summaryrefslogtreecommitdiffstats
path: root/src/resolve/resolved-dns-rr.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* tree-wide: take in all *our* JSON structures also decimal stringsLennart Poettering2023-11-071-3/+3
| | | | | | | | | | | | Let's be friendly in what we accept: whenever we define a JSON structure, let's also allow decimal strings where we want an integer. This patch purely replaces JSON_VARIANT_UNSIGNED by _JSON_VARIANT_TYPE_INVALID in the various JsonDispatch[] tables, so that we'll happily accept any type in json_dispatch(), so that json_dispatch_uint64() and related tools can do their thing. This does not switch over OCI (as a JSON structure not defined by us).
* varlink,json: introduce new varlink_dispatch() helperLennart Poettering2023-11-021-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | varlink_dispatch() is a simple wrapper around json_dispatch() that returns clean, standards-compliant InvalidParameter error back to clients, if the specified JSON cannot be parsed properly. For this json_dispatch() is extended to return the offending field's name. Because it already has quite a few parameters, I then renamed json_dispatch() to json_dispatch_full() and made json_dispatch() a wrapper around it that passes the new argument as NULL. While doing so I figured we should also get rid of the bad= argument in the short wrapper, since it's only used in the OCI code. To simplify the OCI code this adds a second wrapper oci_dispatch() around json_dispatch_full(), that fills in bad= the way we want. Net result: instead of one json_dispatch() call there are now: 1. json_dispatch_full() for the fully feature mother of all dispathers. 2. json_dispatch() for the simpler version that you want to use most of the time. 3. varlink_dispatch() that generates nice Varlink errors 4. oci_dispatch() that does the OCI specific error handling And that's all there is.
* resolved: add dns_resource_key_from_json() helperLennart Poettering2023-06-121-0/+28
| | | | | | | | It reverse what dns_resource_key_to_json(), i.e. turns JSON data into a parsed DnsResourceKey object. Ultimately this just moves a client-side local wrapper into generic code. Nothing truly new here.
* resolved-dns-rr: use automatic cleanupDavid Tardon2023-05-251-6/+2
| | | | Follow-up for #27770.
* resolve: avoid memory leak from a partially processed RRFrantisek Sumsal2023-05-241-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | ==5==ERROR: LeakSanitizer: detected memory leaks Direct leak of 4096 byte(s) in 1 object(s) allocated from: #0 0x4a2056 in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3 #1 0x5180a9 in malloc (/build/fuzz-resource-record+0x5180a9) #2 0x4f7182 in dns_packet_extend /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:371:36 #3 0x4f8b8b in dns_packet_append_uint8 /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:433:13 #4 0x4f8b8b in dns_packet_append_name /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:597:13 #5 0x4f8f16 in dns_packet_append_key /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:622:13 #6 0x4fa9a0 in dns_packet_append_rr /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:883:13 #7 0x4eb00c in dns_resource_record_to_wire_format /work/build/../../src/systemd/src/resolve/resolved-dns-rr.c:1224:13 #8 0x4df7be in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/resolve/fuzz-resource-record.c:32:16 #9 0x518428 in NaloFuzzerTestOneInput (/build/fuzz-resource-record+0x518428) #10 0x537433 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #11 0x536c1a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 #12 0x5382e9 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19 #13 0x538fb5 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5 #14 0x52831f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 #15 0x528be8 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10 #16 0x5186a5 in main (/build/fuzz-resource-record+0x5186a5) #17 0x7f991fab8082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) DEDUP_TOKEN: __interceptor_malloc--malloc--dns_packet_extend SUMMARY: AddressSanitizer: 4096 byte(s) leaked in 1 allocation(s). Found by Nallocfuzz.
* sd-journal: use TAKE_PTR() a bit moreFrantisek Sumsal2023-05-241-2/+1
|
* resolve: add missing assertionYu Watanabe2022-12-101-1/+2
|
* resolve: shorten code a bitYu Watanabe2022-12-101-4/+2
|
* resolve: drop recursion in TXT field handlingYu Watanabe2022-12-101-19/+13
| | | | Fixes #25683.
* resolve: optimize conversion of TXT fields to jsonYu Watanabe2022-12-081-17/+33
| | | | | | Fixes oss-fuzz#54080 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54080). Fixes #25654.
* resolve: format zero-length RDATA according to rfc3597Evgeny Vereshchagin2022-11-261-5/+8
| | | | | If the RDATA is of zero length, the text representation contains only the \# token and the single zero representing the length.
* resolved: remove inappropriate assert()Lennart Poettering2022-11-241-1/+0
| | | | | | | | | | | | | | | A NULL Bitmap object is by all our code considered identical to an empty bitmap. Hence let's remove the entirely unnecessary assert(). The assert() can be triggered if debug monitoring is used an an empty NSEC or NSEC3 RR is included in an answer resolved returns. it's not really a security issue since enabling debug monitoring is a manual step requiring root privileges, that is off by default. Moreover, it's a "clean" assert(), i.e. the worst that happens is tha a coredump is generated and resolved restarted. Fixes: #25449
* resolved: add generic formatters for RRs into JSONLennart Poettering2022-09-301-0/+242
| | | | | | For now we can use it to send broken-down records of JSON via the monitor logic, but one day we can certainly reuse for dumping the caches, or to implement a ResolveRecord() varlink call one day.
* resolved: split out helper for allocating DnsResourceRecord object from raw dataLennart Poettering2022-09-301-0/+17
| | | | No change in behaviour, just some refactoring.
* resolved: don't access sshfp fields from tlsa printerLennart Poettering2022-09-281-12/+5
|
* tree-wide: Use correct format specifiersJan Janssen2022-08-301-2/+2
| | | | gcc will complain about all these with -Wformat-signedness.
* resolved: add DNS_RESOURCE_KEY_REPLACEZbigniew Jędrzejewski-Szmek2022-05-121-7/+4
|
* resolved: add DNS_RR_REPLACEZbigniew Jędrzejewski-Szmek2022-05-121-3/+1
|
* tree-wide: add a space after if, switch, for, and whileYu Watanabe2022-04-011-2/+2
|
* list: declare iterator of LIST_FOREACH() in the loopYu Watanabe2022-03-191-4/+1
|
* tree-wide: voidify unchecked snprintf callsLuca Boccassi2021-08-201-4/+4
| | | | | | | | | | | | | | | According to Coverity, 194 ouf of 227 times we check for snprintf return code. Voidify the rest. CID#1461512 CID#1461513 CID#1461514 CID#1461515 CID#1461516 CID#1461518 CID#1461519 CID#1461520 CID#1461522
* alloc-util: make mfree() typesafeLennart Poettering2021-08-101-2/+3
| | | | | | Make sure we return the same type as we accept. One incorrect use of mfree() is discovered and fixed this way.
* resolved: do not try to copy empty NSEC types bitmapsAlexander Tsoy2021-06-291-6/+10
| | | | | | dns_resource_record_copy() assumes that NSEC types bitmap is non-empty which results in a null pointer dereference inside bitmap_copy() in some cases. Fix this by calling bitmap_copy() conditionally.
* resolved: inline iterator variable declarationsZbigniew Jędrzejewski-Szmek2021-05-141-3/+1
|
* resolved: use narrower types for label counts in rrZbigniew Jędrzejewski-Szmek2021-05-141-5/+5
| | | | Order will be adjusted later to remove holes.
* resolved: indent tables for readabilityZbigniew Jędrzejewski-Szmek2021-05-141-3/+3
| | | | | Some of the tables in resolved were already doing using this convention. This makes the rest of them do so too.
* resolved-dns-rr: drop unneeded bracesDavid Tardon2021-03-181-2/+1
|
* resolved-dns-rr: use already existing variableDavid Tardon2021-03-181-13/+7
|
* resolved-dns-rr: avoid unnecessary reassignmentDavid Tardon2021-03-181-7/+4
|
* resolved-dns-rr: don't leak s if base64_append failsDavid Tardon2021-03-181-3/+3
|
* resolved: tighten checks in dns_resource_record_get_cname_target()Lennart Poettering2021-03-061-0/+10
| | | | | | | | | Let's refuse to consider CNAME/DNAME replies matching for RR types where that is not really conceptually allow (i.e. on CNAME/DNAME lookups themselves). (And add a similar check to dns_resource_key_match_cname_or_dname() too, which implements a smilar match)
* tree-wide: use UINT64_MAX or friendsYu Watanabe2021-03-041-9/+9
|
* resolved: add dns_resource_record_get_cname_target() helperLennart Poettering2021-02-221-0/+42
| | | | | This determines the redirection target from a CNAME or DNAME RR given it matches some given RR key.
* tree-wide: use in_addr_is_set() or friendsYu Watanabe2021-02-171-1/+1
|
* answer: minor refactor – move link local check into RR codeLennart Poettering2021-02-141-0/+14
|
* resolve: slightly optimize dns_answer_add()Yu Watanabe2020-12-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, dns_answer_add() was O(n^2). With this change dns_packet_extract() becomes ~15 times faster for some extremal case. Before: ``` $ time ./fuzz-dns-packet ~/downloads/clusterfuzz-testcase-minimized-fuzz-dns-packet-5631106733047808 /home/watanabe/downloads/clusterfuzz-testcase-minimized-fuzz-dns-packet-5631106733047808... ok real 0m15.453s user 0m15.430s sys 0m0.007s ``` After: ``` $ time ./fuzz-dns-packet ~/downloads/clusterfuzz-testcase-minimized-fuzz-dns-packet-5631106733047808 /home/watanabe/downloads/clusterfuzz-testcase-minimized-fuzz-dns-packet-5631106733047808... ok real 0m0.831s user 0m0.824s sys 0m0.006s ``` Hopefully fixes oss-fuzz#19227. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19227
* resolve: field size in dns resource record may be zeroYu Watanabe2020-12-291-10/+10
|
* resolve: do not compare key twiceYu Watanabe2020-12-291-1/+1
|
* resolve: slightly shorten dns_resource_key_compare_func()Yu Watanabe2020-12-291-12/+8
|
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-091-1/+1
|
* resolved: check return value of memdup() correctly for OOMLennart Poettering2020-11-031-1/+1
|
* resolved: use structured initialization everywhereLennart Poettering2020-10-281-10/+15
|
* tree-wide: define iterator inside of the macroZbigniew Jędrzejewski-Szmek2020-09-081-2/+1
|
* tree-wide: "unparseable" → "unparsable"Zbigniew Jędrzejewski-Szmek2020-07-021-9/+9
| | | | | "unparsable" is the more common spelling. We already pick "movable" over "moveable". Let's do the same with this pair.
* travis: turn on nonnull-attribute on FuzzitEvgeny Vereshchagin2019-06-151-1/+2
|
* resolve: split the RR comparison function in twoZbigniew Jędrzejewski-Szmek2019-03-041-10/+18
| | | | No functional change.
* resolve: drop unnecessary %n fields from dns_resource_record_to_string()Yu Watanabe2019-02-161-16/+8
| | | | | | And use returned value by asprintf() instead. This hopefully fixes #11733.
* resolve: reject host names with leading or trailing dashes in /etc/hostsZbigniew Jędrzejewski-Szmek2018-12-101-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | https://tools.ietf.org/html/rfc1035#section-2.3.1 says (approximately) that only letters, numbers, and non-leading non-trailing dashes are allowed (for entries with A/AAAA records). We set no restrictions. hosts(5) says: > Host names may contain only alphanumeric characters, minus signs ("-"), and > periods ("."). They must begin with an alphabetic character and end with an > alphanumeric character. nss-files follows those rules, and will ignore names in /etc/hosts that do not follow this rule. Let's follow the documented rules for /etc/hosts. In particular, this makes us consitent with nss-files, reducing surprises for the user. I'm pretty sure we should apply stricter filtering to names received over DNS and LLMNR and MDNS, but it's a bigger project, because the rules differ depepending on which level the label appears (rules for top-level names are stricter), and this patch takes the minimalistic approach and only changes behaviour for /etc/hosts. Escape syntax is also disallowed in /etc/hosts, even if the resulting character would be allowed. Other tools that parse /etc/hosts do not support this, and there is no need to use it because no allowed characters benefit from escaping.
* tree-wide: make hash_ops typesafeYu Watanabe2018-12-021-22/+10
|
* tree-wide: use DEFINE_TRIVIAL_REF_UNREF_FUNC() macro or friends where applicableYu Watanabe2018-08-271-20/+4
|