended resolver state
This change provides additional resolver configuration state which
is not exposed through the _res ABI.  It reuses the existing
initstamp field in the supposedly-private part of _res.  Some effort
is undertaken to avoid memory safety issues introduced by applications
which directly patch the _res object.

With this commit, only the initstamp field is moved into struct
resolv_conf.  Additional members will be added later, eventually
migrating the entire resolver configuration.
2017-07-03 20:57:28 +02:00
Florian Weimer
b606c6ce66 resolv: Remove source argument fron res_options 2017-06-30 11:32:19 +02:00
Florian Weimer
e6b4e2de6d resolv: Call _res_hconf_init from __res_vinit
Many callers of __res_maybe_init also call _res_hconf_init.
Additional calls to the latter do not hurt because the function
does its work only once.  (/etc/hosts.conf is not reloaded or
even checked for changes.)  This means that we can simplify the
code by calling _res_hconf_init directly from __res_vinit.
2017-06-27 09:26:46 +02:00
Florian Weimer
b1e7c13cc5 resolv: Clean up declarations of the __res_initstamp variable 2017-06-23 17:52:55 +02:00
Florian Weimer
89f187a40f resolv: Use getline for configuration file reading in res_vinit_1 2017-06-19 14:24:24 +02:00
Florian Weimer
ea4924ce5b resolv: Report allocation errors in __res_vinit 2017-06-19 14:24:24 +02:00
Florian Weimer
4c4480eecb resolv: Reformat res_vinit and related functions to GNU style
Also remove some obsolete comments.
2017-06-19 14:24:24 +02:00
Florian Weimer
94f094f22b resolv: Introduce is_sort_mask and call it from res_vinit 2017-06-19 14:24:24 +02:00
Florian Weimer
e68111fbd6 resolv: Remove DEBUG preprocessor conditionals from res_setoptions 2017-06-19 14:24:24 +02:00
Florian Weimer
e4e5b57d23 resolv: Move _res deallocation functions to their own file 2017-06-19 14:24:23 +02:00
Florian Weimer
26bf5a1029 resolv: Move res_randomid to its own file 2017-06-19 14:24:23 +02:00
Florian Weimer
ca3d65ff69 resolv: Make __res_vinit hidden
And remove unnecessary separate declarations.
2017-06-19 14:24:23 +02:00
Florian Weimer
bee05c9d58 resolv: Replace __builtin_expect with __glibc_unlikely/__glibc_likely 2017-04-19 14:29:24 +02:00
Florian Weimer
b76e065991 resolv: Deprecate the "inet6" option and RES_USE_INET6 [BZ #19582] 2016-12-31 18:55:14 +01:00
Florian Weimer
5140d036f9 resolv: Remove RES_USEBSTRING and its implementation [BZ #20629]
In ns_name_ntop, the NS_CMPRSFLGS check is no longer needed because
labellen (called earlier) already rejects everything which is not
a plain label (compression references and extended label types).
2016-10-07 17:41:59 +02:00
Florian Weimer
7ec47a85d8 resolv: Remove RES_NOIP6DOTINT and its implementation 2016-10-07 17:41:59 +02:00
Florian Weimer
bfbd1de159 resolv: Deprecate unimplemented flags
RES_AAONLY, RES_PRIMARY, RES_NOCHECKNAME, RES_KEEPTSIG result
in compile-time warnings.  Some of these flags are still used in
applications.
2016-10-07 17:41:45 +02:00
Florian Weimer
6815a33d53 resolv: Remove unsupported hook functions from the API [BZ #20016] 2016-09-21 16:30:27 +02:00
Florian Weimer
80d8cb91de inet: Add __inet6_scopeid_pton function [BZ #20611]
__inet6_scopeid_pton implements strict validation of numeric scope IDs.
Use it in getaddrinfo and __res_vinit.
2016-09-15 15:46:30 +02:00
Florian Weimer
fd37b5a78a resolv: Remove _LIBC_REENTRANT 2016-09-13 15:08:37 +02:00
Florian Weimer
ed3c7876cc resolv: Reindent preprocessor conditionals following cleanups 2016-04-28 16:53:56 +02:00
Florian Weimer
e01eef67ba resolv: Assorted preprocessor cleanups 2016-04-28 13:58:18 +02:00
Florian Weimer
18b36f5dcf resolv: Remove RFC1535 conditionals 2016-04-28 12:53:51 +02:00
Florian Weimer
74a6983155 resolv: Remove RESOLVSORT preprocess conditionals 2016-04-28 12:53:51 +02:00
Florian Weimer
c99c925b8b resolv: Remove _LIBC conditionals 2016-04-28 12:53:49 +02:00
Florian Weimer
1f32be054b resolv: Remove SCCS and RCS keywords 2016-04-28 12:53:49 +02:00
Andreas Schwab
5e7fdabd7d Fix resource leak in resolver (bug 19257)
The number of currently defined nameservers is stored in ->nscount,
whereas ->_u._ext.nscount is set by __libc_res_nsend only after local
initializations.
2016-03-15 13:15:54 +01:00
Florian Weimer
aff8c7a9a7 res_ninit: Update comment
Since commit e66e7419a6 (Actually make
it possible to user the default name server.), the default is
INADDR_LOOPBACK, not INADDR_ANY.
2016-02-19 17:00:47 +01:00
Rob Wu
b674b82109 resolv: Reset defdname before use in __res_vinit [BZ #19369]
Resetting defdname (default domain name) before use in __res_vinit
ensures that the default domain name is correctly set to a default
value when it is not set by the LOCALDOMAIN environment variable or
the "domain" or "search" parameters in resolv.conf

Tested using the steps from:
https://sourceware.org/bugzilla/show_bug.cgi?id=19369
2015-12-29 13:28:04 -05:00
Joseph Myers
85231522bb Convert a few more function definitions to prototype style.
This patch converts a few more function definitions in glibc from
old-style K&R to prototype style.  This is sufficient to build and
test on x86_64 and x86 with -Wold-style-definition (I'll test on some
more architectures before proposing the actual addition of
-Wold-style-definition).

Tested for x86_64 and x86 with -Wold-style-definition in use
(testsuite - this patch affects files containing assertions).

	* io/fts.c (fts_open): Convert to prototype-style function
	definition.
	* malloc/mcheck.c (mcheck): Likewise.
	(mcheck_pedantic): Likewise.
	* posix/regexec.c (re_search_2_stub): Likewise.  Use
	internal_function.
	(re_search_internal): Likewise.
	* resolv/res_init.c [RESOLVSORT] (net_mask): Convert to
	prototype-style function definition.
	* sunrpc/clnt_udp.c (clntudp_call): Likewise.
	* sunrpc/pmap_rmt.c (clnt_broadcast): Likewise.
	* sunrpc/rpcsvc/rusers.x (xdr_utmp): Likewise.
	(xdr_utmpptr): Likewise.
	(xdr_utmparr): Likewise.
	(xdr_utmpidle): Likewise.
	(xdr_utmpidleptr): Likewise.
	(xdr_utmpidlearr): Likewise.
2015-10-21 11:57:23 +00:00
Andreas Schwab
2212c1420c Simplify handling of nameserver configuration in resolver
Remove use of ext.nsmap member of struct __res_state and always use
an identity mapping betwen the nsaddr_list array and the ext.nsaddrs
array.  The fact that a nameserver has an IPv6 address is signalled by
setting nsaddr_list[].sin_family to zero.
2015-05-21 15:16:37 +02:00