From 1b5b0ca79944bf3fd4991b2fda73b20439771bd0 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Mon, 23 Apr 2018 15:11:20 +0200 Subject: [PATCH 01/24] Force trailing '\0' with string config settings Because even though it is added when parsing from JSON, it will be lost when the bindata is copied into a dict with getdns_dict_set_bindata. --- src/context.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/src/context.c b/src/context.c index 39d54bbb..3167a4c2 100644 --- a/src/context.c +++ b/src/context.c @@ -4806,9 +4806,19 @@ static getdns_return_t _get_list_or_read_file(const getdns_dict *config_dict, #define CONTEXT_SETTING_STRING(X) \ } else if (_streq(setting, #X )) { \ - if (!(r = getdns_dict_get_bindata(config_dict, #X , &bd))) \ - r = getdns_context_set_ ## X( \ - context, (char *)bd->data); + if (!(r = getdns_dict_get_bindata(config_dict, #X , &bd))) { \ + if (bd->size < sizeof(str_buf)) { \ + (void) memcpy(str_buf, (char *)bd->data, bd->size); \ + str_buf[bd->size] = '\0'; \ + r = getdns_context_set_ ## X( \ + context, str_buf); \ + } else if ((tmp_str = _getdns_strdup2(&context->mf, bd))) { \ + r = getdns_context_set_ ## X( \ + context, tmp_str); \ + GETDNS_FREE(context->mf, tmp_str); \ + } else \ + r = GETDNS_RETURN_MEMORY_ERROR; \ + } static getdns_return_t _getdns_context_config_setting(getdns_context *context, @@ -4823,6 +4833,7 @@ _getdns_context_config_setting(getdns_context *context, uint32_t n; getdns_bindata *bd; int destroy_list = 0; + char str_buf[1024], *tmp_str; if (_streq(setting, "all_context")) { if (!(r = getdns_dict_get_dict(config_dict, "all_context", &dict))) From a834d32718e5e8fbf06f98c808efe54e19486352 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Mon, 23 Apr 2018 14:05:02 +0200 Subject: [PATCH 02/24] Fix negative reversed IPv4 test which assumes 1.1.1.1.in-addr.arpa does not exist --- src/test/check_getdns_hostname.h | 2 +- src/test/check_getdns_hostname_sync.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/test/check_getdns_hostname.h b/src/test/check_getdns_hostname.h index 7193fec9..d5e6bf8e 100644 --- a/src/test/check_getdns_hostname.h +++ b/src/test/check_getdns_hostname.h @@ -361,7 +361,7 @@ struct getdns_context *context = NULL; struct getdns_dict *address = NULL; struct getdns_bindata address_type = { 5, (void *)"IPv4" }; - struct getdns_bindata address_data = { 4, (void *)"\x01\x01\x01\x01" }; + struct getdns_bindata address_data = { 4, (void *)"\xb9\x31\x8c\x00" }; void* eventloop = NULL; getdns_transaction_t transaction_id = 0; diff --git a/src/test/check_getdns_hostname_sync.h b/src/test/check_getdns_hostname_sync.h index 260a0f19..38a33fb2 100644 --- a/src/test/check_getdns_hostname_sync.h +++ b/src/test/check_getdns_hostname_sync.h @@ -304,7 +304,7 @@ struct getdns_context *context = NULL; struct getdns_dict *address = NULL; struct getdns_bindata address_type = { 5, (void *)"IPv4" }; - struct getdns_bindata address_data = { 4, (void *)"\x01\x01\x01\x01" }; + struct getdns_bindata address_data = { 4, (void *)"\xb9\x31\x8c\x00" }; struct getdns_dict *response = NULL; CONTEXT_CREATE(TRUE); From 7fecf5a93de9218511601f4903ca81c835803564 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Tue, 1 May 2018 13:19:24 +0200 Subject: [PATCH 03/24] Allow NSEC spans starting from (unexpanded) wildcards --- src/dnssec.c | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/src/dnssec.c b/src/dnssec.c index 1a87c77a..7e0d1248 100644 --- a/src/dnssec.c +++ b/src/dnssec.c @@ -1685,7 +1685,7 @@ static int a_key_signed_rrset_no_wc(struct mem_funcs *mf, time_t now, uint32_t skew, _getdns_rrset *keyset, _getdns_rrset *rrset) { _getdns_rrtype_iter dnskey_spc, *dnskey; - const uint8_t *nc_name; + const uint8_t *nc_name; /* Initialized by dnskey_signed_rrset() */ int keytag; assert(keyset->rr_type == GETDNS_RRTYPE_DNSKEY); @@ -1693,8 +1693,17 @@ static int a_key_signed_rrset_no_wc(struct mem_funcs *mf, time_t now, for ( dnskey = _getdns_rrtype_iter_init(&dnskey_spc, keyset) ; dnskey ; dnskey = _getdns_rrtype_iter_next(dnskey) ) { - if ((keytag = dnskey_signed_rrset(mf, now, skew, - dnskey, rrset, &nc_name)) && !nc_name) + if (!(keytag = dnskey_signed_rrset(mf, now, skew, + dnskey, rrset, &nc_name))) + continue; + + if (!nc_name) /* Not a wildcard, then success! */ + return keytag; + + /* Not a wildcard expansion, but the wildcard name itself. */ + if (rrset->rr_type == GETDNS_RRTYPE_NSEC && + rrset->name[0] == 1 && rrset->name[1] == '*' && + nc_name == rrset->name) return keytag; } return 0; @@ -1709,7 +1718,8 @@ static int a_key_signed_rrset(struct mem_funcs *mf, time_t now, uint32_t skew, _getdns_rrset *keyset, _getdns_rrset *rrset) { _getdns_rrtype_iter dnskey_spc, *dnskey; - const uint8_t *nc_name; + const uint8_t *nc_name; /* Initialized by dnskey_signed_rrset() */ + int keytag; assert(keyset->rr_type == GETDNS_RRTYPE_DNSKEY); @@ -1728,7 +1738,8 @@ static int a_key_signed_rrset(struct mem_funcs *mf, time_t now, uint32_t skew, * There is no more specific! */ if (rrset->rr_type == GETDNS_RRTYPE_NSEC && - rrset->name[0] == 1 && rrset->name[1] == '*') + rrset->name[0] == 1 && rrset->name[1] == '*' && + nc_name == rrset->name) return keytag; debug_sec_print_rrset("wildcard expanded to: ", rrset); @@ -1751,7 +1762,7 @@ static int ds_authenticates_keys(struct mem_funcs *mf, _getdns_rrtype_iter dnskey_spc, *dnskey; _getdns_rrtype_iter ds_spc, *ds; uint16_t keytag; - const uint8_t *nc_name; + const uint8_t *nc_name; /* Initialized by dnskey_signed_rrset() */ size_t valid_dsses = 0, supported_dsses = 0; uint8_t max_supported_digest = 0; int max_supported_result = 0; From 9c019680487e2cd8e8a7af3f9578688bbfb0a4f1 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Tue, 1 May 2018 17:07:16 +0200 Subject: [PATCH 04/24] DS and DNSKEY lookups for tld and sld immediately Resolves issue getdnsapi/stubby#99 --- src/dnssec.c | 97 ++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 67 insertions(+), 30 deletions(-) diff --git a/src/dnssec.c b/src/dnssec.c index 7e0d1248..c6041a7a 100644 --- a/src/dnssec.c +++ b/src/dnssec.c @@ -244,13 +244,16 @@ static inline int _dname_equal(const uint8_t *left, const uint8_t *right) static int _dname_is_parent( const uint8_t * const parent, const uint8_t *subdomain) { - while (*subdomain) { + if (*parent == 0) + return 1; + + else while (*subdomain) { if (_dname_equal(parent, subdomain)) return 1; subdomain += *subdomain + 1; } - return *parent == 0; + return 0; } static uint8_t *_dname_label_copy(uint8_t *dst, const uint8_t *src, size_t dst_len) @@ -668,8 +671,16 @@ static chain_head *add_rrset2val_chain(struct mem_funcs *mf, /* On the first chain, max_node == NULL. * Schedule a root DNSKEY query, we always need that. */ - if (!(node[-1].parent = max_node)) + if (!(node[-1].parent = max_node)) { val_chain_sched(head, (uint8_t *)"\0"); + if (head->node_count > 1) + val_chain_sched(head, node[-2].ds.name); + if (head->node_count > 2) + val_chain_sched(head, node[-3].ds.name); + } else if ((max_labels == 1 || max_labels == 2) && head->node_count > 0) + val_chain_sched(head, node[-1].ds.name); + if (max_labels == 1 && head->node_count > 1) + val_chain_sched(head, node[-2].ds.name); return head; } @@ -1051,6 +1062,46 @@ static void val_chain_sched_signer(chain_head *head, _getdns_rrsig_iter *rrsig) val_chain_sched_signer_node(head->parent, rrsig); } +/* Cancel all DS and DNSKEY for subdomains of parent_dname, + * and also the DNSKEY query at the parent_dname + */ +static void cancel_requests_for_subdomains_of( + chain_head *head, const uint8_t *parent_dname) +{ + chain_head *next; + chain_node *node; + size_t node_count; + + while (head) { + next = head->next; + + if (!_dname_is_parent(parent_dname, head->rrset.name)) { + head = next; + continue; + } + for ( node_count = head->node_count, node = head->parent + ; node_count + ; node_count--, node = node->parent ) { + + if (!_getdns_netreq_finished(node->dnskey_req)) { + _getdns_context_cancel_request( + node->dnskey_req->owner); + node->dnskey_req = NULL; + } + + if (_dname_equal(parent_dname, node->ds.name)) + break; + + if (!_getdns_netreq_finished(node->ds_req)) { + _getdns_context_cancel_request( + node->ds_req->owner); + node->ds_req = NULL; + } + } + head = next; + } +} + static void val_chain_node_cb(getdns_dns_req *dnsreq) { chain_node *node = (chain_node *)dnsreq->user_pointer; @@ -1092,12 +1143,22 @@ static void val_chain_node_cb(getdns_dns_req *dnsreq) n_signers++; } } - if (netreq->request_type == GETDNS_RRTYPE_DS && n_signers == 0) + if (netreq->request_type != GETDNS_RRTYPE_DS) + ; /* pass */ + else if (n_signers) { + _getdns_rrtype_iter ds_spc; + + if (!_getdns_rrtype_iter_init(&ds_spc, &node->ds)) { + debug_sec_print_rrset("A DS NX proof for ", &node->ds); + DEBUG_SEC("Cancel all more specific requests\n"); + cancel_requests_for_subdomains_of(node->chains, node->ds.name); + } + } else { /* No signed DS and no signed proof of non-existance. * Search further up the tree... */ val_chain_sched_ds_node(node->parent); - + } if (node->lock) node->lock--; check_chain_complete(node->chains); } @@ -3323,31 +3384,7 @@ void _getdns_ta_notify_dnsreqs(getdns_context *context) void _getdns_validation_chain_timeout(getdns_dns_req *dnsreq) { - chain_head *head = dnsreq->chain, *next; - chain_node *node; - size_t node_count; - - while (head) { - next = head->next; - - for ( node_count = head->node_count, node = head->parent - ; node_count - ; node_count--, node = node->parent ) { - - if (!_getdns_netreq_finished(node->dnskey_req)) { - _getdns_context_cancel_request( - node->dnskey_req->owner); - node->dnskey_req = NULL; - } - - if (!_getdns_netreq_finished(node->ds_req)) { - _getdns_context_cancel_request( - node->ds_req->owner); - node->ds_req = NULL; - } - } - head = next; - } + cancel_requests_for_subdomains_of(dnsreq->chain, (uint8_t *)"\0"); dnsreq->request_timed_out = 1; check_chain_complete(dnsreq->chain); } From 6c075e2ad860e1392594b81c8ca68ddc0c9781d1 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Wed, 2 May 2018 14:01:00 +0200 Subject: [PATCH 05/24] Bugfix #395 : Clarify that libidn2 dependency is for version 2.0.0 or higher --- ChangeLog | 4 ++++ README.md | 2 +- configure.ac | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 12867743..ea2a0ea4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +* 2018-05-??: Version 1.4.2 + * Bugfix: #395. Clarify that libidn2 dependency is for version 2.0.0 + or higher. Thanks mire3212 + * 2018-03-12: Version 1.4.1 * Bugfix #388: Prevent fallback to an earlier tries upstream within a single query. Thanks Robert Groenenberg diff --git a/README.md b/README.md index cada3b41..565310c7 100644 --- a/README.md +++ b/README.md @@ -70,7 +70,7 @@ If you are installing from packages, you have to install the library and also th External dependencies are linked outside the getdns API build tree (we rely on configure to find them). We would like to keep the dependency tree short. Please refer to section for building on Windows for separate dependency and build instructions for that platform. * [libunbound from NLnet Labs](https://unbound.net/) version 1.4.16 or later. -* [libidn from the FSF](https://www.gnu.org/software/libidn/) version 1 or 2. (Note that the libidn version means the conversions between A-labels and U-labels may permit conversion of formally invalid labels under IDNA2008.) +* [libidn from the FSF](https://www.gnu.org/software/libidn/) version 1 or 2 (from version 2.0.0 and higher). (Note that the libidn version means the conversions between A-labels and U-labels may permit conversion of formally invalid labels under IDNA2008.) * [libssl and libcrypto from the OpenSSL Project](https://www.openssl.org/) version 0.9.7 or later. (Note: version 1.0.1 or later is required for TLS support, version 1.0.2 or later is required for TLS hostname authentication) * Doxygen is used to generate documentation; while this is not technically necessary for the build it makes things a lot more pleasant. diff --git a/configure.ac b/configure.ac index a0d719b4..18971e83 100644 --- a/configure.ac +++ b/configure.ac @@ -887,7 +887,7 @@ then LIBS="-lidn2 $LIBS" AC_DEFINE_UNQUOTED([HAVE_LIBIDN2], [1], [Define to 1 if you have the `idn2' library (-lidn).]) dnl ` ], [ - MISSING_DEPS="${MISSING_DEPS}${MISSING_SEP}libidn2" + MISSING_DEPS="${MISSING_DEPS}${MISSING_SEP}libidn2 (version 2.0.0 or higher)" MISSING_SEP=", " ]) fi From 4f050facc37e086479c939048476e44d1d19e4af Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Wed, 2 May 2018 14:32:12 +0200 Subject: [PATCH 06/24] Bugfix #394: Update src/compat/getentropy_linux.c in order to handle ENOSYS (not implemented) fallback. Thanks Brent Blood --- ChangeLog | 5 ++- src/compat/getentropy_linux.c | 83 +++++++++++++++++++++-------------- 2 files changed, 53 insertions(+), 35 deletions(-) diff --git a/ChangeLog b/ChangeLog index ea2a0ea4..2b0ba971 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,8 @@ * 2018-05-??: Version 1.4.2 - * Bugfix: #395. Clarify that libidn2 dependency is for version 2.0.0 + * Bugfix #394: Update src/compat/getentropy_linux.c in order to + handle ENOSYS (not implemented) fallback. + Thanks Brent Blood + * Bugfix #395: Clarify that libidn2 dependency is for version 2.0.0 or higher. Thanks mire3212 * 2018-03-12: Version 1.4.1 diff --git a/src/compat/getentropy_linux.c b/src/compat/getentropy_linux.c index 37d86a8f..a1159d0c 100644 --- a/src/compat/getentropy_linux.c +++ b/src/compat/getentropy_linux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_linux.c,v 1.20 2014/07/12 15:43:49 beck Exp $ */ +/* $OpenBSD: getentropy_linux.c,v 1.45 2018/03/13 22:53:28 bcook Exp $ */ /* * Copyright (c) 2014 Theo de Raadt @@ -15,6 +15,9 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Emulation of getentropy(2) as documented at: + * http://man.openbsd.org/getentropy.2 */ #include "config.h" @@ -39,6 +42,7 @@ #include #include #include +#include #include #include #include @@ -55,7 +59,6 @@ #include #include -#include #ifdef HAVE_GETAUXVAL #include #endif @@ -75,6 +78,7 @@ #if defined(HAVE_SSL) #define CRYPTO_SHA512_CTX SHA512_CTX #define CRYPTO_SHA512_INIT(x) SHA512_Init(x) +#define CRYPTO_SHA512_UPDATE(c, x, l) (SHA512_Update((c), (char *)(x), (l)) #define CRYPTO_SHA512_FINAL(r, c) SHA512_Final(r, c) #define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l))) #define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x))) @@ -82,6 +86,7 @@ #elif defined(HAVE_NETTLE) #define CRYPTO_SHA512_CTX struct sha512_ctx #define CRYPTO_SHA512_INIT(x) sha512_init(x) +#define CRYPTO_SHA512_UPDATE(c, x, l) (sha512_update((c), (l), (uint8_t *)(x)) #define CRYPTO_SHA512_FINAL(r, c) sha512_digest(c, SHA512_DIGEST_SIZE, r) #define HR(x, l) (sha512_update(&ctx, (l), (uint8_t *)(x))) #define HD(x) (sha512_update(&ctx, sizeof (x), (uint8_t *)&(x))) @@ -90,11 +95,8 @@ int getentropy(void *buf, size_t len); -#ifdef CAN_REFERENCE_MAIN -extern int main(int, char *argv[]); -#endif static int gotdata(char *buf, size_t len); -#ifdef SYS_getrandom +#if defined(SYS_getrandom) && defined(GRND_NONBLOCK) static int getentropy_getrandom(void *buf, size_t len); #endif static int getentropy_urandom(void *buf, size_t len); @@ -102,6 +104,7 @@ static int getentropy_urandom(void *buf, size_t len); static int getentropy_sysctl(void *buf, size_t len); #endif static int getentropy_fallback(void *buf, size_t len); +static int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data); int getentropy(void *buf, size_t len) @@ -110,18 +113,21 @@ getentropy(void *buf, size_t len) if (len > 256) { errno = EIO; - return -1; + return (-1); } -#ifdef SYS_getrandom +#if defined(SYS_getrandom) && defined(GRND_NONBLOCK) /* - * Try descriptor-less getrandom() + * Try descriptor-less getrandom(), in non-blocking mode. + * + * The design of Linux getrandom is broken. It has an + * uninitialized phase coupled with blocking behaviour, which + * is unacceptable from within a library at boot time without + * possible recovery. See http://bugs.python.org/issue26839#msg267745 */ ret = getentropy_getrandom(buf, len); if (ret != -1) return (ret); - if (errno != ENOSYS) - return (-1); #endif /* @@ -175,7 +181,7 @@ getentropy(void *buf, size_t len) * - Do the best under the circumstances.... * * This code path exists to bring light to the issue that Linux - * does not provide a failsafe API for entropy collection. + * still does not provide a failsafe API for entropy collection. * * We hope this demonstrates that Linux should either retain their * sysctl ABI, or consider providing a new failsafe API which @@ -205,11 +211,11 @@ gotdata(char *buf, size_t len) for (i = 0; i < len; ++i) any_set |= buf[i]; if (any_set == 0) - return -1; - return 0; + return (-1); + return (0); } -#ifdef SYS_getrandom +#if defined(SYS_getrandom) && defined(GRND_NONBLOCK) static int getentropy_getrandom(void *buf, size_t len) { @@ -218,7 +224,7 @@ getentropy_getrandom(void *buf, size_t len) if (len > 256) return (-1); do { - ret = syscall(SYS_getrandom, buf, len, 0); + ret = syscall(SYS_getrandom, buf, len, GRND_NONBLOCK); } while (ret == -1 && errno == EINTR); if (ret != (int)len) @@ -266,7 +272,7 @@ start: } for (i = 0; i < len; ) { size_t wanted = len - i; - ssize_t ret = read(fd, (char*)buf + i, wanted); + ssize_t ret = read(fd, (char *)buf + i, wanted); if (ret == -1) { if (errno == EAGAIN || errno == EINTR) @@ -279,11 +285,11 @@ start: close(fd); if (gotdata(buf, len) == 0) { errno = save_errno; - return 0; /* satisfied */ + return (0); /* satisfied */ } nodevrandom: errno = EIO; - return -1; + return (-1); } #ifdef SYS__sysctl @@ -314,11 +320,11 @@ getentropy_sysctl(void *buf, size_t len) } sysctlfailed: errno = EIO; - return -1; + return (-1); } #endif /* SYS__sysctl */ -static int cl[] = { +static const int cl[] = { CLOCK_REALTIME, #ifdef CLOCK_MONOTONIC CLOCK_MONOTONIC, @@ -343,6 +349,15 @@ static int cl[] = { #endif }; +static int +getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data) +{ + CRYPTO_SHA512_CTX *ctx = data; + + CRYPTO_SHA512_UPDATE(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr)); + return (0); +} + static int getentropy_fallback(void *buf, size_t len) { @@ -379,6 +394,8 @@ getentropy_fallback(void *buf, size_t len) cnt += (int)tv.tv_usec; } + dl_iterate_phdr(getentropy_phdr, &ctx); + for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++) HX(clock_gettime(cl[ii], &ts) == -1, ts); @@ -398,9 +415,6 @@ getentropy_fallback(void *buf, size_t len) HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1, sigset); -#ifdef CAN_REFERENCE_MAIN - HF(main); /* an addr in program */ -#endif HF(getentropy); /* an addr in this library */ HF(printf); /* an addr in libc */ p = (char *)&p; @@ -525,33 +539,34 @@ getentropy_fallback(void *buf, size_t len) HD(cnt); } #ifdef HAVE_GETAUXVAL -# ifdef AT_RANDOM +#ifdef AT_RANDOM /* Not as random as you think but we take what we are given */ p = (char *) getauxval(AT_RANDOM); if (p) HR(p, 16); -# endif -# ifdef AT_SYSINFO_EHDR +#endif +#ifdef AT_SYSINFO_EHDR p = (char *) getauxval(AT_SYSINFO_EHDR); if (p) HR(p, pgs); -# endif -# ifdef AT_BASE +#endif +#ifdef AT_BASE p = (char *) getauxval(AT_BASE); if (p) HD(p); -# endif -#endif /* HAVE_GETAUXVAL */ +#endif +#endif CRYPTO_SHA512_FINAL(results, &ctx); - memcpy((char*)buf + i, results, min(sizeof(results), len - i)); + memcpy((char *)buf + i, results, min(sizeof(results), len - i)); i += min(sizeof(results), len - i); } + memset(&ctx, 0, sizeof ctx); memset(results, 0, sizeof results); if (gotdata(buf, len) == 0) { errno = save_errno; - return 0; /* satisfied */ + return (0); /* satisfied */ } errno = EIO; - return -1; + return (-1); } From f0f101511b35b5dca35774cc4d1d508066e4c6df Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Thu, 3 May 2018 11:21:11 +0200 Subject: [PATCH 07/24] _GNU_SOURCE needed for struct dl_phdr_info from link.h --- src/compat/getentropy_linux.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/compat/getentropy_linux.c b/src/compat/getentropy_linux.c index a1159d0c..4f437bf3 100644 --- a/src/compat/getentropy_linux.c +++ b/src/compat/getentropy_linux.c @@ -23,8 +23,8 @@ /* #define _POSIX_C_SOURCE 199309L -#define _GNU_SOURCE 1 */ +#define _GNU_SOURCE 1 #include #include #include From f5c588c9554b694b5d07f70bce38ec41e7b70660 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Thu, 3 May 2018 11:30:28 +0200 Subject: [PATCH 08/24] Need _GNU_SOURCE before config.h --- src/compat/getentropy_linux.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/compat/getentropy_linux.c b/src/compat/getentropy_linux.c index 4f437bf3..9f216f8c 100644 --- a/src/compat/getentropy_linux.c +++ b/src/compat/getentropy_linux.c @@ -19,12 +19,10 @@ * Emulation of getentropy(2) as documented at: * http://man.openbsd.org/getentropy.2 */ +#define _GNU_SOURCE 1 +#define _POSIX_C_SOURCE 199309L #include "config.h" -/* -#define _POSIX_C_SOURCE 199309L -*/ -#define _GNU_SOURCE 1 #include #include #include From de7f007bf3a63583455ed7dad8634d4789e6bc09 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Thu, 3 May 2018 11:40:44 +0200 Subject: [PATCH 09/24] Without dl_iterate_phdr for now... --- src/compat/getentropy_linux.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/compat/getentropy_linux.c b/src/compat/getentropy_linux.c index 9f216f8c..f08f35b1 100644 --- a/src/compat/getentropy_linux.c +++ b/src/compat/getentropy_linux.c @@ -19,8 +19,12 @@ * Emulation of getentropy(2) as documented at: * http://man.openbsd.org/getentropy.2 */ +/* #define WITH_DL_ITERATE_PHDR 1 */ + +#ifdef WITH_DL_ITERATE_PHDR #define _GNU_SOURCE 1 #define _POSIX_C_SOURCE 199309L +#endif #include "config.h" #include @@ -40,7 +44,9 @@ #include #include #include +#ifdef WITH_DL_ITERATE_PHDR #include +#endif #include #include #include @@ -102,7 +108,9 @@ static int getentropy_urandom(void *buf, size_t len); static int getentropy_sysctl(void *buf, size_t len); #endif static int getentropy_fallback(void *buf, size_t len); +#ifdef WITH_DL_ITERATE_PHDR static int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data); +#endif int getentropy(void *buf, size_t len) @@ -347,6 +355,7 @@ static const int cl[] = { #endif }; +#ifdef WITH_DL_ITERATE_PHDR static int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data) { @@ -355,6 +364,7 @@ getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data) CRYPTO_SHA512_UPDATE(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr)); return (0); } +#endif static int getentropy_fallback(void *buf, size_t len) @@ -392,7 +402,9 @@ getentropy_fallback(void *buf, size_t len) cnt += (int)tv.tv_usec; } +#ifdef WITH_DL_ITERATE_PHDR dl_iterate_phdr(getentropy_phdr, &ctx); +#endif for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++) HX(clock_gettime(cl[ii], &ts) == -1, ts); From 101d6027396b7249930f3aaf9c910c682a2a3747 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Thu, 3 May 2018 11:48:07 +0200 Subject: [PATCH 10/24] Travis output showed it was a bracket issue --- src/compat/getentropy_linux.c | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/src/compat/getentropy_linux.c b/src/compat/getentropy_linux.c index f08f35b1..3008b49f 100644 --- a/src/compat/getentropy_linux.c +++ b/src/compat/getentropy_linux.c @@ -19,11 +19,10 @@ * Emulation of getentropy(2) as documented at: * http://man.openbsd.org/getentropy.2 */ -/* #define WITH_DL_ITERATE_PHDR 1 */ - -#ifdef WITH_DL_ITERATE_PHDR +#define WITH_DL_ITERATE_PHDR 1 +#ifdef WITH_DL_ITERATE_PHDR #define _GNU_SOURCE 1 -#define _POSIX_C_SOURCE 199309L +/* #define _POSIX_C_SOURCE 199309L */ #endif #include "config.h" @@ -44,7 +43,7 @@ #include #include #include -#ifdef WITH_DL_ITERATE_PHDR +#ifdef WITH_DL_ITERATE_PHDR #include #endif #include @@ -82,7 +81,7 @@ #if defined(HAVE_SSL) #define CRYPTO_SHA512_CTX SHA512_CTX #define CRYPTO_SHA512_INIT(x) SHA512_Init(x) -#define CRYPTO_SHA512_UPDATE(c, x, l) (SHA512_Update((c), (char *)(x), (l)) +#define CRYPTO_SHA512_UPDATE(c, x, l) (SHA512_Update((c), (char *)(x), (l))) #define CRYPTO_SHA512_FINAL(r, c) SHA512_Final(r, c) #define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l))) #define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x))) @@ -90,7 +89,7 @@ #elif defined(HAVE_NETTLE) #define CRYPTO_SHA512_CTX struct sha512_ctx #define CRYPTO_SHA512_INIT(x) sha512_init(x) -#define CRYPTO_SHA512_UPDATE(c, x, l) (sha512_update((c), (l), (uint8_t *)(x)) +#define CRYPTO_SHA512_UPDATE(c, x, l) (sha512_update((c), (l), (uint8_t *)(x))) #define CRYPTO_SHA512_FINAL(r, c) sha512_digest(c, SHA512_DIGEST_SIZE, r) #define HR(x, l) (sha512_update(&ctx, (l), (uint8_t *)(x))) #define HD(x) (sha512_update(&ctx, sizeof (x), (uint8_t *)&(x))) @@ -108,7 +107,7 @@ static int getentropy_urandom(void *buf, size_t len); static int getentropy_sysctl(void *buf, size_t len); #endif static int getentropy_fallback(void *buf, size_t len); -#ifdef WITH_DL_ITERATE_PHDR +#ifdef WITH_DL_ITERATE_PHDR static int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data); #endif @@ -355,7 +354,7 @@ static const int cl[] = { #endif }; -#ifdef WITH_DL_ITERATE_PHDR +#ifdef WITH_DL_ITERATE_PHDR static int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data) { @@ -402,7 +401,7 @@ getentropy_fallback(void *buf, size_t len) cnt += (int)tv.tv_usec; } -#ifdef WITH_DL_ITERATE_PHDR +#ifdef WITH_DL_ITERATE_PHDR dl_iterate_phdr(getentropy_phdr, &ctx); #endif From 3c355d425bb1f4087ac1e7c27460b93551c39a82 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Thu, 3 May 2018 12:15:48 +0200 Subject: [PATCH 11/24] Warnings are errors :( --- src/compat/getentropy_linux.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/compat/getentropy_linux.c b/src/compat/getentropy_linux.c index 3008b49f..744783cd 100644 --- a/src/compat/getentropy_linux.c +++ b/src/compat/getentropy_linux.c @@ -359,6 +359,7 @@ static int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data) { CRYPTO_SHA512_CTX *ctx = data; + (void)size; CRYPTO_SHA512_UPDATE(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr)); return (0); From 2a110043da8d33857ba7359a9ee0e4af7493e99c Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Thu, 3 May 2018 14:35:01 +0200 Subject: [PATCH 12/24] Just some notes about packages --- project-doc/packages.txt | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 project-doc/packages.txt diff --git a/project-doc/packages.txt b/project-doc/packages.txt new file mode 100644 index 00000000..73398166 --- /dev/null +++ b/project-doc/packages.txt @@ -0,0 +1,13 @@ +Some notes about packages and maintainers. + +For Homebrew, created and maintained by ilovezfs +https://github.com/Homebrew/homebrew-core/Formula/getdns.rb +https://github.com/Homebrew/homebrew-core/Formula/stubby.rb + +For Arch, created and maintained by Bruno Pagani (ArchangeGabriel) + +For OpenWRT, created and maintained by David Mora (iamperson347) +https://github.com/openwrt/packages/tree/master/libs/getdns +https://github.com/openwrt/packages/tree/master/net/stubby + + From 23d2affebfb01807ea0b82e3ea895d1be9dd647d Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Thu, 3 May 2018 15:14:12 +0200 Subject: [PATCH 13/24] More ChangeLog entries --- ChangeLog | 7 +++++++ project-doc/packages.txt | 3 ++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 2b0ba971..ceb927bd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,11 @@ * 2018-05-??: Version 1.4.2 + * Bugfix getdnsapi/stubby#99: Partly trace DNSSEC from the root + up (for tld and sld), to find insecure delegations quicker. + Thanks UniverseXXX + * Bugfix: Allow NSEC spans starting from (unexpanded) wildcards + Bug was introduced when dealing with CVE-2017-15105 + * Bugfix getdnsapi/stubby#46: Don't assume trailing zero with + string bindata's. Thanks Lonnie Abelbeck * Bugfix #394: Update src/compat/getentropy_linux.c in order to handle ENOSYS (not implemented) fallback. Thanks Brent Blood diff --git a/project-doc/packages.txt b/project-doc/packages.txt index 73398166..3544c9ee 100644 --- a/project-doc/packages.txt +++ b/project-doc/packages.txt @@ -10,4 +10,5 @@ For OpenWRT, created and maintained by David Mora (iamperson347) https://github.com/openwrt/packages/tree/master/libs/getdns https://github.com/openwrt/packages/tree/master/net/stubby - +For AstLinux Project, created and maintained by Lonnie Abelbeck (abelbeck) +https://github.com/astlinux-project/astlinux/tree/master/package/getdns From caab2e8592466624988f90880dcc4639077badb5 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Thu, 3 May 2018 17:21:58 +0200 Subject: [PATCH 14/24] Bump versions and include release/0.2.3 Stubby release branch --- configure.ac | 14 +++++++------- stubby | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/configure.ac b/configure.ac index 18971e83..87367253 100644 --- a/configure.ac +++ b/configure.ac @@ -36,7 +36,7 @@ sinclude(./m4/acx_getaddrinfo.m4) sinclude(./m4/ax_check_compile_flag.m4) sinclude(./m4/pkg.m4) -AC_INIT([getdns], [1.4.1], [team@getdnsapi.net], [getdns], [https://getdnsapi.net]) +AC_INIT([getdns], [1.4.2], [team@getdnsapi.net], [getdns], [https://getdnsapi.net]) # Autoconf 2.70 will have set up runstatedir. 2.69 is frequently (Debian) # patched to do the same, but frequently (MacOS) not. So add a with option @@ -52,8 +52,8 @@ AC_SUBST([runstatedir], [$with_piddir]) # Don't forget to put a dash in front of the release candidate!!! # That is how it is done with semantic versioning! # -AC_SUBST(RELEASE_CANDIDATE, []) -AC_SUBST(STUBBY_RELEASE_CANDIDATE, []) +AC_SUBST(RELEASE_CANDIDATE, [-rc1]) +AC_SUBST(STUBBY_RELEASE_CANDIDATE, [-rc1]) # Set current date from system if not set AC_ARG_WITH([current-date], @@ -63,13 +63,13 @@ AC_ARG_WITH([current-date], [CURRENT_DATE="`date -u +%Y-%m-%dT%H:%M:%SZ`"]) AC_SUBST(GETDNS_VERSION, ["AC_PACKAGE_VERSION$RELEASE_CANDIDATE"]) -AC_SUBST(GETDNS_NUMERIC_VERSION, [0x01040100]) +AC_SUBST(GETDNS_NUMERIC_VERSION, [0x010401c1]) AC_SUBST(API_VERSION, ["December 2015"]) AC_SUBST(API_NUMERIC_VERSION, [0x07df0c00]) GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRENT_DATE for the $API_VERSION version of the API" AC_DEFINE_UNQUOTED([STUBBY_PACKAGE], ["stubby"], [Stubby package]) -AC_DEFINE_UNQUOTED([STUBBY_PACKAGE_STRING], ["0.2.2$STUBBY_RELEASE_CANDIDATE"], [Stubby package string]) +AC_DEFINE_UNQUOTED([STUBBY_PACKAGE_STRING], ["0.2.3$STUBBY_RELEASE_CANDIDATE"], [Stubby package string]) # Library version # --------------- @@ -105,8 +105,8 @@ AC_DEFINE_UNQUOTED([STUBBY_PACKAGE_STRING], ["0.2.2$STUBBY_RELEASE_CANDIDATE"], # getdns-1.3.0 had libversion 9:0:3 # getdns-1.4.0 had libversion 10:0:0 # getdns-1.4.1 has libversion 10:1:0 -# -GETDNS_LIBVERSION=10:1:0 +# getdns-1.4.2 has libversion 10:2:0 +GETDNS_LIBVERSION=10:2:0 AC_SUBST(GETDNS_COMPILATION_COMMENT) AC_SUBST(GETDNS_LIBVERSION) diff --git a/stubby b/stubby index 1a6acd64..ece119a8 160000 --- a/stubby +++ b/stubby @@ -1 +1 @@ -Subproject commit 1a6acd642c7dc9a04cf092e1a3837c5636d4b465 +Subproject commit ece119a8d20cdb07709564300e35ce5798c63a46 From 99bfe4a287819d6e6b1771f539b8e0a86fbedccf Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Fri, 4 May 2018 10:40:49 +0200 Subject: [PATCH 15/24] Fallback to current (working) directory (for appdata_dir). To improve integration with system and service managers like systemd See also getdnsapi/stubby#106 --- src/context.c | 34 ++++++++++++++++++++++------------ 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/src/context.c b/src/context.c index 3167a4c2..8d6d5e13 100644 --- a/src/context.c +++ b/src/context.c @@ -5057,14 +5057,19 @@ FILE *_getdns_context_get_priv_fp(getdns_context *context, const char *fn) { char path[_GETDNS_PATH_MAX]; FILE *f = NULL; - size_t len; + size_t len = _getdns_get_appdata(context, path); (void) context; - if (!(len = _getdns_get_appdata(context, path))) - DEBUG_ANCHOR("ERROR %s(): Could nog get application data path\n" - , __FUNC__); - - else if (len + strlen(fn) >= sizeof(path)) +/* + * Commented out to enable fallback to current directory + * + * if (!(len = _getdns_get_appdata(context, path))) + * DEBUG_ANCHOR("ERROR %s(): Could nog get application data path\n" + * , __FUNC__); + * + * else + */ + if (len + strlen(fn) >= sizeof(path)) DEBUG_ANCHOR("ERROR %s(): Application data too long\n", __FUNC__); else if (!strcpy(path + len, fn)) @@ -5124,13 +5129,18 @@ int _getdns_context_write_priv_file(getdns_context *context, char path[_GETDNS_PATH_MAX], tmpfn[_GETDNS_PATH_MAX]; int fd = -1; FILE *f = NULL; - size_t len; + size_t len = _getdns_get_appdata(context, path); - if (!(len = _getdns_get_appdata(context, path))) - DEBUG_ANCHOR("ERROR %s(): Could nog get application data path\n" - , __FUNC__); - - else if (len + 6 >= sizeof(tmpfn) +/* + * Commented out to enable fallback to current directory + * + * if (!(len = _getdns_get_appdata(context, path))) + * DEBUG_ANCHOR("ERROR %s(): Could nog get application data path\n" + * , __FUNC__); + * + * else + */ + if (len + 6 >= sizeof(tmpfn) || len + strlen(fn) >= sizeof(path)) DEBUG_ANCHOR("ERROR %s(): Application data too long\n", __FUNC__); From 7e2a8964109e9a4974f8b2b4d7afb2c10eacdf53 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Fri, 4 May 2018 11:28:09 +0200 Subject: [PATCH 16/24] Update stubby --- stubby | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stubby b/stubby index ece119a8..1c8fb1ea 160000 --- a/stubby +++ b/stubby @@ -1 +1 @@ -Subproject commit ece119a8d20cdb07709564300e35ce5798c63a46 +Subproject commit 1c8fb1ea2115f94644490f5d135042a4d87f98be From 73317179902f2583aa9b24e05e8af78f2f430f2e Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Fri, 4 May 2018 15:30:27 +0200 Subject: [PATCH 17/24] Fix for Fallback to current (working) directory (for appdata_dir). --- src/context.c | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/src/context.c b/src/context.c index 8d6d5e13..ae974a5b 100644 --- a/src/context.c +++ b/src/context.c @@ -5050,6 +5050,7 @@ static size_t _getdns_get_appdata(getdns_context *context, char *path) return len; } } + path[0] = '\0'; return 0; } @@ -5146,15 +5147,15 @@ int _getdns_context_write_priv_file(getdns_context *context, else if (snprintf(tmpfn, sizeof(tmpfn), "%sXXXXXX", path) < 0) - DEBUG_ANCHOR("ERROR %s(): Creating temporary filename template\n" - , __FUNC__); + DEBUG_ANCHOR("ERROR %s(): Creating temporary filename template: \"%s\"\n" + , __FUNC__, tmpfn); else if (!strcpy(path + len, fn)) ; /* strcpy returns path + len always */ else if ((fd = mkstemp(tmpfn)) < 0) - DEBUG_ANCHOR("ERROR %s(): Creating temporary file: %s\n" - , __FUNC__, strerror(errno)); + DEBUG_ANCHOR("ERROR %s(): Creating temporary file \"%s\": %s\n" + , __FUNC__, tmpfn, strerror(errno)); else if (!(f = fdopen(fd, "w"))) DEBUG_ANCHOR("ERROR %s(): Opening temporary file: %s\n" @@ -5203,11 +5204,18 @@ int _getdns_context_can_write_appdata(getdns_context *context) if (!_getdns_context_write_priv_file(context, test_fn, &test_content)) return 0; - if (!(len = _getdns_get_appdata(context, path))) - DEBUG_ANCHOR("ERROR %s(): Could nog get application data path\n" - , __FUNC__); - - else if (len + strlen(test_fn) >= sizeof(path)) + len = _getdns_get_appdata(context, path); +/* + * Commented out to enable fallback to current directory + * + * + * if (!(len = _getdns_get_appdata(context, path))) + * DEBUG_ANCHOR("ERROR %s(): Could not get application data path\n" + * , __FUNC__); + * + * else + */ + if (len + strlen(test_fn) >= sizeof(path)) DEBUG_ANCHOR("ERROR %s(): Application data too long\n", __FUNC__); else if (!strcpy(path + len, test_fn)) From 9b7999ecf26699ee45fad861c87da119cdb02116 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Fri, 4 May 2018 15:19:33 +0200 Subject: [PATCH 18/24] Update stubby --- stubby | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stubby b/stubby index 1c8fb1ea..f5794751 160000 --- a/stubby +++ b/stubby @@ -1 +1 @@ -Subproject commit 1c8fb1ea2115f94644490f5d135042a4d87f98be +Subproject commit f5794751f8a8b5f06cc2009f4ccfaa54999ec9ed From 9d48f1cf9794dd5f75ef47c8585f936fbd18612c Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Fri, 4 May 2018 15:21:05 +0200 Subject: [PATCH 19/24] Update Stubby --- stubby | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stubby b/stubby index f5794751..301f34c3 160000 --- a/stubby +++ b/stubby @@ -1 +1 @@ -Subproject commit f5794751f8a8b5f06cc2009f4ccfaa54999ec9ed +Subproject commit 301f34c3e547fea19ee1b076c2d7324f44480f04 From 5a816f3d5121830231bf34aa9bfa8920803039ea Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Fri, 4 May 2018 15:29:14 +0200 Subject: [PATCH 20/24] Include systemd and contrib dir with stubby --- Makefile.in | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Makefile.in b/Makefile.in index ae535276..ee6b86bb 100644 --- a/Makefile.in +++ b/Makefile.in @@ -221,6 +221,8 @@ $(distdir): mkdir -p $(distdir)/stubby/src mkdir -p $(distdir)/stubby/src/yaml mkdir -p $(distdir)/stubby/doc + mkdir -p $(distdir)/stubby/systemd + mkdir -p $(distdir)/stubby/contrib/upstart cp $(srcdir)/configure.ac $(distdir) cp $(srcdir)/configure $(distdir) cp $(srcdir)/AUTHORS $(distdir) @@ -270,6 +272,10 @@ $(distdir): cp $(srcdir)/stubby/COPYING $(distdir)/stubby cp $(srcdir)/stubby/README.md $(distdir)/stubby cp $(srcdir)/stubby/doc/stubby.1.in $(distdir)/stubby/doc + cp $(srcdir)/stubby/systemd/README.md $(distdir)/stubby/systemd + cp $(srcdir)/stubby/systemd/stubby.conf $(distdir)/stubby/systemd + cp $(srcdir)/stubby/systemd/stubby.service $(distdir)/stubby/systemd + cp $(srcdir)/stubby/contrib/upstart/stubby.conf $(distdir)/stubby/contrib/upstart cp $(srcdir)/src/jsmn/*.[ch] $(distdir)/src/jsmn cp $(srcdir)/src/jsmn/LICENSE $(distdir)/src/jsmn cp $(srcdir)/src/jsmn/README.md $(distdir)/src/jsmn From 98b1ff624a3bedc375f4597dcf7e426b7fa461c8 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Fri, 11 May 2018 11:23:19 +0200 Subject: [PATCH 21/24] Memory loss with empty string bindata's --- src/context.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/context.c b/src/context.c index ae974a5b..4b5a77ad 100644 --- a/src/context.c +++ b/src/context.c @@ -3787,13 +3787,14 @@ _getdns_strdup(const struct mem_funcs *mfs, const char *s) return memcpy(r, s, sz); } +static uint8_t _getdns_bindata_nodata[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; + struct getdns_bindata * _getdns_bindata_copy(struct mem_funcs *mfs, size_t size, const uint8_t *data) { /* Don't know why, but nodata allows * empty bindatas with the python bindings */ - static uint8_t nodata[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; struct getdns_bindata *dst; if (!(dst = GETDNS_MALLOC(*mfs, struct getdns_bindata))) @@ -3807,7 +3808,7 @@ _getdns_bindata_copy(struct mem_funcs *mfs, size_t size, const uint8_t *data) } (void) memcpy(dst->data, data, size); } else { - dst->data = nodata; + dst->data = _getdns_bindata_nodata; } return dst; } @@ -3819,7 +3820,8 @@ _getdns_bindata_destroy(struct mem_funcs *mfs, if (!bindata) return; - if (bindata->size) GETDNS_FREE(*mfs, bindata->data); + if (bindata->data && bindata->data != _getdns_bindata_nodata) + GETDNS_FREE(*mfs, bindata->data); GETDNS_FREE(*mfs, bindata); } From 6c99e7b8a64dc86d2d9d364a54212968942e0370 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Fri, 11 May 2018 11:28:52 +0200 Subject: [PATCH 22/24] Bugfix getdnsapi/stubby#106: Core dump when ... printing certain configuration. Thanks Han Vinke --- ChangeLog | 2 ++ src/dict.c | 15 +++++---------- 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index ceb927bd..667f56f2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,6 @@ * 2018-05-??: Version 1.4.2 + * Bugfix getdnsapi/stubby#106: Core dump when printing certain + configuration. Thanks Han Vinke * Bugfix getdnsapi/stubby#99: Partly trace DNSSEC from the root up (for tld and sld), to find insecure delegations quicker. Thanks UniverseXXX diff --git a/src/dict.c b/src/dict.c index 27ed57be..0c86cd0f 100644 --- a/src/dict.c +++ b/src/dict.c @@ -737,21 +737,16 @@ getdns_pp_base64(gldns_buffer *buf, getdns_bindata *bindata) { size_t p = gldns_buffer_position(buf); size_t base64str_sz; - char *target; - size_t avail; if (gldns_buffer_printf(buf, " size); - target = (char *)gldns_buffer_current(buf); - avail = gldns_buffer_remaining(buf); - if (avail >= base64str_sz) - gldns_buffer_skip(buf, gldns_b64_ntop( - bindata->data, bindata->size, - target, base64str_sz)); - else - gldns_buffer_skip(buf, base64str_sz); + if (!gldns_buffer_reserve(buf, base64str_sz)) + return -1; + + gldns_buffer_skip(buf, gldns_b64_ntop(bindata->data, bindata->size, + (char *)gldns_buffer_current(buf), base64str_sz)); if (gldns_buffer_printf(buf, ">") < 0) return -1; From 48e0ea013c75d42d26db82f41cc8cafb49b3b065 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Fri, 11 May 2018 11:56:00 +0200 Subject: [PATCH 23/24] Include Stubby - v0.2.3 release --- configure.ac | 2 +- stubby | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 87367253..8500e38d 100644 --- a/configure.ac +++ b/configure.ac @@ -53,7 +53,7 @@ AC_SUBST([runstatedir], [$with_piddir]) # That is how it is done with semantic versioning! # AC_SUBST(RELEASE_CANDIDATE, [-rc1]) -AC_SUBST(STUBBY_RELEASE_CANDIDATE, [-rc1]) +AC_SUBST(STUBBY_RELEASE_CANDIDATE, []) # Set current date from system if not set AC_ARG_WITH([current-date], diff --git a/stubby b/stubby index 301f34c3..8fb853ac 160000 --- a/stubby +++ b/stubby @@ -1 +1 @@ -Subproject commit 301f34c3e547fea19ee1b076c2d7324f44480f04 +Subproject commit 8fb853ac8d6148fd9b53fdcbc107ecd375071ec5 From 0d283fc63f58d486b8853e48460dc99c46221421 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Fri, 11 May 2018 12:02:49 +0200 Subject: [PATCH 24/24] 1.4.2 release --- ChangeLog | 2 +- configure.ac | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 667f56f2..52a04b0b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,4 @@ -* 2018-05-??: Version 1.4.2 +* 2018-05-11: Version 1.4.2 * Bugfix getdnsapi/stubby#106: Core dump when printing certain configuration. Thanks Han Vinke * Bugfix getdnsapi/stubby#99: Partly trace DNSSEC from the root diff --git a/configure.ac b/configure.ac index 8500e38d..337fa11f 100644 --- a/configure.ac +++ b/configure.ac @@ -52,7 +52,7 @@ AC_SUBST([runstatedir], [$with_piddir]) # Don't forget to put a dash in front of the release candidate!!! # That is how it is done with semantic versioning! # -AC_SUBST(RELEASE_CANDIDATE, [-rc1]) +AC_SUBST(RELEASE_CANDIDATE, []) AC_SUBST(STUBBY_RELEASE_CANDIDATE, []) # Set current date from system if not set @@ -63,7 +63,7 @@ AC_ARG_WITH([current-date], [CURRENT_DATE="`date -u +%Y-%m-%dT%H:%M:%SZ`"]) AC_SUBST(GETDNS_VERSION, ["AC_PACKAGE_VERSION$RELEASE_CANDIDATE"]) -AC_SUBST(GETDNS_NUMERIC_VERSION, [0x010401c1]) +AC_SUBST(GETDNS_NUMERIC_VERSION, [0x01040200]) AC_SUBST(API_VERSION, ["December 2015"]) AC_SUBST(API_NUMERIC_VERSION, [0x07df0c00]) GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRENT_DATE for the $API_VERSION version of the API" @@ -104,7 +104,7 @@ AC_DEFINE_UNQUOTED([STUBBY_PACKAGE_STRING], ["0.2.3$STUBBY_RELEASE_CANDIDATE"], # getdns-1.2.1 had libversion 8:1:2 # getdns-1.3.0 had libversion 9:0:3 # getdns-1.4.0 had libversion 10:0:0 -# getdns-1.4.1 has libversion 10:1:0 +# getdns-1.4.1 had libversion 10:1:0 # getdns-1.4.2 has libversion 10:2:0 GETDNS_LIBVERSION=10:2:0