From f3a38e9a402956a92bc8486663e15e29c316ee73 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 2 Mar 2020 15:11:58 +0100
Subject: [PATCH] Sync tools shared with unbound

---
 src/gldns/parse.c     | 11 ++++++-----
 src/gldns/str2wire.c  |  4 ++--
 src/gldns/wire2str.c  |  5 ++++-
 src/tls/val_secalgo.c | 24 ++++++++++++++++++++++--
 src/util/import.sh    |  4 ++--
 src/util/lookup3.c    | 39 +++++++++++++++++----------------------
 6 files changed, 53 insertions(+), 34 deletions(-)

diff --git a/src/gldns/parse.c b/src/gldns/parse.c
index 59d83b86..3b5c7e7f 100644
--- a/src/gldns/parse.c
+++ b/src/gldns/parse.c
@@ -123,7 +123,7 @@ gldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l
 			if (line_nr) {
 				*line_nr = *line_nr + 1;
 			}
-			if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
+			if (limit > 0 && (i+1 >= limit || (size_t)(t-token)+1 >= limit)) {
 				*t = '\0';
 				return -1;
 			}
@@ -144,7 +144,8 @@ gldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l
 		if (c != '\0' && c != '\n') {
 			i++;
 		}
-		if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
+		/* is there space for the character and the zero after it */
+		if (limit > 0 && (i+1 >= limit || (size_t)(t-token)+1 >= limit)) {
 			*t = '\0';
 			return -1;
 		}
@@ -329,8 +330,8 @@ gldns_bget_token_par(gldns_buffer *b, char *token, const char *delim,
 			/* in parentheses */
 			/* do not write ' ' if we want to skip spaces */
 			if(!(skipw && (strchr(skipw, c)||strchr(skipw, ' ')))) {
-				/* check for space for the space character */
-				if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
+				/* check for space for the space character and a zero delimiter after that. */
+				if (limit > 0 && (i+1 >= limit || (size_t)(t-token)+1 >= limit)) {
 					*t = '\0';
 					return -1;
 				}
@@ -357,7 +358,7 @@ gldns_bget_token_par(gldns_buffer *b, char *token, const char *delim,
 		}
 
 		i++;
-		if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
+		if (limit > 0 && (i+1 >= limit || (size_t)(t-token)+1 >= limit)) {
 			*t = '\0';
 			return -1;
 		}
diff --git a/src/gldns/str2wire.c b/src/gldns/str2wire.c
index 29de56d8..82cd89a1 100644
--- a/src/gldns/str2wire.c
+++ b/src/gldns/str2wire.c
@@ -81,7 +81,7 @@ static int gldns_str2wire_dname_buf_rel(const char* str, uint8_t* buf,
 	for (s = str; *s; s++, q++) {
 		if (q >= buf + *olen)
 			return RET_ERR(GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, q-buf);
-		if (q > buf + GLDNS_MAX_DOMAINLEN)
+		if (q >= buf + GLDNS_MAX_DOMAINLEN)
 			return RET_ERR(GLDNS_WIREPARSE_ERR_DOMAINNAME_OVERFLOW, q-buf);
 		switch (*s) {
 		case '.':
@@ -118,7 +118,7 @@ static int gldns_str2wire_dname_buf_rel(const char* str, uint8_t* buf,
 		if(rel) *rel = 1;
 		if (q >= buf + *olen)
 			return RET_ERR(GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, q-buf);
-		if (q > buf + GLDNS_MAX_DOMAINLEN) {
+		if (q >= buf + GLDNS_MAX_DOMAINLEN) {
 			return RET_ERR(GLDNS_WIREPARSE_ERR_DOMAINNAME_OVERFLOW, q-buf);
 		}
                 if (label_len > GLDNS_MAX_LABELLEN) {
diff --git a/src/gldns/wire2str.c b/src/gldns/wire2str.c
index 427b156c..1a8e2fb8 100644
--- a/src/gldns/wire2str.c
+++ b/src/gldns/wire2str.c
@@ -821,9 +821,12 @@ int gldns_wire2str_dname_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
 			if(!pkt || target >= pktlen)
 				return w + gldns_str_print(s, slen,
 					"ErrorComprPtrOutOfBounds");
-			if(counter++ > maxcompr)
+			if(counter++ > maxcompr) {
+				if(comprloop && *comprloop < 10)
+					(*comprloop)++;
 				return w + gldns_str_print(s, slen,
 					"ErrorComprPtrLooped");
+			}
 			in_buf = 0;
 			pos = pkt+target;
 			continue;
diff --git a/src/tls/val_secalgo.c b/src/tls/val_secalgo.c
index d8c44f6f..e4d8787a 100644
--- a/src/tls/val_secalgo.c
+++ b/src/tls/val_secalgo.c
@@ -327,8 +327,10 @@ setup_dsa_sig(unsigned char** sig, unsigned int* len)
 #ifdef HAVE_DSA_SIG_SET0
 	if(!DSA_SIG_set0(dsasig, R, S)) return 0;
 #else
+#  ifndef S_SPLINT_S
 	dsasig->r = R;
 	dsasig->s = S;
+#  endif /* S_SPLINT_S */
 #endif
 	*sig = NULL;
 	newlen = i2d_DSA_SIG(dsasig, sig);
@@ -1508,13 +1510,21 @@ dnskey_algo_id_is_supported(int id)
 {
 	/* uses libnettle */
 	switch(id) {
-#if defined(USE_DSA) && defined(USE_SHA1)
 	case LDNS_DSA:
 	case LDNS_DSA_NSEC3:
+#if defined(USE_DSA) && defined(USE_SHA1)
+		return 1;
+#else
+		if(fake_dsa || fake_sha1) return 1;
+		return 0;
 #endif
-#ifdef USE_SHA1
 	case LDNS_RSASHA1:
 	case LDNS_RSASHA1_NSEC3:
+#ifdef USE_SHA1
+		return 1;
+#else
+		if(fake_sha1) return 1;
+		return 0;
 #endif
 #ifdef USE_SHA2
 	case LDNS_RSASHA256:
@@ -1741,6 +1751,7 @@ _verify_nettle_ecdsa(sldns_buffer* buf, unsigned int digest_size, unsigned char*
 			res &= nettle_ecdsa_verify (&pubkey, SHA256_DIGEST_SIZE, digest, &signature);
 			mpz_clear(x);
 			mpz_clear(y);
+			nettle_ecc_point_clear(&pubkey);
 			break;
 		}
 		case SHA384_DIGEST_SIZE:
@@ -1827,6 +1838,15 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
 		return sec_status_bogus;
 	}
 
+#ifndef USE_DSA
+	if((algo == LDNS_DSA || algo == LDNS_DSA_NSEC3) &&(fake_dsa||fake_sha1))
+		return sec_status_secure;
+#endif
+#ifndef USE_SHA1
+	if(fake_sha1 && (algo == LDNS_DSA || algo == LDNS_DSA_NSEC3 || algo == LDNS_RSASHA1 || algo == LDNS_RSASHA1_NSEC3))
+		return sec_status_secure;
+#endif
+
 	switch(algo) {
 #if defined(USE_DSA) && defined(USE_SHA1)
 	case LDNS_DSA:
diff --git a/src/util/import.sh b/src/util/import.sh
index 49050268..08e38b9a 100755
--- a/src/util/import.sh
+++ b/src/util/import.sh
@@ -1,10 +1,10 @@
 #!/bin/sh
 
-REPO=http://unbound.net/svn/trunk
+REPO=https://raw.githubusercontent.com/NLnetLabs/unbound/master
 
 wget -O rbtree.c			${REPO}/util/rbtree.c
 wget -O orig-headers/rbtree.h		${REPO}/util/rbtree.h
-wget -O val_secalgo.c			${REPO}/validator/val_secalgo.c
+wget -O ../tls/val_secalgo.c		${REPO}/validator/val_secalgo.c
 wget -O orig-headers/val_secalgo.h	${REPO}/validator/val_secalgo.h
 wget -O lruhash.c			${REPO}/util/storage/lruhash.c
 wget -O orig-headers/lruhash.h		${REPO}/util/storage/lruhash.h
diff --git a/src/util/lookup3.c b/src/util/lookup3.c
index 46e56271..bb25eb43 100644
--- a/src/util/lookup3.c
+++ b/src/util/lookup3.c
@@ -1,4 +1,7 @@
 /*
+  May 2019(Wouter) patch to enable the valgrind clean implementation all the
+     time.  This enables better security audit and checks, which is better
+     than the speedup.  Git issue #30.  Renamed the define ARRAY_CLEAN_ACCESS.
   February 2013(Wouter) patch defines for BSD endianness, from Brad Smith.
   January 2012(Wouter) added randomised initial value, fallout from 28c3.
   March 2007(Wouter) adapted from lookup3.c original, add config.h include.
@@ -44,21 +47,14 @@ on 1 byte), but shoehorning those bytes into integers efficiently is messy.
 -------------------------------------------------------------------------------
 */
 /*#define SELF_TEST 1*/
+#define ARRAY_CLEAN_ACCESS 1
 
 #include "config.h"
 #include "util/storage/lookup3.h"
 #include <stdio.h>      /* defines printf for tests */
 #include <time.h>       /* defines time_t for timings in the test */
-
-#if defined(HAVE_TARGET_ENDIANNESS)
-# if defined(TARGET_IS_BIG_ENDIAN)
-#  define HASH_LITTLE_ENDIAN 0
-#  define HASH_BIG_ENDIAN 1
-# else
-#  define HASH_LITTLE_ENDIAN 1
-#  define HASH_BIG_ENDIAN 0
-# endif
-#else
+/*#include <stdint.h>     defines uint32_t etc  (from config.h) */
+#include <sys/param.h>  /* attempt to define endianness */
 #ifdef HAVE_SYS_TYPES_H
 # include <sys/types.h> /* attempt to define endianness (solaris) */
 #endif
@@ -73,6 +69,15 @@ on 1 byte), but shoehorning those bytes into integers efficiently is messy.
 #include <sys/endian.h> /* attempt to define endianness */
 #endif
 
+/* random initial value */
+static uint32_t raninit = (uint32_t)0xdeadbeef;
+
+void
+hash_set_raninit(uint32_t v)
+{
+	raninit = v;
+}
+
 /*
  * My best guess at if you are big-endian or little-endian.  This may
  * need adjustment.
@@ -102,16 +107,6 @@ on 1 byte), but shoehorning those bytes into integers efficiently is messy.
 # define HASH_LITTLE_ENDIAN 0
 # define HASH_BIG_ENDIAN 0
 #endif
-#endif /* defined(TARGET_IS_BIG_ENDIAN) */
-
-/* random initial value */
-static uint32_t raninit = (uint32_t)0xdeadbeef;
-
-void
-hash_set_raninit(uint32_t v)
-{
-	raninit = v;
-}
 
 #define hashsize(n) ((uint32_t)1<<(n))
 #define hashmask(n) (hashsize(n)-1)
@@ -345,7 +340,7 @@ uint32_t hashlittle( const void *key, size_t length, uint32_t initval)
   u.ptr = key;
   if (HASH_LITTLE_ENDIAN && ((u.i & 0x3) == 0)) {
     const uint32_t *k = (const uint32_t *)key;         /* read 32-bit chunks */
-#ifdef VALGRIND
+#ifdef ARRAY_CLEAN_ACCESS
     const uint8_t  *k8;
 #endif
 
@@ -370,7 +365,7 @@ uint32_t hashlittle( const void *key, size_t length, uint32_t initval)
      * still catch it and complain.  The masking trick does make the hash
      * noticeably faster for short strings (like English words).
      */
-#ifndef VALGRIND
+#ifndef ARRAY_CLEAN_ACCESS
 
     switch(length)
     {