summaryrefslogtreecommitdiff
path: root/src/resolve
AgeCommit message (Collapse)Author
2015-07-23resolve: transaction - stop processing packet when found to be invalidTom Gundersen
We were stopping the transaction, but we need to stop processing the packet alltogether.
2015-07-23resolved: packet - fix segfault in truncate()Tom Gundersen
A size_t was being accessed as a char* due to the order of arguments being inverted.
2015-07-23resolved: rr - ignore pseudo types in NSEC(3) bitmapsTom Gundersen
2015-07-23resolved: rr - fix parsing of NSEC3Tom Gundersen
We were appending rather than reading the bitmap.
2015-07-23resolved: rr - don't read past end of RR when parsing NSEC(3)Tom Gundersen
We can never read past the end of the packet, so this seems impossible to exploit, but let's error out early as reading past the end of the current RR is clearly an error. Found by Lennart, based on patch by Daniel.
2015-07-23resolved: rr - SSHFP contains the fingerprint, not the keyTom Gundersen
Rename the field to make this clearer.
2015-07-23resolved: packet - fail on invalid zero-length dataTom Gundersen
Most blobs (keys, signatures, ...) should have a specific size given by the relevant algorithm. However, as we don't use/verify the algorithms yet, let's just ensure that we don't read out zero-length data in cases where this does not make sense. The only exceptions, where zero-length data is allowed are in the NSEC3 salt field, and the generic data (which we don't know anything about, so better not make any assumptions).
2015-07-23Merge pull request #669 from poettering/dns-rr-memdupTom Gundersen
resolve: unify memdup() code when parsing RRs
2015-07-23Merge pull request #673 from poettering/dns-packet-append-type-windowDaniel Mack
resolved: make sure we alway initialize *start in dns_packet_append_t…
2015-07-23resolved: make sure we alway initialize *start in ↵Lennart Poettering
dns_packet_append_type_window()
2015-07-23resolve: unify memdup() code when parsing RRsLennart Poettering
Let's make dns_packet_read_public_key() more generic by renaming it to dns_packet_read_memdup() (which more accurately describes what it does...). Then, patch all cases where we memdup() RR data to use this new call. This specifically checks for zero-length objects, and handles them gracefully. It will set zero length payload fields as a result. Special care should be taken to ensure that any code using this call can handle the returned allocated field to be NULL if the size is specified as 0!
2015-07-23Merge pull request #667 from poettering/dns-rr-memleakTom Gundersen
resolve: fix two minor memory leaks
2015-07-23resolve: fix two minor memory leaksLennart Poettering
strv_extend() already strdup()s internally, no need to to this twice. (Also, was missing OOM check...). Use strv_consume() when we already have a string allocated whose ownership we want to pass to the strv. This fixes 50f1e641a93cacfc693b0c3d300bee5df0c8c460.
2015-07-23resolve: drop dns_scope_good_dns_server()Lennart Poettering
It's not used anymore since 29815b6c608b836cada5e349d06a96b63eaa65f3, hence let's remove it from the sources.
2015-07-16bitmap: use external iteratorTom Gundersen
Reuse the Iterator object from hashmap.h and expose a similar API. This allows us to do { Iterator i; unsigned n; BITMAP_FOREACH(n, b, i) { Iterator j; unsigned m; BITMAP_FOREACH(m, b, j) { ... } } } without getting confused. Requested by David.
2015-07-14resolved: rr - add NSEC3 supportTom Gundersen
Needed for DNSSEC.
2015-07-14resolved: rr - add NSEC supportTom Gundersen
Needed for DNSSEC.
2015-07-14Merge pull request #586 from teg/resolved-rrs-3Daniel Mack
resolved: minor improvements to RR handling
2015-07-14resolved: improve printing of unknown RRsTom Gundersen
This implements the recommendations from RFC3597.
2015-07-14resolved: rr - add DS supportTom Gundersen
Needed for DNSSEC.
2015-07-14resolved: rr - print formated timestamps in RRSIGTom Gundersen
2015-07-14resolved: use one UDP socket per transactionTom Gundersen
We used to have one global socket, use one per transaction instead. This has the side-effect of giving us a random UDP port per transaction, and hence increasing the entropy and making cache poisoining significantly harder to achieve. We still reuse the same port number for packets belonging to the same transaction (resent packets).
2015-07-14resolved: implement RFC5452Tom Gundersen
This improves the resilience against cache poisoning by being stricter about only accepting responses that match precisely the requst they are in reply to. It should be noted that we still only use one port (which is picked at random), rather than one port for each transaction. Port randomization would improve things further, but is not required by the RFC.
2015-07-14resolved: pin the server used in a transactionTom Gundersen
We want to discover information about the server and use that in when crafting packets to be resent.
2015-07-14resolved: reference count the dns serversTom Gundersen
We want to reference the servers from their active transactions, so make sure they stay around as long as the transaction does.
2015-07-14resolved: packet - ensure there is space for IP+UDP headersTom Gundersen
Currently we only make sure our links can handle the size of the payload witohut taking the headers into account.
2015-07-14resolved: rr - print DNSKEY and RRSIG in base64Tom Gundersen
As mandated by RFC4034.
2015-07-13resolved: make LLMNR checks conditionalDaniel Mack
Make all LLMNR related packet inspections conditional to p->protocol. Use switch-case statements while at it, which will make future additions more readable.
2015-07-13resolved: separate LLMNR specific header bitsDaniel Mack
The C and T bits in the DNS packet header definitions are specific to LLMNR. In regular DNS, they are called AA and RD instead. Reflect that by calling the macros accordingly, and alias LLMNR specific macros. While at it, define RA, AD and CD getters as well.
2015-07-13resolved: use a #define for LLMNR portDaniel Mack
De-duplicate some magic numbers.
2015-07-13resolved: move LLMNR related functions into separate fileDaniel Mack
2015-07-08resolved: fix marshalling of RRSIG recordsTom Gundersen
The key tag is 16, not 8 bits.
2015-06-15everywhere: port everything to sigprocmask_many() and friendsLennart Poettering
This ports a lot of manual code over to sigprocmask_many() and friends. Also, we now consistly check for sigprocmask() failures with assert_se(), since the call cannot realistically fail unless there's a programming error. Also encloses a few sd_event_add_signal() calls with (void) when we ignore the return values for it knowingly.
2015-06-13sd-netlink: rename from sd-rtnlTom Gundersen
2015-06-11sd-rtnl: make joining broadcast groups implicitTom Gundersen
2015-06-10resolve: move dns routines into sharedNick Owens
2015-06-10util: introduce CMSG_FOREACH() macro and make use of it everywhereLennart Poettering
It's only marginally shorter then the usual for() loop, but certainly more readable.
2015-05-29util: split out signal-util.[ch] from util.[ch]Lennart Poettering
No functional changes.
2015-05-18resolved: allow DnsAnswer objects with no space for RRsLennart Poettering
They might be created as result of merged answer sets, hence accept them. http://lists.freedesktop.org/archives/systemd-devel/2015-April/030834.html
2015-05-18resolved: fix crash when shutting downLennart Poettering
Reported by Cristian Rodríguez http://lists.freedesktop.org/archives/systemd-devel/2015-May/031626.html
2015-05-18util: split all hostname related calls into hostname-util.cLennart Poettering
2015-04-29tree-wide: get rid of a few more explicit bus parametersLennart Poettering
2015-04-29sd-bus: drop bus parameter from message callback prototypeLennart Poettering
This should simplify the prototype a bit. The bus parameter is redundant in most cases, and in the few where it matters it can be derived from the message via sd_bus_message_get_bus().
2015-04-11shared: add random-util.[ch]Ronny Chevalier
2015-04-08resolved: maintain order when writing resolv.conf entriesLennart Poettering
http://lists.freedesktop.org/archives/systemd-devel/2015-March/029850.html
2015-03-27fix gcc warnings about uninitialized variablesHarald Hoyer
like: src/shared/install.c: In function ‘unit_file_lookup_state’: src/shared/install.c:1861:16: warning: ‘r’ may be used uninitialized in this function [-Wmaybe-uninitialized] return r < 0 ? r : state; ^ src/shared/install.c:1796:13: note: ‘r’ was declared here int r; ^
2015-03-13Use space after a silencing (void)Zbigniew Jędrzejewski-Szmek
We were using a space more often than not, and this way is codified in CODING_STYLE.
2015-03-13tree-wide: there is no ENOTSUP on linuxDavid Herrmann
Replace ENOTSUP by EOPNOTSUPP as this is what linux actually uses.
2015-03-03Do not advertise .d snippets over main config fileZbigniew Jędrzejewski-Szmek
For daemons which have a main configuration file, there's little reason for the administrator to use configuration snippets. They are useful for packagers which need to override settings, but we shouldn't advertise that as the main way of configuring those services. https://bugs.freedesktop.org/show_bug.cgi?id=89397
2015-02-23resolved: use == for comparing unsigned against zeroZbigniew Jędrzejewski-Szmek