about summary refs log tree commit diff
path: root/resolv/nss_dns
Commit message (Collapse)AuthorAgeFilesLines
* nss_dns: Correct parentheses for the __glibc_unlikely argumentFlorian Weimer2017-04-191-1/+1
| | | | This fixes commit bee05c9d58a34ec5886faf3b56ecaa56355d94bf.
* resolv: Replace __builtin_expect with __glibc_unlikely/__glibc_likelyFlorian Weimer2017-04-191-16/+27
|
* nss_dns: Replace local declarations with declarations from a header fileFlorian Weimer2017-04-042-14/+2
|
* nss_dns: Remove superfluous dn_expand call from network handlingFlorian Weimer2017-04-041-5/+3
|
* Update copyright dates with scripts/update-copyrights.Joseph Myers2017-01-013-3/+3
|
* CVE-2015-5180: resolv: Fix crash with internal QTYPE [BZ #18784]Florian Weimer2016-12-311-1/+1
| | | | | Also rename T_UNSPEC because an upcoming public header file update will use that name.
* resolv: Deprecate the "inet6" option and RES_USE_INET6 [BZ #19582]Florian Weimer2016-12-311-14/+4
|
* resolv: Remove RES_USEBSTRING and its implementation [BZ #20629]Florian Weimer2016-10-071-14/+0
| | | | | | In ns_name_ntop, the NS_CMPRSFLGS check is no longer needed because labellen (called earlier) already rejects everything which is not a plain label (compression references and extended label types).
* resolv: Remove RES_NOIP6DOTINT and its implementationFlorian Weimer2016-10-071-8/+0
|
* resolv: Remove SUNSECURITY preprocessor conditionalsFlorian Weimer2016-04-281-5/+0
| | | | The macro is never defined.
* resolv: Remove RESOLVSORT preprocess conditionalsFlorian Weimer2016-04-281-4/+0
|
* nss_dns: Skip over non-PTR records in the netent code [BZ #19868]Florian Weimer2016-04-271-2/+18
| | | | | This requires additional checks for the RDATA length and the availability of record metadata.
* nss_dns: Remove custom offsetof macro definitionFlorian Weimer2016-04-271-3/+1
|
* nss_dns: Check address length before creating addrinfo result [BZ #19831]Florian Weimer2016-04-271-20/+39
| | | | | | | | | Previously, we allocated room in the result space before the check, leaving uninitialized data there in case the check failed. This also consolidates the behavior between single (A or AAAA) and dual (A and AAAA in parallel) queries. Single queries checked the record length against the QTYPE, not the RRTYPE.
* resolv, nss_dns: Remove remaining syslog logging [BZ #19862]Florian Weimer2016-04-271-22/+0
| | | | The fix for bug 14841 only removed part of the logging.
* nss_dns: Validate RDATA length against packet length [BZ #19830]Florian Weimer2016-04-272-3/+28
| | | | | In _nss_dns_getcanonname_r, a check for the availability of RR metadata was missing as well.
* nss_dns: Fix assertion failure in _nss_dns_getcanonname_r [BZ #19865]Florian Weimer2016-04-111-0/+7
|
* CVE-2016-3075: Stack overflow in _nss_dns_getnetbyname_r [BZ #19879]Florian Weimer2016-03-291-4/+1
| | | | | The defensive copy is not needed because the name may not alias the output buffer.
* CVE-2015-7547: getaddrinfo() stack-based buffer overflow (Bug 18665).Carlos O'Donell2016-02-161-2/+109
| | | | | | | | | | | | | | | | | | | | * A stack-based buffer overflow was found in libresolv when invoked from libnss_dns, allowing specially crafted DNS responses to seize control of execution flow in the DNS client. The buffer overflow occurs in the functions send_dg (send datagram) and send_vc (send TCP) for the NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC family. The use of AF_UNSPEC triggers the low-level resolver code to send out two parallel queries for A and AAAA. A mismanagement of the buffers used for those queries could result in the response of a query writing beyond the alloca allocated buffer created by _nss_dns_gethostbyname4_r. Buffer management is simplified to remove the overflow. Thanks to the Google Security Team and Red Hat for reporting the security impact of this issue, and Robert Holiday of Ciena for reporting the related bug 18665. (CVE-2015-7547) See also: https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html https://sourceware.org/ml/libc-alpha/2016-02/msg00418.html
* Update copyright dates with scripts/update-copyrights.Joseph Myers2016-01-043-3/+3
|
* Record TTL also for DNS PTR queries (bug 18513)Andreas Schwab2015-06-221-0/+6
| | | | This allows nscd to manage proper TTL for GETHOSTBYADDR[v6] requests.
* CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow [BZ#18287]Arjun Shankar2015-04-211-1/+2
|
* Skip logging for DNSSEC responses [BZ 14841]Siddhesh Poyarekar2015-02-241-15/+8
| | | | | | | | | | | | | | DNSSEC defines a number of response types that one me expect when the DO bit is set. We don't process any of them, but since we do allow setting the DO bit, skip them without logging an error since it is only a nuisance. Tested on x86_64. [BZ #14841] * resolv/gethnamaddr.c (getanswer): Skip logging if RES_USE_DNSSEC is set. * resolv/nss_dns/dns-host.c (getanswer_r): Likewise.
* Update copyright dates with scripts/update-copyrights.Joseph Myers2015-01-023-3/+3
|
* Avoid infinite loop in nss_dns getnetbyname [BZ #17630]Florian Weimer2014-12-161-2/+2
|
* Remove MULTI_PTRS_ARE_ALIASES in dns-hosts.cSiddhesh Poyarekar2014-07-011-22/+2
| | | | | | | | | | | | | | | | The code in gethnamaddr.c for gethostbyaddr used and set this macro to allow multiple PTR records to be added as aliases. This was useful for gethostbyaddr since it returns a hostent structure, which can return aliases. The gethnamaddr.c source however is unused in glibc since pretty much forever. Instead, the DNS lookup bits for gethostbyaddr (as well as getnameinfo) are implemented in dns-hosts.c and in that implementation all but one (the first one) of the multiple PTR records are ignored. Since gethnamaddr.c is essentially dead code, ignore that implementation and replace the MULTI_PTRS_ARE_ALIASES bit with a comment mentioning that bind adds PTR records as aliases while we don't.
* Properly fix memory leak in _nss_dns_gethostbyname4_r with big DNS answerAndreas Schwab2014-02-193-16/+13
| | | | | Instead of trying to guess whether the second buffer needs to be freed set a flag at the place it is allocated
* Deduplicate resolv/nss_dns/dns-host.cOndřej Bílka2014-02-161-10/+7
| | | | | In resolv/nss_dns/dns-host.c one of code path duplicated code after that. We merge these paths.
* Fix memory leak in _nss_dns_gethostbyname4_r with big DNS answerAndreas Schwab2014-02-131-2/+10
|
* Use glibc_likely instead __builtin_expect.Ondřej Bílka2014-02-102-23/+23
|
* Update copyright notices with scripts/update-copyrightsAllan McRae2014-01-013-3/+3
|
* Avoid use of "register" as optimization hint.Joseph Myers2013-06-071-2/+2
|
* Add #include <stdint.h> for uint[32|64]_t usage (except installed headers).Ryan S. Arnold2013-05-162-0/+2
|
* Update copyright notices with scripts/update-copyrights.Joseph Myers2013-01-023-3/+3
|
* Add script to update copyright notices and reformat some to facilitate its use.Joseph Myers2013-01-011-2/+1
|
* Return EAI_SYSTEM if we're out of file descriptorsSiddhesh Poyarekar2012-11-191-4/+21
| | | | Resolves BZ #14719.
* Avoid duplicate DNS requests if answer is longer than a implementationJeroen van Bemmel2012-07-121-4/+0
| | | | | | | | | | | | | | | | limit [BZ #14307] * sysdeps/posix/getaddrinfo.c (gaih_inet): Increase the size of the temporary buffer used to invoke __gethostbyname2_r, __gethostbyaddr_r and gethostbyname4_r to make room for struct host_data / struct gaih_addrtuple. * resolv/nss_dns/dns-host.c (global scope): Move definition of implementation constants MAX_NR_ALIASES and MAX_NR_ADDRS to header file nss/nsswitch.h. * nss/nsswitch.h (global scope): Add definition of implementation constants MAX_NR_ALIASES and MAX_NR_ADDRS (moved from resolv/nss_dns/dns-host.c).
* Merge copyright years in resolv/nss_dns/dns-host.cSiddhesh Poyarekar2012-03-311-1/+1
|
* Consider TTL of CNAME record and return minimum TTL in the chainSiddhesh Poyarekar2012-03-301-3/+18
| | | | | | | | | [BZ #13928] A DNS request consists of multiple resources combined into a single hostent, including multiple CNAME records that may have been assigned different TTL values. In such a case, nscd should take the least TTL among all of the resources as the timeout for the hostent before it is reloaded in its cache so that the hostent remains stale in the database for the least amount of time.
* * resolv/nss_dns/dns-host.c: Update copyright year.Jeff Law2012-03-301-1/+1
|
* [BZ #13760]Jeff Law2012-03-281-1/+7
| | | | | | * resolv/nss_dns/dns-host.c (gaih_getanswer): Look for errno in the right place. Discard and retry query if response is larger than input buffer size.
* Replace FSF snail mail address with URLs.Paul Eggert2012-02-093-9/+6
|
* Quash some new warnings from GCC 4.6.Roland McGrath2011-06-101-5/+2
|
* Don't ignore zero TTL in DNS answersAndreas Schwab2010-11-251-4/+3
|
* Fix crash on reloading of gai data in nscd.Ulrich Drepper2010-04-091-14/+2
|
* Handle DNS timeouts in old-style lookkup code.Ulrich Drepper2010-04-051-6/+12
|
* Handle running out of buffer space with IPv6 mapping enabled.Andreas Schwab2009-11-101-2/+4
| | | | | | With big DNS answers like the one you get for goodtimesdot.com you can get a truncated address list if IPv6 mapping is enabled. Instead tell the caller to resize the buffer.
* * resolv/res_hconf.c (_res_hconf_trim_domain): Use strcasecmpUlrich Drepper2009-04-071-1/+1
| | | | | instead of __strcasecmp. * resolv/nss_dns/dns-host.c (getanswer_r): Likewise.
* * resolv/nss_dns/dns-host.c (_nss_dns_gethostbyaddr2_r): Check andUlrich Drepper2009-01-081-1/+14
| | | | adjust the buffer alignment.
* * resolv/nss_dns/dns-host.c (_nss_dns_gethostbyname3_r): RecognizeUlrich Drepper2008-12-031-4/+16
| | | | | | | | | ESRCH return value. (_nss_dns_gethostbyname4_r): Likewise. * resolv/res_init.c (__res_vinit): Initialize nscount to zero. * sysdeps/posix/getaddrinfo.c (gaih_inet): In case we use gethostbyname4_r, we don't have a separate IPv6 status, so copy the no_data variable.