Commit Graph

116 Commits

Author SHA1 Message Date
Joseph Myers
bfff8b1bec Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
Florian Weimer
fc82b0a2df CVE-2015-5180: resolv: Fix crash with internal QTYPE [BZ #18784]
Also rename T_UNSPEC because an upcoming public header file
update will use that name.
2016-12-31 20:27:44 +01:00
Florian Weimer
b76e065991 resolv: Deprecate the "inet6" option and RES_USE_INET6 [BZ #19582] 2016-12-31 18:55:14 +01:00
Florian Weimer
5140d036f9 resolv: Remove RES_USEBSTRING and its implementation [BZ #20629]
In ns_name_ntop, the NS_CMPRSFLGS check is no longer needed because
labellen (called earlier) already rejects everything which is not
a plain label (compression references and extended label types).
2016-10-07 17:41:59 +02:00
Florian Weimer
7ec47a85d8 resolv: Remove RES_NOIP6DOTINT and its implementation 2016-10-07 17:41:59 +02:00
Florian Weimer
ecfda0fc25 resolv: Remove SUNSECURITY preprocessor conditionals
The macro is never defined.
2016-04-28 13:56:39 +02:00
Florian Weimer
74a6983155 resolv: Remove RESOLVSORT preprocess conditionals 2016-04-28 12:53:51 +02:00
Florian Weimer
a12f9431b3 nss_dns: Skip over non-PTR records in the netent code [BZ #19868]
This requires additional checks for the RDATA length and the
availability of record metadata.
2016-04-27 17:15:57 +02:00
Florian Weimer
c3bae689d3 nss_dns: Remove custom offsetof macro definition 2016-04-27 16:48:45 +02:00
Florian Weimer
5e0c421cc0 nss_dns: Check address length before creating addrinfo result [BZ #19831]
Previously, we allocated room in the result space before the check,
leaving uninitialized data there in case the check failed.

This also consolidates the behavior between single (A or AAAA) and
dual (A and AAAA in parallel) queries.  Single queries checked
the record length against the QTYPE, not the RRTYPE.
2016-04-27 16:39:12 +02:00
Florian Weimer
b9b026c9c0 resolv, nss_dns: Remove remaining syslog logging [BZ #19862]
The fix for bug 14841 only removed part of the logging.
2016-04-27 16:21:40 +02:00
Florian Weimer
f749498fa5 nss_dns: Validate RDATA length against packet length [BZ #19830]
In _nss_dns_getcanonname_r, a check for the availability of RR metadata
was missing as well.
2016-04-27 15:11:42 +02:00
Florian Weimer
d29fb41f44 nss_dns: Fix assertion failure in _nss_dns_getcanonname_r [BZ #19865] 2016-04-11 10:55:43 +02:00
Florian Weimer
317b199b4a CVE-2016-3075: Stack overflow in _nss_dns_getnetbyname_r [BZ #19879]
The defensive copy is not needed because the name may not alias the
output buffer.
2016-03-29 12:57:56 +02:00
Carlos O'Donell
e9db92d3ac CVE-2015-7547: getaddrinfo() stack-based buffer overflow (Bug 18665).
* A stack-based buffer overflow was found in libresolv when invoked from
  libnss_dns, allowing specially crafted DNS responses to seize control
  of execution flow in the DNS client.  The buffer overflow occurs in
  the functions send_dg (send datagram) and send_vc (send TCP) for the
  NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC
  family.  The use of AF_UNSPEC triggers the low-level resolver code to
  send out two parallel queries for A and AAAA.  A mismanagement of the
  buffers used for those queries could result in the response of a query
  writing beyond the alloca allocated buffer created by
  _nss_dns_gethostbyname4_r.  Buffer management is simplified to remove
  the overflow.  Thanks to the Google Security Team and Red Hat for
  reporting the security impact of this issue, and Robert Holiday of
  Ciena for reporting the related bug 18665. (CVE-2015-7547)

See also:
https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
https://sourceware.org/ml/libc-alpha/2016-02/msg00418.html
2016-02-16 21:29:32 -05:00
Joseph Myers
f7a9f785e5 Update copyright dates with scripts/update-copyrights. 2016-01-04 16:05:18 +00:00
Andreas Schwab
6b142b3a1d Record TTL also for DNS PTR queries (bug 18513)
This allows nscd to manage proper TTL for GETHOSTBYADDR[v6] requests.
2015-06-22 14:04:34 +02:00
Arjun Shankar
2959eda927 CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow [BZ#18287] 2015-04-21 14:06:50 +02:00
Siddhesh Poyarekar
3e3002ffea Skip logging for DNSSEC responses [BZ 14841]
DNSSEC defines a number of response types that one me expect when the
DO bit is set.  We don't process any of them, but since we do allow
setting the DO bit, skip them without logging an error since it is
only a nuisance.

Tested on x86_64.

	[BZ #14841]
	* resolv/gethnamaddr.c (getanswer): Skip logging if
	RES_USE_DNSSEC is set.
	* resolv/nss_dns/dns-host.c (getanswer_r): Likewise.
2015-02-24 13:17:29 +05:30
Joseph Myers
b168057aaa Update copyright dates with scripts/update-copyrights. 2015-01-02 16:29:47 +00:00
Florian Weimer
11e3417af6 Avoid infinite loop in nss_dns getnetbyname [BZ #17630] 2014-12-16 10:08:29 +01:00
Siddhesh Poyarekar
76985d3e03 Remove MULTI_PTRS_ARE_ALIASES in dns-hosts.c
The code in gethnamaddr.c for gethostbyaddr used and set this macro to
allow multiple PTR records to be added as aliases.  This was useful
for gethostbyaddr since it returns a hostent structure, which can
return aliases.

The gethnamaddr.c source however is unused in glibc since pretty much
forever.  Instead, the DNS lookup bits for gethostbyaddr (as well as
getnameinfo) are implemented in dns-hosts.c and in that implementation
all but one (the first one) of the multiple PTR records are ignored.
Since gethnamaddr.c is essentially dead code, ignore that
implementation and replace the MULTI_PTRS_ARE_ALIASES bit with a
comment mentioning that bind adds PTR records as aliases while we
don't.
2014-07-01 17:23:20 +05:30
Andreas Schwab
ab09bf616a Properly fix memory leak in _nss_dns_gethostbyname4_r with big DNS answer
Instead of trying to guess whether the second buffer needs to be freed
set a flag at the place it is allocated
2014-02-19 14:39:21 +01:00
Ondřej Bílka
ab7ac0f2cf Deduplicate resolv/nss_dns/dns-host.c
In resolv/nss_dns/dns-host.c one of code path duplicated code after
that. We merge these paths.
2014-02-16 12:59:23 +01:00
Andreas Schwab
d668061994 Fix memory leak in _nss_dns_gethostbyname4_r with big DNS answer 2014-02-13 12:54:34 +01:00
Ondřej Bílka
a1ffb40e32 Use glibc_likely instead __builtin_expect. 2014-02-10 15:07:12 +01:00
Allan McRae
d4697bc93d Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
Joseph Myers
2e09a79ada Avoid use of "register" as optimization hint. 2013-06-07 22:24:35 +00:00
Ryan S. Arnold
e054f49430 Add #include <stdint.h> for uint[32|64]_t usage (except installed headers). 2013-05-16 11:32:54 -05:00
Joseph Myers
568035b787 Update copyright notices with scripts/update-copyrights. 2013-01-02 19:05:09 +00:00
Joseph Myers
f4cf5f2d8b Add script to update copyright notices and reformat some to facilitate its use. 2013-01-01 16:29:10 +00:00
Siddhesh Poyarekar
cfde9b463d Return EAI_SYSTEM if we're out of file descriptors
Resolves BZ #14719.
2012-11-19 13:02:48 +05:30
Jeroen van Bemmel
7b6e99be77 Avoid duplicate DNS requests if answer is longer than a implementation
limit

        [BZ #14307]
        * sysdeps/posix/getaddrinfo.c (gaih_inet): Increase the size of
        the temporary buffer used to invoke __gethostbyname2_r,
        __gethostbyaddr_r and gethostbyname4_r to make room for struct
        host_data / struct gaih_addrtuple.
        * resolv/nss_dns/dns-host.c (global scope): Move definition of
        implementation constants MAX_NR_ALIASES and MAX_NR_ADDRS to
        header file nss/nsswitch.h.
        * nss/nsswitch.h (global scope): Add definition of implementation
        constants MAX_NR_ALIASES and MAX_NR_ADDRS (moved from
        resolv/nss_dns/dns-host.c).
2012-07-12 11:31:48 +05:30
Siddhesh Poyarekar
6cd0a5eaf0 Merge copyright years in resolv/nss_dns/dns-host.c 2012-03-31 10:01:43 +05:30
Siddhesh Poyarekar
48c41d04ee Consider TTL of CNAME record and return minimum TTL in the chain
[BZ #13928] A DNS request consists of multiple resources combined into
a single hostent, including multiple CNAME records that may have been
assigned different TTL values. In such a case, nscd should take the
least TTL among all of the resources as the timeout for the hostent
before it is reloaded in its cache so that the hostent remains stale
in the database for the least amount of time.
2012-03-30 21:30:01 +05:30
Jeff Law
2f5a5ed02c * resolv/nss_dns/dns-host.c: Update copyright year. 2012-03-30 09:54:21 -06:00
Jeff Law
86ae07a8c9 [BZ #13760]
* resolv/nss_dns/dns-host.c (gaih_getanswer): Look for errno
        in the right place. Discard and retry query if response is
        larger than input buffer size.
2012-03-28 10:09:29 -06:00
Paul Eggert
59ba27a63a Replace FSF snail mail address with URLs. 2012-02-09 23:18:22 +00:00
Roland McGrath
5615eaf264 Quash some new warnings from GCC 4.6. 2011-06-10 22:44:20 -07:00
Andreas Schwab
a769081960 Don't ignore zero TTL in DNS answers 2010-11-25 20:50:16 -05:00
Ulrich Drepper
ea42a20cae Fix crash on reloading of gai data in nscd. 2010-04-09 21:38:20 -07:00
Ulrich Drepper
4535680d03 Handle DNS timeouts in old-style lookkup code. 2010-04-05 12:21:20 -07:00
Andreas Schwab
51e4196f16 Handle running out of buffer space with IPv6 mapping enabled.
With big DNS answers like the one you get for goodtimesdot.com you can
get a truncated address list if IPv6 mapping is enabled.  Instead tell
the caller to resize the buffer.
2009-11-10 07:36:50 -08:00
Ulrich Drepper
c6807d38a1 * resolv/res_hconf.c (_res_hconf_trim_domain): Use strcasecmp
instead of __strcasecmp.
	* resolv/nss_dns/dns-host.c (getanswer_r): Likewise.
2009-04-07 16:13:15 +00:00
Ulrich Drepper
df9293cb16 * resolv/nss_dns/dns-host.c (_nss_dns_gethostbyaddr2_r): Check and
adjust the buffer alignment.
2009-01-08 00:03:29 +00:00
Ulrich Drepper
da5ac1352d * resolv/nss_dns/dns-host.c (_nss_dns_gethostbyname3_r): Recognize
ESRCH return value.
	(_nss_dns_gethostbyname4_r): Likewise.
	* resolv/res_init.c (__res_vinit): Initialize nscount to zero.
	* sysdeps/posix/getaddrinfo.c (gaih_inet): In case we use
	gethostbyname4_r, we don't have a separate IPv6 status, so copy
	the no_data variable.
2008-12-03 07:30:39 +00:00
Ulrich Drepper
9ba2747432 (gaih_getanswer_slice): Don't abort for unknown request types for now. 2008-11-12 07:52:20 +00:00
Ulrich Drepper
cd5743fdec * Versions.def: Add GLIBC_2.9 to libresolv.
* include/resolv.h: Remove hidden proto declarations for __ns_*
	functions.  Add them for __dn_count_labels and __p_secstodate.
	* include/arpa/nameser.h: Add a number of hidden proto declarations.
	Define ns_msg_getflags macro here.
	* resolv/res_debug.c: Add hidden definition for __dn_count_labels
	and __p_secstodate.
	* resolv/Versions: Export functions from <arpa/nameser.h> from
	libresolv in version GLIBC_2.9.
	* resolv/ns_name.c: Integrate changes from bind 9.5.0.  Add necessary
	hidden definitions.
	* resolv/ns_netint.c: Likewise.
	* resolv/ns_parse.c: Likewise.
	* resolv/ns_print.c: Likewise.
	* resolv/ns_samedomain.c: Likewise.
	* resolv/ns_ttl.c: Likewise.
	* resolv/arpa/nameser_compat.h: Likewise.
	* resolv/arpa/nameser.h: Likewise.  Remove macros which redirect
	function calls.
	* resolv/nss_dns/dns-canon.c (_nss_dns_getcanonname_r): Use __ns_get16
	instead of ns_get16.
	* resolv/nss_dns/dns-host.c (getanswer_r): Use __ns_get16 and
	__ns_get32 instead of ns_get16 and ns_get32 respectively.
	(gaih_getanswer_slice): Likewise.
	* resolv/Makefile (libresolv-routines): Add ns_date.
	* resolv/ns_date.c: New file.
2008-08-01 17:16:31 +00:00
Ulrich Drepper
b7da31a164 * resolv/res_send.c (__libc_res_nsend): Take additional parameter.
Use it instead of locally defined resplen2 variable.
	(res_nsend): Adjust for __libc_res_nsend interface change.
	(send_vc): Initialize *resplen2 if necessary.  Read length of
	package into an appropriately aligned variable.  Store converted length
	in new variable and use it appropriately.
	Add branch prediction help.
	* resolv/res_query.c (__libc_res_nquery): Take additional parameter
	and pass it on to __libc_res_nsend.  Adjust all callers.
	(__libc_res_nsearch): Likewise.
	(__libc_res_nqeurydomain): Likewise.
	* resolv/nss_dns/dns-host.c: Adjust for __libc_res_nsearch interface
	change.
	(_nss_dns_gethostbyname4): Don't unconditionally allocate tmp array.
	Define resplen2 variable and pass it to __libc_res_nsearch and then
	to gaih_getanswer.
	(getanswer_r): In case of incorrect DNS data don't overread buffer.
	Add branch prediction.
	(gaih_getanswer_slice): Likewise.  Check for invalid data types.
	(gaih_getanswer): Don't decode second slice if first one failed due
	to a too small buffer.  Don't let not found status of second
	decoder shadow results of the first.
	* resolv/gethnamaddr.c (gethostbyname2): Adjust for __libc_res_nsearch
	and __libc_res_nquery interface changes
	(gethostbyaddr): Adjust for __libc_res_nquery interface change.
	* include/resolv.h: Adjust prototypes for __libc_res_nquery,
	__libc_res_nsearch, and __libc_res_nsend.
	* resolv/nss_dns/dns-canon.c: Adjust for __libc_res_nquery interface
	change.
	* resolv/nss_dns/dns-network.c: Adjust for __libc_res_nquery and
	__libc_res_nsearch interface changes.
2008-07-28 22:55:10 +00:00
Ulrich Drepper
f854efd722 * resolv/nss_dns/dns-host.c (gaih_getanswer): Don't
unconditionally use second gaih_getanswer_slice result.
2008-06-13 04:36:35 +00:00