| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
| |
|
|
|
|
| |
The purpose of the bp[0] == '.' check is unclear. Only the root domain
starts with '.'. The empty string is accepted as a domain name in many
places, denoting the root, but using it implicitly is confusing.
|
| |
|
|
|
|
|
|
| |
Before this commit, nss_dns would send a query which did not contain a
host name as the query name (such as invalid\032name.example.com) and
then reject the answer in getanswer_r and gaih_getanswer_slice, using
a check based on res_hnok. With this commit, no query is sent, and a
host-not-found error is returned to NSS without network interaction.
|
| |
|
|
|
|
|
| |
* All files with FSF copyright notices: Update copyright dates
using scripts/update-copyrights.
* locale/programs/charmap-kw.h: Regenerated.
* locale/programs/locfile-kw.h: Likewise.
|
| |
|
|
|
|
|
| |
* All files with FSF copyright notices: Update copyright dates
using scripts/update-copyrights.
* locale/programs/charmap-kw.h: Regenerated.
* locale/programs/locfile-kw.h: Likewise.
|
| |
|
|
| |
And only the resolv/map*.h actually contain implementations.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch changes the remaining uses of the old nonstandard u_intN_t
types in glibc to use the C99 uintN_t instead, except for the
definitions of those typedefs and the tests of them in the c++-types
test. This follows the previous such fix for libm, and being
consistent in using uintN_t makes sense as a global cleanup.
Tested for x86_64, and with build-many-glibcs.py.
* catgets/catgets.c (catgets): Use uintN_t instead of u_intN_t.
* catgets/catgetsinfo.h (struct catalog_obj): Likewise.
(struct catalog_info): Likewise.
* inet/htontest.c (lo): Likewise.
(foo): Likewise.
* inet/inet_lnaof.c (inet_lnaof): Likewise.
* inet/inet_net.c (inet_network): Likewise.
* inet/inet_netof.c (inet_netof): Likewise.
* inet/rcmd.c (__ivaliduser): Likewise.
(iruserok): Likewise.
* locale/loadlocale.c (_nl_intern_locale_data): Likewise.
* locale/programs/locale-spec.c (locale_special): Likewise.
* nis/nis_findserv.c (struct findserv_req): Likewise.
(__nis_findfastest_with_timeout): Likewise.
* nss/test-netdb.c (test_network): Likewise.
* resolv/inet_neta.c (inet_neta): Likewise.
* resolv/ns_date.c (ns_datetosecs): Likewise.
(SECS_PER_DAY): Likewise.
* resolv/nss_dns/dns-network.c (_nss_dns_getnetbyaddr_r):
Likewise.
* resolv/res_comp.c (__putlong): Likewise.
(__putshort): Likewise.
(_getlong): Likewise.
(_getshort): Likewise.
* resolv/res_debug.c (p_time): Likewise.
(precsize_ntoa): Likewise.
(precsize_aton): Likewise.
(latlon2ul): Likewise.
(loc_aton): Likewise.
(loc_ntoa): Likewise.
* resolv/res_hconf.c (struct netaddr): Likewise.
(_res_hconf_reorder_addrs): Likewise.
* sunrpc/clnt_tcp.c (clnttcp_call): Likewise.
(clnttcp_control): Likewise.
* sunrpc/clnt_udp.c (clntudp_call): Likewise.
(clntudp_control): Likewise.
* sunrpc/clnt_unix.c (clntunix_call): Likewise.
(clntunix_control): Likewise.
* sunrpc/pmap_rmt.c (clnt_broadcast): Likewise.
* sunrpc/rpc/auth.h (union des_block): Likewise.
* sunrpc/tst-udp-nonblocking.c (do_test): Likewise.
* sunrpc/xdr_rec.c (struct rec_strm): Likewise.
(xdrrec_create): Likewise.
(xdrrec_endofrecord): Likewise.
(flush_out): Likewise.
* sunrpc/xdr_stdio.c (xdrstdio_getlong): Likewise.
(xdrstdio_putlong): Likewise.
* sysdeps/unix/sysv/linux/errqueue.h (struct sock_extended_err):
Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds the remaining unchanging members (which are loaded
from /etc/resolv.conf) to struct resolv_conf.
The extended name server list is currently not used by the stub
resolver. The switch depends on a cleanup: The _u._ext.nssocks
array stores just a single socket, and needs to be replaced with
a single socket value.
(The compatibility gethostname implementation does not use the
extended addres sort list, either. Updating the compat code is
not worthwhile.)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
struct resolv_context objects provide a temporary resolver context
which does not change during a name lookup operation. Only when the
outmost context is created, the stub resolver configuration is
verified to be current (at present, only against previous res_init
calls). Subsequent attempts to obtain the context will reuse the
result of the initial verification operation.
struct resolv_context can also be extended in the future to store
data which needs to be deallocated during thread cancellation.
|
| | |
|
| |
|
|
| |
This fixes commit bee05c9d58a34ec5886faf3b56ecaa56355d94bf.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Also rename T_UNSPEC because an upcoming public header file
update will use that name.
|
| | |
|
| |
|
|
|
|
| |
In ns_name_ntop, the NS_CMPRSFLGS check is no longer needed because
labellen (called earlier) already rejects everything which is not
a plain label (compression references and extended label types).
|
| | |
|
| |
|
|
| |
The macro is never defined.
|
| | |
|
| |
|
|
|
| |
This requires additional checks for the RDATA length and the
availability of record metadata.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Previously, we allocated room in the result space before the check,
leaving uninitialized data there in case the check failed.
This also consolidates the behavior between single (A or AAAA) and
dual (A and AAAA in parallel) queries. Single queries checked
the record length against the QTYPE, not the RRTYPE.
|
| |
|
|
| |
The fix for bug 14841 only removed part of the logging.
|
| |
|
|
|
| |
In _nss_dns_getcanonname_r, a check for the availability of RR metadata
was missing as well.
|
| | |
|
| |
|
|
|
| |
The defensive copy is not needed because the name may not alias the
output buffer.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* A stack-based buffer overflow was found in libresolv when invoked from
libnss_dns, allowing specially crafted DNS responses to seize control
of execution flow in the DNS client. The buffer overflow occurs in
the functions send_dg (send datagram) and send_vc (send TCP) for the
NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC
family. The use of AF_UNSPEC triggers the low-level resolver code to
send out two parallel queries for A and AAAA. A mismanagement of the
buffers used for those queries could result in the response of a query
writing beyond the alloca allocated buffer created by
_nss_dns_gethostbyname4_r. Buffer management is simplified to remove
the overflow. Thanks to the Google Security Team and Red Hat for
reporting the security impact of this issue, and Robert Holiday of
Ciena for reporting the related bug 18665. (CVE-2015-7547)
See also:
https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
https://sourceware.org/ml/libc-alpha/2016-02/msg00418.html
|
| | |
|
| |
|
|
| |
This allows nscd to manage proper TTL for GETHOSTBYADDR[v6] requests.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
DNSSEC defines a number of response types that one me expect when the
DO bit is set. We don't process any of them, but since we do allow
setting the DO bit, skip them without logging an error since it is
only a nuisance.
Tested on x86_64.
[BZ #14841]
* resolv/gethnamaddr.c (getanswer): Skip logging if
RES_USE_DNSSEC is set.
* resolv/nss_dns/dns-host.c (getanswer_r): Likewise.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The code in gethnamaddr.c for gethostbyaddr used and set this macro to
allow multiple PTR records to be added as aliases. This was useful
for gethostbyaddr since it returns a hostent structure, which can
return aliases.
The gethnamaddr.c source however is unused in glibc since pretty much
forever. Instead, the DNS lookup bits for gethostbyaddr (as well as
getnameinfo) are implemented in dns-hosts.c and in that implementation
all but one (the first one) of the multiple PTR records are ignored.
Since gethnamaddr.c is essentially dead code, ignore that
implementation and replace the MULTI_PTRS_ARE_ALIASES bit with a
comment mentioning that bind adds PTR records as aliases while we
don't.
|
| |
|
|
|
| |
Instead of trying to guess whether the second buffer needs to be freed
set a flag at the place it is allocated
|
| |
|
|
|
| |
In resolv/nss_dns/dns-host.c one of code path duplicated code after
that. We merge these paths.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Resolves BZ #14719.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
limit
[BZ #14307]
* sysdeps/posix/getaddrinfo.c (gaih_inet): Increase the size of
the temporary buffer used to invoke __gethostbyname2_r,
__gethostbyaddr_r and gethostbyname4_r to make room for struct
host_data / struct gaih_addrtuple.
* resolv/nss_dns/dns-host.c (global scope): Move definition of
implementation constants MAX_NR_ALIASES and MAX_NR_ADDRS to
header file nss/nsswitch.h.
* nss/nsswitch.h (global scope): Add definition of implementation
constants MAX_NR_ALIASES and MAX_NR_ADDRS (moved from
resolv/nss_dns/dns-host.c).
|
| | |
|
| |
|
|
|
|
|
|
|
| |
[BZ #13928] A DNS request consists of multiple resources combined into
a single hostent, including multiple CNAME records that may have been
assigned different TTL values. In such a case, nscd should take the
least TTL among all of the resources as the timeout for the hostent
before it is reloaded in its cache so that the hostent remains stale
in the database for the least amount of time.
|
