Age | Commit message (Collapse) | Author | Lines |
|
this bug was introduced in the recent resolver overhaul commits. it
likely had visible symptoms. these were probably limited to wrongly
accepting truncated versions of over-long names (vs rejecting them),
as opposed to stack-based overflows or anything more severe, but no
extensive checks were made. there have been no releases where this bug
was present.
|
|
now that host and service lookup have been separated in the backend,
there's no need for service lookup functions to pull in the host
lookup code. moreover, dynamic allocation is no longer needed, so this
function should now be async-signal-safe. it's also significantly
smaller.
one change in getservbyname is also made: knowing that getservbyname_r
needs only two character pointers in the caller-provided buffer, some
wasted bss can be avoided.
|
|
these changes reduce the size of the function somewhat and remove many
of its dependencies, including free. in principle it should now be
async-signal-safe, but this has not been verified in detail.
minor changes to error handling are also made.
|
|
this is the first phase of the "resolver overhaul" project.
conceptually, the results of getaddrinfo are a direct product of a
list of address results and a list of service results. the new code
makes this explicit by computing these lists separately and combining
the results. this adds support for services that have both tcp and udp
versions, where the caller has not specified which it wants, and
eliminates a number of duplicate code paths which were all producing
the final output addrinfo structures, but in subtly different ways,
making it difficult to implement any of the features which were
missing.
in addition to the above benefits, the refactoring allows for legacy
functions like gethostbyname to be implemented without using the
getaddrinfo function itself. such changes to the legacy functions have
not yet been made, however.
further improvements include matching of service alias names from
/etc/services (previously only the primary name was supported),
returning multiple results from /etc/hosts (previously only the first
matching line was honored), and support for the AI_V4MAPPED and AI_ALL
flags.
features which remain unimplemented are IDN translations (encoding
non-ASCII hostnames for DNS lookup) and the AI_ADDRCONFIG flag.
at this point, the DNS-based name resolving code is still based on the
old interfaces in __dns.c, albeit somewhat simpler in its use of them.
there may be some dead code which could already be removed, but
changes to this layer will be a later phase of the resolver overhaul.
|
|
the other atomic FD_CLOEXEC interfaces (dup3, pipe2, socket) already
had such emulation in place. the justification for doing the emulation
here is the same as for the other functions: it allows applications to
simply use accept4 rather than having to have their own fallback code
for ENOSYS/EINVAL (which one you get is arch-specific!) and there is
no reasonable way an application could benefit from knowing the
operation is emulated/non-atomic since there is no workaround at the
application level for non-atomicity (that is the whole reason these
interfaces were added).
|
|
based on patch by orc.
|
|
this was unlikely to lead to any crash or dangerous behavior, but
caused adjacent string constants to be treated as part of the
protocols table, possibly returning nonsensical results for unknown
protocol names/numbers or when getprotoent was called in a loop to
enumerate all protocols.
|
|
the type int was taken from seemingly erroneous man pages. glibc uses
in_addr_t (uint32_t), and semantically, the arguments should be
unsigned.
|
|
based on patch by Timo Teräs; greatly simplified to use fprintf.
|
|
|
|
at most 4 hexadecimal digits are processed in one field so the
value cannot overflow. the netdb.h header was not used.
|
|
a v6 socket will only be used if there is at least one v6 nameserver
address. if the kernel lacks v6 support, the code will fall back to
using a v4 socket and requests to v6 servers will silently fail. when
using a v6 socket, v4 addresses are converted to v4-mapped form and
setsockopt is used to ensure that the v6 socket can accept both v4 and
v6 traffic (this is on-by-default on Linux but the default is
configurable in /proc and so it needs to be set explicitly on the
socket level). this scheme avoids increasing resource usage during
lookups and allows the existing network io loop to be used without
modification.
previously, nameservers whose address family did not match the address
family of the first-listed nameserver were simply ignored. prior to
recent __ipparse fixes, they were not ignored but erroneously parsed.
|
|
subsequent code assumes the address family requested is either
unspecified or one of IPv4/IPv6, and could malfunction if this
constraint is not met, so other address families should be explicitly
rejected.
|
|
|
|
This function is used by ping6 from iputils.
|
|
|
|
|
|
inet_aton returns a boolean success value, whereas __ipparse returns 0
on success and -1 on failure. also change the conditional in inet_addr
to be consistent with other uses of __ipparse where only negative
values are treated as failure.
|
|
* parse IPv4 dotted-decimal correctly (without strtoul, no leading zeros)
* disallow single leading ':' in IPv6 address
* allow at most 4 hex digits in IPv6 address (according to RFC 2373)
* have enough hex fields in IPv4 mapped IPv6 address
* disallow leading zeros in IPv4 mapped IPv6 address
|
|
* allow at most 4 parts
* bounds check the parts correctly
* disallow leading whitespace and sign
* check the address family before falling back to IPv6
|
|
|
|
despite being practically deprecated, these functions are still part
of the standard and thus cannot reside in a file that also contains
namespace pollution. this reverts some of the changes made in commit
e40f48a421a9176e3e298b5bac75f0355b219e58.
|
|
in the case of input that does not match the expected form, the
correct return value is 0, not -1.
|
|
off-by-one error copying the name components was yielding junk at the
beginning and truncating one character at the end (of every
component).
|
|
there are two possible points where the length is evaluated: either
the first 'compression' jump, or the null terminator if no jumps have
taken place yet. the previous code only measured the length of the
first component.
|
|
the duplicate code in dn_expand and its incorrect return values are
both results of the history of the code: the version in __dns.c was
originally written with no awareness of the legacy resolver API, and
was later copy-and-paste duplicated to provide the legacy API.
this commit is the first of a series that will restructure the
internal dns code to share as much code as possible with the legacy
resolver API functions.
I have also removed the loop detection logic, since the output buffer
length limit naturally prevents loops. in order to avoid long runtime
when encountering a loop if the caller provided a ridiculously long
buffer, the caller-provided length is clamped at the maximum dns name
length.
|
|
source and dest arguments for strcpy cannot overlap, so memmove must
be used here. the length is already known from the above loop.
|
|
based on a patch by orc. POSIX actually fails to specify the format of
the ntop conversion; presumably, any output that will correctly
round-trip back via the (well-specified) pton operation is acceptable.
the new behavior is much more convenient than the old, however.
this patch also affects getnameinfo, which is implemented in terms of
inet_ntop and which is the preferred interface for performing this
conversion.
I've also removed some inexplicable cruft (filling the buffer with 'x'
before doing anything) whose origin I was unable to track down.
|
|
based on a patch by orc, with indexing and flow control cleaned up a
little bit. this code is all going to be replaced at some point in the
near future.
|
|
|
|
these would not be expensive to actually implement, but reading
/etc/ethers does not sound like a particularly useful feature, so for
now I'm leaving them as stubs.
|
|
also move all legacy inet_* functions into a single file to avoid
wasting object file and compile time overhead on them.
the added functions are legacy interfaces for working with classful
ipv4 network addresses. they have no modern usefulness whatsoever, but
some programs unconditionally use them anyway, and they're tiny.
|
|
based on patch by Strake with minor stylistic changes, and combined
into a single file. this patch remained open for a long time due to
some question as to whether ether_aton would be better implemented in
terms of sscanf, and it's time something was committed, so here it is.
|
|
|
|
|
|
|
|
|
|
|
|
supports ipv4 and ipv6, but not the "extended" usage where
usage statistics and other info are assigned to ifa_data members
of duplicate entries with AF_PACKET family.
|
|
|
|
this change shaves ~1k off libc.so bss size, and also avoids hard
errors in the case where the static buffer was not large enough to
hold the result.
this whole framework is really ugly and might should be replaced or at
least heavily overhauled when some changes/factorizations are made to
getaddrinfo internals in the future.
|
|
|
|
|
|
they're supposed to return an error code rather than using errno.
|
|
|
|
checking for EINVAL should be sufficient, but qemu user emulation
returns EPROTONOSUPPORT in some of the failure cases, and it seems
conceivable that other kernels doing linux-emulation could make the
same mistake. since DNS lookups and other important code might break
if the fallback does not get invoked, be extra careful and check for
either error.
note that it's important NOT to perform the fallback code on other
errors such as resource-exhaustion cases, since the fallback is not
atomic and will lead to file-descriptor leaks in multi-threaded
programs that use exec. the fallback code is only "safe" to run when
the initial failure is caused by the application's choice of
arguments, not the system state.
|
|
|
|
these interfaces have been adopted by the Austin Group for inclusion
in the next version of POSIX.
|
|
also update syslog to use SOCK_CLOEXEC rather than separate fcntl
step, to make it safe in multithreaded programs that run external
programs.
emulation is not atomic; it could be made atomic by holding a lock on
forking during the operation, but this seems like overkill. my goal is
not to achieve perfect behavior on old kernels (which have plenty of
other imperfect behavior already) but to avoid catastrophic breakage
in (1) syslog, which would give no output on old kernels with the
change to use SOCK_CLOEXEC, and (2) programs built on a new kernel
where configure scripts detected a working SOCK_CLOEXEC, which later
get run on older kernels (they may otherwise fail to work completely).
|
|
new behavior can be summarized as:
inputs that parse completely as a decimal number are treated as one,
and rejected only if the result is out of 16-bit range.
inputs that do not parse as a decimal number (where strtoul leaves
anything left over in the input) are searched in /etc/services.
|