Commit Graph

139 Commits

Author SHA1 Message Date
Florian Weimer
e1fcf21474 resolv: Move nss_dns into libc
No abilist updates are needed because the symbols were GLIBC_PRIVATE.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2021-07-19 07:56:57 +02:00
Florian Weimer
391e02236b resolv: Move dn_skipname to its own file and into libc
And reformat it to GNU style.

dn_skipname is used outside glibc, so do not deprecate it,
and export it as dn_skipname (not __dn_skipname).  Due to internal
users, provide a __libc_dn_skipname alias, and keep __dn_skipname
as a pure compatibility symbol.

__dn_skipname@GLIBC_2.0 was moved using the script, and
dn_skipname@@GLIBC_2.34 was added using make update-all-abi.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2021-07-19 07:56:21 +02:00
Florian Weimer
640bbdf71c resolv: Move dn_expand to its own file and into libc
And reformat to GNU style.

This switches back to the dn_expand name for the ABI symbol and turns
__dn_expand into a compatibility symbol.  With the improved namespace
management in current glibc, it is no longer necessary to use a
private namespace symbol.  To avoid old code binding to a
GLIBC_PRIVATE symbol by accident, use __libc_dn_expand for the
internal symbol name.

The symbols dn_expand, __dnexpand were moved using
scripts/move-symbol-to-libc.py, followed by an adjustment to make
dn_expand the only GLIBC_2.34 symbol.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2021-07-19 07:56:21 +02:00
Florian Weimer
2ff32dd492 nss_dns: Do not use deprecated packet parsing functions
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2021-07-15 08:39:02 +02:00
Paul Eggert
2b778ceb40 Update copyright dates with scripts/update-copyrights
I used these shell commands:

../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")

and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
2021-01-02 12:17:34 -08:00
Florian Weimer
bd65a52a5f nss_dns: Use NSS_DECLARE_MODULE_FUNCTIONS
Reviewed-by: DJ Delorie <dj@redhat.com>
2020-02-13 09:14:58 +01:00
Joseph Myers
d614a75396 Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
Paul Eggert
5a82c74822 Prefer https to http for gnu.org and fsf.org URLs
Also, change sources.redhat.com to sourceware.org.
This patch was automatically generated by running the following shell
script, which uses GNU sed, and which avoids modifying files imported
from upstream:

sed -ri '
  s,(http|ftp)(://(.*\.)?(gnu|fsf|sourceware)\.org($|[^.]|\.[^a-z])),https\2,g
  s,(http|ftp)(://(.*\.)?)sources\.redhat\.com($|[^.]|\.[^a-z]),https\2sourceware.org\4,g
' \
  $(find $(git ls-files) -prune -type f \
      ! -name '*.po' \
      ! -name 'ChangeLog*' \
      ! -path COPYING ! -path COPYING.LIB \
      ! -path manual/fdl-1.3.texi ! -path manual/lgpl-2.1.texi \
      ! -path manual/texinfo.tex ! -path scripts/config.guess \
      ! -path scripts/config.sub ! -path scripts/install-sh \
      ! -path scripts/mkinstalldirs ! -path scripts/move-if-change \
      ! -path INSTALL ! -path  locale/programs/charmap-kw.h \
      ! -path po/libc.pot ! -path sysdeps/gnu/errlist.c \
      ! '(' -name configure \
            -execdir test -f configure.ac -o -f configure.in ';' ')' \
      ! '(' -name preconfigure \
            -execdir test -f preconfigure.ac ';' ')' \
      -print)

and then by running 'make dist-prepare' to regenerate files built
from the altered files, and then executing the following to cleanup:

  chmod a+x sysdeps/unix/sysv/linux/riscv/configure
  # Omit irrelevant whitespace and comment-only changes,
  # perhaps from a slightly-different Autoconf version.
  git checkout -f \
    sysdeps/csky/configure \
    sysdeps/hppa/configure \
    sysdeps/riscv/configure \
    sysdeps/unix/sysv/linux/csky/configure
  # Omit changes that caused a pre-commit check to fail like this:
  # remote: *** error: sysdeps/powerpc/powerpc64/ppc-mcount.S: trailing lines
  git checkout -f \
    sysdeps/powerpc/powerpc64/ppc-mcount.S \
    sysdeps/unix/sysv/linux/s390/s390-64/syscall.S
  # Omit change that caused a pre-commit check to fail like this:
  # remote: *** error: sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S: last line does not end in newline
  git checkout -f sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S
2019-09-07 02:43:31 -07:00
Florian Weimer
5c23c82195 nss_dns: Check for proper A/AAAA address alignment
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2019-05-24 22:14:04 +02:00
Florian Weimer
e3f454bac0 nss_dns: Do not replace root domain with empty string
The purpose of the bp[0] == '.' check is unclear.  Only the root domain
starts with '.'.  The empty string is accepted as a domain name in many
places, denoting the root, but using it implicitly is confusing.
2019-04-11 11:37:47 +02:00
Florian Weimer
6ca53a2453 resolv: Do not send queries for non-host-names in nss_dns [BZ #24112]
Before this commit, nss_dns would send a query which did not contain a
host name as the query name (such as invalid\032name.example.com) and
then reject the answer in getanswer_r and gaih_getanswer_slice, using
a check based on res_hnok.  With this commit, no query is sent, and a
host-not-found error is returned to NSS without network interaction.
2019-01-21 09:26:41 +01:00
Joseph Myers
04277e02d7 Update copyright dates with scripts/update-copyrights.
* All files with FSF copyright notices: Update copyright dates
	using scripts/update-copyrights.
	* locale/programs/charmap-kw.h: Regenerated.
	* locale/programs/locfile-kw.h: Likewise.
2019-01-01 00:11:28 +00:00
Joseph Myers
688903eb3e Update copyright dates with scripts/update-copyrights.
* All files with FSF copyright notices: Update copyright dates
	using scripts/update-copyrights.
	* locale/programs/charmap-kw.h: Regenerated.
	* locale/programs/locfile-kw.h: Likewise.
2018-01-01 00:32:25 +00:00
Florian Weimer
eaca16f1b3 resolv/nss_dns/dns-host.c: Fix typo in comment
And only the resolv/map*.h actually contain implementations.
2017-09-26 13:47:48 +02:00
Florian Weimer
c77eb96925 nss_dns: Remove dead PTR IPv4-to-IPv6 mapping code 2017-09-06 15:11:44 +02:00
Joseph Myers
d9fee042e2 Consistently use uintN_t not u_intN_t everywhere.
This patch changes the remaining uses of the old nonstandard u_intN_t
types in glibc to use the C99 uintN_t instead, except for the
definitions of those typedefs and the tests of them in the c++-types
test.  This follows the previous such fix for libm, and being
consistent in using uintN_t makes sense as a global cleanup.

Tested for x86_64, and with build-many-glibcs.py.

	* catgets/catgets.c (catgets): Use uintN_t instead of u_intN_t.
	* catgets/catgetsinfo.h (struct catalog_obj): Likewise.
	(struct catalog_info): Likewise.
	* inet/htontest.c (lo): Likewise.
	(foo): Likewise.
	* inet/inet_lnaof.c (inet_lnaof): Likewise.
	* inet/inet_net.c (inet_network): Likewise.
	* inet/inet_netof.c (inet_netof): Likewise.
	* inet/rcmd.c (__ivaliduser): Likewise.
	(iruserok): Likewise.
	* locale/loadlocale.c (_nl_intern_locale_data): Likewise.
	* locale/programs/locale-spec.c (locale_special): Likewise.
	* nis/nis_findserv.c (struct findserv_req): Likewise.
	(__nis_findfastest_with_timeout): Likewise.
	* nss/test-netdb.c (test_network): Likewise.
	* resolv/inet_neta.c (inet_neta): Likewise.
	* resolv/ns_date.c (ns_datetosecs): Likewise.
	(SECS_PER_DAY): Likewise.
	* resolv/nss_dns/dns-network.c (_nss_dns_getnetbyaddr_r):
	Likewise.
	* resolv/res_comp.c (__putlong): Likewise.
	(__putshort): Likewise.
	(_getlong): Likewise.
	(_getshort): Likewise.
	* resolv/res_debug.c (p_time): Likewise.
	(precsize_ntoa): Likewise.
	(precsize_aton): Likewise.
	(latlon2ul): Likewise.
	(loc_aton): Likewise.
	(loc_ntoa): Likewise.
	* resolv/res_hconf.c (struct netaddr): Likewise.
	(_res_hconf_reorder_addrs): Likewise.
	* sunrpc/clnt_tcp.c (clnttcp_call): Likewise.
	(clnttcp_control): Likewise.
	* sunrpc/clnt_udp.c (clntudp_call): Likewise.
	(clntudp_control): Likewise.
	* sunrpc/clnt_unix.c (clntunix_call): Likewise.
	(clntunix_control): Likewise.
	* sunrpc/pmap_rmt.c (clnt_broadcast): Likewise.
	* sunrpc/rpc/auth.h (union des_block): Likewise.
	* sunrpc/tst-udp-nonblocking.c (do_test): Likewise.
	* sunrpc/xdr_rec.c (struct rec_strm): Likewise.
	(xdrrec_create): Likewise.
	(xdrrec_endofrecord): Likewise.
	(flush_out): Likewise.
	* sunrpc/xdr_stdio.c (xdrstdio_getlong): Likewise.
	(xdrstdio_putlong): Likewise.
	* sysdeps/unix/sysv/linux/errqueue.h (struct sock_extended_err):
	Likewise.
2017-08-07 19:55:34 +00:00
Florian Weimer
a1c4eb8794 resolv: Mirror the entire resolver configuration in struct resolv_conf
This commit adds the remaining unchanging members (which are loaded
from /etc/resolv.conf) to struct resolv_conf.

The extended name server list is currently not used by the stub
resolver.  The switch depends on a cleanup: The _u._ext.nssocks
array stores just a single socket, and needs to be replaced with
a single socket value.

(The compatibility gethostname implementation does not use the
extended addres sort list, either.  Updating the compat code is
not worthwhile.)
2017-07-03 21:03:21 +02:00
Florian Weimer
352f4ff9a2 resolv: Introduce struct resolv_context [BZ #21668]
struct resolv_context objects provide a temporary resolver context
which does not change during a name lookup operation.  Only when the
outmost context is created, the stub resolver configuration is
verified to be current (at present, only against previous res_init
calls).  Subsequent attempts to obtain the context will reuse the
result of the initial verification operation.

struct resolv_context can also be extended in the future to store
data which needs to be deallocated during thread cancellation.
2017-07-03 20:52:59 +02:00
Florian Weimer
ea4924ce5b resolv: Report allocation errors in __res_vinit 2017-06-19 14:24:24 +02:00
Florian Weimer
a0704b1ac7 nss_dns: Correct parentheses for the __glibc_unlikely argument
This fixes commit bee05c9d58.
2017-04-19 22:19:17 +02:00
Florian Weimer
bee05c9d58 resolv: Replace __builtin_expect with __glibc_unlikely/__glibc_likely 2017-04-19 14:29:24 +02:00
Florian Weimer
44f28da7ca nss_dns: Replace local declarations with declarations from a header file 2017-04-04 20:56:23 +02:00
Florian Weimer
75b3a15e07 nss_dns: Remove superfluous dn_expand call from network handling 2017-04-04 20:56:23 +02:00
Joseph Myers
bfff8b1bec Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
Florian Weimer
fc82b0a2df CVE-2015-5180: resolv: Fix crash with internal QTYPE [BZ #18784]
Also rename T_UNSPEC because an upcoming public header file
update will use that name.
2016-12-31 20:27:44 +01:00
Florian Weimer
b76e065991 resolv: Deprecate the "inet6" option and RES_USE_INET6 [BZ #19582] 2016-12-31 18:55:14 +01:00
Florian Weimer
5140d036f9 resolv: Remove RES_USEBSTRING and its implementation [BZ #20629]
In ns_name_ntop, the NS_CMPRSFLGS check is no longer needed because
labellen (called earlier) already rejects everything which is not
a plain label (compression references and extended label types).
2016-10-07 17:41:59 +02:00
Florian Weimer
7ec47a85d8 resolv: Remove RES_NOIP6DOTINT and its implementation 2016-10-07 17:41:59 +02:00
Florian Weimer
ecfda0fc25 resolv: Remove SUNSECURITY preprocessor conditionals
The macro is never defined.
2016-04-28 13:56:39 +02:00
Florian Weimer
74a6983155 resolv: Remove RESOLVSORT preprocess conditionals 2016-04-28 12:53:51 +02:00
Florian Weimer
a12f9431b3 nss_dns: Skip over non-PTR records in the netent code [BZ #19868]
This requires additional checks for the RDATA length and the
availability of record metadata.
2016-04-27 17:15:57 +02:00
Florian Weimer
c3bae689d3 nss_dns: Remove custom offsetof macro definition 2016-04-27 16:48:45 +02:00
Florian Weimer
5e0c421cc0 nss_dns: Check address length before creating addrinfo result [BZ #19831]
Previously, we allocated room in the result space before the check,
leaving uninitialized data there in case the check failed.

This also consolidates the behavior between single (A or AAAA) and
dual (A and AAAA in parallel) queries.  Single queries checked
the record length against the QTYPE, not the RRTYPE.
2016-04-27 16:39:12 +02:00
Florian Weimer
b9b026c9c0 resolv, nss_dns: Remove remaining syslog logging [BZ #19862]
The fix for bug 14841 only removed part of the logging.
2016-04-27 16:21:40 +02:00
Florian Weimer
f749498fa5 nss_dns: Validate RDATA length against packet length [BZ #19830]
In _nss_dns_getcanonname_r, a check for the availability of RR metadata
was missing as well.
2016-04-27 15:11:42 +02:00
Florian Weimer
d29fb41f44 nss_dns: Fix assertion failure in _nss_dns_getcanonname_r [BZ #19865] 2016-04-11 10:55:43 +02:00
Florian Weimer
317b199b4a CVE-2016-3075: Stack overflow in _nss_dns_getnetbyname_r [BZ #19879]
The defensive copy is not needed because the name may not alias the
output buffer.
2016-03-29 12:57:56 +02:00
Carlos O'Donell
e9db92d3ac CVE-2015-7547: getaddrinfo() stack-based buffer overflow (Bug 18665).
* A stack-based buffer overflow was found in libresolv when invoked from
  libnss_dns, allowing specially crafted DNS responses to seize control
  of execution flow in the DNS client.  The buffer overflow occurs in
  the functions send_dg (send datagram) and send_vc (send TCP) for the
  NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC
  family.  The use of AF_UNSPEC triggers the low-level resolver code to
  send out two parallel queries for A and AAAA.  A mismanagement of the
  buffers used for those queries could result in the response of a query
  writing beyond the alloca allocated buffer created by
  _nss_dns_gethostbyname4_r.  Buffer management is simplified to remove
  the overflow.  Thanks to the Google Security Team and Red Hat for
  reporting the security impact of this issue, and Robert Holiday of
  Ciena for reporting the related bug 18665. (CVE-2015-7547)

See also:
https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
https://sourceware.org/ml/libc-alpha/2016-02/msg00418.html
2016-02-16 21:29:32 -05:00
Joseph Myers
f7a9f785e5 Update copyright dates with scripts/update-copyrights. 2016-01-04 16:05:18 +00:00
Andreas Schwab
6b142b3a1d Record TTL also for DNS PTR queries (bug 18513)
This allows nscd to manage proper TTL for GETHOSTBYADDR[v6] requests.
2015-06-22 14:04:34 +02:00
Arjun Shankar
2959eda927 CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow [BZ#18287] 2015-04-21 14:06:50 +02:00
Siddhesh Poyarekar
3e3002ffea Skip logging for DNSSEC responses [BZ 14841]
DNSSEC defines a number of response types that one me expect when the
DO bit is set.  We don't process any of them, but since we do allow
setting the DO bit, skip them without logging an error since it is
only a nuisance.

Tested on x86_64.

	[BZ #14841]
	* resolv/gethnamaddr.c (getanswer): Skip logging if
	RES_USE_DNSSEC is set.
	* resolv/nss_dns/dns-host.c (getanswer_r): Likewise.
2015-02-24 13:17:29 +05:30
Joseph Myers
b168057aaa Update copyright dates with scripts/update-copyrights. 2015-01-02 16:29:47 +00:00
Florian Weimer
11e3417af6 Avoid infinite loop in nss_dns getnetbyname [BZ #17630] 2014-12-16 10:08:29 +01:00
Siddhesh Poyarekar
76985d3e03 Remove MULTI_PTRS_ARE_ALIASES in dns-hosts.c
The code in gethnamaddr.c for gethostbyaddr used and set this macro to
allow multiple PTR records to be added as aliases.  This was useful
for gethostbyaddr since it returns a hostent structure, which can
return aliases.

The gethnamaddr.c source however is unused in glibc since pretty much
forever.  Instead, the DNS lookup bits for gethostbyaddr (as well as
getnameinfo) are implemented in dns-hosts.c and in that implementation
all but one (the first one) of the multiple PTR records are ignored.
Since gethnamaddr.c is essentially dead code, ignore that
implementation and replace the MULTI_PTRS_ARE_ALIASES bit with a
comment mentioning that bind adds PTR records as aliases while we
don't.
2014-07-01 17:23:20 +05:30
Andreas Schwab
ab09bf616a Properly fix memory leak in _nss_dns_gethostbyname4_r with big DNS answer
Instead of trying to guess whether the second buffer needs to be freed
set a flag at the place it is allocated
2014-02-19 14:39:21 +01:00
Ondřej Bílka
ab7ac0f2cf Deduplicate resolv/nss_dns/dns-host.c
In resolv/nss_dns/dns-host.c one of code path duplicated code after
that. We merge these paths.
2014-02-16 12:59:23 +01:00
Andreas Schwab
d668061994 Fix memory leak in _nss_dns_gethostbyname4_r with big DNS answer 2014-02-13 12:54:34 +01:00
Ondřej Bílka
a1ffb40e32 Use glibc_likely instead __builtin_expect. 2014-02-10 15:07:12 +01:00
Allan McRae
d4697bc93d Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00