Since commit 44d20bca52 (Implement
second fallback mode for DNS requests), there is a code path which
returns early, before *resplen2 is initialized. This happens if the
name server address is immediately recognized as invalid (because of
lack of protocol support, or if it is a broadcast address such
255.255.255.255, or another invalid address).
If this happens and *resplen2 was non-zero (which is the case if a
previous query resulted in a failure), __libc_res_nquery would reuse
an existing second answer buffer. This answer has been previously
identified as unusable (for example, it could be an NXDOMAIN
response). Due to the presence of a second answer, no name server
switching will occur. The result is a name resolution failure,
although a successful resolution would have been possible if name
servers have been switched and queries had proceeded along the search
path.
The above paragraph still simplifies the situation. Before glibc
2.23, if the second answer needed malloc, the stub resolver would
still attempt to reuse the second answer, but this is not possible
because __libc_res_nsearch has freed it, after the unsuccessful call
to __libc_res_nquerydomain, and set the buffer pointer to NULL. This
eventually leads to an assertion failure in __libc_res_nquery:
/* Make sure both hp and hp2 are defined */
assert((hp != NULL) && (hp2 != NULL));
If assertions are disabled, the consequence is a NULL pointer
dereference on the next line.
Starting with glibc 2.23, as a result of commit
e9db92d3ac (CVE-2015-7547: getaddrinfo()
stack-based buffer overflow (Bug 18665)), the second answer is always
allocated with malloc. This means that the assertion failure happens
with small responses as well because there is no buffer to reuse, as
soon as there is a name resolution failure which triggers a search for
an answer along the search path.
This commit addresses the issue by ensuring that *resplen2 is
initialized before the send_dg function returns.
This commit also addresses a bug where an invalid second reply is
incorrectly returned as a valid to the caller.
The number of currently defined nameservers is stored in ->nscount,
whereas ->_u._ext.nscount is set by __libc_res_nsend only after local
initializations.
* A stack-based buffer overflow was found in libresolv when invoked from
libnss_dns, allowing specially crafted DNS responses to seize control
of execution flow in the DNS client. The buffer overflow occurs in
the functions send_dg (send datagram) and send_vc (send TCP) for the
NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC
family. The use of AF_UNSPEC triggers the low-level resolver code to
send out two parallel queries for A and AAAA. A mismanagement of the
buffers used for those queries could result in the response of a query
writing beyond the alloca allocated buffer created by
_nss_dns_gethostbyname4_r. Buffer management is simplified to remove
the overflow. Thanks to the Google Security Team and Red Hat for
reporting the security impact of this issue, and Robert Holiday of
Ciena for reporting the related bug 18665. (CVE-2015-7547)
See also:
https://sourceware.org/ml/libc-alpha/2016-02/msg00416.htmlhttps://sourceware.org/ml/libc-alpha/2016-02/msg00418.html
Resetting defdname (default domain name) before use in __res_vinit
ensures that the default domain name is correctly set to a default
value when it is not set by the LOCALDOMAIN environment variable or
the "domain" or "search" parameters in resolv.conf
Tested using the steps from:
https://sourceware.org/bugzilla/show_bug.cgi?id=19369
One common case of __GNUC_PREREQ (4, 7) conditionals is use of
diagnostic control pragmas for -Wmaybe-uninitialized, an option
introduced in GCC 4.7 where older GCC needed -Wuninitialized to be
controlled instead if the warning appeared with older GCC. This patch
removes such conditionals.
(There remain several older uses of -Wno-uninitialized in makefiles
that still need to be converted to diagnostic control pragmas if the
issue is still present with current sources and supported GCC
versions, and it's likely that in most cases those pragmas also will
end up controlling -Wmaybe-uninitialized.)
Tested for x86_64 and x86 (testsuite, and that installed stripped
shared libraries are unchanged by the patch, except for libresolv
since res_send.c contains assertions whose line numbers are changed by
the patch).
* resolv/res_send.c (send_vc) [__GNUC_PREREQ (4, 7)]: Make code
unconditional.
* soft-fp/fmadf4.c [__GNUC_PREREQ (4, 7)]: Likewise.
[!__GNUC_PREREQ (4, 7)]: Remove conditional code.
* soft-fp/fmasf4.c [__GNUC_PREREQ (4, 7)]: Make code
unconditional.
[!__GNUC_PREREQ (4, 7)]: Remove conditional code.
* soft-fp/fmatf4.c [__GNUC_PREREQ (4, 7)]: Make code
unconditional.
[!__GNUC_PREREQ (4, 7)]: Remove conditional code.
* stdlib/setenv.c
[((__GNUC__ << 16) + __GNUC_MINOR__) >= ((4 << 16) + 7)]: Make
code unconditional.
[!(((__GNUC__ << 16) + __GNUC_MINOR__) >= ((4 << 16) + 7))]:
Remove conditional code.
* sysdeps/ieee754/dbl-64/e_lgamma_r.c
(__ieee754_lgamma_r) [__GNUC_PREREQ (4, 7)]: Make code
unconditional.
(__ieee754_lgamma_r) [!__GNUC_PREREQ (4, 7)]: Remove conditional
code.
* sysdeps/ieee754/flt-32/e_lgammaf_r.c
(__ieee754_lgammaf_r) [__GNUC_PREREQ (4, 7)]: Make code
unconditional.
(__ieee754_lgammaf_r) [!__GNUC_PREREQ (4, 7)]: Remove conditional
code.
* sysdeps/ieee754/ldbl-128/k_tanl.c
(__kernel_tanl) [__GNUC_PREREQ (4, 7)]: Make code unconditional.
(__kernel_tanl) [!__GNUC_PREREQ (4, 7)]: Remove conditional code.
* sysdeps/ieee754/ldbl-128ibm/k_tanl.c
(__kernel_tanl) [__GNUC_PREREQ (4, 7)]: Make code unconditional.
(__kernel_tanl) [!__GNUC_PREREQ (4, 7)]: Remove conditional code.
* sysdeps/ieee754/ldbl-96/e_lgammal_r.c
(__ieee754_lgammal_r) [__GNUC_PREREQ (4, 7)]: Make code
unconditional.
(__ieee754_lgammal_r) [!__GNUC_PREREQ (4, 7)]: Remove conditional
code.
* sysdeps/ieee754/ldbl-96/k_tanl.c
(__kernel_tanl) [__GNUC_PREREQ (4, 7)]: Make code unconditional.
(__kernel_tanl) [!__GNUC_PREREQ (4, 7)]: Remove conditional code.
This patch converts a few more function definitions in glibc from
old-style K&R to prototype style. This is sufficient to build and
test on x86_64 and x86 with -Wold-style-definition (I'll test on some
more architectures before proposing the actual addition of
-Wold-style-definition).
Tested for x86_64 and x86 with -Wold-style-definition in use
(testsuite - this patch affects files containing assertions).
* io/fts.c (fts_open): Convert to prototype-style function
definition.
* malloc/mcheck.c (mcheck): Likewise.
(mcheck_pedantic): Likewise.
* posix/regexec.c (re_search_2_stub): Likewise. Use
internal_function.
(re_search_internal): Likewise.
* resolv/res_init.c [RESOLVSORT] (net_mask): Convert to
prototype-style function definition.
* sunrpc/clnt_udp.c (clntudp_call): Likewise.
* sunrpc/pmap_rmt.c (clnt_broadcast): Likewise.
* sunrpc/rpcsvc/rusers.x (xdr_utmp): Likewise.
(xdr_utmpptr): Likewise.
(xdr_utmparr): Likewise.
(xdr_utmpidle): Likewise.
(xdr_utmpidleptr): Likewise.
(xdr_utmpidlearr): Likewise.
This mostly automatically-generated patch converts 113 function
definitions in glibc from old-style K&R to prototype-style. Following
my other recent such patches, this one deals with the case of function
definitions in files that either contain assertions or where grep
suggested they might contain assertions - and thus where it isn't
possible to use a simple object code comparison as a sanity check on
the correctness of the patch, because line numbers are changed.
A few such automatically-generated changes needed to be supplemented
by manual changes for the result to compile. openat64 had a prototype
declaration with "..." but an old-style definition in
sysdeps/unix/sysv/linux/dl-openat64.c, and "..." needed adding to the
generated prototype in the definition (I've filed
<https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68024> for diagnosing
such cases in GCC; the old state was undefined behavior not requiring
a diagnostic, but one seems a good idea). In addition, as Florian has
noted regparm attribute mismatches between declaration and definition
are only diagnosed for prototype definitions, and five functions
needed internal_function added to their definitions (in the case of
__pthread_mutex_cond_lock, via the macro definition of
__pthread_mutex_lock) to compile on i386.
After this patch is in, remaining old-style definitions are probably
most readily fixed manually before we can turn on
-Wold-style-definition for all builds.
Tested for x86_64 and x86 (testsuite).
* crypt/md5-crypt.c (__md5_crypt_r): Convert to prototype-style
function definition.
* crypt/sha256-crypt.c (__sha256_crypt_r): Likewise.
* crypt/sha512-crypt.c (__sha512_crypt_r): Likewise.
* debug/backtracesyms.c (__backtrace_symbols): Likewise.
* elf/dl-minimal.c (_itoa): Likewise.
* hurd/hurdmalloc.c (malloc): Likewise.
(free): Likewise.
(realloc): Likewise.
* inet/inet6_option.c (inet6_option_space): Likewise.
(inet6_option_init): Likewise.
(inet6_option_append): Likewise.
(inet6_option_alloc): Likewise.
(inet6_option_next): Likewise.
(inet6_option_find): Likewise.
* io/ftw.c (FTW_NAME): Likewise.
(NFTW_NAME): Likewise.
(NFTW_NEW_NAME): Likewise.
(NFTW_OLD_NAME): Likewise.
* libio/iofwide.c (_IO_fwide): Likewise.
* libio/strops.c (_IO_str_init_static_internal): Likewise.
(_IO_str_init_static): Likewise.
(_IO_str_init_readonly): Likewise.
(_IO_str_overflow): Likewise.
(_IO_str_underflow): Likewise.
(_IO_str_count): Likewise.
(_IO_str_seekoff): Likewise.
(_IO_str_pbackfail): Likewise.
(_IO_str_finish): Likewise.
* libio/wstrops.c (_IO_wstr_init_static): Likewise.
(_IO_wstr_overflow): Likewise.
(_IO_wstr_underflow): Likewise.
(_IO_wstr_count): Likewise.
(_IO_wstr_seekoff): Likewise.
(_IO_wstr_pbackfail): Likewise.
(_IO_wstr_finish): Likewise.
* locale/programs/localedef.c (normalize_codeset): Likewise.
* locale/programs/locarchive.c (add_locale_to_archive): Likewise.
(add_locales_to_archive): Likewise.
(delete_locales_from_archive): Likewise.
* malloc/malloc.c (__libc_mallinfo): Likewise.
* math/gen-auto-libm-tests.c (init_fp_formats): Likewise.
* misc/tsearch.c (__tfind): Likewise.
* nptl/pthread_attr_destroy.c (__pthread_attr_destroy): Likewise.
* nptl/pthread_attr_getdetachstate.c
(__pthread_attr_getdetachstate): Likewise.
* nptl/pthread_attr_getguardsize.c (pthread_attr_getguardsize):
Likewise.
* nptl/pthread_attr_getinheritsched.c
(__pthread_attr_getinheritsched): Likewise.
* nptl/pthread_attr_getschedparam.c
(__pthread_attr_getschedparam): Likewise.
* nptl/pthread_attr_getschedpolicy.c
(__pthread_attr_getschedpolicy): Likewise.
* nptl/pthread_attr_getscope.c (__pthread_attr_getscope):
Likewise.
* nptl/pthread_attr_getstack.c (__pthread_attr_getstack):
Likewise.
* nptl/pthread_attr_getstackaddr.c (__pthread_attr_getstackaddr):
Likewise.
* nptl/pthread_attr_getstacksize.c (__pthread_attr_getstacksize):
Likewise.
* nptl/pthread_attr_init.c (__pthread_attr_init_2_1): Likewise.
(__pthread_attr_init_2_0): Likewise.
* nptl/pthread_attr_setdetachstate.c
(__pthread_attr_setdetachstate): Likewise.
* nptl/pthread_attr_setguardsize.c (pthread_attr_setguardsize):
Likewise.
* nptl/pthread_attr_setinheritsched.c
(__pthread_attr_setinheritsched): Likewise.
* nptl/pthread_attr_setschedparam.c
(__pthread_attr_setschedparam): Likewise.
* nptl/pthread_attr_setschedpolicy.c
(__pthread_attr_setschedpolicy): Likewise.
* nptl/pthread_attr_setscope.c (__pthread_attr_setscope):
Likewise.
* nptl/pthread_attr_setstack.c (__pthread_attr_setstack):
Likewise.
* nptl/pthread_attr_setstackaddr.c (__pthread_attr_setstackaddr):
Likewise.
* nptl/pthread_attr_setstacksize.c (__pthread_attr_setstacksize):
Likewise.
* nptl/pthread_condattr_setclock.c (pthread_condattr_setclock):
Likewise.
* nptl/pthread_create.c (__find_in_stack_list): Likewise.
* nptl/pthread_getattr_np.c (pthread_getattr_np): Likewise.
* nptl/pthread_mutex_cond_lock.c (__pthread_mutex_lock): Define to
use internal_function.
* nptl/pthread_mutex_init.c (__pthread_mutex_init): Convert to
prototype-style function definition.
* nptl/pthread_mutex_lock.c (__pthread_mutex_lock): Likewise.
(__pthread_mutex_cond_lock_adjust): Likewise. Use
internal_function.
* nptl/pthread_mutex_timedlock.c (pthread_mutex_timedlock):
Convert to prototype-style function definition.
* nptl/pthread_mutex_trylock.c (__pthread_mutex_trylock):
Likewise.
* nptl/pthread_mutex_unlock.c (__pthread_mutex_unlock_usercnt):
Likewise.
(__pthread_mutex_unlock): Likewise.
* nptl_db/td_ta_clear_event.c (td_ta_clear_event): Likewise.
* nptl_db/td_ta_set_event.c (td_ta_set_event): Likewise.
* nptl_db/td_thr_clear_event.c (td_thr_clear_event): Likewise.
* nptl_db/td_thr_event_enable.c (td_thr_event_enable): Likewise.
* nptl_db/td_thr_set_event.c (td_thr_set_event): Likewise.
* nss/makedb.c (process_input): Likewise.
* posix/fnmatch.c (__strchrnul): Likewise.
(__wcschrnul): Likewise.
(fnmatch): Likewise.
* posix/fnmatch_loop.c (FCT): Likewise.
* posix/glob.c (globfree): Likewise.
(__glob_pattern_type): Likewise.
(__glob_pattern_p): Likewise.
* posix/regcomp.c (re_compile_pattern): Likewise.
(re_set_syntax): Likewise.
(re_compile_fastmap): Likewise.
(regcomp): Likewise.
(regerror): Likewise.
(regfree): Likewise.
* posix/regexec.c (regexec): Likewise.
(re_match): Likewise.
(re_search): Likewise.
(re_match_2): Likewise.
(re_search_2): Likewise.
(re_search_stub): Likewise. Use internal_function
(re_copy_regs): Likewise.
(re_set_registers): Convert to prototype-style function
definition.
(prune_impossible_nodes): Likewise. Use internal_function.
* resolv/inet_net_pton.c (inet_net_pton): Convert to
prototype-style function definition.
(inet_net_pton_ipv4): Likewise.
* stdlib/strtod_l.c (____STRTOF_INTERNAL): Likewise.
* sysdeps/pthread/aio_cancel.c (aio_cancel): Likewise.
* sysdeps/pthread/aio_suspend.c (aio_suspend): Likewise.
* sysdeps/pthread/timer_delete.c (timer_delete): Likewise.
* sysdeps/unix/sysv/linux/dl-openat64.c (openat64): Likewise.
Make variadic.
* time/strptime_l.c (localtime_r): Convert to prototype-style
function definition.
* wcsmbs/mbsnrtowcs.c (__mbsnrtowcs): Likewise.
* wcsmbs/mbsrtowcs_l.c (__mbsrtowcs_l): Likewise.
* wcsmbs/wcsnrtombs.c (__wcsnrtombs): Likewise.
* wcsmbs/wcsrtombs.c (__wcsrtombs): Likewise.
This automatically-generated patch converts 29 function definitions in
glibc (including one in an example in the manual) from old-style K&R
to prototype-style. Following my other recent such patches, this one
deals with the case of function definitions where one K&R parameter
declaration declares multiple parameters, as in:
void
foo (a, b)
int a, *b;
{
}
Tested for x86_64 and x86 (testsuite, and that installed stripped
shared libraries are unchanged by the patch).
* crypt/crypt.c (_ufc_doit_r): Convert to prototype-style function
definition.
(_ufc_doit_r): Likewise.
* crypt/crypt_util.c (_ufc_copymem): Likewise.
(_ufc_output_conversion_r): Likewise.
* inet/inet_mkadr.c (__inet_makeaddr): Likewise.
* inet/rcmd.c (rcmd_af): Likewise.
(rcmd): Likewise.
(ruserok_af): Likewise.
(ruserok): Likewise.
(ruserok2_sa): Likewise.
(ruserok_sa): Likewise.
(iruserok_af): Likewise.
(iruserok): Likewise.
(__ivaliduser): Likewise.
(__validuser2_sa): Likewise.
* inet/rexec.c (rexec_af): Likewise.
(rexec): Likewise.
* inet/ruserpass.c (ruserpass): Likewise.
* locale/programs/xmalloc.c (xcalloc): Likewise.
* manual/examples/timeval_subtract.c (timeval_subtract): Likewise.
* math/w_drem.c (__drem): Likewise.
* math/w_dremf.c (__dremf): Likewise.
* math/w_dreml.c (__dreml): Likewise.
* misc/daemon.c (daemon): Likewise.
* resolv/res_debug.c (p_fqnname): Likewise.
* stdlib/div.c (div): Likewise.
* string/memcmp.c (memcmp_bytes): Likewise.
* sunrpc/pmap_rmt.c (pmap_rmtcall): Likewise.
* sunrpc/svc_udp.c (svcudp_bufcreate): Likewise.
Two glibc makefiles use -Wno-strict-prototypes. I don't know if this
was needed before my recent conversion of many function definitions to
prototype style, but it's not needed now; this patch removes it.
Tested for x86_64 and x86 (testsuite, and that installed stripped
shared libraries are unchanged by the patch).
* posix/Makefile (CFLAGS-regex.c): Remove variable.
* resolv/Makefile (+cflags): Do not use -Wno-strict-prototypes.
With gcc-4.9, a new -fstack-protector-strong flag is available that is
between -fstack-protector (pretty weak) and -fstack-protector-all (pretty
strong) that provides good trade-offs between overhead but still providing
good coverage. Update the places in glibc that use ssp to use this flag
when it's available.
This also kills off the indirection of hardcoding the flag name in the
Makefiles and adding it based on a have-ssp boolean. Instead, the build
always expands the $(stack-protector) variable to the best ssp setting.
This makes the build logic a bit simpler and allows people to easily set
to a diff flag like:
make stack-protector=-fstack-protector-all
These tests were skipped by the use-test-skeleton conversion done in
commit 29955b5d because they did not have an `int main (void)'
declaration. Instead their `main' functions were declared with arguments
(i.e. argc, argv) even though they didn't use them.
Remove these arguments and include the test skeleton in these tests.
When "reorder" resolver option is enabled, threads of a multi-threaded process
could hang in gethostbyaddr_r, gethostbyname_r, or gethostbyname2_r.
Due to a trivial bug in _res_hconf_reorder_addrs, simultaneous
invocations of this function in a multi-threaded process could result to
_res_hconf_reorder_addrs returning without releasing the lock it holds,
causing other threads to block indefinitely while waiting for the lock
that is not going to be released.
[BZ #17977]
* resolv/res_hconf.c (_res_hconf_reorder_addrs): Fix unlocking
when initializing interface list, based on the bug analysis
and the patch proposed by Eric Newton.
* resolv/tst-res_hconf_reorder.c: New test.
* resolv/Makefile [$(have-thread-library) = yes] (tests): Add
tst-res_hconf_reorder.
($(objpfx)tst-res_hconf_reorder): Depend on $(libdl)
and $(shared-thread-library).
(tst-res_hconf_reorder-ENV): New variable.
netdb.h declares interfaces such as getaddrinfo if __USE_POSIX,
i.e. POSIX.1:1990 or later. However, these interfaces were new in the
2001 edition of POSIX, although the header was in XPG4 and UNIX98, so
they should not be declared for XPG4 or UNIX98. (This produces
spurious linknamespace test failures, although there are other
failures for this header as well for the same standards so this patch
doesn't remove any XFAILs.) This patch corrects the condition, and
the conform/ test expectations which were similarly wrong.
Tested for x86_64 and x86 (testsuite, and that installed stripped
shared libraries are unchanged by the patch).
[BZ #18529]
* resolv/netdb.h [__USE_POSIX]: Change condition to
[__USE_XOPEN2K].
* conform/data/netdb.h-data [XPG4 || UNIX98] (struct addrinfo): Do
not expect.
[XPG4 || UNIX98] (AI_PASSIVE): Likewise.
[XPG4 || UNIX98] (AI_CANONNAME): Likewise.
[XPG4 || UNIX98] (AI_NUMERICHOST): Likewise.
[XPG4 || UNIX98] (AI_V4MAPPED): Likewise.
[XPG4 || UNIX98] (AI_ALL): Likewise.
[XPG4 || UNIX98] (AI_ADDRCONFIG): Likewise.
[XPG4 || UNIX98] (AI_NUMERICSERV): Likewise.
[XPG4 || UNIX98] (NI_NOFQDN): Likewise.
[XPG4 || UNIX98] (NI_NUMERICHOST): Likewise.
[XPG4 || UNIX98] (NI_NAMEREQD): Likewise.
[XPG4 || UNIX98] (NI_NUMERICSERV): Likewise.
[XPG4 || UNIX98] (NI_DGRAM): Likewise.
[XPG4 || UNIX98] (EAI_AGAIN): Likewise.
[XPG4 || UNIX98] (EAI_BADFLAGS): Likewise.
[XPG4 || UNIX98] (EAI_FAIL): Likewise.
[XPG4 || UNIX98] (EAI_FAMILY): Likewise.
[XPG4 || UNIX98] (EAI_MEMORY): Likewise.
[XPG4 || UNIX98] (EAI_NONAME): Likewise.
[XPG4 || UNIX98] (EAI_SERVICE): Likewise.
[XPG4 || UNIX98] (EAI_SOCKTYPE): Likewise.
[XPG4 || UNIX98] (EAI_SYSTEM): Likewise.
[XPG4 || UNIX98] (EAI_SYSTEM): Likewise.
[XPG4 || UNIX98] (freeaddrinfo): Likewise.
[XPG4 || UNIX98] (gai_strerror): Likewise.
[XPG4 || UNIX98] (getaddrinfo): Likewise.
[XPG4 || UNIX98] (getnameinfo): Likewise.
The 2008 edition of POSIX removed h_errno, but some functions still
bring in references to the h_errno external symbol. As this symbol is
not a part of the public ABI (only __h_errno_location is), this patch
fixes this by renaming the GLIBC_PRIVATE TLS symbol to __h_errno.
Tested for x86_64 and x86 (testsuite, and comparison of installed
shared libraries). Disassembly of all shared libraries using h_errno
changes because of the renaming (and changes to associated TLS / GOT
offsets in some cases); disassembly of libpthread on x86_64 changes
more substantially because the enlargement of .dynsym affects
subsequent addresses.
[BZ #18520]
* inet/herrno.c (h_errno): Rename to __h_errno.
(__libc_h_errno): Define as alias of __h_errno not h_errno.
* include/netdb.h [IS_IN_LIB && !IS_IN (libc)] (h_errno): Define
to __h_errno instead of h_errno.
* nptl/herrno.c (h_errno): Rename to __h_errno.
(__h_errno_location): Refer to __h_errno not h_errno.
* resolv/Versions (h_errno): Rename to __h_errno.
* conform/Makefile (test-xfail-XOPEN2K8/grp.h/linknamespace):
Remove variable.
(test-xfail-XOPEN2K8/pwd.h/linknamespace): Likewise.
Remove use of ext.nsmap member of struct __res_state and always use
an identity mapping betwen the nsaddr_list array and the ext.nsaddrs
array. The fact that a nameserver has an IPv6 address is signalled by
setting nsaddr_list[].sin_family to zero.
DNSSEC defines a number of response types that one me expect when the
DO bit is set. We don't process any of them, but since we do allow
setting the DO bit, skip them without logging an error since it is
only a nuisance.
Tested on x86_64.
[BZ #14841]
* resolv/gethnamaddr.c (getanswer): Skip logging if
RES_USE_DNSSEC is set.
* resolv/nss_dns/dns-host.c (getanswer_r): Likewise.
The rotate option doesn't work correctly, and only send the query to the
same server (the second in the list). The rotation code in itself is not
broken, but the nsaddrs structure is reinitialized each time at the
beginning of __libc_res_nsend unless RES_STAYOPEN is enabled.
This is due to a call to __res_iclose from the end of __libc_res_nsend
when answers from the name server have been received. This function
closes all the sockets, but doesn't free the addresses (it can do that,
but in that case the second argument is false).
This patch change the code of __res_iclose to clear statp->_u._ext.nsinit
only when the addresses are actually freed.
* resolv/res_init.c (__res_iclose): Only clear nsinit if the
addresses have been freed.
The current comments concerning nserv and nservall are not really clear
and lead to confusion when reviewing an already complex code. Improve
them, there real meaning have been confirmed by a code analysis.
* resolv/res_init.c (__res_vinit): Improve comments about nserv
and nservall.
Parts of the resolver brought in by pthreads (at least) use inet_*
functions that aren't in the 1995/6 edition of POSIX that introduced
pthreads (or in one case, use __inet_aton which is then defined in the
same file as non-weak inet_addr). This patch fixes this by making the
affected functions into weak alias for __inet_* and using those names
in the problematic resolver code.
Tested for x86_64 (testsuite, and that disassembly of installed shared
libraries is unchanged by the patch).
[BZ #17722]
* inet/inet_mkadr.c (inet_makeaddr): Rename to __inet_makeaddr and
define as weak alias of __inet_makeaddr.
* resolv/inet_addr.c (inet_addr): Rename to __inet_addr and define
as weak alias of __inet_addr.
* resolv/inet_pton.c (inet_pton): Rename to __inet_pton and define
as weak alias of __inet_pton. Use libc_hidden_weak.
* include/arpa/inet.h (__inet_pton): Declare. Use
libc_hidden_proto.
(inet_makeaddr): Don't use libc_hidden_proto.
(__inet_makeaddr): Declare. Use libc_hidden_proto.
* resolv/res_init.c (__res_vinit): Use __inet_pton instead of
inet_pton. Use __inet_makeaddr instead of inet_makeaddr.
* conform/Makefile (test-xfail-POSIX/pthread.h/linknamespace):
Remove variable.
(test-xfail-POSIX/sched.h/linknamespace): Likewise.
(test-xfail-POSIX/time.h/linknamespace): Likewise.
Resolver code, brought in by pthreads (at least), uses if_* interfaces
that weren't in POSIX before 2001, resulting in linknamespace
failures. This patch changes those interfaces to be weak aliases of
__if_* and makes the resolver use __if_* directly.
Tested for x86_64 (testsuite, and that disassembly of installed shared
libraries is unchanged by this patch).
[BZ #17717]
* inet/if_index.c (if_nametoindex): Rename to __if_nametoindex and
define as weak alias of __if_nametoindex. Use libc_hidden_weak.
(if_indextoname): Rename to __if_indextoname and define as weak
alias of __if_indextoname. Use libc_hidden_weak.
(if_freenameindex): Rename to __if_freenameindex and define as
weak alias of __if_freenameindex.
(if_nameindex): Rename to __if_nameindex and define as weak alias
of __if_nameindex.
* sysdeps/mach/hurd/if_index.c (if_nametoindex): Rename to
__if_nametoindex and define as weak alias of __if_nametoindex.
Use libc_hidden_weak.
(if_freenameindex): Rename to __if_freenameindex and define as
weak alias of __if_freenameindex.
(if_nameindex): Rename to __if_nameindex and define as weak alias
of __if_nameindex.
(if_indextoname): Rename to __if_indextoname and define as weak
alias of __if_indextoname. Use libc_hidden_weak.
* sysdeps/unix/sysv/linux/if_index.c (if_nametoindex): Rename to
__if_nametoindex and define as weak alias of __if_nametoindex.
Use libc_hidden_weak.
(if_freenameindex): Rename to __if_freenameindex and define as
weak alias of __if_freenameindex. Use libc_hidden_weak.
(if_nameindex_netlink): Use __if_freenameindex instead of
if_freenameindex.
(if_nameindex): Rename to __if_nameindex and define as weak alias
of __if_nameindex. Use libc_hidden_weak.
(if_indextoname): Rename to __if_indextoname and define as weak
alias of __if_indextoname. Use libc_hidden_weak.
* include/net/if.h [!_ISOMAC] (__if_nametoindex): Declare and use
libc_hidden_proto.
[!_ISOMAC] (__if_freenameindex): Likewise.
* resolv/res_init.c (__res_vinit): Use __if_nametoindex instead of
if_nametoindex.
* conform/Makefile (test-xfail-XPG4/grp.h/linknamespace): Remove
variable.
(test-xfail-XPG4/pwd.h/linknamespace): Likewise.
(test-xfail-UNIX98/aio.h/linknamespace): Likewise.
(test-xfail-UNIX98/grp.h/linknamespace): Likewise.
(test-xfail-UNIX98/pthread.h/linknamespace): Likewise.
(test-xfail-UNIX98/pwd.h/linknamespace): Likewise.
(test-xfail-UNIX98/sched.h/linknamespace): Likewise.
(test-xfail-UNIX98/time.h/linknamespace): Likewise.
I see this warning in my build on F21 x86_64, which seems to be due to
a weak check for array bounds. Fixed by making the bounds check
stronger.
This is not an actual bug since nscount is never set to anything
greater than MAXNS. The compiler however does not know this, so we
need the stronger bounds check to quieten the compiler.
In send_vc function at resolv/res_send.c, There is the
following warning on some architectures:
'resplen' may be used uninitialized in this function
[-Wmaybe-uninitialized]
And this is a false positive. This patch suppress the
compiler warning.
Various POSIX functions bring in res_init.o, res_hconf.o or
mntent_r.o, which use fgets_unlocked, which is not a POSIX function.
This patch arranges for them to use __fgets_unlocked instead. (The
IS_IN (libc) conditional in rec_hconf.c is needed because that file is
also used in nscd.)
Tested for x86_64 (testsuite, and that disassembly of installed shared
libraries is unchanged by the patch except for an assertion line
number). Note that most of the linknamespace tests that failed
because of fgets_unlocked from the resolver also fail because of other
symbols brought in by the resolver, so the number of XFAILs this
removes is limited. Also note that fgets_unlocked failures for
unistd.h for XPG3/XPG4 showed up that actually unistd.h is declaring
too much for XPG3/XPG4 (bug 17665) - there is no actual need to make
getusershell.c use __fgets_unlocked (at least as regards formal
standards are concerned; maybe it should still change for
namespace-cleanness of _DEFAULT_SOURCE) because the functions there
aren't actually in any of the supported standards; the correct fix for
those failures will be to stop the *usershell* functions appearing in
unistd.h for XPG3/XPG4.
[BZ #17664]
* misc/mntent_r.c (__getmntent_r): Use __fgets_unlocked instead of
fgets_unlocked.
* resolv/res_hconf.c [IS_IN (libc)] (fgets_unlocked): Define to
__fgets_unlocked.
* resolv/res_init.c (__res_vinit): Use __fgets_unlocked instead of
fgets_unlocked.
* conform/Makefile (test-xfail-XPG4/sys/statvfs.h/linknamespace):
Remove variable.
(test-xfail-POSIX/sys/mman.h/linknamespace): Likewise.
(test-xfail-UNIX98/sys/mman.h/linknamespace): Likewise.
(test-xfail-UNIX98/sys/statvfs.h/linknamespace): Likewise.
(test-xfail-XOPEN2K/sys/mman.h/linknamespace): Likewise.
(test-xfail-XOPEN2K/sys/statvfs.h/linknamespace): Likewise.
(test-xfail-POSIX2008/sys/mman.h/linknamespace): Likewise.
(test-xfail-POSIX2008/sys/statvfs.h/linknamespace): Likewise.
(test-xfail-XOPEN2K8/sys/mman.h/linknamespace): Likewise.
(test-xfail-XOPEN2K8/sys/statvfs.h/linknamespace): Likewise.
This should only happen if the domain to search is the root,
represented as "." rather than by an empty string. Skipping it here
prevents libc_res_nquerydomain from duplicating the trailing dot,
which would cause the domain name compression to fail.
for ChangeLog
[BZ #16469]
* resolv/res_query.c (__libc_res_nsearch): Skip leading dot in
search domain names.
If we drop it here, we will fail to detect a duplicate trailing dot
later on. Retaining, OTOH, has no ill effects whatsoever, and it even
saves us the trouble of copying the domain name minus the trailing
dot, like we used to do.
for ChangeLog
[BZ #16469]
* NEWS: Update.
* resolv/res_query.c (__libc_res_nquerydomain): Retain
trailing dot.
* posix/tst-getaddrinfo5.c: New.
* posix/Makefile (tests): Add it.
There was a typo in the previous patch due to which resplen2 was
checked for non-zero instead of the value at resplen2. Fix that and
improve the condition by checking resplen2 for non-NULL (instead of
answerp2) and also adding the check in a third place.
The code in gethnamaddr.c for gethostbyaddr used and set this macro to
allow multiple PTR records to be added as aliases. This was useful
for gethostbyaddr since it returns a hostent structure, which can
return aliases.
The gethnamaddr.c source however is unused in glibc since pretty much
forever. Instead, the DNS lookup bits for gethostbyaddr (as well as
getnameinfo) are implemented in dns-hosts.c and in that implementation
all but one (the first one) of the multiple PTR records are ignored.
Since gethnamaddr.c is essentially dead code, ignore that
implementation and replace the MULTI_PTRS_ARE_ALIASES bit with a
comment mentioning that bind adds PTR records as aliases while we
don't.
I noticed that some of the Depend files, used to determine the
subdirectory build order in sysd-sorted, still mentioned linuxthreads,
although it hasn't been supported for many years. This patch removes
those references. In the case of nscd, it substitutes an nptl
reference, since I believe there is a fact a thread library dependence
there; the others already mentioned nptl.
Note that I am not at all confident in the completeness of these
Depend files.
Note also that references to linuxthreads remain in a comment in
sysdeps/unix/sysv/linux/ia64/Versions, and in manual/maint.texi,
manual/signal.texi and scripts/documented.sh.
Tested x86_64 that the installed shared libraries are unchanged by the
patch (as is sysd-sorted).
* nscd/Depend (linuxthreads): Remove.
(nptl): Add.
* resolv/Depend (linuxthreads): Remove.
* rt/Depend (linuxthreads): Remove.
[Fixes BZ #14308, #12994, #13651]
AF_UNSPEC results in sending two queries in parallel, one for the A
record and the other for the AAAA record. If one of these is a
referral, then the query fails, which is wrong. It should return at
least the one successful response.
The fix has two parts. The first part makes the referral fall back to
the SERVFAIL path, which results in using the successful response.
There is a bug in that path however, due to which the second part is
necessary. The bug here is that if the first response is a failure
and the second succeeds, __libc_res_nsearch does not detect that and
assumes a failure. The case where the first response is a success and
the second fails, works correctly.
This condition is produced by buggy routers, so here's a crude
interposable library that can simulate such a condition. The library
overrides the recvfrom syscall and modifies the header of the packet
received to reproduce this scenario. It has two key variables:
mod_packet and first_error.
The mod_packet variable when set to 0, results in odd packets being
modified to be a referral. When set to 1, even packets are modified
to be a referral.
The first_error causes the first response to be a failure so that a
domain-appended search is performed to test the second part of the
__libc_nsearch fix.
The driver for this fix is a simple getaddrinfo program that does an
AF_UNSPEC query. I have omitted this since it should be easy to
implement.
I have tested this on x86_64.
The interceptor library source:
/* Override recvfrom and modify the header of the first DNS response to make it
a referral and reproduce bz #845218. We have to resort to this ugly hack
because we cannot make bind return the buggy response of a referral for the
AAAA record and an authoritative response for the A record. */
#define _GNU_SOURCE
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <stdio.h>
#include <stdbool.h>
#include <endian.h>
#include <dlfcn.h>
#include <stdlib.h>
/* Lifted from resolv/arpa/nameser_compat.h. */
typedef struct {
unsigned id :16; /*%< query identification number */
#if BYTE_ORDER == BIG_ENDIAN
/* fields in third byte */
unsigned qr: 1; /*%< response flag */
unsigned opcode: 4; /*%< purpose of message */
unsigned aa: 1; /*%< authoritive answer */
unsigned tc: 1; /*%< truncated message */
unsigned rd: 1; /*%< recursion desired */
/* fields
* in
* fourth
* byte
* */
unsigned ra: 1; /*%< recursion available */
unsigned unused :1; /*%< unused bits (MBZ as of 4.9.3a3) */
unsigned ad: 1; /*%< authentic data from named */
unsigned cd: 1; /*%< checking disabled by resolver */
unsigned rcode :4; /*%< response code */
#endif
#if BYTE_ORDER == LITTLE_ENDIAN || BYTE_ORDER == PDP_ENDIAN
/* fields
* in
* third
* byte
* */
unsigned rd :1; /*%< recursion desired */
unsigned tc :1; /*%< truncated message */
unsigned aa :1; /*%< authoritive answer */
unsigned opcode :4; /*%< purpose of message */
unsigned qr :1; /*%< response flag */
/* fields
* in
* fourth
* byte
* */
unsigned rcode :4; /*%< response code */
unsigned cd: 1; /*%< checking disabled by resolver */
unsigned ad: 1; /*%< authentic data from named */
unsigned unused :1; /*%< unused bits (MBZ as of 4.9.3a3) */
unsigned ra :1; /*%< recursion available */
#endif
/* remaining
* bytes
* */
unsigned qdcount :16; /*%< number of question entries */
unsigned ancount :16; /*%< number of answer entries */
unsigned nscount :16; /*%< number of authority entries */
unsigned arcount :16; /*%< number of resource entries */
} HEADER;
static int done = 0;
/* Packets to modify. 0 for the odd packets and 1 for even packets. */
static const int mod_packet = 0;
/* Set to true if the first request should result in an error, resulting in a
search query. */
static bool first_error = true;
static ssize_t (*real_recvfrom) (int sockfd, void *buf, size_t len, int flags,
struct sockaddr *src_addr, socklen_t *addrlen);
void
__attribute__ ((constructor))
init (void)
{
real_recvfrom = dlsym (RTLD_NEXT, "recvfrom");
if (real_recvfrom == NULL)
{
printf ("Failed to get reference to recvfrom: %s\n", dlerror ());
printf ("Cannot simulate test\n");
abort ();
}
}
/* Modify the second packet that we receive to set the header in a manner as to
reproduce BZ #845218. */
static void
mod_buf (HEADER *h, int port)
{
if (done % 2 == mod_packet || (first_error && done == 1))
{
printf ("(Modifying header)");
if (first_error && done == 1)
h->rcode = 3;
else
h->rcode = 0; /* NOERROR == 0. */
h->ancount = 0;
h->aa = 0;
h->ra = 0;
h->arcount = 0;
}
done++;
}
ssize_t
recvfrom (int sockfd, void *buf, size_t len, int flags,
struct sockaddr *src_addr, socklen_t *addrlen)
{
ssize_t ret = real_recvfrom (sockfd, buf, len, flags, src_addr, addrlen);
int port = htons (((struct sockaddr_in *) src_addr)->sin_port);
struct in_addr addr = ((struct sockaddr_in *) src_addr)->sin_addr;
const char *host = inet_ntoa (addr);
printf ("\n*** From %s:%d: ", host, port);
mod_buf (buf, port);
printf ("returned %zd\n", ret);
return ret;
}
This patch defines _STRING_ARCH_unaligned to 0 on default bits/string.h
header to avoid undefined compiler warnings on platforms that do not
define it. It also make adjustments in code where tests checked if macro
existed or not.
This patch systematically renames miscellaneous tests so their outputs
use a *.out name (unless the test is just running some glibc program
with its conventional output file name, rather than a special program
at all, as in catgets tests generating *.cat). In the case of the
iconv test test-iconvconfig, output is redirected where it wasn't
before.
In various places the "generated" variable is updated to reflect the
revised test names; in iconvdata/Makefile a typo (mmtrace-tst-loading)
is also fixed. resolv/Makefile sets both "generate" (which appears
unused) and "generated". Bitrot in the settings of these variables
could no doubt be fixed so that "make clean" after build and testing
leaves results the same as after configure (and indeed the
tests-special / xtests-special variables could be used to simplify
things, by removing those files automatically rather than listing them
manually in these variables), and "make distclean" leaves an empty
build directory, but right now it appears various files don't get
deleted. I think they are liable to continue to bitrot in the absence
of routine testing that these targets actually work, given that
building in the source directory isn't supported and that was the main
use of such makefile targets.
Tested x86_64.
* elf/Makefile (tests-special): Rename tests to end with .out.
($(objpfx)noload-mem): Likewise.
($(objpfx)tst-leaks1-mem): Likewise.
($(objpfx)tst-leaks1-static-mem.out): Likewise.
* iconv/Makefile (xtests-special): Change test-iconvconfig to
$(objpfx)test-iconvconfig.out.
(test-iconvconfig): Change to $(objpfx)test-iconvconfig.out. Use
set -e inside subshell and redirect output to file.
* iconvdata/Makefile (generated): Rename tests to end with .out.
Correct type.
(tests-special): Rename tests to end with .out.
($(objpfx)mtrace-tst-loading): Likewise.
* intl/Makefile (generated): Likewise.
(tests-special): Likewise.
($(objpfx)mtrace-tst-gettext): Likewise.
* misc/Makefile (generated): Likewise.
(tests-special): Likewise.
($(objpfx)tst-error1-mem): Likewise.
* nptl/Makefile (tests-special): Likewise.
($(objpfx)tst-stack3-mem): Likewise.
(generated): Likewise.
* posix/Makefile (generated): Likewise.
(tests-special): Likewise.
(xtests-special): Likewise.
($(objpfx)tst-fnmatch-mem): Likewise.
($(objpfx)bug-regex2-mem): Likewise.
($(objpfx)bug-regex14-mem): Likewise.
($(objpfx)bug-regex21-mem): Likewise.
($(objpfx)bug-regex31-mem): Likewise.
($(objpfx)tst-vfork3-mem): Likewise.
($(objpfx)tst-rxspencer-no-utf8-mem): Likewise.
($(objpfx)tst-pcre-mem): Likewise.
($(objpfx)tst-boost-mem): Likewise.
($(objpfx)bug-ga2-mem): Likewise.
($(objpfx)bug-glob2-mem): Likewise.
* resolv/Makefile (generate): Likewise.
(tests-special): Likewise.
(xtests-special): Likewise.
(generated): Likewise.
($(objpfx)mtrace-tst-leaks): Likewise.
($(objpfx)mtrace-tst-leaks2): Likewise.
localedata:
* Makefile (generated): Rename tests to end with .out.
(tests-special): Likewise.
($(objpfx)mtrace-tst-leaks): Likewise.
This patch is a revised and updated version of
<https://sourceware.org/ml/libc-alpha/2014-01/msg00196.html>.
In order to generate overall summaries of the results of all tests in
the glibc testsuite, we need to identify and concatenate the files
with the results of individual tests.
Tomas Dohnalek's patch used $(common-objpfx)*/*.test-result for this.
However, the normal glibc approach is explicit enumeration of the
expected set of files with a given property, rather than all files
matching some pattern like that. Furthermore, we would like to be
able to mark tests as UNRESOLVED if the file with their results is for
some reason missing, and in future we would like to be able to mark
tests as UNSUPPORTED if they are disabled for a particular
configuration (rather than simply having them missing from the list of
tests as at present). Such handling of tests that were not run or did
not record results requires an explicit enumeration of tests.
For the tests following the default makefile rules, $(tests) (and
$(xtests)) provides such an enumeration. Others, however, are added
directly as dependencies of the "tests" and "xtests" makefile
targets. This patch changes the makefiles to put them in variables
tests-special and xtests-special, with appropriate dependencies on the
tests listed there then being added centrally.
Those variables are used in Rules and so need to be set before Rules
is included in a subdirectory makefile, which is often earlier in the
makefile than the dependencies were present before. We previously
discussed the question of where to include Rules; see the question at
<https://sourceware.org/ml/libc-alpha/2012-11/msg00798.html>, and a
discussion in
<https://sourceware.org/ml/libc-alpha/2013-01/msg00337.html> of why
Rules is included early rather than late in subdirectory makefiles.
It was necessary to avoid an indirection through the check-abi target
and get the check-abi-* targets for individual libraries into the
tests-special variable. The intl/ test $(objpfx)tst-gettext.out,
previously built only because of dependencies from other tests, was
also added to tests-special for the same reason.
The entries in tests-special are the full makefile targets, complete
with $(objpfx) and .out. If a future change causes tests to be named
consistently with a .out suffix, this can be changed to include just
the path relative to $(objpfx), without .out.
Tested x86_64, including that the same set of files is generated in
the build directory by a build and testsuite run both before and after
the patch (except for changes to the
elf/tst-null-argv.debug.out.<number> file name), and a build with
run-built-tests=no to verify there aren't any more obvious instances
of the issue Marcus Shawcroft reported with a previous version in
<https://sourceware.org/ml/libc-alpha/2014-01/msg00462.html>.
* Makefile (tests): Change dependencies to ....
(tests-special): ... additions to this variable.
(tests): Depend on $(tests-special).
* Makerules (check-abi-list): New variable.
(check-abi): Depend on $(check-abi-list).
[$(subdir) = elf] (tests-special): Add
$(objpfx)check-abi-libc.out.
[$(build-shared) = yes && subdir] (tests-special): Add
$(check-abi-list).
[$(build-shared) = yes && subdir] (tests): Do not depend on
check-abi.
* Rules (tests): Depend on $(tests-special).
(xtests): Depend on $(xtests-special).
* catgets/Makefile (tests): Change dependencies to ....
(tests-special): ... additions to this variable.
* conform/Makefile (tests): Change dependencies to ....
(tests-special): ... additions to this variable.
* elf/Makefile (tests): Change dependencies to ....
(tests-special): ... additions to this variable.
* grp/Makefile (tests): Change dependencies to ....
(tests-special): ... additions to this variable.
* iconv/Makefile (xtests): Change dependencies to ....
(xtests-special): ... additions to this variable.
* iconvdata/Makefile (tests): Change dependencies to ....
(tests-special): ... additions to this variable.
* intl/Makefile (tests): Change dependencies to ....
(tests-special): ... additions to this variable. Also add
$(objpfx)tst-gettext.out.
* io/Makefile (tests): Change dependencies to ....
(tests-special): ... additions to this variable.
* libio/Makefile (tests): Change dependencies to ....
(tests-special): ... additions to this variable.
* malloc/Makefile (tests): Change dependencies to ....
(tests-special): ... additions to this variable.
* misc/Makefile (tests): Change dependencies to ....
(tests-special): ... additions to this variable.
* nptl/Makefile (tests): Change dependencies to ....
(tests-special): ... additions to this variable.
* nptl_db/Makefile (tests): Change dependencies to ....
(tests-special): ... additions to this variable.
* posix/Makefile (tests): Change dependencies to ....
(tests-special): ... additions to this variable.
(xtests): Change dependencies to ....
(xtests-special): ... additions to this variable.
* resolv/Makefile (tests): Change dependencies to ....
(tests-special): ... additions to this variable.
(xtests): Change dependencies to ....
(xtests-special): ... additions to this variable.
* stdio-common/Makefile (tests): Change dependencies to ....
(tests-special): ... additions to this variable.
(do-tst-unbputc): Remove target.
(do-tst-printf): Likewise.
* stdlib/Makefile (tests): Change dependencies to ....
(tests-special): ... additions to this variable.
* string/Makefile (tests): Change dependencies to ....
(tests-special): ... additions to this variable.
* sysdeps/x86/Makefile (tests): Change dependencies to ....
(tests-special): ... additions to this variable.
localedata:
* Makefile (tests): Change dependencies to ....
(tests-special): ... additions to this variable.
In <https://sourceware.org/ml/libc-alpha/2014-01/msg00196.html> I
noted it was necessary to add includes of Makeconfig early in various
subdirectory makefiles for the tests-special variable settings added
by that patch to be conditional on configuration information. No-one
commented on the general question there of whether Makeconfig should
always be included immediately after the definition of subdir.
This patch implements that early inclusion of Makeconfig in each
directory (which is a lot easier than consistent placement of includes
of Rules). Includes are added if needed, or moved up if already
present. Subdirectory "all:" targets are removed, since Makeconfig
provides one.
There is potential for further cleanups I haven't done. Rules and
Makerules have code such as
ifneq "$(findstring env,$(origin headers))" ""
headers :=
endif
to override to empty any value of various variables that came from the
environment. I think there is a case for Makeconfig setting all the
subdirectory variables (other than subdir) to empty to ensure no
outside value is going to take effect if a subdirectory fails to
define a variable. (A list of such variables, possibly out of date
and incomplete, is in manual/maint.texi.) Rules and Makerules would
give errors if Makeconfig hadn't already been included, instead of
including it themselves. The special code to override values coming
from the environment would then be obsolete and could be removed.
Tested x86_64, including that installed binaries are identical before
and after the patch.
* argp/Makefile: Include Makeconfig immediately after defining
subdir.
* assert/Makefile: Likewise.
* benchtests/Makefile: Likewise.
* catgets/Makefile: Likewise.
* conform/Makefile: Likewise.
* crypt/Makefile: Likewise.
* csu/Makefile: Likewise.
(all): Remove target.
* ctype/Makefile: Include Makeconfig immediately after defining
subdir.
* debug/Makefile: Likewise.
* dirent/Makefile: Likewise.
* dlfcn/Makefile: Likewise.
* gmon/Makefile: Likewise.
* gnulib/Makefile: Likewise.
* grp/Makefile: Likewise.
* gshadow/Makefile: Likewise.
* hesiod/Makefile: Likewise.
* hurd/Makefile: Likewise.
(all): Remove target.
* iconvdata/Makefile: Include Makeconfig immediately after
defining subdir.
* inet/Makefile: Likewise.
* intl/Makefile: Likewise.
* io/Makefile: Likewise.
* libio/Makefile: Likewise.
(all): Remove target.
* locale/Makefile: Include Makeconfig immediately after defining
subdir.
* login/Makefile: Likewise.
* mach/Makefile: Likewise.
(all): Remove target.
* malloc/Makefile: Include Makeconfig immediately after defining
subdir.
(all): Remove target.
* manual/Makefile: Include Makeconfig immediately after defining
subdir.
* math/Makefile: Likewise.
* misc/Makefile: Likewise.
* nis/Makefile: Likewise.
* nss/Makefile: Likewise.
* po/Makefile: Likewise.
(all): Remove target.
* posix/Makefile: Include Makeconfig immediately after defining
subdir.
* pwd/Makefile: Likewise.
* resolv/Makefile: Likewise.
* resource/Makefile: Likewise.
* rt/Makefile: Likewise.
* setjmp/Makefile: Likewise.
* shadow/Makefile: Likewise.
* signal/Makefile: Likewise.
* socket/Makefile: Likewise.
* soft-fp/Makefile: Likewise.
* stdio-common/Makefile: Likewise.
* stdlib/Makefile: Likewise.
* streams/Makefile: Likewise.
* string/Makefile: Likewise.
* sunrpc/Makefile: Likewise.
(all): Remove target.
* sysvipc/Makefile: Include Makeconfig immediately after defining
subdir.
* termios/Makefile: Likewise.
* time/Makefile: Likewise.
* timezone/Makefile: Likewise.
(all): Remove target.
* wcsmbs/Makefile: Include Makeconfig immediately after defining
subdir.
* wctype/Makefile: Likewise.
libidn/ChangeLog:
* Makefile: Include Makeconfig immediately after defining subdir.
localedata/ChangeLog:
* Makefile: Include Makeconfig immediately after defining subdir.
(all): Remove target.
nptl/ChangeLog:
* Makefile: Include Makeconfig immediately after defining subdir.
nptl_db/ChangeLog:
* Makefile: Include Makeconfig immediately after defining subdir.
limit
[BZ #14307]
* sysdeps/posix/getaddrinfo.c (gaih_inet): Increase the size of
the temporary buffer used to invoke __gethostbyname2_r,
__gethostbyaddr_r and gethostbyname4_r to make room for struct
host_data / struct gaih_addrtuple.
* resolv/nss_dns/dns-host.c (global scope): Move definition of
implementation constants MAX_NR_ALIASES and MAX_NR_ADDRS to
header file nss/nsswitch.h.
* nss/nsswitch.h (global scope): Add definition of implementation
constants MAX_NR_ALIASES and MAX_NR_ADDRS (moved from
resolv/nss_dns/dns-host.c).
[BZ #13928] A DNS request consists of multiple resources combined into
a single hostent, including multiple CNAME records that may have been
assigned different TTL values. In such a case, nscd should take the
least TTL among all of the resources as the timeout for the hostent
before it is reloaded in its cache so that the hostent remains stale
in the database for the least amount of time.
With big DNS answers like the one you get for goodtimesdot.com you can
get a truncated address list if IPv6 mapping is enabled. Instead tell
the caller to resize the buffer.
In EDNS0 records the maximum result size is transmitted in a 16
bit value. Large buffer sizes were handled incorrectly by using
only the low 16 bits. Fix this by limiting the size to 0xffff.
There is some more shardware/software out there which has problems
if two DNS requests are sent using the same tuple
(source addr, source port, dest addr, dest port)
This can range from firewalls to load balancers. Some of the vendors
already fixed it in response to this problem. Still, we need a way
to make glibc work with broken environments. The single-request-reopen
flag can be used or we fall back automatically to this mode.
2009-05-05 Aurelien Jarno <aurelien@aurel32.net>
[BZ #10128]
* resolv/res_query.c (__libc_res_nquery): If one query returns NOTIMP
or FORMERR and the other NOERROR, don't raise an error.
* resolv/res_init.c (res_setoptions): Recognize single-request option.
* resolv/res_send.c (send_dg): If we sent two requests at once and
only get one reply before timeout switch to mode where we send the
second request only after the first answer has been received.
ESRCH return value.
(_nss_dns_gethostbyname4_r): Likewise.
* resolv/res_init.c (__res_vinit): Initialize nscount to zero.
* sysdeps/posix/getaddrinfo.c (gaih_inet): In case we use
gethostbyname4_r, we don't have a separate IPv6 status, so copy
the no_data variable.
* include/resolv.h: Remove hidden proto declarations for __ns_*
functions. Add them for __dn_count_labels and __p_secstodate.
* include/arpa/nameser.h: Add a number of hidden proto declarations.
Define ns_msg_getflags macro here.
* resolv/res_debug.c: Add hidden definition for __dn_count_labels
and __p_secstodate.
* resolv/Versions: Export functions from <arpa/nameser.h> from
libresolv in version GLIBC_2.9.
* resolv/ns_name.c: Integrate changes from bind 9.5.0. Add necessary
hidden definitions.
* resolv/ns_netint.c: Likewise.
* resolv/ns_parse.c: Likewise.
* resolv/ns_print.c: Likewise.
* resolv/ns_samedomain.c: Likewise.
* resolv/ns_ttl.c: Likewise.
* resolv/arpa/nameser_compat.h: Likewise.
* resolv/arpa/nameser.h: Likewise. Remove macros which redirect
function calls.
* resolv/nss_dns/dns-canon.c (_nss_dns_getcanonname_r): Use __ns_get16
instead of ns_get16.
* resolv/nss_dns/dns-host.c (getanswer_r): Use __ns_get16 and
__ns_get32 instead of ns_get16 and ns_get32 respectively.
(gaih_getanswer_slice): Likewise.
* resolv/Makefile (libresolv-routines): Add ns_date.
* resolv/ns_date.c: New file.
Use it instead of locally defined resplen2 variable.
(res_nsend): Adjust for __libc_res_nsend interface change.
(send_vc): Initialize *resplen2 if necessary. Read length of
package into an appropriately aligned variable. Store converted length
in new variable and use it appropriately.
Add branch prediction help.
* resolv/res_query.c (__libc_res_nquery): Take additional parameter
and pass it on to __libc_res_nsend. Adjust all callers.
(__libc_res_nsearch): Likewise.
(__libc_res_nqeurydomain): Likewise.
* resolv/nss_dns/dns-host.c: Adjust for __libc_res_nsearch interface
change.
(_nss_dns_gethostbyname4): Don't unconditionally allocate tmp array.
Define resplen2 variable and pass it to __libc_res_nsearch and then
to gaih_getanswer.
(getanswer_r): In case of incorrect DNS data don't overread buffer.
Add branch prediction.
(gaih_getanswer_slice): Likewise. Check for invalid data types.
(gaih_getanswer): Don't decode second slice if first one failed due
to a too small buffer. Don't let not found status of second
decoder shadow results of the first.
* resolv/gethnamaddr.c (gethostbyname2): Adjust for __libc_res_nsearch
and __libc_res_nquery interface changes
(gethostbyaddr): Adjust for __libc_res_nquery interface change.
* include/resolv.h: Adjust prototypes for __libc_res_nquery,
__libc_res_nsearch, and __libc_res_nsend.
* resolv/nss_dns/dns-canon.c: Adjust for __libc_res_nquery interface
change.
* resolv/nss_dns/dns-network.c: Adjust for __libc_res_nquery and
__libc_res_nsearch interface changes.
answer was too short don't try to read that answer's header.
* resolv/res_send.c (send_dg): In case of timeout and there are
two queries and one has been answered, return value indicating
success.
no answers return NSS_STATUS_NOTFOUND.
(gaih_getanswer): Don't call gaih_getanswer_slice if the answer
buffer does not have any content.
* nscd/servicescache.c: Likewise.
prototypes.
* include/arpa/nameser_compat.h: Define T_UNSPEC.
* nis/Versions (libnss_nis): Export _nss_nis_gethostbyname4_r.
(libnss_nisplus): Export _nss_nisplus_gethostbyname4_r.
* nis/nss_nis/nis-hosts.c (LINE_PARSER): Change to also handle
af==AF_UNSPEC.
(_nss_nis_gethostbyname4_r): New function.
* nis/nss_nisplus/nisplus-hosts.c (_nss_nisplus_parse_hostent):
Change to also handle af==AF_UNSPEC.
(get_tablename): New function. Use it to avoid duplication.
(_nss_nisplus_gethostbyname4_r): New function.
* nscd/aicache.c (addhstaiX): Use gethostbyname4_r function is
available.
* nss/Versions (libnss_files): Export _nss_files_gethostbyname4_r.
* nss/nss.h: Define struct gaih_addrtuple.
* nss/nss_files/files-hosts.c (LINE_PARSER): Change to also handle
af==AF_UNSPEC.
(_nss_files_gethostbyname4_r): New function.
* resolv/Versions (libnss_dns): Export _nss_dns_gethostbyname4_r.
* resolv/gethnmaddr.c: Adjust __libc_res_nsearch and __libc_res_nquery
calls.
* resolv/res_query.c (__libc_res_nquery): Take two additional
parameters for second answer buffer. Handle type=T_UNSPEC to mean
look up IPv4 and IPv6.
Change all callers.
* resolv/res_send.c (__libc_res_nsend): Take five aditional parameters
for an additional query and answer buffer. Pass to send_vc and
send_dg.
(send_vc): Send possibly two requests and receive two answers.
(send_dg): Likewise.
* resolv/nss_dns/dns-host.c: Adjust calls to __libc_res_nsearch and
__libc_res_nquery.
(_nss_dns_gethostbyname4_r): New function.
(gaih_getanswer_slice): Likewise.
(gaih_getanswer): Likewise.
* resolv/nss_dns/dns-canon.c (_nss_dns_getcanonname_r): Adjust
__libc_res_nquery call.
* resolv/nss_dns/dns-network.c (_nss_dns_getnetbyaddr_r): Likewise.
(_nss_dns_getnetbyname_r): Adjust __libc_res_nsearch call.
* sysdeps/posix/getaddrinfo.c: Use gethostbyname4_r function is
available.
2008-02-25 Jakub Jelinek <jakub@redhat.com>
[BZ #5790]
* resolv/nss_dns/dns-host.c (_nss_dns_gethostbyaddr2_r): Don't
overwrite *h_errnop/*errnop values from getanswer_r in case of
failure.
_nss_dns_getnetbyaddr2_r.
* resolv/nss_dns/dns-host.c: Define _nss_dns_getnetbyaddr2_r. Pass
extra parameter to getanswer_r.
(_nss_dns_getnetbyaddr_r): Now a wrapper around
_nss_dns_getnetbyaddr2_r.
2007-10-15 Ulrich Drepper <drepper@redhat.com>
[BZ #3425]
* resolv/nss_dns/dns-host.c (getanswer_r): Fail with
NSS_STATUS_NOTFOUND if the server replied with only a CNAME and no
address record to T_A/T_AAAA requests.