about summary refs log tree commit diff
path: root/src/network/lookup_name.c
Commit message (Collapse)AuthorAgeFilesLines
* in hosts file lookups, honor first canonical name regardless of familyRich Felker2020-08-051-1/+1
| | | | | | | | | prior to this change, the canonical name came from the first hosts file line matching the requested family, so the canonical name for a given hostname could differ depending on whether it was requested with AF_UNSPEC or a particular family (AF_INET or AF_INET6). now, the canonical name is deterministically the first one to appear with the requested name as an alias.
* in hosts file lookups, use only first match for canonical nameRich Felker2020-08-041-2/+7
| | | | | | | | the existing code clobbered the canonical name already discovered every time another matching line was found, which will necessarily be the case when a hostname has both IPv4 and v6 definitions. patch by Wolf.
* fix handling of errors resolving one of paired A+AAAA queryRich Felker2020-05-191-4/+7
| | | | | | | | | | | | | | | | | | the old logic here likely dates back, at least in inspiration, to before it was recognized that transient errors must not be allowed to reflect the contents of successful results and must be reported to the application. here, the dns backend for getaddrinfo, when performing a paired query for v4 and v6 addresses, accepted results for one address family even if the other timed out. (the __res_msend backend does not propagate error rcodes back to the caller, but continues to retry until timeout, so other error conditions were not actually possible.) this patch moves the checks to take place before answer parsing, and performs them for each answer rather than only the answer to the first query. if nxdomain is seen it's assumed to apply to both queries since that's how dns semantics work.
* set AD bit in dns queries, suppress for internal useRich Felker2020-05-181-0/+1
| | | | | | | | | | | | | | | | | | | | the AD (authenticated data) bit in outgoing dns queries is defined by rfc3655 to request that the nameserver report (via the same bit in the response) whether the result is authenticated by DNSSEC. while all results returned by a DNSSEC conforming nameserver will be either authenticated or cryptographically proven to lack DNSSEC protection, for some applications it's necessary to be able to distinguish these two cases. in particular, conforming and compatible handling of DANE (TLSA) records requires enforcing them only in signed zones. when the AD bit was first defined for queries, there were reports of compatibility problems with broken firewalls and nameservers dropping queries with it set. these problems are probably a thing of the past, and broken nameservers are already unsupported. however, since there is no use in the AD bit with the netdb.h interfaces, explicitly clear it in the queries they make. this ensures that, even with broken setups, the standard functions will work, and at most the res_* functions break.
* overhaul internally-public declarations using wrapper headersRich Felker2018-09-121-3/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | commits leading up to this one have moved the vast majority of libc-internal interface declarations to appropriate internal headers, allowing them to be type-checked and setting the stage to limit their visibility. the ones that have not yet been moved are mostly namespace-protected aliases for standard/public interfaces, which exist to facilitate implementing plain C functions in terms of POSIX functionality, or C or POSIX functionality in terms of extensions that are not standardized. some don't quite fit this description, but are "internally public" interfacs between subsystems of libc. rather than create a number of newly-named headers to declare these functions, and having to add explicit include directives for them to every source file where they're needed, I have introduced a method of wrapping the corresponding public headers. parallel to the public headers in $(srcdir)/include, we now have wrappers in $(srcdir)/src/include that come earlier in the include path order. they include the public header they're wrapping, then add declarations for namespace-protected versions of the same interfaces and any "internally public" interfaces for the subsystem they correspond to. along these lines, the wrapper for features.h is now responsible for the definition of the hidden, weak, and weak_alias macros. this means source files will no longer need to include any special headers to access these features. over time, it is my expectation that the scope of what is "internally public" will expand, reducing the number of source files which need to include *_impl.h and related headers down to those which are actually implementing the corresponding subsystems, not just using them.
* move __res_msend_rc declaration to lookup.hRich Felker2018-09-121-1/+0
| | | | | | unlike the other res/dn functions, this one is tied to struct resolvconf which is not a public interface, so put it in the private header for its subsystem.
* move and deduplicate declarations of __dns_parse to make it checkableRich Felker2018-09-121-1/+0
| | | | | | the source file for this function is completely standalone, but it doesn't seem worth adding a header just for it, so declare it in lookup.h for now.
* fix stack-based oob memory clobber in resolver's result sortingRich Felker2018-09-021-1/+1
| | | | | | | commit 4f35eb7591031a1e5ef9828f9304361f282f28b9 introduced this bug. it is not present in any released versions. inadvertent use of the & operator on an array into which we're indexing produced arithmetic on the wrong-type pointer, with undefined behavior.
* resolver: don't depend on v4mapped ipv6 to probe routability of v4 addrsRich Felker2018-07-111-15/+32
| | | | | | | | | | | | | | | | | | to produce sorted results roughly corresponding to RFC 3484/6724, __lookup_name computes routability and choice of source address via dummy UDP connect operations (which do not produce any packets). since at the logical level, the properties fed into the sort key are computed on ipv6 addresses, the code was written to use the v4mapped ipv6 form of ipv4 addresses and share a common code path for them all. however, on kernels where ipv6 support has been completely omitted, this causes ipv4 to appear equally unroutable as ipv6, thereby putting unreachable ipv6 addresses before ipv4 addresses in the results. instead, use only ipv4 sockets to compute routability for ipv4 addresses. some gratuitous conversion back and forth is left so that the logic is not affected by these changes. it may be possible to simplify the ipv4 case considerably, thereby reducing code size and complexity.
* resolver: omit final dot (root/suppress-search) in canonical nameRich Felker2018-06-261-0/+4
| | | | | | | | | | | | | | | | | | | | | | if a final dot was included in the queried host name to anchor it to the dns root/suppress search domains, and the result was not a CNAME, the returned canonical name included the final dot. this was not consistent with other implementations, confused some applications, and does not seem desirable. POSIX specifies returning a pointer to, or to a copy of, the input nodename, when the canonical name is not available, but does not attempt to specify what constitutes "not available". in the case of search, we already have an implementation-defined "availability" of a canonical name as the fully-qualified name resulting from search, so defining it similarly in the no-search case seems reasonable in addition to being consistent with other implementations. as a bonus, fix the case where more than one trailing dot is included, since otherwise the changes made here would wrongly cause lookups with two trailing dots to succeed. previously this case resulted in malformed dns queries and produced EAI_AGAIN after a timeout. now it fails immediately with EAI_NONAME.
* in dns parsing callback, enforce MAXADDRS to preclude overflowRich Felker2017-10-181-0/+1
| | | | | | | | | | | MAXADDRS was chosen not to need enforcement, but the logic used to compute it assumes the answers received match the RR types of the queries. specifically, it assumes that only one replu contains A record answers. if the replies to both the A and the AAAA query have their answer sections filled with A records, MAXADDRS can be exceeded and clobber the stack of the calling function. this bug was found and reported by Felix Wilhelm.
* fix read past end of buffer in getaddrinfo backendRich Felker2017-04-111-2/+2
| | | | | | | | | | | | | | due to testing buf[i].family==AF_INET before checking i==cnt, it was possible to read past the end of the array, or past the valid part. in practice, without active bounds/indeterminate-value checking by the compiler, the worst that happened was failure to return early and optimize out the sorting that's unneeded for v4-only results. returning on i==cnt-1 rather than i==cnt would be an alternate fix, but the approach this patch takes is more idiomatic and less error-prone. patch by Timo Teräs.
* refactor name_from_dns in hostname lookup backendNatanael Copa2016-06-291-14/+13
| | | | | loop over an address family / resource record mapping to avoid repetitive code.
* in performing dns lookups, check result from res_mkqueryNatanael Copa2016-06-291-0/+4
| | | | don't send a query that may be malformed.
* handle non-matching address family entries in hosts fileRich Felker2016-03-021-3/+11
| | | | | | | | | | | | | name_from_hosts failed to account for the possibility of an address family error from name_from_numeric, wrongly counting such a return as success and using the uninitialized address data as part of the results passed up to the caller. non-matching address family entries cannot simply be ignored or results would be inconsistent with respect to whether AF_UNSPEC or a specific address family is queried. instead, record that a non-matching entry was seen, and fail the lookup with EAI_NONAME of no matching-family entries are found.
* reuse parsed resolv.conf in dns core to avoid re-reading/re-parsingRich Felker2016-01-281-5/+6
|
* add support for search domains to dns resolverRich Felker2016-01-281-1/+41
| | | | | | | | | | | | | search is only performed if the search or domain keyword is used in resolv.conf and the queried name has fewer than ndots dots. there is no default domain and names with >=ndots dots are never subjected to search; failure in the root scope is final. the (non-POSIX) res_search API presently does not honor search. this may be added at some point in the future if needed. resolv.conf is now parsed twice, at two different layers of the code involved. this will be fixed in a subsequent patch.
* fix handling of dns response codesRich Felker2016-01-281-1/+2
| | | | | | | | | | | | | | | rcode of 3 (NxDomain) was treated as a hard EAI_NONAME failure, but it should instead return 0 (no results) so the caller can continue searching. this will be important for adding search domain support. the top-level caller will automatically return EAI_NONAME if there are zero results at the end. also, the case where rcode is 0 (success) but there are no results was not handled. this happens when the domain exists but there are no A or AAAA records for it. in this case a hard EAI_NONAME should be imposed to inhibit further search, since the name was defined and just does not have any address associated with it. previously a misleading hard failure of EAI_FAIL was reported.
* safely handle failure to open hosts, services, resolv.conf filesRich Felker2015-10-261-1/+9
| | | | | | | | | | | | | | | | | | | | previously, transient failures like fd exhaustion or other resource-related errors were treated the same as non-existence of these files, leading to fallbacks or false-negative results. in particular: - failure to open hosts resulted in fallback to dns, possibly yielding EAI_NONAME for a hostname that should be defined locally, or an unwanted result from dns that the hosts file was intended to replace. - failure to open services resulted in EAI_SERVICE. - failure to open resolv.conf resulted in querying localhost rather than the configured nameservers. now, only permanent errors trigger the fallback behaviors above; all other errors are reportable to the caller as EAI_SYSTEM.
* implement result address sorting in the resolver (getaddrinfo, etc.)Rich Felker2014-06-211-0/+135
|
* accept trailing . and empty domain namesSzabolcs Nagy2014-06-061-3/+4
| | | | | | trailing . should be accepted in domain name strings by convention (RFC 1034), host name lookup accepts "." but rejects empty "", res_* interfaces also accept empty name following existing practice.
* fix the domain name length limit checksSzabolcs Nagy2014-06-051-2/+2
| | | | | A domain name is at most 255 bytes long (RFC 1035), but the string representation is two bytes smaller so the strlen maximum is 253.
* add support for reverse name lookups from hosts file to getnameinfoRich Felker2014-06-041-38/+3
| | | | | | | | | | | this also affects the legacy gethostbyaddr family, which uses getnameinfo as its backend. some other minor changes associated with the refactoring of source files are also made; in particular, the resolv.conf parser now uses the same code that's used elsewhere to handle ip literals, so as a side effect it can now accept a scope id for nameserver addressed with link-local scope.
* add support for ipv6 scope_id to getaddrinfo and getnameinfoRich Felker2014-06-041-4/+27
| | | | | | | | | | | | | | | | | | | | for all address types, a scope_id specified as a decimal value is accepted. for addresses with link-local scope, a string containing the interface name is also accepted. some changes are made to error handling to avoid unwanted fallbacks in the case where the scope_id is invalid: if an earlier name lookup backend fails with an error rather than simply "0 results", this failure now suppresses any later attempts with other backends. in getnameinfo, a light "itoa" type function is added for generating decimal scope_id results, and decimal port strings for services are also generated using this function now so as not to pull in the dependency on snprintf. in netdb.h, a definition for the NI_NUMERICSCOPE flag is added. this is required by POSIX (it was previously missing) and needed to allow callers to suppress interface-name lookups.
* fix negative response and non-response handling for dns queriesRich Felker2014-06-031-1/+4
| | | | | | | | | previously, all failures to obtain at least one address were treated as nonexistant names (EAI_NONAME). this failed to account for the possibility of transient failures (no response at all, or a response with rcode of 2, server failure) or permanent failures that do not indicate the nonexistence of the requested name. only an rcode of 3 should be treated as an indication of nonexistence.
* remove cruft from old resolver and numeric ip parsingRich Felker2014-06-021-1/+3
| | | | | | | | | the old resolver code used a function __ipparse which contained the logic for inet_addr and inet_aton, which is needed in getaddrinfo. this was phased out in the resolver overhaul in favor of directly using inet_aton and inet_pton as appropriate. this commit cleans up some stuff that was left behind.
* switch standard resolver functions to use the new dns backendRich Felker2014-06-021-21/+61
| | | | | | | | | | this is the third phase of the "resolver overhaul" project. this commit removes all of the old dns code, and switches the __lookup_name backend (used by getaddrinfo, etc.) and the getnameinfo function to use the newly implemented __res_mkquery and __res_msend interfaces. for parsing the results, a new callback-based __dns_parse function, based on __dns_get_rr from the old dns code, is used.
* fix off-by-one in checking hostname length in new resolver backendRich Felker2014-06-021-2/+2
| | | | | | | | | this bug was introduced in the recent resolver overhaul commits. it likely had visible symptoms. these were probably limited to wrongly accepting truncated versions of over-long names (vs rejecting them), as opposed to stack-based overflows or anything more severe, but no extensive checks were made. there have been no releases where this bug was present.
* refactor getaddrinfo and add support for most remaining featuresRich Felker2014-05-311-0/+168
this is the first phase of the "resolver overhaul" project. conceptually, the results of getaddrinfo are a direct product of a list of address results and a list of service results. the new code makes this explicit by computing these lists separately and combining the results. this adds support for services that have both tcp and udp versions, where the caller has not specified which it wants, and eliminates a number of duplicate code paths which were all producing the final output addrinfo structures, but in subtly different ways, making it difficult to implement any of the features which were missing. in addition to the above benefits, the refactoring allows for legacy functions like gethostbyname to be implemented without using the getaddrinfo function itself. such changes to the legacy functions have not yet been made, however. further improvements include matching of service alias names from /etc/services (previously only the primary name was supported), returning multiple results from /etc/hosts (previously only the first matching line was honored), and support for the AI_V4MAPPED and AI_ALL flags. features which remain unimplemented are IDN translations (encoding non-ASCII hostnames for DNS lookup) and the AI_ADDRCONFIG flag. at this point, the DNS-based name resolving code is still based on the old interfaces in __dns.c, albeit somewhat simpler in its use of them. there may be some dead code which could already be removed, but changes to this layer will be a later phase of the resolver overhaul.