about summary refs log tree commit diff
path: root/resolv/nss_dns
Commit message (Collapse)AuthorAgeFilesLines
* nss_dns: Rewrite _nss_dns_gethostbyname4_r using current interfacesFlorian Weimer2022-09-201-262/+150
| | | | | | | | | | Introduce struct alloc_buffer to this function, and use it and struct ns_rr_cursor in gaih_getanswer_slice. Adjust gaih_getanswer and gaih_getanswer_noaaaa accordingly. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> (cherry picked from commit 1d495912a746e2a1ffb780c9a81fd234ec2464e8) (conflict in resolv/nss_dns/dns-host.c due to missing noaaaa support)
* nss_dns: In gaih_getanswer_slice, skip strange aliases (bug 12154)Florian Weimer2022-09-201-4/+4
| | | | | | | | | | | If the name is not a host name, skip adding it to the result, instead of reporting query failure. This fixes bug 12154 for getaddrinfo. This commit still keeps the old parsing code, and only adjusts when a host name is copied. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> (cherry picked from commit 32b599ac8c21c4c332cc3900a792a1395bca79c7)
* nss_dns: Rewrite getanswer_r to match getanswer_ptr (bug 12154, bug 29305)Florian Weimer2022-09-201-298/+180
| | | | | | | | | | | | Allocate the pointer arrays only at the end, when their sizes are known. This addresses bug 29305. Skip over invalid names instead of failing lookups. This partially fixes bug 12154 (for gethostbyname, fixing getaddrinfo requires different changes). Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> (cherry picked from commit d101d836e7e4bd1d4e4972b0e0bd0a55c9b650fa)
* nss_dns: Remove remnants of IPv6 address mappingFlorian Weimer2022-09-201-45/+9
| | | | | | | | res_use_inet6 always returns false since commit 3f8b44be0a658266adff5 ("resolv: Remove support for RES_USE_INET6 and the inet6 option"). Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> (cherry picked from commit a7fc30b522a0cd7c8c5e7e285b9531b704e02f04)
* nss_dns: Rewrite _nss_dns_gethostbyaddr2_r and getanswer_ptrFlorian Weimer2022-09-201-303/+102
| | | | | | | | | The simplification takes advantage of the split from getanswer_r. It fixes various aliases issues, and optimizes NSS buffer usage. The new DNS packet parsing helpers are used, too. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> (cherry picked from commit e32547d661a43da63368e488b6cfa9c53b4dcf92)
* nss_dns: Split getanswer_ptr from getanswer_rFlorian Weimer2022-09-201-52/+268
| | | | | | | | | | | And expand the use of name_ok and qtype in getanswer_ptr (the former also in getanswer_r). After further cleanups, not much code will be shared between the two functions. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> (cherry picked from commit 0dcc43e9981005540bf39dc7bf33fbab62cf9e84)
* Update copyright dates with scripts/update-copyrightsPaul Eggert2022-01-013-3/+3
| | | | | | | | | | | | | | | | | | | | | | | I used these shell commands: ../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright (cd ../glibc && git commit -am"[this commit message]") and then ignored the output, which consisted lines saying "FOO: warning: copyright statement not found" for each of 7061 files FOO. I then removed trailing white space from math/tgmath.h, support/tst-support-open-dev-null-range.c, and sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following obscure pre-commit check failure diagnostics from Savannah. I don't know why I run into these diagnostics whereas others evidently do not. remote: *** 912-#endif remote: *** 913: remote: *** 914- remote: *** error: lines with trailing whitespace found ... remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
* Remove "Contributed by" linesSiddhesh Poyarekar2021-09-033-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | We stopped adding "Contributed by" or similar lines in sources in 2012 in favour of git logs and keeping the Contributors section of the glibc manual up to date. Removing these lines makes the license header a bit more consistent across files and also removes the possibility of error in attribution when license blocks or files are copied across since the contributed-by lines don't actually reflect reality in those cases. Move all "Contributed by" and similar lines (Written by, Test by, etc.) into a new file CONTRIBUTED-BY to retain record of these contributions. These contributors are also mentioned in manual/contrib.texi, so we just maintain this additional record as a courtesy to the earlier developers. The following scripts were used to filter a list of files to edit in place and to clean up the CONTRIBUTED-BY file respectively. These were not added to the glibc sources because they're not expected to be of any use in future given that this is a one time task: https://gist.github.com/siddhesh/b5ecac94eabfd72ed2916d6d8157e7dc https://gist.github.com/siddhesh/15ea1f5e435ace9774f485030695ee02 Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* resolv: Move nss_dns into libcFlorian Weimer2021-07-193-36/+31
| | | | | | | No abilist updates are needed because the symbols were GLIBC_PRIVATE. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* resolv: Move dn_skipname to its own file and into libcFlorian Weimer2021-07-192-3/+3
| | | | | | | | | | | | | | | And reformat it to GNU style. dn_skipname is used outside glibc, so do not deprecate it, and export it as dn_skipname (not __dn_skipname). Due to internal users, provide a __libc_dn_skipname alias, and keep __dn_skipname as a pure compatibility symbol. __dn_skipname@GLIBC_2.0 was moved using the script, and dn_skipname@@GLIBC_2.34 was added using make update-all-abi. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* resolv: Move dn_expand to its own file and into libcFlorian Weimer2021-07-191-2/+2
| | | | | | | | | | | | | | | | | | And reformat to GNU style. This switches back to the dn_expand name for the ABI symbol and turns __dn_expand into a compatibility symbol. With the improved namespace management in current glibc, it is no longer necessary to use a private namespace symbol. To avoid old code binding to a GLIBC_PRIVATE symbol by accident, use __libc_dn_expand for the internal symbol name. The symbols dn_expand, __dnexpand were moved using scripts/move-symbol-to-libc.py, followed by an adjustment to make dn_expand the only GLIBC_2.34 symbol. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* nss_dns: Do not use deprecated packet parsing functionsFlorian Weimer2021-07-152-21/+20
| | | | | Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* Update copyright dates with scripts/update-copyrightsPaul Eggert2021-01-023-3/+3
| | | | | | | | | | | | | | | | I used these shell commands: ../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright (cd ../glibc && git commit -am"[this commit message]") and then ignored the output, which consisted lines saying "FOO: warning: copyright statement not found" for each of 6694 files FOO. I then removed trailing white space from benchtests/bench-pthread-locks.c and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this diagnostic from Savannah: remote: *** pre-commit check failed ... remote: *** error: lines with trailing whitespace found remote: error: hook declined to update refs/heads/master
* nss_dns: Use NSS_DECLARE_MODULE_FUNCTIONSFlorian Weimer2020-02-133-0/+6
| | | | Reviewed-by: DJ Delorie <dj@redhat.com>
* Update copyright dates with scripts/update-copyrights.Joseph Myers2020-01-013-3/+3
|
* Prefer https to http for gnu.org and fsf.org URLsPaul Eggert2019-09-073-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also, change sources.redhat.com to sourceware.org. This patch was automatically generated by running the following shell script, which uses GNU sed, and which avoids modifying files imported from upstream: sed -ri ' s,(http|ftp)(://(.*\.)?(gnu|fsf|sourceware)\.org($|[^.]|\.[^a-z])),https\2,g s,(http|ftp)(://(.*\.)?)sources\.redhat\.com($|[^.]|\.[^a-z]),https\2sourceware.org\4,g ' \ $(find $(git ls-files) -prune -type f \ ! -name '*.po' \ ! -name 'ChangeLog*' \ ! -path COPYING ! -path COPYING.LIB \ ! -path manual/fdl-1.3.texi ! -path manual/lgpl-2.1.texi \ ! -path manual/texinfo.tex ! -path scripts/config.guess \ ! -path scripts/config.sub ! -path scripts/install-sh \ ! -path scripts/mkinstalldirs ! -path scripts/move-if-change \ ! -path INSTALL ! -path locale/programs/charmap-kw.h \ ! -path po/libc.pot ! -path sysdeps/gnu/errlist.c \ ! '(' -name configure \ -execdir test -f configure.ac -o -f configure.in ';' ')' \ ! '(' -name preconfigure \ -execdir test -f preconfigure.ac ';' ')' \ -print) and then by running 'make dist-prepare' to regenerate files built from the altered files, and then executing the following to cleanup: chmod a+x sysdeps/unix/sysv/linux/riscv/configure # Omit irrelevant whitespace and comment-only changes, # perhaps from a slightly-different Autoconf version. git checkout -f \ sysdeps/csky/configure \ sysdeps/hppa/configure \ sysdeps/riscv/configure \ sysdeps/unix/sysv/linux/csky/configure # Omit changes that caused a pre-commit check to fail like this: # remote: *** error: sysdeps/powerpc/powerpc64/ppc-mcount.S: trailing lines git checkout -f \ sysdeps/powerpc/powerpc64/ppc-mcount.S \ sysdeps/unix/sysv/linux/s390/s390-64/syscall.S # Omit change that caused a pre-commit check to fail like this: # remote: *** error: sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S: last line does not end in newline git checkout -f sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S
* nss_dns: Check for proper A/AAAA address alignmentFlorian Weimer2019-05-241-2/+13
| | | | Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* nss_dns: Do not replace root domain with empty stringFlorian Weimer2019-04-112-6/+0
| | | | | | The purpose of the bp[0] == '.' check is unclear. Only the root domain starts with '.'. The empty string is accepted as a domain name in many places, denoting the root, but using it implicitly is confusing.
* resolv: Do not send queries for non-host-names in nss_dns [BZ #24112]Florian Weimer2019-01-211-2/+22
| | | | | | | | Before this commit, nss_dns would send a query which did not contain a host name as the query name (such as invalid\032name.example.com) and then reject the answer in getanswer_r and gaih_getanswer_slice, using a check based on res_hnok. With this commit, no query is sent, and a host-not-found error is returned to NSS without network interaction.
* Update copyright dates with scripts/update-copyrights.Joseph Myers2019-01-013-3/+3
| | | | | | | * All files with FSF copyright notices: Update copyright dates using scripts/update-copyrights. * locale/programs/charmap-kw.h: Regenerated. * locale/programs/locfile-kw.h: Likewise.
* Update copyright dates with scripts/update-copyrights.Joseph Myers2018-01-013-3/+3
| | | | | | | * All files with FSF copyright notices: Update copyright dates using scripts/update-copyrights. * locale/programs/charmap-kw.h: Regenerated. * locale/programs/locfile-kw.h: Likewise.
* resolv/nss_dns/dns-host.c: Fix typo in commentFlorian Weimer2017-09-261-1/+2
| | | | And only the resolv/map*.h actually contain implementations.
* nss_dns: Remove dead PTR IPv4-to-IPv6 mapping codeFlorian Weimer2017-09-061-13/+0
|
* Consistently use uintN_t not u_intN_t everywhere.Joseph Myers2017-08-071-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch changes the remaining uses of the old nonstandard u_intN_t types in glibc to use the C99 uintN_t instead, except for the definitions of those typedefs and the tests of them in the c++-types test. This follows the previous such fix for libm, and being consistent in using uintN_t makes sense as a global cleanup. Tested for x86_64, and with build-many-glibcs.py. * catgets/catgets.c (catgets): Use uintN_t instead of u_intN_t. * catgets/catgetsinfo.h (struct catalog_obj): Likewise. (struct catalog_info): Likewise. * inet/htontest.c (lo): Likewise. (foo): Likewise. * inet/inet_lnaof.c (inet_lnaof): Likewise. * inet/inet_net.c (inet_network): Likewise. * inet/inet_netof.c (inet_netof): Likewise. * inet/rcmd.c (__ivaliduser): Likewise. (iruserok): Likewise. * locale/loadlocale.c (_nl_intern_locale_data): Likewise. * locale/programs/locale-spec.c (locale_special): Likewise. * nis/nis_findserv.c (struct findserv_req): Likewise. (__nis_findfastest_with_timeout): Likewise. * nss/test-netdb.c (test_network): Likewise. * resolv/inet_neta.c (inet_neta): Likewise. * resolv/ns_date.c (ns_datetosecs): Likewise. (SECS_PER_DAY): Likewise. * resolv/nss_dns/dns-network.c (_nss_dns_getnetbyaddr_r): Likewise. * resolv/res_comp.c (__putlong): Likewise. (__putshort): Likewise. (_getlong): Likewise. (_getshort): Likewise. * resolv/res_debug.c (p_time): Likewise. (precsize_ntoa): Likewise. (precsize_aton): Likewise. (latlon2ul): Likewise. (loc_aton): Likewise. (loc_ntoa): Likewise. * resolv/res_hconf.c (struct netaddr): Likewise. (_res_hconf_reorder_addrs): Likewise. * sunrpc/clnt_tcp.c (clnttcp_call): Likewise. (clnttcp_control): Likewise. * sunrpc/clnt_udp.c (clntudp_call): Likewise. (clntudp_control): Likewise. * sunrpc/clnt_unix.c (clntunix_call): Likewise. (clntunix_control): Likewise. * sunrpc/pmap_rmt.c (clnt_broadcast): Likewise. * sunrpc/rpc/auth.h (union des_block): Likewise. * sunrpc/tst-udp-nonblocking.c (do_test): Likewise. * sunrpc/xdr_rec.c (struct rec_strm): Likewise. (xdrrec_create): Likewise. (xdrrec_endofrecord): Likewise. (flush_out): Likewise. * sunrpc/xdr_stdio.c (xdrstdio_getlong): Likewise. (xdrstdio_putlong): Likewise. * sysdeps/unix/sysv/linux/errqueue.h (struct sock_extended_err): Likewise.
* resolv: Mirror the entire resolver configuration in struct resolv_confFlorian Weimer2017-07-031-15/+22
| | | | | | | | | | | | | | This commit adds the remaining unchanging members (which are loaded from /etc/resolv.conf) to struct resolv_conf. The extended name server list is currently not used by the stub resolver. The switch depends on a cleanup: The _u._ext.nssocks array stores just a single socket, and needs to be replaced with a single socket value. (The compatibility gethostname implementation does not use the extended addres sort list, either. Updating the compat code is not worthwhile.)
* resolv: Introduce struct resolv_context [BZ #21668]Florian Weimer2017-07-033-49/+95
| | | | | | | | | | | | struct resolv_context objects provide a temporary resolver context which does not change during a name lookup operation. Only when the outmost context is created, the stub resolver configuration is verified to be current (at present, only against previous res_init calls). Subsequent attempts to obtain the context will reuse the result of the initial verification operation. struct resolv_context can also be extended in the future to store data which needs to be deallocated during thread cancellation.
* resolv: Report allocation errors in __res_vinitFlorian Weimer2017-06-192-5/+25
|
* nss_dns: Correct parentheses for the __glibc_unlikely argumentFlorian Weimer2017-04-191-1/+1
| | | | This fixes commit bee05c9d58a34ec5886faf3b56ecaa56355d94bf.
* resolv: Replace __builtin_expect with __glibc_unlikely/__glibc_likelyFlorian Weimer2017-04-191-16/+27
|
* nss_dns: Replace local declarations with declarations from a header fileFlorian Weimer2017-04-042-14/+2
|
* nss_dns: Remove superfluous dn_expand call from network handlingFlorian Weimer2017-04-041-5/+3
|
* Update copyright dates with scripts/update-copyrights.Joseph Myers2017-01-013-3/+3
|
* CVE-2015-5180: resolv: Fix crash with internal QTYPE [BZ #18784]Florian Weimer2016-12-311-1/+1
| | | | | Also rename T_UNSPEC because an upcoming public header file update will use that name.
* resolv: Deprecate the "inet6" option and RES_USE_INET6 [BZ #19582]Florian Weimer2016-12-311-14/+4
|
* resolv: Remove RES_USEBSTRING and its implementation [BZ #20629]Florian Weimer2016-10-071-14/+0
| | | | | | In ns_name_ntop, the NS_CMPRSFLGS check is no longer needed because labellen (called earlier) already rejects everything which is not a plain label (compression references and extended label types).
* resolv: Remove RES_NOIP6DOTINT and its implementationFlorian Weimer2016-10-071-8/+0
|
* resolv: Remove SUNSECURITY preprocessor conditionalsFlorian Weimer2016-04-281-5/+0
| | | | The macro is never defined.
* resolv: Remove RESOLVSORT preprocess conditionalsFlorian Weimer2016-04-281-4/+0
|
* nss_dns: Skip over non-PTR records in the netent code [BZ #19868]Florian Weimer2016-04-271-2/+18
| | | | | This requires additional checks for the RDATA length and the availability of record metadata.
* nss_dns: Remove custom offsetof macro definitionFlorian Weimer2016-04-271-3/+1
|
* nss_dns: Check address length before creating addrinfo result [BZ #19831]Florian Weimer2016-04-271-20/+39
| | | | | | | | | Previously, we allocated room in the result space before the check, leaving uninitialized data there in case the check failed. This also consolidates the behavior between single (A or AAAA) and dual (A and AAAA in parallel) queries. Single queries checked the record length against the QTYPE, not the RRTYPE.
* resolv, nss_dns: Remove remaining syslog logging [BZ #19862]Florian Weimer2016-04-271-22/+0
| | | | The fix for bug 14841 only removed part of the logging.
* nss_dns: Validate RDATA length against packet length [BZ #19830]Florian Weimer2016-04-272-3/+28
| | | | | In _nss_dns_getcanonname_r, a check for the availability of RR metadata was missing as well.
* nss_dns: Fix assertion failure in _nss_dns_getcanonname_r [BZ #19865]Florian Weimer2016-04-111-0/+7
|
* CVE-2016-3075: Stack overflow in _nss_dns_getnetbyname_r [BZ #19879]Florian Weimer2016-03-291-4/+1
| | | | | The defensive copy is not needed because the name may not alias the output buffer.
* CVE-2015-7547: getaddrinfo() stack-based buffer overflow (Bug 18665).Carlos O'Donell2016-02-161-2/+109
| | | | | | | | | | | | | | | | | | | | * A stack-based buffer overflow was found in libresolv when invoked from libnss_dns, allowing specially crafted DNS responses to seize control of execution flow in the DNS client. The buffer overflow occurs in the functions send_dg (send datagram) and send_vc (send TCP) for the NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC family. The use of AF_UNSPEC triggers the low-level resolver code to send out two parallel queries for A and AAAA. A mismanagement of the buffers used for those queries could result in the response of a query writing beyond the alloca allocated buffer created by _nss_dns_gethostbyname4_r. Buffer management is simplified to remove the overflow. Thanks to the Google Security Team and Red Hat for reporting the security impact of this issue, and Robert Holiday of Ciena for reporting the related bug 18665. (CVE-2015-7547) See also: https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html https://sourceware.org/ml/libc-alpha/2016-02/msg00418.html
* Update copyright dates with scripts/update-copyrights.Joseph Myers2016-01-043-3/+3
|
* Record TTL also for DNS PTR queries (bug 18513)Andreas Schwab2015-06-221-0/+6
| | | | This allows nscd to manage proper TTL for GETHOSTBYADDR[v6] requests.
* CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow [BZ#18287]Arjun Shankar2015-04-211-1/+2
|
* Skip logging for DNSSEC responses [BZ 14841]Siddhesh Poyarekar2015-02-241-15/+8
| | | | | | | | | | | | | | DNSSEC defines a number of response types that one me expect when the DO bit is set. We don't process any of them, but since we do allow setting the DO bit, skip them without logging an error since it is only a nuisance. Tested on x86_64. [BZ #14841] * resolv/gethnamaddr.c (getanswer): Skip logging if RES_USE_DNSSEC is set. * resolv/nss_dns/dns-host.c (getanswer_r): Likewise.