Commit Graph

16 Commits

Author SHA1 Message Date
Florian Weimer
08443b1996 support: Provide a way to clear the RA bit in DNS server responses 2020-10-14 10:54:39 +02:00
Florian Weimer
873e239a4c support: Provide a way to reorder responses within the DNS test server 2020-10-14 10:54:39 +02:00
Joseph Myers
d614a75396 Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
Florian Weimer
446997ff14 resolv: Implement trust-ad option for /etc/resolv.conf [BZ #20358]
This introduces a concept of trusted name servers, for which the
AD bit is passed through to applications.  For untrusted name
servers (the default), the AD bit in responses are cleared, to
provide a safe default.

This approach is very similar to the one suggested by Pavel Šimerda
in <https://bugzilla.redhat.com/show_bug.cgi?id=1164339#c15>.

The DNS test framework in support/ is enhanced with support for
setting the AD bit in responses.

Tested on x86_64-linux-gnu.

Change-Id: Ibfe0f7c73ea221c35979842c5c3b6ed486495ccc
2019-11-27 20:54:37 +01:00
Paul Eggert
5a82c74822 Prefer https to http for gnu.org and fsf.org URLs
Also, change sources.redhat.com to sourceware.org.
This patch was automatically generated by running the following shell
script, which uses GNU sed, and which avoids modifying files imported
from upstream:

sed -ri '
  s,(http|ftp)(://(.*\.)?(gnu|fsf|sourceware)\.org($|[^.]|\.[^a-z])),https\2,g
  s,(http|ftp)(://(.*\.)?)sources\.redhat\.com($|[^.]|\.[^a-z]),https\2sourceware.org\4,g
' \
  $(find $(git ls-files) -prune -type f \
      ! -name '*.po' \
      ! -name 'ChangeLog*' \
      ! -path COPYING ! -path COPYING.LIB \
      ! -path manual/fdl-1.3.texi ! -path manual/lgpl-2.1.texi \
      ! -path manual/texinfo.tex ! -path scripts/config.guess \
      ! -path scripts/config.sub ! -path scripts/install-sh \
      ! -path scripts/mkinstalldirs ! -path scripts/move-if-change \
      ! -path INSTALL ! -path  locale/programs/charmap-kw.h \
      ! -path po/libc.pot ! -path sysdeps/gnu/errlist.c \
      ! '(' -name configure \
            -execdir test -f configure.ac -o -f configure.in ';' ')' \
      ! '(' -name preconfigure \
            -execdir test -f preconfigure.ac ';' ')' \
      -print)

and then by running 'make dist-prepare' to regenerate files built
from the altered files, and then executing the following to cleanup:

  chmod a+x sysdeps/unix/sysv/linux/riscv/configure
  # Omit irrelevant whitespace and comment-only changes,
  # perhaps from a slightly-different Autoconf version.
  git checkout -f \
    sysdeps/csky/configure \
    sysdeps/hppa/configure \
    sysdeps/riscv/configure \
    sysdeps/unix/sysv/linux/csky/configure
  # Omit changes that caused a pre-commit check to fail like this:
  # remote: *** error: sysdeps/powerpc/powerpc64/ppc-mcount.S: trailing lines
  git checkout -f \
    sysdeps/powerpc/powerpc64/ppc-mcount.S \
    sysdeps/unix/sysv/linux/s390/s390-64/syscall.S
  # Omit change that caused a pre-commit check to fail like this:
  # remote: *** error: sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S: last line does not end in newline
  git checkout -f sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S
2019-09-07 02:43:31 -07:00
Joseph Myers
04277e02d7 Update copyright dates with scripts/update-copyrights.
* All files with FSF copyright notices: Update copyright dates
	using scripts/update-copyrights.
	* locale/programs/charmap-kw.h: Regenerated.
	* locale/programs/locfile-kw.h: Likewise.
2019-01-01 00:11:28 +00:00
Florian Weimer
401311cfba resolv: Support binary labels in test framework
The old implementation based on hsearch_r used an ad-hoc C string
encoding and produced an incorrect format on the wire for domain
names which contained bytes which needed escaping when printed.

This commit switches to ns_name_pton for the wire format conversion
(now that we have separate tests for it) and uses a tsearch tree
with a suitable comparison function to locate compression targets.
2018-01-08 20:07:24 +01:00
Joseph Myers
688903eb3e Update copyright dates with scripts/update-copyrights.
* All files with FSF copyright notices: Update copyright dates
	using scripts/update-copyrights.
	* locale/programs/charmap-kw.h: Regenerated.
	* locale/programs/locfile-kw.h: Likewise.
2018-01-01 00:32:25 +00:00
Samuel Thibault
5af1e931bf Revert "resolv_test.c: also cope with CONNREFUSED errors returned by recvfrom"
This reverts commit 6174537c24.
2017-09-25 20:47:51 +02:00
Samuel Thibault
6174537c24 resolv_test.c: also cope with CONNREFUSED errors returned by recvfrom
server_thread_udp_process_one already takes care of calling sendto()
instead of xsendto to be able to ignore the case where the client has
closed the socket.  Depending on the TCP/IP stack behavior, this error
could be notified later through recvfrom(), so we need to ignore it
there too.

* support/resolv_test.c (server_thread_udp_process_one): Call recvfrom
instead of xrecvfrom, and ignore ECONNREFUSED errors.
2017-09-25 01:11:43 +02:00
Florian Weimer
cb3c27e87b support: Add resolver testing mode which does not patch _res 2017-07-05 19:04:40 +02:00
Joseph Myers
9fe3c80c7c Fix sys/socket.h namespace issues from sys/uio.h inclusion (bug 21426).
sys/socket.h includes sys/uio.h to get the definition of the iovec
structure.

POSIX allows sys/socket.h to make all sys/uio.h symbols visible.
However, all of sys/uio.h is XSI-shaded, so for non-XSI POSIX this
results in conformtest failures (for sys/socket.h and other headers
that include it):

    Namespace violation: "UIO_MAXIOV"
    Namespace violation: "readv"
    Namespace violation: "writev"

Now, there is some ambiguity in POSIX about what namespace
reservations apply in this case - see
http://austingroupbugs.net/view.php?id=1127 - but glibc convention
would still avoid declaring readv and writev, for example, for feature
test macros that don't include them (if only headers from the relevant
standard are included), even if such declarations are permitted, so
there is a bug here according to glibc conventions.

This patch moves the struct iovec definition to a new
bits/types/struct_iovec.h header and includes that from sys/socket.h
instead of including the whole of sys/uio.h.  This fixes the namespace
issue; however, three files in glibc that were relying on the implicit
inclusion needed to be updated to include sys/uio.h explicitly.  So
there is a question of whether sys/socket.h should continue to include
sys/uio.h under some conditions, such as __USE_XOPEN or __USE_MISC or
__USE_XOPEN || __USE_MISC, for greater compatibility with code that
(wrongly) expects this optional inclusion to be present there.  (I
think the three affected files in glibc should still have explicit
sys/uio.h inclusions added in any case, however.)

Tested for x86_64.

	[BZ #21426]
	* misc/bits/types/struct_iovec.h: New file.
	* misc/Makefile (headers): Add bits/types/struct_iovec.h.
	* include/bits/types/struct_iovec.h: New file.
	* bits/uio.h (struct iovec): Replace by inclusion of
	<bits/types/struct_iovec.h>.
	* sysdeps/unix/sysv/linux/bits/uio.h (struct iovec): Likewise.
	* socket/sys/socket.h: Include <bits/types/struct_iovec.h> instead
	of <sys/uio.h>.
	* nptl/tst-cancel4.c: Include <sys/uio.h>
	* posix/test-errno.c: Likewise.
	* support/resolv_test.c: Likewise.
	* conform/Makefile (test-xfail-POSIX2008/arpa/inet.h/conform):
	Remove.
	(test-xfail-POSIX2008/netdb.h/conform): Likewise.
	(test-xfail-POSIX2008/netinet/in.h/conform): Likewise.
	(test-xfail-POSIX2008/sys/socket.h/conform): Likewise.
2017-04-25 17:52:47 +00:00
Florian Weimer
e14a27723c resolv: Reduce EDNS payload size to 1200 bytes [BZ #21361]
This hardens the stub resolver against fragmentation-based attacks.
2017-04-13 13:09:38 +02:00
Florian Weimer
ed3ea040ba support: Add error checking to close system calls [BZ #21244] 2017-03-15 13:33:40 +01:00
Joseph Myers
bfff8b1bec Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
Florian Weimer
5840c75c2d resolv: Add beginnings of a libresolv test suite 2016-12-31 18:52:32 +01:00