Starting with commit 29fddfc7df, the
tests posix/bug-ga2 and resolv/tst-leaks2 are test-container tests.
If test-container.c returns with EXIT_UNSUPPORTED, the tests with
mtrace() are not executed and the mtrace files do not exist.
Therefore the "mtrace-analysis-part" of those tests are marked
UNSUPPORTED if the mtrace files are missing.
Reported-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
Reviewed-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
The tests posix/bug-ga2-mem and resolv/mtrace-tst-leaks2 are failing on
fedora 33 as mtrace reports memory leaks.
The /etc/nsswitch.conf differs between
Fedora 32: hosts: files dns myhostname
Fedora 33: hosts: files resolve [!UNAVAIL=return] myhostname dns
Therefore /lib64/libnss_resolve.so.2 (from systemd) and the dependencies
libgcc_s.so.1 and libpthread.so.0 are loaded.
Usually all malloc'ed resources from getaddrinfo / gethostbyname are freed
and the libraries are dlclose'd in nss/nsswitch.c:libc_freeres_fn (free_mem).
Unfortunately, /lib64/libnss_resolve.so.2 is marked with DF_1_NODELETE.
As this library is not unmapped, you'll see "Memory not freed".
Therefore those tests are now only relying on libnss_files.so by making
them test-container tests and providing the required configuration files.
By moving the tests to tests-container, those are now running with
"make check". Therefore the mtrace part of the tests are also moved
from "make xcheck" to "make check".
bug-ga2.c is now using test-driver.c in order to support WAIT_FOR_DEBUGGER
environment variable.
If the transaction IDs are equal, the old check attributed both
responses to the first query, not recognizing the second response.
This fixes bug 26600.
Restore <rpc/netdb.h> as an installed header. Delete the dummy header
resolv/rpc/netdb.h because inet is not an optional glibc component
(so its <rpc/netdb.h> is always available).
Fixes commit acb527929d ("Move
non-deprecated RPC-related functions from sunrpc to inet") in
combination with commit 5500cdba40
("Remove --enable-obsolete-rpc configure flag").
This introduces a concept of trusted name servers, for which the
AD bit is passed through to applications. For untrusted name
servers (the default), the AD bit in responses are cleared, to
provide a safe default.
This approach is very similar to the one suggested by Pavel Šimerda
in <https://bugzilla.redhat.com/show_bug.cgi?id=1164339#c15>.
The DNS test framework in support/ is enhanced with support for
setting the AD bit in responses.
Tested on x86_64-linux-gnu.
Change-Id: Ibfe0f7c73ea221c35979842c5c3b6ed486495ccc
This functionality was deprecated in glibc 2.25.
This commit only includes the core changes to remove the
functionality. It does not remove the RES_USE_INET6 handling in the
individual NSS service modules and the res_use_inet6 function.
These changes will happen in future commits.
The Linux kernel suppresses some ICMP error messages by default for
UDP sockets. This commit enables full ICMP error reporting,
hopefully resulting in faster failover to working name servers.
The IPv4 address parser in the getaddrinfo function is changed so that
it does not ignore trailing whitespace and all characters after it.
For backwards compatibility, the getaddrinfo function still recognizes
legacy name syntax, such as 192.000.002.010 interpreted as 192.0.2.8
(octal).
This commit does not change the behavior of inet_addr and inet_aton.
gethostbyname already had additional sanity checks (but is switched
over to the new __inet_aton_exact function for completeness as well).
To avoid sending the problematic query names over DNS, commit
6ca53a2453 ("resolv: Do not send queries
for non-host-names in nss_dns [BZ #24112]") is needed.
The old implementation based on hsearch_r used an ad-hoc C string
encoding and produced an incorrect format on the wire for domain
names which contained bytes which needed escaping when printed.
This commit switches to ns_name_pton for the wire format conversion
(now that we have separate tests for it) and uses a tsearch tree
with a suitable comparison function to locate compression targets.
This patch, relative to a tree with
<https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html> (pending
review) applied, obsoletes p_secstodate, making the underlying
function __p_secstodate into a compat symbol not available for new
binaries or ports. The calls in ns_print.c (part of incomplete
handling of TKEY) are changed to use %lu to print times instead of
trying to pretty-print the times any more.
Tested for x86_64.
* resolv/res_debug.c (p_secstodate): Condition definition on
[SHLIB_COMPAT (libresolv, GLIBC_2_0, GLIBC_2_27)]. Define
directly as __p_secstodate, and as a compat symbol. Do not use
libresolv_hidden_def.
* resolv/resolv.h (p_secstodate): Remove macro and function
declaration.
* resolv/ns_print.c (ns_sprintrrf): Print times with %lu, not
using p_secstodate.
* include/resolv.h (__p_secstodate): Do not use
libresolv_hidden_proto.
* resolv/Makefile (tests): Move tst-p_secstodate to ....
(tests-internal): ... here.
* resolv/tst-p_secstodate.c: Include <shlib-compat.h>. Condition
all contents on [TEST_COMPAT (libresolv, GLIBC_2_0, GLIBC_2_27)]
and declare and use __p_secstodate and use compat_symbol_reference
in that case.
[!TEST_COMPAT (libresolv, GLIBC_2_0, GLIBC_2_27)] (do_test): Add
implementation returning 77.
The resolv/res_debug.c function p_secstodate (which is a public
function exported from libresolv, taking an unsigned long argument)
does:
struct tm timebuf;
time = __gmtime_r(&clock, &timebuf);
time->tm_year += 1900;
time->tm_mon += 1;
sprintf(output, "%04d%02d%02d%02d%02d%02d",
time->tm_year, time->tm_mon, time->tm_mday,
time->tm_hour, time->tm_min, time->tm_sec);
If __gmtime_r returns NULL (because the year overflows the range of
int), this will dereference a null pointer. Otherwise, if the
computed year does not fit in four characters, this will cause a
buffer overrun of the fixed-size 15-byte buffer. With current GCC
mainline, there is a compilation failure because of the possible
buffer overrun.
I couldn't find a specification for how this function is meant to
behave, but Paul pointed to RFC 4034 as relevant to the cases where
this function is called from within glibc. The function's interface
is inherently problematic when dates beyond Y2038 might be involved,
because of the ambiguity in how to interpret 32-bit timestamps as such
dates (the RFC suggests interpreting times as being within 68 years of
the present date, which would mean some kind of interface whose
behavior depends on the present date).
This patch works on the basis of making a minimal fix in preparation
for obsoleting the function. The function is made to handle times in
the interval [0, 0x7fffffff] only, on all platforms, with <overflow>
used as the output string in other cases (and errno set to EOVERFLOW
in such cases). This seems to be a reasonable state for the function
to be in when made a compat symbol by a future patch, being compatible
with any existing uses for existing timestamps without trying to work
for later timestamps. Results independent of the range of time_t also
simplify the testcase.
I couldn't persuade GCC to recognize the ranges of the struct tm
fields by adding explicit range checks with a call to
__builtin_unreachable if outside the range (this looks similar to
<https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80776>), so having added
a range check on the input, this patch then disables the
-Wformat-overflow= warning for the sprintf call (I prefer that to the
use of strftime, as being more transparently correct without knowing
what each of %m and %M etc. is).
I do not know why this build failure should be new with mainline GCC
(that is, I don't know what GCC change might have introduced it, when
the basic functionality for such warnings was already in GCC 7).
I do not know if this is a security issue (that is, if there are
plausible ways in which a date before -999 or after 9999 from an
untrusted source might end up in this function). The system clock is
arguably an untrusted source (in that e.g. NTP is insecure), but
probably not to that extent (NTP can't communicate such wild
timestamps), and uses from within glibc are limited to 32-bit inputs.
Tested with build-many-glibcs.py that this restores the build for arm
with yesterday's mainline GCC. Also tested for x86_64 and x86.
[BZ #22463]
* resolv/res_debug.c: Include <libc-diag.h>.
(p_secstodate): Assert time_t at least as wide as u_long. On
overflow, use integer seconds since the epoch as output, or use
"<overflow>" as output and set errno to EOVERFLOW if integer
seconds since the epoch would be 14 or more characters.
(p_secstodate) [__GNUC_PREREQ (7, 0)]: Disable -Wformat-overflow=
for sprintf call.
* resolv/tst-p_secstodate.c: New file.
* resolv/Makefile (tests): Add tst-p_secstodate.
($(objpfx)tst-p_secstodate): Depend on $(objpfx)libresolv.so.
Remove the bogus targets (and source) that supposedly build ga_test.
This code was added to resolv very early in the development process
but does not appear to be an actual test program. The target for
building this file is tests but because the glibc Make system is
built the way it is, the target is overriden by higher-level tests
targets and, therefore, the ga_test program is never built. Removing
the target and the source code makes the resolv/Makefile less confusing.
Tested by building and running 'make check' on 64 bit host running
Kernel 4.10.0-19 configured with
--prefix=/home/hawkinsw/code/glibc-build/install
--enable-hardcoded-path-in-tests
--disable-mathvec
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
This change provides additional resolver configuration state which
is not exposed through the _res ABI. It reuses the existing
initstamp field in the supposedly-private part of _res. Some effort
is undertaken to avoid memory safety issues introduced by applications
which directly patch the _res object.
With this commit, only the initstamp field is moved into struct
resolv_conf. Additional members will be added later, eventually
migrating the entire resolver configuration.
struct resolv_context objects provide a temporary resolver context
which does not change during a name lookup operation. Only when the
outmost context is created, the stub resolver configuration is
verified to be current (at present, only against previous res_init
calls). Subsequent attempts to obtain the context will reuse the
result of the initial verification operation.
struct resolv_context can also be extended in the future to store
data which needs to be deallocated during thread cancellation.
These __need macros are only used internally, by nptl/descr.h.
However, including all of resolv.h from descr.h causes build failures
due to resolv.h's dozens of pseudo-struct-field macros, some of which
collide with struct fields in NPTL internal data structures.
Similarly, including all of list.h from descr.h produces an include
cycle, atomic.h -> atomic-machine.h -> tls.h -> descr.h -> list.h ->
atomic.h, and then list.h tries to use atomic.h macros that haven't
been defined yet. So we do need mini-headers for these. In the
list.h case I called it include/list_t.h since it isn't going to be
installed.
* resolv/resolv.h: Remove __need_res_state logic.
Move definition of res_state and related constants to ...
* resolv/bits/types/res_state.h: ...this new file.
* resolv/Makefile: Install bits/types/res_state.h.
* include/bits/types/res_state.h: New wrapper.
* include/list.h: Remove __need_list_t logic.
Move definition of list_t to ...
* include/list_t.h: ...this new file.
* nptl/descr.h: Include list_t.h and bits/types/res_state.h
instead of list.h and resolv.h.
This bug did not affect name resolution because those functions
indirectly call ns_name_pack with a buffer which is always larger
than the generated query packet, even in the case of the
longest-possible domain name.
This change also removes the preprocessor-based function renaming.
It also applied to tests in resolv/, which ended up running against
the historic functions.
_endhtent was not part of the ABI because it is not listed in the
resolv/Versions file.
Two glibc makefiles use -Wno-strict-prototypes. I don't know if this
was needed before my recent conversion of many function definitions to
prototype style, but it's not needed now; this patch removes it.
Tested for x86_64 and x86 (testsuite, and that installed stripped
shared libraries are unchanged by the patch).
* posix/Makefile (CFLAGS-regex.c): Remove variable.
* resolv/Makefile (+cflags): Do not use -Wno-strict-prototypes.
With gcc-4.9, a new -fstack-protector-strong flag is available that is
between -fstack-protector (pretty weak) and -fstack-protector-all (pretty
strong) that provides good trade-offs between overhead but still providing
good coverage. Update the places in glibc that use ssp to use this flag
when it's available.
This also kills off the indirection of hardcoding the flag name in the
Makefiles and adding it based on a have-ssp boolean. Instead, the build
always expands the $(stack-protector) variable to the best ssp setting.
This makes the build logic a bit simpler and allows people to easily set
to a diff flag like:
make stack-protector=-fstack-protector-all
When "reorder" resolver option is enabled, threads of a multi-threaded process
could hang in gethostbyaddr_r, gethostbyname_r, or gethostbyname2_r.
Due to a trivial bug in _res_hconf_reorder_addrs, simultaneous
invocations of this function in a multi-threaded process could result to
_res_hconf_reorder_addrs returning without releasing the lock it holds,
causing other threads to block indefinitely while waiting for the lock
that is not going to be released.
[BZ #17977]
* resolv/res_hconf.c (_res_hconf_reorder_addrs): Fix unlocking
when initializing interface list, based on the bug analysis
and the patch proposed by Eric Newton.
* resolv/tst-res_hconf_reorder.c: New test.
* resolv/Makefile [$(have-thread-library) = yes] (tests): Add
tst-res_hconf_reorder.
($(objpfx)tst-res_hconf_reorder): Depend on $(libdl)
and $(shared-thread-library).
(tst-res_hconf_reorder-ENV): New variable.