From 820bb23ff074db8255217ab01b51f28c96ec76a9 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Thu, 15 Jul 2021 08:28:50 +0200 Subject: resolv: Move ns_name_unpack to its own file and into libc Reformat to GNU style. Avoid out-of-bounds buffer arithmetic. Eliminate the labellen function. The symbol was moved using scripts/move-symbol-to-libc.py. Reviewed-by: Carlos O'Donell Tested-by: Carlos O'Donell --- resolv/Makefile | 1 + resolv/Versions | 5 ++- resolv/ns_name.c | 81 ---------------------------------- resolv/ns_name_unpack.c | 115 ++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 119 insertions(+), 83 deletions(-) create mode 100644 resolv/ns_name_unpack.c (limited to 'resolv') diff --git a/resolv/Makefile b/resolv/Makefile index bb16175..469a9a5 100644 --- a/resolv/Makefile +++ b/resolv/Makefile @@ -33,6 +33,7 @@ routines := \ inet_ntop \ inet_pton \ ns_name_ntop \ + ns_name_unpack \ nsap_addr \ res-close \ res-state \ diff --git a/resolv/Versions b/resolv/Versions index 4bf1a13..9b5c4d9 100644 --- a/resolv/Versions +++ b/resolv/Versions @@ -26,6 +26,7 @@ libc { } GLIBC_2.9 { ns_name_ntop; + ns_name_unpack; } GLIBC_2.34 { %if PTHREAD_IN_LIBC @@ -35,6 +36,7 @@ libc { getaddrinfo_a; %endif ns_name_ntop; + ns_name_unpack; } GLIBC_PRIVATE { %if !PTHREAD_IN_LIBC @@ -45,6 +47,7 @@ libc { __inet_pton_length; __res_iclose; __ns_name_ntop; + __ns_name_unpack; __resolv_context_get; __resolv_context_get_override; __resolv_context_get_preinit; @@ -147,7 +150,6 @@ libresolv { ns_name_rollback; ns_name_skip; ns_name_uncompress; - ns_name_unpack; ns_parse_ttl; ns_parserr; ns_put16; @@ -162,7 +164,6 @@ libresolv { GLIBC_PRIVATE { __ns_get16; __ns_get32; - __ns_name_unpack; __res_context_hostalias; __res_context_query; __res_context_search; diff --git a/resolv/ns_name.c b/resolv/ns_name.c index 4990003..a0d541f 100644 --- a/resolv/ns_name.c +++ b/resolv/ns_name.c @@ -218,87 +218,6 @@ ns_name_ntol(const u_char *src, u_char *dst, size_t dstsiz) } /*% - * Unpack a domain name from a message, source may be compressed. - * - * return: - *\li -1 if it fails, or consumed octets if it succeeds. - */ -int -ns_name_unpack(const u_char *msg, const u_char *eom, const u_char *src, - u_char *dst, size_t dstsiz) -{ - const u_char *srcp, *dstlim; - u_char *dstp; - int n, len, checked, l; - - len = -1; - checked = 0; - dstp = dst; - srcp = src; - dstlim = dst + dstsiz; - if (srcp < msg || srcp >= eom) { - __set_errno (EMSGSIZE); - return (-1); - } - /* Fetch next label in domain name. */ - while ((n = *srcp++) != 0) { - /* Check for indirection. */ - switch (n & NS_CMPRSFLGS) { - case 0: - /* Limit checks. */ - if ((l = labellen(srcp - 1)) < 0) { - __set_errno (EMSGSIZE); - return(-1); - } - if (dstp + l + 1 >= dstlim || srcp + l >= eom) { - __set_errno (EMSGSIZE); - return (-1); - } - checked += l + 1; - *dstp++ = n; - memcpy(dstp, srcp, l); - dstp += l; - srcp += l; - break; - - case NS_CMPRSFLGS: - if (srcp >= eom) { - __set_errno (EMSGSIZE); - return (-1); - } - if (len < 0) - len = srcp - src + 1; - srcp = msg + (((n & 0x3f) << 8) | (*srcp & 0xff)); - if (srcp < msg || srcp >= eom) { /*%< Out of range. */ - __set_errno (EMSGSIZE); - return (-1); - } - checked += 2; - /* - * Check for loops in the compressed name; - * if we've looked at the whole message, - * there must be a loop. - */ - if (checked >= eom - msg) { - __set_errno (EMSGSIZE); - return (-1); - } - break; - - default: - __set_errno (EMSGSIZE); - return (-1); /*%< flag error */ - } - } - *dstp = '\0'; - if (len < 0) - len = srcp - src; - return (len); -} -libresolv_hidden_def (ns_name_unpack) -strong_alias (ns_name_unpack, __ns_name_unpack) - -/*% * Pack domain name 'domain' into 'comp_dn'. * * return: diff --git a/resolv/ns_name_unpack.c b/resolv/ns_name_unpack.c new file mode 100644 index 0000000..1c1dd3e --- /dev/null +++ b/resolv/ns_name_unpack.c @@ -0,0 +1,115 @@ +/* De-compressing DNS domain names into binary-encoded uncompressed name. + * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") + * Copyright (c) 1996,1999 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include +#include +#include + +/* Unpack a domain name from a message, source may be compressed. + Returns -1 if it fails, or consumed octets if it succeeds. */ +int +___ns_name_unpack (const unsigned char *msg, const unsigned char *eom, + const unsigned char *src, unsigned char *dst, size_t dstsiz) +{ + const unsigned char *srcp, *dstlim; + unsigned char *dstp; + int n, len, checked; + + len = -1; + checked = 0; + dstp = dst; + srcp = src; + dstlim = dst + dstsiz; + if (srcp < msg || srcp >= eom) + { + __set_errno (EMSGSIZE); + return -1; + } + /* Fetch next label in domain name. */ + while ((n = *srcp++) != 0) + { + /* Check for indirection. */ + switch (n & NS_CMPRSFLGS) + { + case 0: + /* Limit checks. */ + if (n >= 64) + { + __set_errno (EMSGSIZE); + return -1; + } + /* NB: n + 1 and >= to cover the *dstp = '\0' assignment + below. */ + if (n + 1 >= dstlim - dstp || n >= eom - srcp) + { + __set_errno (EMSGSIZE); + return -1; + } + checked += n + 1; + *dstp++ = n; + memcpy (dstp, srcp, n); + dstp += n; + srcp += n; + break; + + case NS_CMPRSFLGS: + if (srcp >= eom) + { + __set_errno (EMSGSIZE); + return -1; + } + if (len < 0) + len = srcp - src + 1; + { + int target = ((n & 0x3f) << 8) | *srcp; + if (target >= eom - msg) + { + /* Out of range. */ + __set_errno (EMSGSIZE); + return -1; + } + srcp = msg + target; + } + checked += 2; + /* Check for loops in the compressed name; if we've looked + at the whole message, there must be a loop. */ + if (checked >= eom - msg) + { + __set_errno (EMSGSIZE); + return -1; + } + break; + + default: + __set_errno (EMSGSIZE); + return -1; + } + } + *dstp = '\0'; + if (len < 0) + len = srcp - src; + return len; +} +versioned_symbol (libc, ___ns_name_unpack, ns_name_unpack, GLIBC_2_34); +versioned_symbol (libc, ___ns_name_unpack, __ns_name_unpack, GLIBC_PRIVATE); +libc_hidden_ver (___ns_name_unpack, __ns_name_unpack) + +#if OTHER_SHLIB_COMPAT (libresolv, GLIBC_2_9, GLIBC_2_34) +compat_symbol (libresolv, ___ns_name_unpack, ns_name_unpack, GLIBC_2_9); +#endif -- cgit v1.1