Sync tools shared with unbound

2020-03-02 15:11:58 +01:00 · 2020-03-02 15:11:58 +01:00 · f3a38e9a40
parent fe30672afa
commit f3a38e9a40
6 changed files with 53 additions and 34 deletions
--- a/src/gldns/parse.c
+++ b/src/gldns/parse.c
@ -123,7 +123,7 @@ gldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l
 			if (line_nr) {
 				*line_nr = *line_nr + 1;
 			}
-			if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
+			if (limit > 0 && (i+1 >= limit || (size_t)(t-token)+1 >= limit)) {
 				*t = '\0';
 				return -1;
 			}
@ -144,7 +144,8 @@ gldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l
 		if (c != '\0' && c != '\n') {
 			i++;
 		}
-		if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
+		/* is there space for the character and the zero after it */
 		if (limit > 0 && (i+1 >= limit || (size_t)(t-token)+1 >= limit)) {
 			*t = '\0';
 			return -1;
 		}
@ -329,8 +330,8 @@ gldns_bget_token_par(gldns_buffer *b, char *token, const char *delim,
 			/* in parentheses */
 			/* do not write ' ' if we want to skip spaces */
 			if(!(skipw && (strchr(skipw, c)||strchr(skipw, ' ')))) {
-				/* check for space for the space character */
+				/* check for space for the space character and a zero delimiter after that. */
-				if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
+				if (limit > 0 && (i+1 >= limit || (size_t)(t-token)+1 >= limit)) {
 					*t = '\0';
 					return -1;
 				}
@ -357,7 +358,7 @@ gldns_bget_token_par(gldns_buffer *b, char *token, const char *delim,
 		}
 		i++;
-		if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
+		if (limit > 0 && (i+1 >= limit || (size_t)(t-token)+1 >= limit)) {
 			*t = '\0';
 			return -1;
 		}
--- a/src/gldns/str2wire.c
+++ b/src/gldns/str2wire.c
@ -81,7 +81,7 @@ static int gldns_str2wire_dname_buf_rel(const char* str, uint8_t* buf,
 	for (s = str; *s; s++, q++) {
 		if (q >= buf + *olen)
 			return RET_ERR(GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, q-buf);
-		if (q > buf + GLDNS_MAX_DOMAINLEN)
+		if (q >= buf + GLDNS_MAX_DOMAINLEN)
 			return RET_ERR(GLDNS_WIREPARSE_ERR_DOMAINNAME_OVERFLOW, q-buf);
 		switch (*s) {
 		case '.':
@ -118,7 +118,7 @@ static int gldns_str2wire_dname_buf_rel(const char* str, uint8_t* buf,
 		if(rel) *rel = 1;
 		if (q >= buf + *olen)
 			return RET_ERR(GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, q-buf);
-		if (q > buf + GLDNS_MAX_DOMAINLEN) {
+		if (q >= buf + GLDNS_MAX_DOMAINLEN) {
 			return RET_ERR(GLDNS_WIREPARSE_ERR_DOMAINNAME_OVERFLOW, q-buf);
 		}
                if (label_len > GLDNS_MAX_LABELLEN) {
--- a/src/gldns/wire2str.c
+++ b/src/gldns/wire2str.c
@ -821,9 +821,12 @@ int gldns_wire2str_dname_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
 			if(!pkt || target >= pktlen)
 				return w + gldns_str_print(s, slen,
 					"ErrorComprPtrOutOfBounds");
-			if(counter++ > maxcompr)
+			if(counter++ > maxcompr) {
 				if(comprloop && *comprloop < 10)
 					(*comprloop)++;
 				return w + gldns_str_print(s, slen,
 					"ErrorComprPtrLooped");
 			}
 			in_buf = 0;
 			pos = pkt+target;
 			continue;
--- a/src/tls/val_secalgo.c
+++ b/src/tls/val_secalgo.c
@ -327,8 +327,10 @@ setup_dsa_sig(unsigned char** sig, unsigned int* len)
 #ifdef HAVE_DSA_SIG_SET0
 	if(!DSA_SIG_set0(dsasig, R, S)) return 0;
 #else
 #  ifndef S_SPLINT_S
 	dsasig->r = R;
 	dsasig->s = S;
 #  endif /* S_SPLINT_S */
 #endif
 	*sig = NULL;
 	newlen = i2d_DSA_SIG(dsasig, sig);
@ -1508,13 +1510,21 @@ dnskey_algo_id_is_supported(int id)
 {
 	/* uses libnettle */
 	switch(id) {
 #if defined(USE_DSA) && defined(USE_SHA1)
 	case LDNS_DSA:
 	case LDNS_DSA_NSEC3:
 #if defined(USE_DSA) && defined(USE_SHA1)
 		return 1;
 #else
 		if(fake_dsa || fake_sha1) return 1;
 		return 0;
 #endif
 #ifdef USE_SHA1
 	case LDNS_RSASHA1:
 	case LDNS_RSASHA1_NSEC3:
 #ifdef USE_SHA1
 		return 1;
 #else
 		if(fake_sha1) return 1;
 		return 0;
 #endif
 #ifdef USE_SHA2
 	case LDNS_RSASHA256:
@ -1741,6 +1751,7 @@ _verify_nettle_ecdsa(sldns_buffer* buf, unsigned int digest_size, unsigned char*
 			res &= nettle_ecdsa_verify (&pubkey, SHA256_DIGEST_SIZE, digest, &signature);
 			mpz_clear(x);
 			mpz_clear(y);
 			nettle_ecc_point_clear(&pubkey);
 			break;
 		}
 		case SHA384_DIGEST_SIZE:
@ -1827,6 +1838,15 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
 		return sec_status_bogus;
 	}
 #ifndef USE_DSA
 	if((algo == LDNS_DSA || algo == LDNS_DSA_NSEC3) &&(fake_dsa||fake_sha1))
 		return sec_status_secure;
 #endif
 #ifndef USE_SHA1
 	if(fake_sha1 && (algo == LDNS_DSA || algo == LDNS_DSA_NSEC3 || algo == LDNS_RSASHA1 || algo == LDNS_RSASHA1_NSEC3))
 		return sec_status_secure;
 #endif
 	switch(algo) {
 #if defined(USE_DSA) && defined(USE_SHA1)
 	case LDNS_DSA:
--- a/src/util/import.sh
+++ b/src/util/import.sh
@ -1,10 +1,10 @@
 #!/bin/sh
-REPO=http://unbound.net/svn/trunk
+REPO=https://raw.githubusercontent.com/NLnetLabs/unbound/master
 wget -O rbtree.c			${REPO}/util/rbtree.c
 wget -O orig-headers/rbtree.h		${REPO}/util/rbtree.h
-wget -O val_secalgo.c			${REPO}/validator/val_secalgo.c
+wget -O ../tls/val_secalgo.c		${REPO}/validator/val_secalgo.c
 wget -O orig-headers/val_secalgo.h	${REPO}/validator/val_secalgo.h
 wget -O lruhash.c			${REPO}/util/storage/lruhash.c
 wget -O orig-headers/lruhash.h		${REPO}/util/storage/lruhash.h
--- a/src/util/lookup3.c
+++ b/src/util/lookup3.c
@ -1,4 +1,7 @@
 /*
  May 2019(Wouter) patch to enable the valgrind clean implementation all the
     time.  This enables better security audit and checks, which is better
     than the speedup.  Git issue #30.  Renamed the define ARRAY_CLEAN_ACCESS.
  February 2013(Wouter) patch defines for BSD endianness, from Brad Smith.
  January 2012(Wouter) added randomised initial value, fallout from 28c3.
  March 2007(Wouter) adapted from lookup3.c original, add config.h include.
@ -44,21 +47,14 @@ on 1 byte), but shoehorning those bytes into integers efficiently is messy.
 -------------------------------------------------------------------------------
 */
 /*#define SELF_TEST 1*/
 #define ARRAY_CLEAN_ACCESS 1
 #include "config.h"
 #include "util/storage/lookup3.h"
 #include <stdio.h>      /* defines printf for tests */
 #include <time.h>       /* defines time_t for timings in the test */
-
+/*#include <stdint.h>     defines uint32_t etc  (from config.h) */
-#if defined(HAVE_TARGET_ENDIANNESS)
+#include <sys/param.h>  /* attempt to define endianness */
 # if defined(TARGET_IS_BIG_ENDIAN)
 #  define HASH_LITTLE_ENDIAN 0
 #  define HASH_BIG_ENDIAN 1
 # else
 #  define HASH_LITTLE_ENDIAN 1
 #  define HASH_BIG_ENDIAN 0
 # endif
 #else
 #ifdef HAVE_SYS_TYPES_H
 # include <sys/types.h> /* attempt to define endianness (solaris) */
 #endif
@ -73,6 +69,15 @@ on 1 byte), but shoehorning those bytes into integers efficiently is messy.
 #include <sys/endian.h> /* attempt to define endianness */
 #endif
 /* random initial value */
 static uint32_t raninit = (uint32_t)0xdeadbeef;
 void
 hash_set_raninit(uint32_t v)
 {
 	raninit = v;
 }
 /*
 * My best guess at if you are big-endian or little-endian.  This may
 * need adjustment.
@ -102,16 +107,6 @@ on 1 byte), but shoehorning those bytes into integers efficiently is messy.
 # define HASH_LITTLE_ENDIAN 0
 # define HASH_BIG_ENDIAN 0
 #endif
 #endif /* defined(TARGET_IS_BIG_ENDIAN) */
 /* random initial value */
 static uint32_t raninit = (uint32_t)0xdeadbeef;
 void
 hash_set_raninit(uint32_t v)
 {
 	raninit = v;
 }
 #define hashsize(n) ((uint32_t)1<<(n))
 #define hashmask(n) (hashsize(n)-1)
@ -345,7 +340,7 @@ uint32_t hashlittle( const void *key, size_t length, uint32_t initval)
  u.ptr = key;
  if (HASH_LITTLE_ENDIAN && ((u.i & 0x3) == 0)) {
    const uint32_t *k = (const uint32_t *)key;         /* read 32-bit chunks */
-#ifdef VALGRIND
+#ifdef ARRAY_CLEAN_ACCESS
    const uint8_t  *k8;
 #endif
@ -370,7 +365,7 @@ uint32_t hashlittle( const void *key, size_t length, uint32_t initval)
     * still catch it and complain.  The masking trick does make the hash
     * noticeably faster for short strings (like English words).
     */
-#ifndef VALGRIND
+#ifndef ARRAY_CLEAN_ACCESS
    switch(length)
    {