interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,688 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

170 Commits

Author SHA1 Message Date
Willem Toorop 4f37d2b933 No wildcard expansions allowed for RRs used in DNSSEC proofs 
Signatures of DNSKEYs, DSs, NSECs and NSEC3s can not be wildcard expansions when used with DNSSEC proofs.
Only direct queries for those types are allowed to be wildcard expansions.

This in response to https://unbound.net/downloads/CVE-2017-15105.txt, although getdns was not vulnerable for this specific issue.
 2018-01-23 16:50:05 +01:00
Willem Toorop 8c87028d77 Only get root-anchors.xml when BOGUS root dnskey... 
did have signatures which did not validate
 2017-11-28 16:58:12 +01:00
Willem Toorop 30e440d35c Access of freed memory in stub DNSSEC cleanup code 
Should fix the latest core dump reported in getdnsapi/stubby#34
 2017-11-27 15:26:45 +01:00
Willem Toorop 3a1cb30c28 BOGUS answer because unable to fetch root DNSKEY... 
... should not cause segfault
 2017-11-21 15:38:49 +01:00
Willem Toorop 2434336ead Include all RRSIGs in validation chain 
Because we don't know algorithm support of other validators.

But still canonicalize the RRset with the one used to validate just because we can.
 2017-11-02 12:42:26 +01:00
Willem Toorop 7e103217c6 unsigned RRs in authority section with BIND 
when +CD flag is used
 2017-11-01 16:47:28 +01:00
Willem Toorop 270c3d654f Support DNSSEC validation without support records 2017-11-01 15:28:46 +01:00
Willem Toorop b4ae4b7121 Cannot fetch DNSKEY when in DNSKEY callback ... 
for the same name in full recursion
 2017-11-01 15:01:58 +01:00
Willem Toorop 23daf9aac3 Fix TLS authentication 2017-09-28 22:17:36 +02:00
Willem Toorop cefeed2b47 PRIsz usage like PRIu64 etc. 2017-09-27 13:15:12 +02:00
Willem Toorop 36943a4380 A dnsreq is bogus if any of its netreqs is 2017-09-20 14:42:35 +02:00
Willem Toorop 17d7ee79f2 Fix NULL pointer dereference 2017-09-20 12:44:14 +02:00
Willem Toorop f0f2afbca7 Fetch TA before resolve for full recursion too 2017-09-20 12:40:59 +02:00
Willem Toorop e2abb8aff4 Fetch TA when ZONE or APP TASRC and bogus answer 2017-09-20 11:44:21 +02:00
Willem Toorop 34d35f9e79 Track updating TA's with root DNSKEY rrset 2017-09-20 10:30:13 +02:00
Willem Toorop f31eb517e0 Lazy TA and time checking 2017-09-14 11:47:02 +02:00
Willem Toorop 2ed2871549 Merge branch 'develop' into features/zeroconf-dnssec 2017-08-30 15:09:39 +02:00
Willem Toorop 5a94081634 Make switch/case fallthroughs explicit 
+1 fallthrough bugfix in getdns_query
 2017-08-24 13:51:58 +02:00
Willem Toorop e11dc92df1 Hopefully the last warning 2017-07-15 18:38:31 +02:00
Willem Toorop 84430e02cd Actually working roadblocks and getting validation chains 2017-07-15 17:48:24 +02:00
Willem Toorop bceb6c8c87 Resubmit netreqs when roadblocks need to be avoided 2017-07-15 11:14:35 +02:00
Willem Toorop 3e6c5775ff Fetch and equip context with trust-anchors 2017-06-30 10:18:07 +02:00
Willem Toorop fb267938c3 Start with fetching root-anchors remotely 
Also lays the foundation for looking up upstreams by name and DANE authentication of upstreams.
 2017-06-28 20:35:30 +02:00
Willem Toorop b4eecd59ab Merge branch 'develop' into release/1.1.0 2017-04-13 15:46:24 +02:00
Willem Toorop 02516c4079 Two last warnings 2017-04-13 15:45:59 +02:00
Willem Toorop 691d1a77e6 Fix VS Code analysis warning 
Should settle issue #239
 2017-04-13 10:59:20 +02:00
Willem Toorop e08d3592a0 Schedule timeout when collecting for dnssec chain 2017-04-06 11:20:08 +02:00
Willem Toorop 14c9f3aafc Track netreqs "in flight" 2017-03-14 17:17:56 +01:00
Willem Toorop 639239f45c Schedule dnsreqs with absolute timeout/expiry time 2017-03-13 14:20:47 +01:00
Willem Toorop 74b1f77357 Cancel get validation chain getdns_dns_reqs 
And miscellaneous little other scheduling fixes and optimizations
 2017-02-18 13:16:25 +01:00
Willem Toorop 6ed3d77523 Cancel child validation chain dns_reqs on ... 
parent dns_req cancelation.
 2017-02-17 23:35:50 +01:00
Willem Toorop 600036da73 Merge branch 'develop' into release/1.1.0-alpha3 2016-12-12 12:08:49 +01:00
Christian Huitema b91e13b13b Fixing VS studio analysis issues in Get DNS code. 2016-12-10 16:03:17 -08:00
Willem Toorop 37cced78fc Merge branch 'develop' into release/1.1.0-alpha3 2016-12-09 13:27:55 +01:00
Willem Toorop 4345905a81 Address things that came out of VS static analysis 
Except for the stack usage cases
 2016-12-09 12:57:47 +01:00
Willem Toorop 3428412629 Some more minor merge fixes 2016-12-09 12:13:36 +01:00
Willem Toorop 5cc67ff554 Merge branch 'develop' into merge-develops 2016-12-09 12:05:42 +01:00
Willem Toorop eeca7b32b1 One more unused variable 2016-12-08 22:46:53 +01:00
Christian Huitema 26eaf255c5 Fixing the bulk of the compilation warnings in the GetDNS code 2016-12-08 12:37:35 -08:00
Willem Toorop f31b2fa233 Merge branch 'develop' into release/1.1.0-alpha3 2016-12-08 15:06:25 +01:00
Willem Toorop 473da8966b Library fixed for CFLAGS=-Wextra 2016-12-08 14:05:58 +01:00
Sara Dickinson f156f2f24a Had to change some preprocessor checks to get all the options to compile 2016-08-08 17:07:46 +01:00
Willem Toorop 99d8672bee Fix few possible NULL dereference issues 2016-07-14 14:24:32 +02:00
Willem Toorop 734a6625c4 s/inline static/static inline/g 2016-06-23 15:03:46 +02:00
wtoorop a435932b04 Features/call reporting timeout (#1) 
* Timed out and canceled netreqs are finished too

* Minor code duplication elemination

* Blah typo

* Embarrassing logic error
 2016-06-23 14:02:55 +02:00
Willem Toorop 49840c9a85 Some more uniform _getdns_rrset usage 2016-06-09 15:03:51 +02:00
Willem Toorop e27bfcedb6 Merge branch 'develop' into devel/getdns_rrset 2016-06-09 14:13:11 +02:00
Willem Toorop 27110e0943 DNSSEC wildcard validation issue 2016-06-09 10:44:25 +02:00
Willem Toorop 8679633cd9 One more _getdns_rrset caused dnssec fix 2016-06-08 16:03:45 +02:00
Willem Toorop 457a4bec92 develop merge fix 2016-06-08 10:57:03 +02:00