aboutsummaryrefslogtreecommitdiff
path: root/resolv/nss_dns
AgeCommit message (Collapse)AuthorFilesLines
2024-01-01Update copyright dates with scripts/update-copyrightsPaul Eggert3-3/+3
2023-09-13CVE-2023-4527: Stack read overflow with large TCP responses in no-aaaa modeFlorian Weimer1-1/+1
Without passing alt_dns_packet_buffer, __res_context_search can only store 2048 bytes (what fits into dns_packet_buffer). However, the function returns the total packet size, and the subsequent DNS parsing code in _nss_dns_gethostbyname4_r reads beyond the end of the stack-allocated buffer. Fixes commit f282cdbe7f436c75864e5640a4 ("resolv: Implement no-aaaa stub resolver option") and bug 30842.
2023-08-14resolv/nss_dns/dns-host: Get rid of alloca.Joe Simmons-Talbott1-2/+2
Since the alloca is a small constant size use an array instead. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2023-06-02Fix all the remaining misspellings -- BZ 25337Paul Pluzhnikov1-3/+3
2023-01-06Update copyright dates with scripts/update-copyrightsJoseph Myers3-3/+3
2022-08-30nss_dns: Rewrite _nss_dns_gethostbyname4_r using current interfacesFlorian Weimer1-281/+162
Introduce struct alloc_buffer to this function, and use it and struct ns_rr_cursor in gaih_getanswer_slice. Adjust gaih_getanswer and gaih_getanswer_noaaaa accordingly. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2022-08-30nss_dns: In gaih_getanswer_slice, skip strange aliases (bug 12154)Florian Weimer1-4/+4
If the name is not a host name, skip adding it to the result, instead of reporting query failure. This fixes bug 12154 for getaddrinfo. This commit still keeps the old parsing code, and only adjusts when a host name is copied. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2022-08-30nss_dns: Rewrite getanswer_r to match getanswer_ptr (bug 12154, bug 29305)Florian Weimer1-298/+180
Allocate the pointer arrays only at the end, when their sizes are known. This addresses bug 29305. Skip over invalid names instead of failing lookups. This partially fixes bug 12154 (for gethostbyname, fixing getaddrinfo requires different changes). Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2022-08-30nss_dns: Remove remnants of IPv6 address mappingFlorian Weimer1-45/+9
res_use_inet6 always returns false since commit 3f8b44be0a658266adff5 ("resolv: Remove support for RES_USE_INET6 and the inet6 option"). Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2022-08-30nss_dns: Rewrite _nss_dns_gethostbyaddr2_r and getanswer_ptrFlorian Weimer1-303/+102
The simplification takes advantage of the split from getanswer_r. It fixes various aliases issues, and optimizes NSS buffer usage. The new DNS packet parsing helpers are used, too. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2022-08-30nss_dns: Split getanswer_ptr from getanswer_rFlorian Weimer1-52/+268
And expand the use of name_ok and qtype in getanswer_ptr (the former also in getanswer_r). After further cleanups, not much code will be shared between the two functions. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2022-06-24resolv: Implement no-aaaa stub resolver optionFlorian Weimer1-6/+46
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2022-04-13Replace {u}int_fast{16|32} with {u}int32_tNoah Goldstein1-1/+1
On 32-bit machines this has no affect. On 64-bit machines {u}int_fast{16|32} are set as {u}int64_t which is often not ideal. Particularly x86_64 this change both saves code size and may save instruction cost. Full xcheck passes on x86_64.
2022-01-01Update copyright dates with scripts/update-copyrightsPaul Eggert3-3/+3
I used these shell commands: ../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright (cd ../glibc && git commit -am"[this commit message]") and then ignored the output, which consisted lines saying "FOO: warning: copyright statement not found" for each of 7061 files FOO. I then removed trailing white space from math/tgmath.h, support/tst-support-open-dev-null-range.c, and sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following obscure pre-commit check failure diagnostics from Savannah. I don't know why I run into these diagnostics whereas others evidently do not. remote: *** 912-#endif remote: *** 913: remote: *** 914- remote: *** error: lines with trailing whitespace found ... remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
2021-09-03Remove "Contributed by" linesSiddhesh Poyarekar3-3/+0
We stopped adding "Contributed by" or similar lines in sources in 2012 in favour of git logs and keeping the Contributors section of the glibc manual up to date. Removing these lines makes the license header a bit more consistent across files and also removes the possibility of error in attribution when license blocks or files are copied across since the contributed-by lines don't actually reflect reality in those cases. Move all "Contributed by" and similar lines (Written by, Test by, etc.) into a new file CONTRIBUTED-BY to retain record of these contributions. These contributors are also mentioned in manual/contrib.texi, so we just maintain this additional record as a courtesy to the earlier developers. The following scripts were used to filter a list of files to edit in place and to clean up the CONTRIBUTED-BY file respectively. These were not added to the glibc sources because they're not expected to be of any use in future given that this is a one time task: https://gist.github.com/siddhesh/b5ecac94eabfd72ed2916d6d8157e7dc https://gist.github.com/siddhesh/15ea1f5e435ace9774f485030695ee02 Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2021-07-19resolv: Move nss_dns into libcFlorian Weimer3-36/+31
No abilist updates are needed because the symbols were GLIBC_PRIVATE. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
2021-07-19resolv: Move dn_skipname to its own file and into libcFlorian Weimer2-3/+3
And reformat it to GNU style. dn_skipname is used outside glibc, so do not deprecate it, and export it as dn_skipname (not __dn_skipname). Due to internal users, provide a __libc_dn_skipname alias, and keep __dn_skipname as a pure compatibility symbol. __dn_skipname@GLIBC_2.0 was moved using the script, and dn_skipname@@GLIBC_2.34 was added using make update-all-abi. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
2021-07-19resolv: Move dn_expand to its own file and into libcFlorian Weimer1-2/+2
And reformat to GNU style. This switches back to the dn_expand name for the ABI symbol and turns __dn_expand into a compatibility symbol. With the improved namespace management in current glibc, it is no longer necessary to use a private namespace symbol. To avoid old code binding to a GLIBC_PRIVATE symbol by accident, use __libc_dn_expand for the internal symbol name. The symbols dn_expand, __dnexpand were moved using scripts/move-symbol-to-libc.py, followed by an adjustment to make dn_expand the only GLIBC_2.34 symbol. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
2021-07-15nss_dns: Do not use deprecated packet parsing functionsFlorian Weimer2-21/+20
Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
2021-01-02Update copyright dates with scripts/update-copyrightsPaul Eggert3-3/+3
I used these shell commands: ../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright (cd ../glibc && git commit -am"[this commit message]") and then ignored the output, which consisted lines saying "FOO: warning: copyright statement not found" for each of 6694 files FOO. I then removed trailing white space from benchtests/bench-pthread-locks.c and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this diagnostic from Savannah: remote: *** pre-commit check failed ... remote: *** error: lines with trailing whitespace found remote: error: hook declined to update refs/heads/master
2020-02-13nss_dns: Use NSS_DECLARE_MODULE_FUNCTIONSFlorian Weimer3-0/+6
Reviewed-by: DJ Delorie <dj@redhat.com>
2020-01-01Update copyright dates with scripts/update-copyrights.Joseph Myers3-3/+3
2019-09-07Prefer https to http for gnu.org and fsf.org URLsPaul Eggert3-3/+3
Also, change sources.redhat.com to sourceware.org. This patch was automatically generated by running the following shell script, which uses GNU sed, and which avoids modifying files imported from upstream: sed -ri ' s,(http|ftp)(://(.*\.)?(gnu|fsf|sourceware)\.org($|[^.]|\.[^a-z])),https\2,g s,(http|ftp)(://(.*\.)?)sources\.redhat\.com($|[^.]|\.[^a-z]),https\2sourceware.org\4,g ' \ $(find $(git ls-files) -prune -type f \ ! -name '*.po' \ ! -name 'ChangeLog*' \ ! -path COPYING ! -path COPYING.LIB \ ! -path manual/fdl-1.3.texi ! -path manual/lgpl-2.1.texi \ ! -path manual/texinfo.tex ! -path scripts/config.guess \ ! -path scripts/config.sub ! -path scripts/install-sh \ ! -path scripts/mkinstalldirs ! -path scripts/move-if-change \ ! -path INSTALL ! -path locale/programs/charmap-kw.h \ ! -path po/libc.pot ! -path sysdeps/gnu/errlist.c \ ! '(' -name configure \ -execdir test -f configure.ac -o -f configure.in ';' ')' \ ! '(' -name preconfigure \ -execdir test -f preconfigure.ac ';' ')' \ -print) and then by running 'make dist-prepare' to regenerate files built from the altered files, and then executing the following to cleanup: chmod a+x sysdeps/unix/sysv/linux/riscv/configure # Omit irrelevant whitespace and comment-only changes, # perhaps from a slightly-different Autoconf version. git checkout -f \ sysdeps/csky/configure \ sysdeps/hppa/configure \ sysdeps/riscv/configure \ sysdeps/unix/sysv/linux/csky/configure # Omit changes that caused a pre-commit check to fail like this: # remote: *** error: sysdeps/powerpc/powerpc64/ppc-mcount.S: trailing lines git checkout -f \ sysdeps/powerpc/powerpc64/ppc-mcount.S \ sysdeps/unix/sysv/linux/s390/s390-64/syscall.S # Omit change that caused a pre-commit check to fail like this: # remote: *** error: sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S: last line does not end in newline git checkout -f sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S
2019-05-24nss_dns: Check for proper A/AAAA address alignmentFlorian Weimer1-2/+13
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2019-04-11nss_dns: Do not replace root domain with empty stringFlorian Weimer2-6/+0
The purpose of the bp[0] == '.' check is unclear. Only the root domain starts with '.'. The empty string is accepted as a domain name in many places, denoting the root, but using it implicitly is confusing.
2019-01-21resolv: Do not send queries for non-host-names in nss_dns [BZ #24112]Florian Weimer1-2/+22
Before this commit, nss_dns would send a query which did not contain a host name as the query name (such as invalid\032name.example.com) and then reject the answer in getanswer_r and gaih_getanswer_slice, using a check based on res_hnok. With this commit, no query is sent, and a host-not-found error is returned to NSS without network interaction.
2019-01-01Update copyright dates with scripts/update-copyrights.Joseph Myers3-3/+3
* All files with FSF copyright notices: Update copyright dates using scripts/update-copyrights. * locale/programs/charmap-kw.h: Regenerated. * locale/programs/locfile-kw.h: Likewise.
2018-01-01Update copyright dates with scripts/update-copyrights.Joseph Myers3-3/+3
* All files with FSF copyright notices: Update copyright dates using scripts/update-copyrights. * locale/programs/charmap-kw.h: Regenerated. * locale/programs/locfile-kw.h: Likewise.
2017-09-26resolv/nss_dns/dns-host.c: Fix typo in commentFlorian Weimer1-1/+2
And only the resolv/map*.h actually contain implementations.
2017-09-06nss_dns: Remove dead PTR IPv4-to-IPv6 mapping codeFlorian Weimer1-13/+0
2017-08-07Consistently use uintN_t not u_intN_t everywhere.Joseph Myers1-2/+2
This patch changes the remaining uses of the old nonstandard u_intN_t types in glibc to use the C99 uintN_t instead, except for the definitions of those typedefs and the tests of them in the c++-types test. This follows the previous such fix for libm, and being consistent in using uintN_t makes sense as a global cleanup. Tested for x86_64, and with build-many-glibcs.py. * catgets/catgets.c (catgets): Use uintN_t instead of u_intN_t. * catgets/catgetsinfo.h (struct catalog_obj): Likewise. (struct catalog_info): Likewise. * inet/htontest.c (lo): Likewise. (foo): Likewise. * inet/inet_lnaof.c (inet_lnaof): Likewise. * inet/inet_net.c (inet_network): Likewise. * inet/inet_netof.c (inet_netof): Likewise. * inet/rcmd.c (__ivaliduser): Likewise. (iruserok): Likewise. * locale/loadlocale.c (_nl_intern_locale_data): Likewise. * locale/programs/locale-spec.c (locale_special): Likewise. * nis/nis_findserv.c (struct findserv_req): Likewise. (__nis_findfastest_with_timeout): Likewise. * nss/test-netdb.c (test_network): Likewise. * resolv/inet_neta.c (inet_neta): Likewise. * resolv/ns_date.c (ns_datetosecs): Likewise. (SECS_PER_DAY): Likewise. * resolv/nss_dns/dns-network.c (_nss_dns_getnetbyaddr_r): Likewise. * resolv/res_comp.c (__putlong): Likewise. (__putshort): Likewise. (_getlong): Likewise. (_getshort): Likewise. * resolv/res_debug.c (p_time): Likewise. (precsize_ntoa): Likewise. (precsize_aton): Likewise. (latlon2ul): Likewise. (loc_aton): Likewise. (loc_ntoa): Likewise. * resolv/res_hconf.c (struct netaddr): Likewise. (_res_hconf_reorder_addrs): Likewise. * sunrpc/clnt_tcp.c (clnttcp_call): Likewise. (clnttcp_control): Likewise. * sunrpc/clnt_udp.c (clntudp_call): Likewise. (clntudp_control): Likewise. * sunrpc/clnt_unix.c (clntunix_call): Likewise. (clntunix_control): Likewise. * sunrpc/pmap_rmt.c (clnt_broadcast): Likewise. * sunrpc/rpc/auth.h (union des_block): Likewise. * sunrpc/tst-udp-nonblocking.c (do_test): Likewise. * sunrpc/xdr_rec.c (struct rec_strm): Likewise. (xdrrec_create): Likewise. (xdrrec_endofrecord): Likewise. (flush_out): Likewise. * sunrpc/xdr_stdio.c (xdrstdio_getlong): Likewise. (xdrstdio_putlong): Likewise. * sysdeps/unix/sysv/linux/errqueue.h (struct sock_extended_err): Likewise.
2017-07-03resolv: Mirror the entire resolver configuration in struct resolv_confFlorian Weimer1-15/+22
This commit adds the remaining unchanging members (which are loaded from /etc/resolv.conf) to struct resolv_conf. The extended name server list is currently not used by the stub resolver. The switch depends on a cleanup: The _u._ext.nssocks array stores just a single socket, and needs to be replaced with a single socket value. (The compatibility gethostname implementation does not use the extended addres sort list, either. Updating the compat code is not worthwhile.)
2017-07-03resolv: Introduce struct resolv_context [BZ #21668]Florian Weimer3-49/+95
struct resolv_context objects provide a temporary resolver context which does not change during a name lookup operation. Only when the outmost context is created, the stub resolver configuration is verified to be current (at present, only against previous res_init calls). Subsequent attempts to obtain the context will reuse the result of the initial verification operation. struct resolv_context can also be extended in the future to store data which needs to be deallocated during thread cancellation.
2017-06-19resolv: Report allocation errors in __res_vinitFlorian Weimer2-5/+25
2017-04-19nss_dns: Correct parentheses for the __glibc_unlikely argumentFlorian Weimer1-1/+1
This fixes commit bee05c9d58a34ec5886faf3b56ecaa56355d94bf.
2017-04-19resolv: Replace __builtin_expect with __glibc_unlikely/__glibc_likelyFlorian Weimer1-16/+27
2017-04-04nss_dns: Replace local declarations with declarations from a header fileFlorian Weimer2-14/+2
2017-04-04nss_dns: Remove superfluous dn_expand call from network handlingFlorian Weimer1-5/+3
2017-01-01Update copyright dates with scripts/update-copyrights.Joseph Myers3-3/+3
2016-12-31CVE-2015-5180: resolv: Fix crash with internal QTYPE [BZ #18784]Florian Weimer1-1/+1
Also rename T_UNSPEC because an upcoming public header file update will use that name.
2016-12-31resolv: Deprecate the "inet6" option and RES_USE_INET6 [BZ #19582]Florian Weimer1-14/+4
2016-10-07resolv: Remove RES_USEBSTRING and its implementation [BZ #20629]Florian Weimer1-14/+0
In ns_name_ntop, the NS_CMPRSFLGS check is no longer needed because labellen (called earlier) already rejects everything which is not a plain label (compression references and extended label types).
2016-10-07resolv: Remove RES_NOIP6DOTINT and its implementationFlorian Weimer1-8/+0
2016-04-28resolv: Remove SUNSECURITY preprocessor conditionalsFlorian Weimer1-5/+0
The macro is never defined.
2016-04-28resolv: Remove RESOLVSORT preprocess conditionalsFlorian Weimer1-4/+0
2016-04-27nss_dns: Skip over non-PTR records in the netent code [BZ #19868]Florian Weimer1-2/+18
This requires additional checks for the RDATA length and the availability of record metadata.
2016-04-27nss_dns: Remove custom offsetof macro definitionFlorian Weimer1-3/+1
2016-04-27nss_dns: Check address length before creating addrinfo result [BZ #19831]Florian Weimer1-20/+39
Previously, we allocated room in the result space before the check, leaving uninitialized data there in case the check failed. This also consolidates the behavior between single (A or AAAA) and dual (A and AAAA in parallel) queries. Single queries checked the record length against the QTYPE, not the RRTYPE.
2016-04-27resolv, nss_dns: Remove remaining syslog logging [BZ #19862]Florian Weimer1-22/+0
The fix for bug 14841 only removed part of the logging.
2016-04-27nss_dns: Validate RDATA length against packet length [BZ #19830]Florian Weimer2-3/+28
In _nss_dns_getcanonname_r, a check for the availability of RR metadata was missing as well.