Commit Graph

91 Commits

Author SHA1 Message Date
Siddhesh Poyarekar
0cd8552045 Fix the 'array subscript is above array bounds' warning correctly
Use DIAG_IGNORE_NEEDS_COMMENT instead since the compiler should have
seen that NS never goes beyond MAXNS.
2014-12-16 19:40:47 +05:30
Siddhesh Poyarekar
a0d424ef9d Fix 'array subscript is above array bounds' warning in res_send.c
I see this warning in my build on F21 x86_64, which seems to be due to
a weak check for array bounds.  Fixed by making the bounds check
stronger.

This is not an actual bug since nscount is never set to anything
greater than MAXNS.  The compiler however does not know this, so we
need the stronger bounds check to quieten the compiler.
2014-12-16 16:55:23 +05:30
Stefan Liebler
48e435cd93 resolv: Suppress maybe uninitialized warning
In send_vc function at resolv/res_send.c, There is the
following warning on some architectures:

  'resplen' may be used uninitialized in this function
  [-Wmaybe-uninitialized]

And this is a false positive.  This patch suppress the
compiler warning.
2014-12-12 16:30:12 -05:00
Andreas Schwab
f9d2d03254 Fix invalid file descriptor reuse while sending DNS query (BZ #15946) 2014-06-03 18:03:39 +02:00
Siddhesh Poyarekar
16b293a7a6 Do not fail if one of the two responses to AF_UNSPEC fails (BZ #14308)
[Fixes BZ #14308, #12994, #13651]

AF_UNSPEC results in sending two queries in parallel, one for the A
record and the other for the AAAA record.  If one of these is a
referral, then the query fails, which is wrong.  It should return at
least the one successful response.

The fix has two parts.  The first part makes the referral fall back to
the SERVFAIL path, which results in using the successful response.
There is a bug in that path however, due to which the second part is
necessary.  The bug here is that if the first response is a failure
and the second succeeds, __libc_res_nsearch does not detect that and
assumes a failure.  The case where the first response is a success and
the second fails, works correctly.

This condition is produced by buggy routers, so here's a crude
interposable library that can simulate such a condition.  The library
overrides the recvfrom syscall and modifies the header of the packet
received to reproduce this scenario.  It has two key variables:
mod_packet and first_error.

The mod_packet variable when set to 0, results in odd packets being
modified to be a referral.  When set to 1, even packets are modified
to be a referral.

The first_error causes the first response to be a failure so that a
domain-appended search is performed to test the second part of the
__libc_nsearch fix.

The driver for this fix is a simple getaddrinfo program that does an
AF_UNSPEC query.  I have omitted this since it should be easy to
implement.

I have tested this on x86_64.

The interceptor library source:

/* Override recvfrom and modify the header of the first DNS response to make it
   a referral and reproduce bz #845218.  We have to resort to this ugly hack
   because we cannot make bind return the buggy response of a referral for the
   AAAA record and an authoritative response for the A record.  */
 #define _GNU_SOURCE
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <stdio.h>
 #include <stdbool.h>
 #include <endian.h>
 #include <dlfcn.h>
 #include <stdlib.h>

/* Lifted from resolv/arpa/nameser_compat.h.  */
typedef struct {
    unsigned        id :16;         /*%< query identification number */
 #if BYTE_ORDER == BIG_ENDIAN
    /* fields in third byte */
    unsigned        qr: 1;          /*%< response flag */
    unsigned        opcode: 4;      /*%< purpose of message */
    unsigned        aa: 1;          /*%< authoritive answer */
    unsigned        tc: 1;          /*%< truncated message */
    unsigned        rd: 1;          /*%< recursion desired */
    /* fields
     * in
     * fourth
     * byte
     * */
    unsigned        ra: 1;          /*%< recursion available */
    unsigned        unused :1;      /*%< unused bits (MBZ as of 4.9.3a3) */
    unsigned        ad: 1;          /*%< authentic data from named */
    unsigned        cd: 1;          /*%< checking disabled by resolver */
    unsigned        rcode :4;       /*%< response code */
 #endif
 #if BYTE_ORDER == LITTLE_ENDIAN || BYTE_ORDER == PDP_ENDIAN
    /* fields
     * in
     * third
     * byte
     * */
    unsigned        rd :1;          /*%< recursion desired */
    unsigned        tc :1;          /*%< truncated message */
    unsigned        aa :1;          /*%< authoritive answer */
    unsigned        opcode :4;      /*%< purpose of message */
    unsigned        qr :1;          /*%< response flag */
    /* fields
     * in
     * fourth
     * byte
     * */
    unsigned        rcode :4;       /*%< response code */
    unsigned        cd: 1;          /*%< checking disabled by resolver */
    unsigned        ad: 1;          /*%< authentic data from named */
    unsigned        unused :1;      /*%< unused bits (MBZ as of 4.9.3a3) */
    unsigned        ra :1;          /*%< recursion available */
 #endif
    /* remaining
     * bytes
     * */
    unsigned        qdcount :16;    /*%< number of question entries */
    unsigned        ancount :16;    /*%< number of answer entries */
    unsigned        nscount :16;    /*%< number of authority entries */
    unsigned        arcount :16;    /*%< number of resource entries */
} HEADER;

static int done = 0;

/* Packets to modify.  0 for the odd packets and 1 for even packets.  */
static const int mod_packet = 0;

/* Set to true if the first request should result in an error, resulting in a
   search query.  */
static bool first_error = true;

static ssize_t (*real_recvfrom) (int sockfd, void *buf, size_t len, int flags,
			  struct sockaddr *src_addr, socklen_t *addrlen);

void
__attribute__ ((constructor))
init (void)
{
  real_recvfrom = dlsym (RTLD_NEXT, "recvfrom");

  if (real_recvfrom == NULL)
    {
      printf ("Failed to get reference to recvfrom: %s\n", dlerror ());
      printf ("Cannot simulate test\n");
      abort ();
    }
}

/* Modify the second packet that we receive to set the header in a manner as to
   reproduce BZ #845218.  */
static void
mod_buf (HEADER *h, int port)
{
  if (done % 2 == mod_packet || (first_error && done == 1))
    {
      printf ("(Modifying header)");

      if (first_error && done == 1)
	h->rcode = 3;
      else
	h->rcode = 0;	/* NOERROR == 0.  */
      h->ancount = 0;
      h->aa = 0;
      h->ra = 0;
      h->arcount = 0;
    }
  done++;
}

ssize_t
recvfrom (int sockfd, void *buf, size_t len, int flags,
	  struct sockaddr *src_addr, socklen_t *addrlen)
{
  ssize_t ret = real_recvfrom (sockfd, buf, len, flags, src_addr, addrlen);
  int port = htons (((struct sockaddr_in *) src_addr)->sin_port);
  struct in_addr addr = ((struct sockaddr_in *) src_addr)->sin_addr;
  const char *host = inet_ntoa (addr);
  printf ("\n*** From %s:%d: ", host, port);

  mod_buf (buf, port);

  printf ("returned %zd\n", ret);
  return ret;
}
2014-04-30 11:48:43 +05:30
Adhemerval Zanella
27822ce67f Define _STRING_ARCH_unaligned unconditionally
This patch defines _STRING_ARCH_unaligned to 0 on default bits/string.h
header to avoid undefined compiler warnings on platforms that do not
define it.  It also make adjustments in code where tests checked if macro
existed or not.
2014-04-09 15:05:36 -05:00
Andreas Schwab
ab09bf616a Properly fix memory leak in _nss_dns_gethostbyname4_r with big DNS answer
Instead of trying to guess whether the second buffer needs to be freed
set a flag at the place it is allocated
2014-02-19 14:39:21 +01:00
Ondřej Bílka
a1ffb40e32 Use glibc_likely instead __builtin_expect. 2014-02-10 15:07:12 +01:00
Ondřej Bílka
cabba9343c Correctly copy resolver address. Fixes bug #13028. 2013-10-14 08:17:09 +02:00
Roland McGrath
c4e42566cf Don't try to use ioctl unless [FIONREAD]. 2013-08-27 10:50:06 -07:00
Ondřej Bílka
c0c3f78afb Fix typos. 2013-08-21 19:48:48 +02:00
Roland McGrath
f1d70dad53 Remove lots of inline keywords. 2013-02-07 14:44:18 -08:00
Thomas Schwinge
123be9deda Add recvmmsg and sendmmsg to the generic glibc API. 2012-11-20 19:26:04 +01:00
Ulrich Drepper
966977f1b7 Better error handling for sendmmsg use in res_send 2012-03-30 08:38:58 -04:00
Ulrich Drepper
8e6d108343 Correct check for DNS request send success
This predates the sendmmsg use.  The two requests can use different
request sizes but the check for successful transfer always only used
buflen.
2012-03-30 08:27:11 -04:00
Ulrich Drepper
c030f70c87 Speed up DNS by avoiding a system call if possible 2012-03-30 07:42:29 -04:00
Ulrich Drepper
57912a71cc Fix typo in recent resolver change which causes segvs 2011-06-15 22:43:58 -04:00
Ulrich Drepper
4769ae77fc Handle DNS server failures in case of AF_UNSPEC lookups correctly 2011-05-30 22:48:47 -04:00
Andreas Schwab
94308fd0e0 Fix debug statements in resolver 2010-03-17 06:57:38 -07:00
Yann Droneaud
a092b645f8 Fix DEBUG statements in resolv/res_send.c 2010-03-05 16:52:31 -08:00
Ulrich Drepper
ace4e23f8c Always use IPv4 sockets for IPv4 addresses. 2010-01-14 22:34:28 -08:00
Ulrich Drepper
75ded9bcdf Initialize local variable in resolver.
When the DNS server doesn't reply at all we possibly tested
an unitialized variable.
2009-10-29 23:01:58 -07:00
Petar Bogdanovic
3a85895fa3 Fix mixing IPv4 and IPv6 name server in resolv.conf. 2009-10-29 08:17:48 -07:00
Ulrich Drepper
e28b969b49 Handle SERVFAIL, NOTIMP, REFUSED replies from DNS server better.
When doing IPv4+6 lookups we have to pass up the error record from
send_dg.
2009-07-26 12:16:24 -07:00
Ulrich Drepper
44d20bca52 Implement second fallback mode for DNS requests.
There is some more shardware/software out there which has problems
if two DNS requests are sent using the same tuple

  (source addr, source port, dest addr, dest port)

This can range from firewalls to load balancers.  Some of the vendors
already fixed it in response to this problem.  Still, we need a way
to make glibc work with broken environments.  The single-request-reopen
flag can be used or we fall back automatically to this mode.
2009-06-26 03:47:47 -07:00
Ulrich Drepper
310647e980 Remember we switched to single-request mode.
This change prevents repetition in most later calls of the resolver
in case the DNS server or the network connection is broken.
2009-06-11 10:07:33 -07:00
Ulrich Drepper
74b3cf224e (send_dg): Don't just ignore the result we got in case we only receive one reply in single-request mode. 2009-04-16 20:29:33 +00:00
Ulrich Drepper
d0e81f10e5 * resolv/res_send.c (send_dg): Don't switch into single-request
mode if we already are in it.
2009-04-16 14:29:34 +00:00
Ulrich Drepper
ae06191038 * resolv/resolv.h (RES_SNGLKUP): Define.
* resolv/res_init.c (res_setoptions): Recognize single-request option.
	* resolv/res_send.c (send_dg): If we sent two requests at once and
	only get one reply before timeout switch to mode where we send the
	second request only after the first answer has been received.
2009-04-07 02:00:27 +00:00
Ulrich Drepper
200da00a7c * resolv/res_send.c (send_dg): Use correct guards for SOCK_CLOEXEC
use.

	* sysdeps/unix/sysv/linux/kernel-features.h: Fix typo in accept4
	handling.
2008-12-08 04:08:51 +00:00
Ulrich Drepper
9744268c10 * resolv/res_send.c (send_dg): Create sockets with non-blocking
flag already set.
2008-12-02 06:21:18 +00:00
Ulrich Drepper
ad12e63582 [BZ #6942]
2008-10-07  Andreas Schwab  <schwab@suse.de>
	[BZ #6942]
	* resolv/res_send.c (send_vc): Fix last change.
	(send_dg): Align here as well.
2008-10-31 17:37:28 +00:00
Ulrich Drepper
332c4465b0 * grp/initgroups.c (internal_getgrouplist): Don't prematurely
abort if there is no initgroups_dyn function.
2008-10-30 16:55:44 +00:00
Ulrich Drepper
21b07d8ba5 * resolv/res_send.c (send_dg): On timeout, only return nonzero
result if any of the queries really provided an answer.
2008-10-30 16:00:44 +00:00
Ulrich Drepper
e39e69467e (send_vc): Fix use of unaligned address. Properly handle partial reads. 2008-10-06 16:29:06 +00:00
Ulrich Drepper
b7da31a164 * resolv/res_send.c (__libc_res_nsend): Take additional parameter.
Use it instead of locally defined resplen2 variable.
	(res_nsend): Adjust for __libc_res_nsend interface change.
	(send_vc): Initialize *resplen2 if necessary.  Read length of
	package into an appropriately aligned variable.  Store converted length
	in new variable and use it appropriately.
	Add branch prediction help.
	* resolv/res_query.c (__libc_res_nquery): Take additional parameter
	and pass it on to __libc_res_nsend.  Adjust all callers.
	(__libc_res_nsearch): Likewise.
	(__libc_res_nqeurydomain): Likewise.
	* resolv/nss_dns/dns-host.c: Adjust for __libc_res_nsearch interface
	change.
	(_nss_dns_gethostbyname4): Don't unconditionally allocate tmp array.
	Define resplen2 variable and pass it to __libc_res_nsearch and then
	to gaih_getanswer.
	(getanswer_r): In case of incorrect DNS data don't overread buffer.
	Add branch prediction.
	(gaih_getanswer_slice): Likewise.  Check for invalid data types.
	(gaih_getanswer): Don't decode second slice if first one failed due
	to a too small buffer.  Don't let not found status of second
	decoder shadow results of the first.
	* resolv/gethnamaddr.c (gethostbyname2): Adjust for __libc_res_nsearch
	and __libc_res_nquery interface changes
	(gethostbyaddr): Adjust for __libc_res_nquery interface change.
	* include/resolv.h: Adjust prototypes for __libc_res_nquery,
	__libc_res_nsearch, and __libc_res_nsend.
	* resolv/nss_dns/dns-canon.c: Adjust for __libc_res_nquery interface
	change.
	* resolv/nss_dns/dns-network.c: Adjust for __libc_res_nquery and
	__libc_res_nsearch interface changes.
2008-07-28 22:55:10 +00:00
Ulrich Drepper
835113c60e * resolv/res_send.c: Remove unnecessary res_pquery prototype. 2008-07-09 22:41:56 +00:00
Ulrich Drepper
e200388380 * resolv/res_send.c (send_dg): If we already have one of two
answers and the server reports SERVFAI, NOTIMP, or REFUSED, then
	use the one answer insted of failing.
2008-05-24 17:51:45 +00:00
Ulrich Drepper
5908f779e7 * resolv/res_query.c (__libc_res_nquery): In case one of two
answer was too short don't try to read that answer's header.

	* resolv/res_send.c (send_dg): In case of timeout and there are
	two queries and one has been answered, return value indicating
	success.
2008-05-19 17:34:14 +00:00
Ulrich Drepper
1eb946b935 * include/resolv.h: Adjust __libc_res_nquery and __libc_res_nsend
prototypes.
	* include/arpa/nameser_compat.h: Define T_UNSPEC.
	* nis/Versions (libnss_nis): Export _nss_nis_gethostbyname4_r.
	(libnss_nisplus): Export _nss_nisplus_gethostbyname4_r.
	* nis/nss_nis/nis-hosts.c (LINE_PARSER): Change to also handle
	af==AF_UNSPEC.
	(_nss_nis_gethostbyname4_r): New function.
	* nis/nss_nisplus/nisplus-hosts.c (_nss_nisplus_parse_hostent):
	Change to also handle af==AF_UNSPEC.
	(get_tablename): New function.  Use it to avoid duplication.
	(_nss_nisplus_gethostbyname4_r): New function.
	* nscd/aicache.c (addhstaiX): Use gethostbyname4_r function is
	available.
	* nss/Versions (libnss_files): Export _nss_files_gethostbyname4_r.
	* nss/nss.h: Define struct gaih_addrtuple.
	* nss/nss_files/files-hosts.c (LINE_PARSER): Change to also handle
	af==AF_UNSPEC.
	(_nss_files_gethostbyname4_r): New function.
	* resolv/Versions (libnss_dns): Export _nss_dns_gethostbyname4_r.
	* resolv/gethnmaddr.c: Adjust __libc_res_nsearch and __libc_res_nquery
	calls.
	* resolv/res_query.c (__libc_res_nquery): Take two additional
	parameters for second answer buffer.  Handle type=T_UNSPEC to mean
	look up IPv4 and IPv6.
	Change all callers.
	* resolv/res_send.c (__libc_res_nsend): Take five aditional parameters
	for an additional query and answer buffer.  Pass to send_vc and
	send_dg.
	(send_vc): Send possibly two requests and receive two answers.
	(send_dg): Likewise.
	* resolv/nss_dns/dns-host.c: Adjust calls to __libc_res_nsearch and
	__libc_res_nquery.
	(_nss_dns_gethostbyname4_r): New function.
	(gaih_getanswer_slice): Likewise.
	(gaih_getanswer): Likewise.
	* resolv/nss_dns/dns-canon.c (_nss_dns_getcanonname_r): Adjust
	__libc_res_nquery call.
	* resolv/nss_dns/dns-network.c (_nss_dns_getnetbyaddr_r): Likewise.
	(_nss_dns_getnetbyname_r): Adjust __libc_res_nsearch call.
	* sysdeps/posix/getaddrinfo.c: Use gethostbyname4_r function is
	available.
2008-05-10 23:27:39 +00:00
Ulrich Drepper
0f8f993cef [BZ #4726]
* resolv/res_send.c (__libc_res_nsend): Initialize all of the
	memory allocated for the name server address.
2007-08-22 04:02:53 +00:00
Ulrich Drepper
ae1ad3aebb [BZ #4647]
Tomas Janousek  <tjanouse@redhat.com>
            Ulrich Drepper  <drepper@redhat.com>

	[BZ #4647]
	* resolv/res_send.c (send_dg): Remove socket_pf.  Use ipv6_unavail
	member in __res_state, only convaddr4to6 if nssocks[ns] is a PF_INET6
	socket.
	* resolv/resolv.h (__res_state): Add ipv6_unavail member.  Make
	unused member a bitmap.
	* resolv/res_init.c (__res_vinit): Reset ipv6_unavail if IPv6
	servers are configured.

2007-06-18  Jakub Jelinek  <jakub@redhat.com>
2007-06-18 22:22:57 +00:00
Ulrich Drepper
2bbb7d5b3c * resolv/res_init.c (res_setoptions): Recognize edns0 option.
* resolv/res_mkquery.c: Define __res_nopt.
	* resolv/res_query.c (__libc_res_nquery): If RES_USE_EDNS0 is set
	try adding EDNS0 record.
	* resolv/res_send.c (send_dg): If request failed with FORMERR and
	EDNS0 record was send make sure we don't try it again.
	* resolv/resolv.h: Define RES_F_EDNS0ERR and RES_USE_EDNS0.
	* include/resolv.h: Declare __res_nopt.
2007-02-09 23:46:29 +00:00
Ulrich Drepper
bce1646770 * include/arpa/nameser.h: Also optimize NS_PUT16 and NS_PUT32.
* resolv/res_mkquery.c: Use NS_PUT16 and NS_PUT32 instead of __putshort
	and __putlong respectively.  Correct buffer overflow check for
	NS_NOTIFY_OP.

	* resolv/res_send.c (send_vc): Use ns_put16 instead of putshort.
2006-05-06 18:04:35 +00:00
Ulrich Drepper
8e45b1acc2 * resolv/res_send.c (res_queriesmatch): Fix typo in comment.
(send_dg): Rewrite error handling to be more compact and avoid
	double recomputation of timeouts.  Pass MSG_NOSIGNAL to send.
2006-05-06 17:20:59 +00:00
Ulrich Drepper
697e162863 * include/arpa/nameser.h: Add optimizations for NS_GET16 and NS_GET32.
* resolv/res_send.c (res_nameinquery): Use NS_GET16 directly
	instead of ns_get16.
	(res_queriesmatch): Likewise.  Minor optimization.
2006-05-06 08:03:24 +00:00
Ulrich Drepper
cb07f6f67d * resolv/res_init.c (__res_iclose): New function. Broken out of
res_nclose.  Take addition parameter which determines whether
	addresses should be freed.
	(res_nclose): Call __res_iclose.
	(res_thread_freeres): Likewise.
	* resolv/res_data.c (res_close): Call __res_iclose.
	* resolv/res_libc.c (res_init): No need to separately free the
	addresses.
	(__res_maybe_init): Likewise.
	* resolv/res_send.c: Use __res_iclose instead of res_nclose.
	* resolv/Versions [GLIBC_PRIVATE]: Add __res_iclose.
	* include/resolv.h: Declare __res_iclose.
	Add libc_hidden_proto for __res_iclose.
	* hesiod/hesiod.c (__hesiod_res_set): No need to free name server
	addresses here again.
2005-11-01 00:08:54 +00:00
Ulrich Drepper
e2a99d8e1f * resolv/res_send.c (Aerror): Fix printing IP address. 2005-08-22 04:04:55 +00:00
Ulrich Drepper
9fc42dfdc1 * resolv/res_send.c (send_vc): Pass correct sockaddr size to connect. 2005-08-21 23:08:30 +00:00
Ulrich Drepper
359bb2ef12 (send_dg): Recognize referral results and treat them as server errors. 2005-07-08 06:49:08 +00:00