579 Commits

Author SHA1 Message Date
Michal Nowak
d09447287f Fix "array subscript is of type 'char'" on NetBSD 9
In file included from rdata.c:602:
    In file included from ./code.h:88:
    ./rdata/in_1/svcb_64.c:259:9: warning: array subscript is of type 'char' [-Wchar-subscripts]
                            if (!isdigit(*region->base)) {
                                 ^~~~~~~~~~~~~~~~~~~~~~
    /usr/include/sys/ctype_inline.h:51:44: note: expanded from macro 'isdigit'
    #define isdigit(c)      ((int)((_ctype_tab_ + 1)[(c)] & _CTYPE_D))
                                                    ^~~~
2021-11-25 18:15:18 +01:00
Mark Andrews
22662fc28e Replace ARRAYSIZE with ARRAY_SIZE 2021-11-02 16:14:40 +11:00
Ondřej Surý
f3635bcc14 Use #pragma once as header guards
Unify the header guard style and replace the inconsistent include guards
with #pragma once.

The #pragma once is widely and very well supported in all compilers that
BIND 9 supports, and #pragma once was already in use in several new or
refactored headers.

Using simpler method will also allow us to automate header guard checks
as this is simpler to programatically check.

For reference, here are the reasons for the change taken from
Wikipedia[1]:

> In the C and C++ programming languages, #pragma once is a non-standard
> but widely supported preprocessor directive designed to cause the
> current source file to be included only once in a single compilation.
>
> Thus, #pragma once serves the same purpose as include guards, but with
> several advantages, including: less code, avoidance of name clashes,
> and sometimes improvement in compilation speed. On the other hand,
> #pragma once is not necessarily available in all compilers and its
> implementation is tricky and might not always be reliable.

1. https://en.wikipedia.org/wiki/Pragma_once
2021-10-13 00:49:15 -07:00
Ondřej Surý
b0a665d947 dns/rdata.c: Return void when ISC_R_SUCCESS is only returned value
With isc_mem_get() and dns_name_dup() no longer being able to fail, some
functions can now only return ISC_R_SUCCESS.  Change the return type to
void for the following function(s):

 * name_duporclone()
2021-10-13 05:47:48 +02:00
Mark Andrews
8833d90292 Reject zero length ALPN elements in fromwire 2021-08-19 18:17:08 +10:00
Mark Andrews
2f51bb2d93 Check that ALPN is present when NO-DEFAULT-ALPN is present in fromwire 2021-08-19 07:10:00 +00:00
Mark Andrews
f46a0c27df Check that the hostname of the server is legal 2021-08-18 13:49:48 +10:00
Mark Andrews
cd985d96e3 Add additional processing to HTTPS and SVBC records
The additional processing method has been expanded to take the
owner name of the record, as HTTPS and SVBC need it to process "."
in service form.

The additional section callback can now return the RRset that was
added.  We use this when adding CNAMEs.  Previously, the recursion
would stop if it detected that a record you added already exists.  With
CNAMEs this rule doesn't work, as you ultimately care about the RRset
at the target of the CNAME and not the presence of the CNAME itself.
Returning the record allows the caller to restart with the target
name.  As CNAMEs can form loops, loop protection was added.

As HTTPS and SVBC can produce infinite chains, we prevent this by
tracking recursion depth and stopping if we go too deep.
2021-08-18 13:49:48 +10:00
Mark Andrews
36f34a3e79 Parse and print HTTPS and SVCB records 2021-08-18 13:49:48 +10:00
Mark Andrews
f0265b8fa6 Make whether to follow additional data records generic
Adds dns_rdatatype_followadditional() and
DNS_RDATATYPEATTR_FOLLOWADDITIONAL
2021-08-18 13:49:48 +10:00
Mark Andrews
c6fa8a1d45 Handle placeholder KEYDATA record
A placeholder keydata record can appear in a zone file.  Allow them
to be read back in.
2021-07-01 14:34:28 +10:00
Ondřej Surý
440fb3d225 Completely remove BIND 9 Windows support
The Windows support has been completely removed from the source tree
and BIND 9 now no longer supports native compilation on Windows.

We might consider reviewing mingw-w64 port if contributed by external
party, but no development efforts will be put into making BIND 9 compile
and run on Windows again.
2021-06-09 14:35:14 +02:00
Matthijs Mekking
66f2cd228d Use isdigit instead of checking character range
When looking for key files, we could use isdigit rather than checking
if the character is within the range [0-9].

Use (unsigned char) cast to ensure the value is representable in the
unsigned char type (as suggested by the isdigit manpage).

Change " & 0xff" occurrences to the recommended (unsigned char) type
cast.
2021-05-05 19:15:33 +02:00
Mark Andrews
8510ccaa54 Update ZONEMD to match RFC 8976
* The location of the digest type field has changed to where the
  reserved field was.
* The reserved field is now called scheme and is where the digest
  type field was.
* Digest type 2 has been defined (SHA256).
2021-04-30 10:43:37 +10:00
Mark Andrews
a88d3963e2 Make calling generic rdata methods consistent
add matching macros to pass arguments from called methods
to generic methods.  This will reduce the amount of work
required when extending methods.

Also cleanup unnecessary UNUSED declarations.
2021-03-26 22:04:42 +00:00
Mark Andrews
009358d77d Correctly detect when get_direction failed 2021-02-19 09:17:32 +11:00
Mark Andrews
c40133d840 Silence Insecure data handling (TAINTED_SCALAR)
Coverity assumes that the memory holding any value read using byte
swapping is tainted.  As we store the NSEC3PARAM records in wire
form and iterations is byte swapped the memory holding the record
is marked as tainted.  nsec3->salt_length is marked as tainted
transitively. To remove the taint the value need to be range checked.
For a correctly formatted record region.length should match
nsec3->salt_length and provides a convenient value to check the field
against.

    *** CID 316507:  Insecure data handling  (TAINTED_SCALAR)
    /lib/dns/rdata/generic/nsec3param_51.c: 241 in tostruct_nsec3param()
    235     	region.length = rdata->length;
    236     	nsec3param->hash = uint8_consume_fromregion(&region);
    237     	nsec3param->flags = uint8_consume_fromregion(&region);
    238     	nsec3param->iterations = uint16_consume_fromregion(&region);
    239
    240     	nsec3param->salt_length = uint8_consume_fromregion(&region);
    >>>     CID 316507:  Insecure data handling  (TAINTED_SCALAR)
    >>>     Passing tainted expression "nsec3param->salt_length" to "mem_maybedup", which uses it as an offset.
    241     	nsec3param->salt = mem_maybedup(mctx, region.base,
    242     					nsec3param->salt_length);
    243     	if (nsec3param->salt == NULL) {
    244     		return (ISC_R_NOMEMORY);
    245     	}
    246     	isc_region_consume(&region, nsec3param->salt_length);
2021-02-12 10:19:27 +11:00
Mark Andrews
fd8d1337a5 Silence Untrusted value as argument (TAINTED_SCALAR)
Coverity assumes that the memory holding any value read using byte
swapping is tainted.  As we store the NSEC3 records in wire form
and iterations is byte swapped the memory holding the record is
marked as tainted.  nsec3->salt_length and nsec3->next_length are
marked as tainted transitively. To remove the taint the values need
to be range checked.  Valid values for these should never exceed
region.length so that is becomes a reasonable value to check against.

    *** CID 316509:    (TAINTED_SCALAR)
    /lib/dns/rdata/generic/nsec3_50.c: 312 in tostruct_nsec3()
    306     	if (nsec3->salt == NULL) {
    307     		return (ISC_R_NOMEMORY);
    308     	}
    309     	isc_region_consume(&region, nsec3->salt_length);
    310
    311     	nsec3->next_length = uint8_consume_fromregion(&region);
    >>>     CID 316509:    (TAINTED_SCALAR)
    >>>     Passing tainted expression "nsec3->next_length" to "mem_maybedup", which uses it as an offset.
    312     	nsec3->next = mem_maybedup(mctx, region.base, nsec3->next_length);
    313     	if (nsec3->next == NULL) {
    314     		goto cleanup;
    315     	}
    316     	isc_region_consume(&region, nsec3->next_length);
    317
    /lib/dns/rdata/generic/nsec3_50.c: 305 in tostruct_nsec3()
    299     	region.length = rdata->length;
    300     	nsec3->hash = uint8_consume_fromregion(&region);
    301     	nsec3->flags = uint8_consume_fromregion(&region);
    302     	nsec3->iterations = uint16_consume_fromregion(&region);
    303
    304     	nsec3->salt_length = uint8_consume_fromregion(&region);
    >>>     CID 316509:    (TAINTED_SCALAR)
    >>>     Passing tainted expression "nsec3->salt_length" to "mem_maybedup", which uses it as an offset.
    305     	nsec3->salt = mem_maybedup(mctx, region.base, nsec3->salt_length);
    306     	if (nsec3->salt == NULL) {
    307     		return (ISC_R_NOMEMORY);
    308     	}
    309     	isc_region_consume(&region, nsec3->salt_length);
    310
2021-02-12 10:19:21 +11:00
Mark Andrews
2f946c831a Attempt to silence untrusted loop bound
Assign hit_len + key_len to len and test the result
rather than recomputing and letting the compiler simplify.

    213        isc_region_consume(&region, 2); /* hit length + algorithm */
        9. tainted_return_value: Function uint16_fromregion returns tainted data. [show details]
        10. tainted_data_transitive: Call to function uint16_fromregion with tainted argument *region.base returns tainted data.
        11. tainted_return_value: Function uint16_fromregion returns tainted data.
        12. tainted_data_transitive: Call to function uint16_fromregion with tainted argument *region.base returns tainted data.
        13. var_assign: Assigning: key_len = uint16_fromregion(&region), which taints key_len.
    214        key_len = uint16_fromregion(&region);
        14. lower_bounds: Casting narrower unsigned key_len to wider signed type int effectively tests its lower bound.
        15. Condition key_len == 0, taking false branch.
    215        if (key_len == 0) {
    216                RETERR(DNS_R_FORMERR);
    217        }
        16. Condition !!(_r->length >= _l), taking true branch.
        17. Condition !!(_r->length >= _l), taking true branch.
    218        isc_region_consume(&region, 2);
        18. lower_bounds: Casting narrower unsigned key_len to wider signed type int effectively tests its lower bound.
        19. Condition region.length < (unsigned int)(hit_len + key_len), taking false branch.
    219        if (region.length < (unsigned)(hit_len + key_len)) {
    220                RETERR(DNS_R_FORMERR);
    221        }
    222
        20. lower_bounds: Casting narrower unsigned key_len to wider signed type int effectively tests its lower bound.
        21. Condition _r != 0, taking false branch.
    223        RETERR(mem_tobuffer(target, rr.base, 4 + hit_len + key_len));
        22. lower_bounds: Casting narrower unsigned key_len to wider signed type int effectively tests its lower bound.
        23. var_assign_var: Compound assignment involving tainted variable 4 + hit_len + key_len to variable source->current taints source->current.
    224        isc_buffer_forward(source, 4 + hit_len + key_len);
    225
    226        dns_decompress_setmethods(dctx, DNS_COMPRESS_NONE);

    CID 281461 (#1 of 1): Untrusted loop bound (TAINTED_SCALAR)
        24. tainted_data: Using tainted variable source->active - source->current as a loop boundary.
    Ensure that tainted values are properly sanitized, by checking that their values are within a permissible range.
    227        while (isc_buffer_activelength(source) > 0) {
    228                dns_name_init(&name, NULL);
    229                RETERR(dns_name_fromwire(&name, source, dctx, options, target));
    230        }
2021-02-08 02:02:29 +00:00
Mark Andrews
63c16c8506 Allow A records below '_spf' labels as recommend by RFC7208 2021-02-03 16:23:20 +01:00
Mark Andrews
304df53991 Add comment about cookie sizes 2020-11-26 20:48:46 +00:00
Evan Hunt
dcee985b7f update all copyright headers to eliminate the typo 2020-09-14 16:20:40 -07:00
Mark Andrews
2ca4d35037 Refactor totext_loc 2020-08-26 15:31:31 +02:00
Mark Andrews
337cc878fa Correctly encode LOC records with non integer negative altitudes. 2020-08-26 15:31:31 +02:00
Mark Andrews
9225c67835 Tighten LOC parsing to reject period and/or m as a value. 2020-08-26 15:31:31 +02:00
Mark Andrews
8452404bd7 A6: return FORMERR in fromwire if bits are non zero.
oss_fuzz: Issue 24864: bind9:dns_rdata_fromwire_text_fuzzer: Overwrites-const-input in dns_rdata_fromwire_text_fuzzer
2020-08-18 11:04:05 +02:00
Mark Andrews
f6d7b8c20d RRSIG: reject records with empty SIG section 2020-08-18 11:04:05 +02:00
Mark Andrews
7e49689746 X25: Check that record is all ASCII digits 2020-08-13 23:06:55 +10:00
Mark Andrews
9d446142d8 WKS: reject records with zero octets at the end of the bitmap 2020-08-13 23:06:55 +10:00
Mark Andrews
3429c35f52 TLSA: fix fromwire length checks 2020-08-13 23:06:55 +10:00
Mark Andrews
9b93e5d684 SIG: reject records with a zero length signature 2020-08-13 23:06:55 +10:00
Mark Andrews
73dd849655 NXT: fix fromwire bitmap checks 2020-08-13 23:06:55 +10:00
Mark Andrews
7dc8e720ff NSEC3PARAM: check that saltlen is consistent with the rdata length 2020-08-13 23:06:55 +10:00
Mark Andrews
031ee9e279 NSEC3: reject records with a zero length hash field 2020-08-13 23:06:55 +10:00
Mark Andrews
d7f7014803 IPSECKEY: require non-zero length public keys 2020-08-13 23:06:55 +10:00
Mark Andrews
a238f37239 CERT: reject records with a empty certificate field 2020-08-13 23:06:55 +10:00
Mark Andrews
78db46d746 Check walking the hip rendezvous servers.
Also fixes extraneous white space at end of record when
there are no rendezvous servers.
2020-07-24 04:15:56 +00:00
Evan Hunt
a8baf79e33 append "0" to IPv6 addresses ending in "::" when printing YAML
such addresses broke some YAML parsers.
2020-06-25 16:42:13 -07:00
Mark Andrews
b144ae1bb0 Report Extended DNS Error codes 2020-05-12 22:01:54 +10:00
Evan Hunt
735be3b816 remove or comment empty conditional branches
some empty conditional branches which contained a semicolon were
"fixed" by clang-format to contain nothing. add comments to prevent this.
2020-03-17 13:28:15 -07:00
Evan Hunt
ba0313e649 fix spelling errors reported by Fossies. 2020-02-21 15:05:08 +11:00
Ondřej Surý
5777c44ad0 Reformat using the new rules 2020-02-14 09:31:05 +01:00
Evan Hunt
e851ed0bb5 apply the modified style 2020-02-13 15:05:06 -08:00
Ondřej Surý
056e133c4c Use clang-tidy to add curly braces around one-line statements
The command used to reformat the files in this commit was:

./util/run-clang-tidy \
	-clang-tidy-binary clang-tidy-11
	-clang-apply-replacements-binary clang-apply-replacements-11 \
	-checks=-*,readability-braces-around-statements \
	-j 9 \
	-fix \
	-format \
	-style=file \
	-quiet
clang-format -i --style=format $(git ls-files '*.c' '*.h')
uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h')
clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 22:07:21 +01:00
Ondřej Surý
36c6105e4f Use coccinelle to add braces to nested single line statement
Both clang-tidy and uncrustify chokes on statement like this:

for (...)
	if (...)
		break;

This commit uses a very simple semantic patch (below) to add braces around such
statements.

Semantic patch used:

@@
statement S;
expression E;
@@

while (...)
- if (E) S
+ { if (E) { S } }

@@
statement S;
expression E;
@@

for (...;...;...)
- if (E) S
+ { if (E) { S } }

@@
statement S;
expression E;
@@

if (...)
- if (E) S
+ { if (E) { S } }
2020-02-13 21:58:55 +01:00
Ondřej Surý
f50b1e0685 Use clang-format to reformat the source files 2020-02-12 15:04:17 +01:00
Ondřej Surý
66af8713d8 lib/dns/rdata/*/*.c: Silence false positive nullPointerRedundantCheck warning from Cppcheck
Cppcheck gets confused by:

void bar(void *arg) {
    foo *data = arg;
    REQUIRE(source != NULL);
    REQUIRE(data->member != NULL);
}

and for consistency the DbC check needs to be changed to

void bar(void *arg) {
    foo *data = arg;
    REQUIRE(data != NULL);
    REQUIRE(data->member != NULL);
}
2019-10-03 09:04:26 +02:00
Mark Andrews
d98f446d3f Add support for displaying EDNS option LLQ. 2019-08-28 16:13:43 +10:00
Witold Kręcicki
a8e2ca6f7d Remove UNSPEC rrtype 2019-05-13 10:05:03 +07:00
Mark Andrews
ee7cf180b3 Recognise EDNS Client Tag and EDNS Server Tag 2019-05-09 17:29:23 +10:00