Commit Graph

120 Commits

Author SHA1 Message Date
Florian Weimer
a0704b1ac7 nss_dns: Correct parentheses for the __glibc_unlikely argument
This fixes commit bee05c9d58.
2017-04-19 22:19:17 +02:00
Florian Weimer
bee05c9d58 resolv: Replace __builtin_expect with __glibc_unlikely/__glibc_likely 2017-04-19 14:29:24 +02:00
Florian Weimer
44f28da7ca nss_dns: Replace local declarations with declarations from a header file 2017-04-04 20:56:23 +02:00
Florian Weimer
75b3a15e07 nss_dns: Remove superfluous dn_expand call from network handling 2017-04-04 20:56:23 +02:00
Joseph Myers
bfff8b1bec Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
Florian Weimer
fc82b0a2df CVE-2015-5180: resolv: Fix crash with internal QTYPE [BZ #18784]
Also rename T_UNSPEC because an upcoming public header file
update will use that name.
2016-12-31 20:27:44 +01:00
Florian Weimer
b76e065991 resolv: Deprecate the "inet6" option and RES_USE_INET6 [BZ #19582] 2016-12-31 18:55:14 +01:00
Florian Weimer
5140d036f9 resolv: Remove RES_USEBSTRING and its implementation [BZ #20629]
In ns_name_ntop, the NS_CMPRSFLGS check is no longer needed because
labellen (called earlier) already rejects everything which is not
a plain label (compression references and extended label types).
2016-10-07 17:41:59 +02:00
Florian Weimer
7ec47a85d8 resolv: Remove RES_NOIP6DOTINT and its implementation 2016-10-07 17:41:59 +02:00
Florian Weimer
ecfda0fc25 resolv: Remove SUNSECURITY preprocessor conditionals
The macro is never defined.
2016-04-28 13:56:39 +02:00
Florian Weimer
74a6983155 resolv: Remove RESOLVSORT preprocess conditionals 2016-04-28 12:53:51 +02:00
Florian Weimer
a12f9431b3 nss_dns: Skip over non-PTR records in the netent code [BZ #19868]
This requires additional checks for the RDATA length and the
availability of record metadata.
2016-04-27 17:15:57 +02:00
Florian Weimer
c3bae689d3 nss_dns: Remove custom offsetof macro definition 2016-04-27 16:48:45 +02:00
Florian Weimer
5e0c421cc0 nss_dns: Check address length before creating addrinfo result [BZ #19831]
Previously, we allocated room in the result space before the check,
leaving uninitialized data there in case the check failed.

This also consolidates the behavior between single (A or AAAA) and
dual (A and AAAA in parallel) queries.  Single queries checked
the record length against the QTYPE, not the RRTYPE.
2016-04-27 16:39:12 +02:00
Florian Weimer
b9b026c9c0 resolv, nss_dns: Remove remaining syslog logging [BZ #19862]
The fix for bug 14841 only removed part of the logging.
2016-04-27 16:21:40 +02:00
Florian Weimer
f749498fa5 nss_dns: Validate RDATA length against packet length [BZ #19830]
In _nss_dns_getcanonname_r, a check for the availability of RR metadata
was missing as well.
2016-04-27 15:11:42 +02:00
Florian Weimer
d29fb41f44 nss_dns: Fix assertion failure in _nss_dns_getcanonname_r [BZ #19865] 2016-04-11 10:55:43 +02:00
Florian Weimer
317b199b4a CVE-2016-3075: Stack overflow in _nss_dns_getnetbyname_r [BZ #19879]
The defensive copy is not needed because the name may not alias the
output buffer.
2016-03-29 12:57:56 +02:00
Carlos O'Donell
e9db92d3ac CVE-2015-7547: getaddrinfo() stack-based buffer overflow (Bug 18665).
* A stack-based buffer overflow was found in libresolv when invoked from
  libnss_dns, allowing specially crafted DNS responses to seize control
  of execution flow in the DNS client.  The buffer overflow occurs in
  the functions send_dg (send datagram) and send_vc (send TCP) for the
  NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC
  family.  The use of AF_UNSPEC triggers the low-level resolver code to
  send out two parallel queries for A and AAAA.  A mismanagement of the
  buffers used for those queries could result in the response of a query
  writing beyond the alloca allocated buffer created by
  _nss_dns_gethostbyname4_r.  Buffer management is simplified to remove
  the overflow.  Thanks to the Google Security Team and Red Hat for
  reporting the security impact of this issue, and Robert Holiday of
  Ciena for reporting the related bug 18665. (CVE-2015-7547)

See also:
https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
https://sourceware.org/ml/libc-alpha/2016-02/msg00418.html
2016-02-16 21:29:32 -05:00
Joseph Myers
f7a9f785e5 Update copyright dates with scripts/update-copyrights. 2016-01-04 16:05:18 +00:00
Andreas Schwab
6b142b3a1d Record TTL also for DNS PTR queries (bug 18513)
This allows nscd to manage proper TTL for GETHOSTBYADDR[v6] requests.
2015-06-22 14:04:34 +02:00
Arjun Shankar
2959eda927 CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow [BZ#18287] 2015-04-21 14:06:50 +02:00
Siddhesh Poyarekar
3e3002ffea Skip logging for DNSSEC responses [BZ 14841]
DNSSEC defines a number of response types that one me expect when the
DO bit is set.  We don't process any of them, but since we do allow
setting the DO bit, skip them without logging an error since it is
only a nuisance.

Tested on x86_64.

	[BZ #14841]
	* resolv/gethnamaddr.c (getanswer): Skip logging if
	RES_USE_DNSSEC is set.
	* resolv/nss_dns/dns-host.c (getanswer_r): Likewise.
2015-02-24 13:17:29 +05:30
Joseph Myers
b168057aaa Update copyright dates with scripts/update-copyrights. 2015-01-02 16:29:47 +00:00
Florian Weimer
11e3417af6 Avoid infinite loop in nss_dns getnetbyname [BZ #17630] 2014-12-16 10:08:29 +01:00
Siddhesh Poyarekar
76985d3e03 Remove MULTI_PTRS_ARE_ALIASES in dns-hosts.c
The code in gethnamaddr.c for gethostbyaddr used and set this macro to
allow multiple PTR records to be added as aliases.  This was useful
for gethostbyaddr since it returns a hostent structure, which can
return aliases.

The gethnamaddr.c source however is unused in glibc since pretty much
forever.  Instead, the DNS lookup bits for gethostbyaddr (as well as
getnameinfo) are implemented in dns-hosts.c and in that implementation
all but one (the first one) of the multiple PTR records are ignored.
Since gethnamaddr.c is essentially dead code, ignore that
implementation and replace the MULTI_PTRS_ARE_ALIASES bit with a
comment mentioning that bind adds PTR records as aliases while we
don't.
2014-07-01 17:23:20 +05:30
Andreas Schwab
ab09bf616a Properly fix memory leak in _nss_dns_gethostbyname4_r with big DNS answer
Instead of trying to guess whether the second buffer needs to be freed
set a flag at the place it is allocated
2014-02-19 14:39:21 +01:00
Ondřej Bílka
ab7ac0f2cf Deduplicate resolv/nss_dns/dns-host.c
In resolv/nss_dns/dns-host.c one of code path duplicated code after
that. We merge these paths.
2014-02-16 12:59:23 +01:00
Andreas Schwab
d668061994 Fix memory leak in _nss_dns_gethostbyname4_r with big DNS answer 2014-02-13 12:54:34 +01:00
Ondřej Bílka
a1ffb40e32 Use glibc_likely instead __builtin_expect. 2014-02-10 15:07:12 +01:00
Allan McRae
d4697bc93d Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
Joseph Myers
2e09a79ada Avoid use of "register" as optimization hint. 2013-06-07 22:24:35 +00:00
Ryan S. Arnold
e054f49430 Add #include <stdint.h> for uint[32|64]_t usage (except installed headers). 2013-05-16 11:32:54 -05:00
Joseph Myers
568035b787 Update copyright notices with scripts/update-copyrights. 2013-01-02 19:05:09 +00:00
Joseph Myers
f4cf5f2d8b Add script to update copyright notices and reformat some to facilitate its use. 2013-01-01 16:29:10 +00:00
Siddhesh Poyarekar
cfde9b463d Return EAI_SYSTEM if we're out of file descriptors
Resolves BZ #14719.
2012-11-19 13:02:48 +05:30
Jeroen van Bemmel
7b6e99be77 Avoid duplicate DNS requests if answer is longer than a implementation
limit

        [BZ #14307]
        * sysdeps/posix/getaddrinfo.c (gaih_inet): Increase the size of
        the temporary buffer used to invoke __gethostbyname2_r,
        __gethostbyaddr_r and gethostbyname4_r to make room for struct
        host_data / struct gaih_addrtuple.
        * resolv/nss_dns/dns-host.c (global scope): Move definition of
        implementation constants MAX_NR_ALIASES and MAX_NR_ADDRS to
        header file nss/nsswitch.h.
        * nss/nsswitch.h (global scope): Add definition of implementation
        constants MAX_NR_ALIASES and MAX_NR_ADDRS (moved from
        resolv/nss_dns/dns-host.c).
2012-07-12 11:31:48 +05:30
Siddhesh Poyarekar
6cd0a5eaf0 Merge copyright years in resolv/nss_dns/dns-host.c 2012-03-31 10:01:43 +05:30
Siddhesh Poyarekar
48c41d04ee Consider TTL of CNAME record and return minimum TTL in the chain
[BZ #13928] A DNS request consists of multiple resources combined into
a single hostent, including multiple CNAME records that may have been
assigned different TTL values. In such a case, nscd should take the
least TTL among all of the resources as the timeout for the hostent
before it is reloaded in its cache so that the hostent remains stale
in the database for the least amount of time.
2012-03-30 21:30:01 +05:30
Jeff Law
2f5a5ed02c * resolv/nss_dns/dns-host.c: Update copyright year. 2012-03-30 09:54:21 -06:00
Jeff Law
86ae07a8c9 [BZ #13760]
* resolv/nss_dns/dns-host.c (gaih_getanswer): Look for errno
        in the right place. Discard and retry query if response is
        larger than input buffer size.
2012-03-28 10:09:29 -06:00
Paul Eggert
59ba27a63a Replace FSF snail mail address with URLs. 2012-02-09 23:18:22 +00:00
Roland McGrath
5615eaf264 Quash some new warnings from GCC 4.6. 2011-06-10 22:44:20 -07:00
Andreas Schwab
a769081960 Don't ignore zero TTL in DNS answers 2010-11-25 20:50:16 -05:00
Ulrich Drepper
ea42a20cae Fix crash on reloading of gai data in nscd. 2010-04-09 21:38:20 -07:00
Ulrich Drepper
4535680d03 Handle DNS timeouts in old-style lookkup code. 2010-04-05 12:21:20 -07:00
Andreas Schwab
51e4196f16 Handle running out of buffer space with IPv6 mapping enabled.
With big DNS answers like the one you get for goodtimesdot.com you can
get a truncated address list if IPv6 mapping is enabled.  Instead tell
the caller to resize the buffer.
2009-11-10 07:36:50 -08:00
Ulrich Drepper
c6807d38a1 * resolv/res_hconf.c (_res_hconf_trim_domain): Use strcasecmp
instead of __strcasecmp.
	* resolv/nss_dns/dns-host.c (getanswer_r): Likewise.
2009-04-07 16:13:15 +00:00
Ulrich Drepper
df9293cb16 * resolv/nss_dns/dns-host.c (_nss_dns_gethostbyaddr2_r): Check and
adjust the buffer alignment.
2009-01-08 00:03:29 +00:00
Ulrich Drepper
da5ac1352d * resolv/nss_dns/dns-host.c (_nss_dns_gethostbyname3_r): Recognize
ESRCH return value.
	(_nss_dns_gethostbyname4_r): Likewise.
	* resolv/res_init.c (__res_vinit): Initialize nscount to zero.
	* sysdeps/posix/getaddrinfo.c (gaih_inet): In case we use
	gethostbyname4_r, we don't have a separate IPv6 status, so copy
	the no_data variable.
2008-12-03 07:30:39 +00:00