We might have some leftover data in bio buffer that we received
before pausing, we need to do tls_do_bio to make sure we call
the recv() callback on it.
- add isc_nm_tlsdnsconnect() function
- add "+[no]tls" option to dig to enable TLS mode
- override the default port number in dig from 53 to 853 when using TLS
Add an optional SSL_CTX argument to isc_nm_listentcpdns - if not NULL,
use isc_nm_listentls instead of isc_nm_listentcp to listen on a TLS
socket for DoT.
Add server-side TLS support to netmgr - that includes moving some of the isc_nm_
functions from tcp.c to a wrapper in netmgr.c calling a proper tcp or tls
function, and a new isc_nm_listentls function.
if more than 10 seconds pass while we wait for netmgr
events to finish running on shutdown, something is almost
certainly wrong and we should assert and crash.
this function sets up a UDP socket, connected to a specified peer
address, then immediately calls a callback with a handle so that
the caller can begin sending.
It was discovered, that some systems might set EPROTO instead of EACCESS
on recvmsg() call causing spurious syslog messages from the socket
code. This commit returns soft handling of EPROTO errno code to the
socket code. [GL #1928]
When calculating the new hashtable bitsize, there was an off-by-one
error that would allow the new bitsize to be larger than maximum allowed
causing assertion failure in the rehash() function.
The rbtdb version glue_table has been refactored similarly to rbt.c hash
table, so it does use 32-bit hash function return values and apply
Fibonacci Hashing to lookup the index to the hash table instead of
modulo. For more details, see the lib/dns/rbt.c commit log.
Shifting (signed) integer left could trigger undefined behaviour when
the shifted value would overflow into the sign bit (e.g. 2048).
The issue was found when using AFL++ and UBSAN:
message.c:2274:33: runtime error: left shift of 2048 by 20 places cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior message.c:2274:33 in
sockaddr.c:147:49: error: pointer targets in passing argument 2 of ‘isc__buffer_putmem’ differ in signedness
rdata.c:1780:30: error: pointer targets in passing argument 2 of ‘isc__buffer_putmem’ differ in signedness
This commit updates and simplifies the checks for the readline support
in nslookup and nsupdate:
* Change the autoconf checks to pkg-config only, all supported
libraries have accompanying .pc files now.
* Add editline support in addition to libedit and GNU readline
* Add isc/readline.h shim header that defines dummy readline()
function when no readline library is available
base32_decode_char() added a extra zero octet to the output
if the fifth character was a pad character. The length
of octets to copy to the output was set to 3 instead of 2.
Hold a weak reference to the view so that it can't go away while
nta is performing its lookups. Cancel nta timers once all external
references to the view have gone to prevent them triggering new work.
