| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
grep -l -r http:// | xargs sed -E -i s'#http://(.*).freedesktop.org#https://\1.freedesktop.org#'
|
| |
|
|
|
|
|
| |
Maximum attempts to send mDNS requests is one except for probe requests, which should be attempted thrice.
Implemented fix to account for the difference between regular queries and probe requests, and prevent
even regular queries from being attempted thrice.
See RFC 6762 Section 8.1
|
| |
|
|
| |
Known-Answer list whose remaining TTL is less than half of their original TTL
|
| |
|
|
|
| |
RFC 6762 does not restrict caching of records in the Additional section.
Caching can improve resolve efficiency.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since we don't need the error value, and the buffer is allocated with a fixed
size, the whole logic provided by in_addr_to_string() becomes unnecessary, so
it's enough to wrap inet_ntop() directly.
inet_ntop() can only fail with ENOSPC. But we specify a buffer that is supposed
to be large enough, so this should never fail. A bunch of tests of this are added.
This allows all the wrappers like strna(), strnull(), strempty() to be dropped.
The guard of 'if (DEBUG_LOGGING)' can be dropped from around log_debug(),
because log_debug() implements the check outside of the function call. But
log_link_debug() does not, so it we need it to avoid unnecessary evaluation of
the formatting.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
find_socket_fd() does not expect the sender address, but the
listen-address. This is in fact the destination of the DNS packet.
Matching via sender address caused a fallback to the default stub
listener in manager_dns_stub_fd() as the sender address can never
match the proxy stub listen address.
Note that manager_dns_stub_fd() is only used for the default
listener stub and the proxy stub, that means *extra* listeners
stubs (DNSStubListenerExtra=…) have not been affected as
`struct DnsStubListenerExtra` provides a direct link to the event
source.
By using the correct fd we ensure the correct socket options
(like TTL) are used and prevent issues like #23495 in case ifindex
could not be determined.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DnsPacket.ifindex=1 (loopback) is normalized to 0 whenever a message is
received on the loopback iface, so for both listeners, 127.0.0.53 and
127.0.0.54, the ifindex will be set to 0 by manager_recv() for queries
that have a local origin.
Replies to such local messages need to set a proper ifindex in any
case, as the supplied source-address would otherwise be ignored in
manager_ipv4_send() (CMSG generation is skipped due to ifindex > 0 check).
Note that this change only forces `ifindex` to loopback if it was actually
normalized to `0` before (due to a loopback detection) in order to keep the
nat-to-127.0.0.54-from-another-interface usecase that was described in
a8d09063447568d87288a8e868fe386c1da7ce09 intact.
Also note that nat is not supported for the main stub 127.0.0.53 which is
why forcing LOOPBACK_IFINDEX was/is fine for that case.
Fixes #23495
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43942 is a simple case
where a repeated entry generates a timeout. I didn't import that case, but
generated a simpler one by hand.
$ time build/fuzz-etc-hosts test/fuzz/fuzz-etc-hosts/timeout-many-entries
test/fuzz/fuzz-etc-hosts/timeout-many-entries... ok
build/fuzz-etc-hosts test/fuzz/fuzz-etc-hosts/timeout-many-entries 3.17s (old)
↓
build/fuzz-etc-hosts test/fuzz/fuzz-etc-hosts/timeout-many-entries 0.11s (new)
I considered simply disallowing too many aliases. E.g. microsoft appearently
sometimes ignores entries after the ninth [1], and other systems set stringent
limits [2,3], but the recommended way to get around that is to simply use more
lines (as is done in the sample), so this wouldn't change anything.
Even if we cannot put all those names in a reply packet, the resolution from
the alias to the address should work. I think cases where people define lots
and lots of aliases through some programmatic interface is realistic, for
example for a blocklist, and such a file shouldn't bring resolved down to its
knees.
[1] https://superuser.com/questions/932112/is-there-a-maximum-number-of-hostname-aliases-per-line-in-a-windows-hosts-file
[2] https://library.netapp.com/ecmdocs/ECMP1516135/html/GUID-C6F3B6D1-232D-44BB-A76C-3304C19607A3.html
[3] https://www.ibm.com/docs/en/zos/2.1.0?topic=optional-creating-etchosts
|
| |\
| |
| | |
resolve: always request additional record to verify negative answer
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Otherwise, dns_transaction_requires_nsec() may not find no required
transaction, and return true. That sets
`answer_dnssec_result = DNSSEC_NO_SIGNATURE`, and the entire transaction fails.
Fixes #21414.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
As DnssdService object passed to dnssd_render_instance_name() may
not owned by Manager.
Fixes #23381.
|
| | |
| |
| |
| |
| |
| | |
Fixes a bug introduced by 71aee23dba7faeef68e7232f444626267a6c90d7.
Fixes CID#1488763.
|
| |\ \
| | |
| | | |
Add some ref-unref helpers for resolved
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
C.f. ce913e0ec4c97651c7c1509b72fb81ee61d80c6a.
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
fuzzers: add input size limits, always configure limits in two ways
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
This way we can still call fuzzers on old samples, but oss-fuzz will not waste
its and our time finding overly large inputs.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Without the size limits, oss-fuzz creates huge samples that time out. Usually
this is because some of our code has bad algorithmic complexity. For data like
configuration samples we don't need to care about this: non-rogue configs are
rarely more than a few items, and a bit of a slowdown with a few hundred items
is acceptable. This wouldn't be OK for processing of untrusted data though.
We need to set the limit in two ways: through .options and in the code. The
first because it nicely allows libFuzzer to avoid wasting time, and the second
because fuzzers like hongfuzz and afl don't support .options.
While at it, let's fix an off-by-one (65535 is the largest offset for a
power-of-two size, but we're checking the size here).
Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
|
| |\ \ \ \
| |/ / /
|/| / /
| |/ / |
resolve: place RRSIG after the corresponding entries
|
| | | | |
|
| | | |
| | |
| | |
| | | |
Fixes #22002.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously, we manage DnsAnswerItem by an array and Set,
The array was used for the order of the items, and the set is used to
dedup items.
Let's use OrderedSet, then we can simplify the logic.
This fixes dns_answer_remove_by_key() and dns_answer_remove_by_rr()
which makes the set in a broken state.
|
| | | |
| | |
| | |
| | |
| | | |
When `exist->rr` and `rr` point to the same object, then it may be freed by
the `dns_resource_record_unref()`.
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
logind: fix crash in logind on bad message string
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
Also break some long lines for more uniform formatting. No functional change.
I went over all log_struct, log_struct_errno, log_unit_struct,
log_unit_struct_errno calls, and they seem fine.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
changed
Fixes #23227.
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| | |
We prefer using using union sockaddr_union instead of casting sockaddr
to the correct types.
Coding style, nothing else.
Follow-up for 0dd5ec58faa329410f1f363769209e95b058b7c3.
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
bind() expects sockaddr* but SERVER_ADDRESS is sockaddr_in type struct
Fixes errors with clang e.g.
../git/src/resolve/test-resolved-stream.c:112:32: error: incompatible pointer types passing 'struct sockaddr_in *' to parameter of type 'const struct sockaddr *' [-Werror,-Wincompatible-pointer-types]
assert_se(bind(bindfd, &SERVER_ADDRESS, sizeof(SERVER_ADDRESS)) >= 0);
^~~~~~~~~~~~~~~
../git/src/resolve/test-resolved-stream.c:251:39: error: incompatible pointer types passing 'struct sockaddr_in *' to parameter of type 'const struct sockaddr *' [-Werror,-Wincompatible-pointer-types]
r = connect(clientfd, &SERVER_ADDRESS, sizeof(SERVER_ADDRESS));
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| | |
|
| |\
| |
| | |
Add more tests for specifiers
|
| | |
| |
| |
| |
| | |
We use "hostname" exclusively in docs, and also in a big majority of the
code. Let's use the same spelling in remaining places.
|
| |/ |
|
| |
|
|
|
|
|
|
|
| |
GIT_VERSION is not available as a config.h variable, because it's rendered
into version.h during builds. Let's rework jinja2 rendering to also
parse version.h. No functional change, the new variable is so far unused.
I guess this will make partial rebuilds a bit slower, but it's useful
to be able to use the full version string.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
that's safe
I regularly run my tests also as root, since some of the tested code
uses privileged APIs. The test-resolved-stream so far tried to run its
tests in a user/network namespace if that can be allocated. This caused
the tests to fail on my system where once the user namespace is opened
access to the build tree in my $HOME is prohibited (due to restricted
access modes on my home dir). Let's add a check for that: before
actually isolating the test in a user/network namespace, let's see if
that would make it impossible for us to access the build tree (which we
need to do load the TLS certificates the test requires).
This should make the test pass when run as root from a build tree with
restrictive access mode.
|
| |
|
|
|
|
|
|
| |
Let's raise our supported baseline a bit: CLOCK_BOOTTIME started to work
with timerfd in kernel 3.15 (i.e. back in 2014), let's require support
for it now.
This will raise our baseline only modestly from 3.13 → 3.15.
|
| |
|
|
|
|
|
|
|
|
|
| |
Same idea as 03677889f0ef42cdc534bf3b31265a054b20a354.
No functional change intended. The type of the iterator is generally changed to
be 'const char*' instead of 'char*'. Despite the type commonly used, modifying
the string was not allowed.
I adjusted the naming of some short variables for clarity and reduced the scope
of some variable declarations in code that was being touched anyway.
|
| |\
| |
| | |
tree-wide: declare iterator of LIST_FOREACH() in the loop
|
| | |
| |
| |
| | |
This also avoids multiple evaluations in STRV_FOREACH_BACKWARDS()
|
| | | |
|
| | | |
|
| |/
|
|
|
|
|
|
|
|
| |
changes
We basically had the same code in three places. Let's unify it in a
common helper function.
event_add_time_change() might be something we should add to the official
sd-event API sooner or later, given its general usefulness.
|
