Commit Graph

391 Commits

Author SHA1 Message Date
Evan Hunt
f397ff5bb8 fix another message parsing regression
The fix for CVE-2023-4408 introduced a regression in the message
parser, which could cause a crash if an rdata type that can only
occur in the question was found in another section.

(cherry picked from commit 510f1de8a6)
2024-01-31 16:04:59 +01:00
Evan Hunt
0bbb0065e6 fix a message parsing regression
the fix for CVE-2023-4408 introduced a regression in the message
parser, which could cause a crash if duplicate rdatasets were found
in the question section. this commit ensures that rdatasets are
correctly disassociated and freed when this occurs.

(cherry picked from commit 4c19d35614)
2024-01-31 16:04:59 +01:00
Ondřej Surý
a4baf32415 Backport isc_ht API changes from BIND 9.18
To prevent allocating large hashtable in dns_message, we need to
backport the improvements to isc_ht API from BIND 9.18+ that includes
support for case insensitive keys and incremental rehashing of the
hashtables.
2024-01-05 11:52:05 +01:00
Ondřej Surý
608707b4f5 Use hashtable when parsing a message
When parsing messages use a hashtable instead of a linear search to
reduce the amount of work done in findname when there's more than one
name in the section.

There are two hashtables:

1) hashtable for owner names - that's constructed for each section when
we hit the second name in the section and destroyed right after parsing
that section;

2) per-name hashtable - for each name in the section, we construct a new
hashtable for that name if there are more than one rdataset for that
particular name.

(cherry picked from commit b8a9631754)
2024-01-05 11:52:05 +01:00
Mark Andrews
057c12d29a Check that buffer length in dns_message_renderbegin
The maximum DNS message size is 65535 octets. Check that the buffer
being passed to dns_message_renderbegin does not exceed this as the
compression code assumes that all offsets are no bigger than this.

(cherry picked from commit a069513234)
2023-12-06 09:06:31 +11:00
Michal Nowak
771fed4a14 Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
Mark Andrews
2905d70ad1 Stop passing mctx to dns_rdata_tostruct as it is unnecessary for SIG
dns_rdata_tostruct doesn't need a mctx passed to it for SIG (the signer
is already expanded at this point). About the only time when mctx is
needed is when the structure is to be used after the rdata has been
destroyed.

(cherry picked from commit d6ad56bd9e)
2022-09-26 12:45:21 +02:00
Petr Špaček
3e77d6bf87 Fix memory leak in dns_message_checksig() - SIG(0) sigs
Impact should be visible only in tests or tools because named never
uses view == NULL, which is a necessary condition to trigger this leak.

(cherry picked from commit 69256b3553)
2022-09-26 12:45:17 +02:00
Mark Andrews
b318db2b7f Add missing INDENT call for UPDATE messages
Reported by Peter <pmc@citylink.dinoex.sub.org> on bind-users.

(cherry picked from commit 03132c93ca)
2022-06-02 08:29:28 +10:00
Ondřej Surý
b624be2544 Remove use of the inline keyword used as suggestion to compiler
Historically, the inline keyword was a strong suggestion to the compiler
that it should inline the function marked inline.  As compilers became
better at optimising, this functionality has receded, and using inline
as a suggestion to inline a function is obsolete.  The compiler will
happily ignore it and inline something else entirely if it finds that's
a better optimisation.

Therefore, remove all the occurences of the inline keyword with static
functions inside single compilation unit and leave the decision whether
to inline a function or not entirely on the compiler

NOTE: We keep the usage the inline keyword when the purpose is to change
the linkage behaviour.

(cherry picked from commit 20f0936cf2)
2022-03-25 09:37:18 +01:00
Ondřej Surý
75f9dd8e82 Simplify way we tag unreachable code with only ISC_UNREACHABLE()
Previously, the unreachable code paths would have to be tagged with:

    INSIST(0);
    ISC_UNREACHABLE();

There was also older parts of the code that used comment annotation:

    /* NOTREACHED */

Unify the handling of unreachable code paths to just use:

    UNREACHABLE();

The UNREACHABLE() macro now asserts when reached and also uses
__builtin_unreachable(); when such builtin is available in the compiler.

(cherry picked from commit 584f0d7a7e)
2022-03-25 09:33:51 +01:00
Ondřej Surý
2bf7921c7e Update the copyright information in all files in the repository
This commit converts the license handling to adhere to the REUSE
specification.  It specifically:

1. Adds used licnses to LICENSES/ directory

2. Add "isc" template for adding the copyright boilerplate

3. Changes all source files to include copyright and SPDX license
   header, this includes all the C sources, documentation, zone files,
   configuration files.  There are notes in the doc/dev/copyrights file
   on how to add correct headers to the new files.

4. Handle the rest that can't be modified via .reuse/dep5 file.  The
   binary (or otherwise unmodifiable) files could have license places
   next to them in <foo>.license file, but this would lead to cluttered
   repository and most of the files handled in the .reuse/dep5 file are
   system test files.

(cherry picked from commit 58bd26b6cf)
2022-01-11 12:22:09 +01:00
Ondřej Surý
c5b703d1c6 Adjust the fillcount and freemax for dns_message mempools
According to the measurements (recorded on GL!5085), the fillcount of 2
for namepool and fillcount of 4 for rdspool can fit 99.99% of request
for tested scenarios.

This was discovered by perf recording the single second recursive test
using flamethrower where the initial malloc lit up like a flare.
2021-12-15 13:29:19 +01:00
Ondřej Surý
b0e7511001 Update the source code formatting using clang-format-12
clang-format now tries to keep the type-cast on the same line as the
variable.  Update the formatting.
2021-06-13 08:19:44 +02:00
Evan Hunt
dccdb492ef use a fixedname buffer in dns_message_gettempname()
dns_message_gettempname() now returns a pointer to an initialized
name associated with a dns_fixedname_t object. it is no longer
necessary to allocate a buffer for temporary names associated with
the message object.

(cherry picked from commit e31cc1eeb4)
2021-05-22 07:13:57 +02:00
Ondřej Surý
f0989bdf03 The dns_message_create() cannot fail, change the return to void
The dns_message_create() function cannot soft fail (as all memory
allocations either succeed or cause abort), so we change the function to
return void and cleanup the calls.

(cherry picked from commit 33eefe9f85)
2020-09-30 14:26:26 +02:00
Diego Fronza
da84f8d1fd Refactored dns_message_t for using attach/detach semantics
This commit will be used as a base for the next code updates in
order to have a better control of dns_message_t objects' lifetime.

(cherry picked from commit 12d6d13100)
2020-09-30 11:34:42 +10:00
Mark Andrews
9e79a7d7ce Clone the saved / query message buffers
The message buffer passed to ns__client_request is only valid for
the life of the the ns__client_request call.  Save a copy of it
when we recurse or process a update as ns__client_request will
return before those operations complete.

(cherry picked from commit f0d9bf7c30)
2020-09-23 11:17:23 +10:00
Evan Hunt
df698d73f4 update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
Mark Andrews
3fce53b0e3 Cast the original rcode to (dns_ttl_t) when setting extended rcode
Shifting (signed) integer left could trigger undefined behaviour when
the shifted value would overflow into the sign bit (e.g. 2048).

The issue was found when using AFL++ and UBSAN:

    message.c:2274:33: runtime error: left shift of 2048 by 20 places cannot be represented in type 'int'
    SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior message.c:2274:33 in

(cherry picked from commit a347641782)
2020-08-25 16:40:42 +02:00
Mark Andrews
0eec632d6a Always keep a copy of the message
this allows it to be available even when dns_message_parse()
returns a error.
2020-08-05 15:47:25 +02:00
Mark Andrews
28a940fe69 Add +yaml support for EDE
(cherry picked from commit 0ec77c2b92)
2020-06-05 10:50:58 +10:00
Evan Hunt
c19a593d3e change "expr == false" to "!expr" in conditionals
(cherry picked from commit 57e54c46e4)
2020-05-25 17:04:04 -07:00
Evan Hunt
00c816778d change 'expr == true' to 'expr' in conditionals
(cherry picked from commit 68a1c9d679)
2020-05-25 17:03:59 -07:00
Mark Andrews
c13fb2c67f Also print out valid printable utf8
(cherry picked from commit 1c8f9d06e2)
2020-05-13 10:26:39 +10:00
Mark Andrews
eed4fab37b Report Extended DNS Error codes
(cherry picked from commit b144ae1bb0)
2020-05-13 10:26:39 +10:00
Ondřej Surý
649fe9be35 Fixup the missing clang-format bits
(cherry picked from commit 3832e3ecc9)
2020-02-16 18:07:27 +01:00
Ondřej Surý
829b461c54 Merge branch '46-enforce-clang-format-rules' into 'master'
Start enforcing the clang-format rules on changed files

Closes #46

See merge request isc-projects/bind9!3063

(cherry picked from commit a04cdde45d)

d2b5853b Start enforcing the clang-format rules on changed files
618947c6 Switch AlwaysBreakAfterReturnType from TopLevelDefinitions to All
654927c8 Add separate .clang-format files for headers
5777c44a Reformat using the new rules
60d29f69 Don't enforce copyrights on .clang-format
2020-02-14 08:45:59 +00:00
Ondřej Surý
cdef20bb66 Merge branch 'each-style-tweak' into 'master'
adjust clang-format options to get closer to ISC style

See merge request isc-projects/bind9!3061

(cherry picked from commit d3b49b6675)

0255a974 revise .clang-format and add a C formatting script in util
e851ed0b apply the modified style
2020-02-14 05:35:29 +00:00
Ondřej Surý
2e55baddd8 Merge branch '46-add-curly-braces' into 'master'
Add curly braces using uncrustify and then reformat with clang-format back

Closes #46

See merge request isc-projects/bind9!3057

(cherry picked from commit 67b68e06ad)

36c6105e Use coccinelle to add braces to nested single line statement
d14bb713 Add copy of run-clang-tidy that can fixup the filepaths
056e133c Use clang-tidy to add curly braces around one-line statements
2020-02-13 21:28:35 +00:00
Ondřej Surý
c931d8e417 Merge branch '46-just-use-clang-format-to-reformat-sources' into 'master'
Reformat source code with clang-format

Closes #46

See merge request isc-projects/bind9!2156

(cherry picked from commit 7099e79a9b)

4c3b063e Import Linux kernel .clang-format with small modifications
f50b1e06 Use clang-format to reformat the source files
11341c76 Update the definition files for Windows
df6c1f76 Remove tkey_test (which is no-op anyway)
2020-02-12 14:51:18 +00:00
Ondřej Surý
bc1d4c9cb4 Clear the pointer to destroyed object early using the semantic patch
Also disable the semantic patch as the code needs tweaks here and there because
some destroy functions might not destroy the object and return early if the
object is still in use.
2020-02-09 18:00:17 -08:00
Ondřej Surý
c73e5866c4 Refactor the isc_buffer_allocate() usage using the semantic patch
The isc_buffer_allocate() function now cannot fail with ISC_R_MEMORY.
This commit removes all the checks on the return code using the semantic
patch from previous commit, as isc_buffer_allocate() now returns void.
2020-02-03 08:29:00 +01:00
Ondřej Surý
5eb3f71a3e Refactor the isc_mempool_create() usage using the semantic patch
The isc_mempool_create() function now cannot fail with ISC_R_MEMORY.
This commit removes all the checks on the return code using the semantic
patch from previous commit, as isc_mempool_create() now returns void.
2020-02-03 08:27:16 +01:00
Mark Andrews
9936462f31 dns_master_indent and dns_master_indentstr must not be global
The indentation for dumping the master zone was driven by two
global variables dns_master_indent and dns_master_indentstr.  In
threaded mode, this becomes prone to data access races, so this commit
converts the global variables into a local per-context tuple that
consist of count and string.
2019-11-26 13:52:18 +01:00
Evan Hunt
53f0b6c34d convert ns_client and related objects to use netmgr
- ns__client_request() is now called by netmgr with an isc_nmhandle_t
  parameter. The handle can then be permanently associated with an
  ns_client object.
- The task manager is paused so that isc_task events that may be
  triggred during client processing will not fire until after the netmgr is
  finished with it. Before any asynchronous event, the client MUST
  call isc_nmhandle_ref(client->handle), to prevent the client from
  being reset and reused while waiting for an event to process. When
  the asynchronous event is complete, isc_nmhandle_unref(client->handle)
  must be called to ensure the handle can be reused later.
- reference counting of client objects is now handled in the nmhandle
  object.  when the handle references drop to zero, the client's "reset"
  callback is used to free temporary resources and reiniialize it,
  whereupon the handle (and associated client) is placed in the
  "inactive handles" queue.  when the sysstem is shutdown and the
  handles are cleaned up, the client's "put" callback is called to free
  all remaining resources.
- because client allocation is no longer handled in the same way,
  the '-T clienttest' option has now been removed and is no longer
  used by any system tests.
- the unit tests require wrapping the isc_nmhandle_unref() function;
  when LD_WRAP is supported, that is used. otherwise we link a
  libwrap.so interposer library and use that.
2019-11-07 11:55:37 -08:00
Evan Hunt
8e9a58eaa7 TCP KEEPALIVE was missing from yaml output 2019-10-03 22:52:16 -07:00
Evan Hunt
69322c7357 always print a colon after EDNS option names in text output
make the same change as in the previous commit to non-YAML text output,
for better readability and consistency between formats.
2019-10-03 22:52:16 -07:00
Evan Hunt
ed1b328186 always print a colon after EDNS option names in YAML output
previously, if the option was empty, then it was printed without a
colon, which could not be parsed as YAML. adding a colon in all cases
addresses this problem.
2019-10-03 22:52:16 -07:00
Ondřej Surý
fa7475b77a Fix the constification of the dns_name_t * result variable for dns_tsig_identity() 2019-10-03 09:04:26 +02:00
Mark Andrews
d98f446d3f Add support for displaying EDNS option LLQ. 2019-08-28 16:13:43 +10:00
Evan Hunt
71325852f1 add "dig +yaml" output format 2019-08-25 16:41:14 -07:00
Ondřej Surý
ae83801e2b Remove blocks checking whether isc_mem_get() failed using the coccinelle 2019-07-23 15:32:35 -04:00
Mark Andrews
4e97f7dccc POST(optlen) 2019-06-04 01:23:01 -04:00
Mark Andrews
ee7cf180b3 Recognise EDNS Client Tag and EDNS Server Tag 2019-05-09 17:29:23 +10:00
Mark Andrews
da7f683abf using 0 instead of false 2019-04-23 11:08:06 +10:00
Witold Kręcicki
51a55ddbb7 Fix assertion failure in nslookup/dig/mdig when message has multiple SIG(0) options.
When parsing message with DNS_MESSAGE_BESTEFFORT (used exclusively in
tools, never in named itself) if we hit an invalid SIG(0) in wrong
place we continue parsing the message, and put the sig0 in msg->sig0.
If we then hit another sig0 in a proper place we see that msg->sig0
is already 'taken' and we don't free name and rdataset, and we don't
set seen_problem. This causes an assertion failure.
This fixes that issue by setting seen_problem if we hit second sig0,
tsig or opt, which causes name and rdataset to be always freed.
2019-03-26 21:15:00 +11:00
Ondřej Surý
78d0cb0a7d Use coccinelle to remove explicit '#include <config.h>' from the source files 2019-03-08 15:15:05 +01:00
Evan Hunt
13c799267b remove the 'new_tsigkey' exception, allow TSIG to be set any time
this allows 'dns_message_settsigkey()' to be run any time after
parsing without having to set a special flag in the message object.
2019-01-30 11:46:11 -08:00
Evan Hunt
33ec311332 allow TSIG key to be added to message structure after parsing
up until now, message->tsigkey could only be set during parsing
of the request, but gss-tsig allows one to be created afterward.

this commit adds a new flag to the message structure, `new_tsigkey`,
which indicates that in this case it's okay for `dns_message_settsigkey()`
to be run on a message after parsing, without hitting any assertions due
to the lack of a TSIG in the request. this allows us to keep the current
restriction in place generally, but add an exception for TKEY processing.
it's probably better to just remove the restriction entirely (see next
commit).
2019-01-30 11:46:11 -08:00