Age | Commit message (Collapse) | Author |
|
|
|
|
|
This partially reverts 106784ebb7b303ae471851100a773ad2aebf5b80, ad
readds separate DNS_PACKET_MAKE_FLAGS() invocations for the LLMNR and
DNS case. This is important since SOme flags have different names and
meanings on LLMNR and on DNS and we should clarify that via the comments
and how we put things together.
|
|
With more protocols to come, switch repetitive if-else blocks with a
switch-case statements.
|
|
We explicitly need to turn off name compression when marshalling or
demarshalling RRs for bus transfer, since they otherwise refer to packet
offsets that reference packets that are not transmitted themselves.
|
|
With this change we'll now also generate synthesized RRs for the local
LLMNR hostname (first label of system hostname), the local mDNS hostname
(first label of system hostname suffixed with .local), the "gateway"
hostname and all the reverse PTRs. This hence takes over part of what
nss-myhostname already implemented.
Local hostnames resolve to the set of local IP addresses. Since the
addresses are possibly on different interfaces it is necessary to change
the internal DnsAnswer object to track per-RR interface indexes, and to
change the bus API to always return the interface per-address rather than
per-reply. This change also patches the existing clients for resolved
accordingly (nss-resolve + systemd-resolve-host).
This also changes the routing logic for queries slightly: we now ensure
that the local hostname is never resolved via LLMNR, thus making it
trustable on the local system.
|
|
|
|
The NSEC type itself must at least be in the bitmap, so NSEC records with empty
bitmaps must be bogus.
|
|
We were tracking the bit offset inside each byte, rather than inside the whole bitmap.
|
|
We were counting the number of bits set rather than the number of bytes they occupied.
|
|
A size_t was being accessed as a char* due to the order of arguments being inverted.
|
|
|
|
We were appending rather than reading the bitmap.
|
|
We can never read past the end of the packet, so this seems impossible
to exploit, but let's error out early as reading past the end of the
current RR is clearly an error.
Found by Lennart, based on patch by Daniel.
|
|
Rename the field to make this clearer.
|
|
Most blobs (keys, signatures, ...) should have a specific size given by
the relevant algorithm. However, as we don't use/verify the algorithms
yet, let's just ensure that we don't read out zero-length data in cases
where this does not make sense.
The only exceptions, where zero-length data is allowed are in the NSEC3
salt field, and the generic data (which we don't know anything about,
so better not make any assumptions).
|
|
resolve: unify memdup() code when parsing RRs
|
|
dns_packet_append_type_window()
|
|
Let's make dns_packet_read_public_key() more generic by renaming it to
dns_packet_read_memdup() (which more accurately describes what it
does...). Then, patch all cases where we memdup() RR data to use this
new call.
This specifically checks for zero-length objects, and handles them
gracefully. It will set zero length payload fields as a result.
Special care should be taken to ensure that any code using this call
can handle the returned allocated field to be NULL if the size is
specified as 0!
|
|
Reuse the Iterator object from hashmap.h and expose a similar API.
This allows us to do
{
Iterator i;
unsigned n;
BITMAP_FOREACH(n, b, i) {
Iterator j;
unsigned m;
BITMAP_FOREACH(m, b, j) {
...
}
}
}
without getting confused. Requested by David.
|
|
Needed for DNSSEC.
|
|
Needed for DNSSEC.
|
|
resolved: minor improvements to RR handling
|
|
Needed for DNSSEC.
|
|
Currently we only make sure our links can handle the size of the payload witohut
taking the headers into account.
|
|
Make all LLMNR related packet inspections conditional to p->protocol.
Use switch-case statements while at it, which will make future additions
more readable.
|
|
The key tag is 16, not 8 bits.
|
|
|
|
https://github.com/vlajos/misspell_fixer
https://github.com/torstehu/systemd/commit/b6fdeb618cf2f3ce1645b3315f15f482710c7ffa
Thanks to Torstein Husebo <torstein@huseboe.net>.
|
|
section 6.1
The RFC says to encode an single empty TXT string instead of an empty
TXT array. It also says to treat a zero-length TXT RR as a TXT array
with a single zero-length string.
|
|
TXT records should have at least one character, so enforce this.
Before 0f84a72 parser SIGSEGV'd on ->txt.strings being NULL, but
even if this is fixed we should reject invalid TXT records.
|
|
Set the error code in case of incorrect name. This prevents continuing
and failing an assert(name) later on.
|
|
Loops in RR compression were only detected for the first entry.
Multiple redirections should be allowed, each one checking for an
infinite loop on its own starting point.
Also update the pointer on each redirection to avoid longer loops of
labels and redirections, in names like:
(start) [len=1] "A", [ptr to start]
(David: rename variable to "jump_barrier" and add reference to RFC)
|
|
|
|
It is redundant to store 'hash' and 'compare' function pointers in
struct Hashmap separately. The functions always comprise a pair.
Store a single pointer to struct hash_ops instead.
systemd keeps hundreds of hashmaps, so this saves a little bit of
memory.
|
|
|
|
|
|
|
|
|
|
|
|
Make sure we format UTF-8 labels as IDNA when writing them to DNS
packets, and as native UTF-8 when writing them to mDNS or LLMNR packets.
When comparing or processing labels always consider native UTF-8 and
IDNA formats equivalent.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
LOC records have a version field. So far only version 0 has been
published, but if a record with a different version was encountered,
our only recourse is to treat it as an unknown type. This is
implemented with the 'unparseable' flag, which causes the
serialization/deserialization and printing function to cause the
record as a blob. The flag can be used if other packet types cannot be
parsed for whatever reason.
|
|
|