Chiebot-Mirror
/
c-ares
mirror of https://github.com/c-ares/c-ares.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity
A C library for asynchronous DNS requests (grpc依赖)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
811 Commits
14 Branches
96 Tags
22 MiB
Tag: Branch: Tree: coverity_scan
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'coverity_scan'
${ noResults }
c-ares/test/dns-proto.h

433 lines
12 KiB
Raw Permalink Normal View History Unescape

test: fix outdated license headers
11 months ago
/* MIT License
provide SPDX identifiers and a REUSE CI job to verify All files have their licence and copyright information clearly identifiable. If not in the file header, they are set separately in .reuse/dep5. All used license texts are provided in LICENSES/
1 year ago
*
test: fix outdated license headers
11 months ago
* Copyright (c) The c-ares project and its contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice (including the next
* paragraph) shall be included in all copies or substantial portions of the
* Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
provide SPDX identifiers and a REUSE CI job to verify All files have their licence and copyright information clearly identifiable. If not in the file header, they are set separately in .reuse/dep5. All used license texts are provided in LICENSES/
1 year ago
*
* SPDX-License-Identifier: MIT
*/
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
#ifndef DNS_PROTO_H
#define DNS_PROTO_H
// Utilities for processing DNS packet contents
portability updates for test cases
4 years ago
#include "ares_setup.h"
#include "ares.h"
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
// Include ares internal file for DNS protocol constants
Portability Updates for arpa/nameser.h (#388) There is too much inconsistency between platforms for arpa/nameser.h and arpa/nameser_compat.h for the way the current files are structured. Still load the respective system files but make our private nameser.h more forgiving. Fixes: #388 Fix By: Brad House (@bradh352)
4 years ago
#include "ares_nameser.h"
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
#include <memory>
#include <string>
#include <vector>
clang-format
4 months ago
extern "C" void arestest_strtolower(char *dest, const char *src,
size_t dest_size);
DNS 0x20 implementation (#800) This PR enables DNS 0x20 as per https://datatracker.ietf.org/doc/html/draft-vixie-dnsext-dns0x20-00 . DNS 0x20 adds additional entropy to the request by randomly altering the case of the DNS question to help prevent cache poisoning attacks. Google DNS has implemented this support as of 2023, even though this is a proposed and expired standard from 2008: https://groups.google.com/g/public-dns-discuss/c/KxIDPOydA5M There have been documented cases of name server and caching server non-conformance, though it is expected to become more rare, especially since Google has started using this. This can be enabled via the `ARES_FLAG_DNS0x20` flag, which is currently disabled by default. The test cases do however enable this flag to validate this feature. Implementors using this flag will notice that responses will retain the mixed case, but since DNS names are case-insensitive, any proper implementation should not be impacted. There is currently no fallback mechanism implemented as it isn't immediately clear how this may affect a stub resolver like c-ares where we aren't querying the authoritative name server, but instead an intermediate recursive resolver where some domains may return invalid results while others return valid results, all while querying the same nameserver. Likely using DNS cookies as suggested by #620 is a better mechanism to fight cache poisoning attacks for stub resolvers. TCP queries do not use this feature even if the `ARES_FLAG_DNS0x20` flag is specified since they are not subject to cache poisoning attacks. Fixes Issue: #795 Fix By: Brad House (@bradh352)
5 months ago
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
namespace ares {
typedef unsigned char byte;
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
std::string HexDump(std::vector<byte> data);
std::string HexDump(const byte *data, int len);
std::string HexDump(const char *data, int len);
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
std::string StatusToString(int status);
std::string RcodeToString(int rcode);
std::string RRTypeToString(int rrtype);
std::string ClassToString(int qclass);
std::string AddressToString(const void *addr, int len);
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
Refactor connection handling (#839) Refactor some connection handling to reduce code duplication and to unify the TCP and UDP codepaths a bit more. This will make some future changes easier to make. This also does some structure renaming to better conform with current standards: - `struct server_state` -> `ares_server_t` - `struct server_connection` -> `ares_conn_t` - `struct query` -> `ares_query_t` Authored-by: Brad House (@bradh352)
4 months ago
const ares_dns_rr_t *fetch_rr_opt(const ares_dns_record_t *rec);
Add DNS cookie support (RFC7873 + RFC9018) (#833) DNS cookies are a simple form of learned mutual authentication supported by most DNS server implementations these days and can help prevent DNS Cache Poisoning attacks for clients and DNS amplification attacks for servers. Fixes #620 Fix By: Brad House (@bradh352)
4 months ago
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
// Convert DNS protocol data to strings.
// Note that these functions are not defensive; they assume
// a validly formatted input, and so should not be used on
// externally-determined inputs.
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
std::string PacketToString(const std::vector<byte> &packet);
std::string QuestionToString(const std::vector<byte> &packet, const byte **data,
int *len);
std::string RRToString(const std::vector<byte> &packet, const byte **data,
int *len);
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
// Manipulate DNS protocol data.
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
void PushInt32(std::vector<byte> *data, int value);
void PushInt16(std::vector<byte> *data, int value);
std::vector<byte> EncodeString(const std::string &name);
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
struct DNSQuestion {
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
DNSQuestion(const std::string &name, int rrtype, int qclass)
: name_(name), rrtype_(rrtype), qclass_(qclass)
{
}
DNSQuestion(const std::string &name, int rrtype)
: name_(name), rrtype_(rrtype), qclass_(C_IN)
{
}
virtual ~DNSQuestion()
{
}
Refactor connection handling (#839) Refactor some connection handling to reduce code duplication and to unify the TCP and UDP codepaths a bit more. This will make some future changes easier to make. This also does some structure renaming to better conform with current standards: - `struct server_state` -> `ares_server_t` - `struct server_connection` -> `ares_conn_t` - `struct query` -> `ares_query_t` Authored-by: Brad House (@bradh352)
4 months ago
virtual std::vector<byte> data(const char *request_name,
const ares_dns_record_t *dnsrec) const;
Add DNS cookie support (RFC7873 + RFC9018) (#833) DNS cookies are a simple form of learned mutual authentication supported by most DNS server implementations these days and can help prevent DNS Cache Poisoning attacks for clients and DNS amplification attacks for servers. Fixes #620 Fix By: Brad House (@bradh352)
4 months ago
virtual std::vector<byte> data(const ares_dns_record_t *dnsrec) const
{
return data(nullptr, dnsrec);
}
DNS 0x20 implementation (#800) This PR enables DNS 0x20 as per https://datatracker.ietf.org/doc/html/draft-vixie-dnsext-dns0x20-00 . DNS 0x20 adds additional entropy to the request by randomly altering the case of the DNS question to help prevent cache poisoning attacks. Google DNS has implemented this support as of 2023, even though this is a proposed and expired standard from 2008: https://groups.google.com/g/public-dns-discuss/c/KxIDPOydA5M There have been documented cases of name server and caching server non-conformance, though it is expected to become more rare, especially since Google has started using this. This can be enabled via the `ARES_FLAG_DNS0x20` flag, which is currently disabled by default. The test cases do however enable this flag to validate this feature. Implementors using this flag will notice that responses will retain the mixed case, but since DNS names are case-insensitive, any proper implementation should not be impacted. There is currently no fallback mechanism implemented as it isn't immediately clear how this may affect a stub resolver like c-ares where we aren't querying the authoritative name server, but instead an intermediate recursive resolver where some domains may return invalid results while others return valid results, all while querying the same nameserver. Likely using DNS cookies as suggested by #620 is a better mechanism to fight cache poisoning attacks for stub resolvers. TCP queries do not use this feature even if the `ARES_FLAG_DNS0x20` flag is specified since they are not subject to cache poisoning attacks. Fixes Issue: #795 Fix By: Brad House (@bradh352)
5 months ago
virtual std::vector<byte> data() const
{
Add DNS cookie support (RFC7873 + RFC9018) (#833) DNS cookies are a simple form of learned mutual authentication supported by most DNS server implementations these days and can help prevent DNS Cache Poisoning attacks for clients and DNS amplification attacks for servers. Fixes #620 Fix By: Brad House (@bradh352)
4 months ago
return data(nullptr, nullptr);
DNS 0x20 implementation (#800) This PR enables DNS 0x20 as per https://datatracker.ietf.org/doc/html/draft-vixie-dnsext-dns0x20-00 . DNS 0x20 adds additional entropy to the request by randomly altering the case of the DNS question to help prevent cache poisoning attacks. Google DNS has implemented this support as of 2023, even though this is a proposed and expired standard from 2008: https://groups.google.com/g/public-dns-discuss/c/KxIDPOydA5M There have been documented cases of name server and caching server non-conformance, though it is expected to become more rare, especially since Google has started using this. This can be enabled via the `ARES_FLAG_DNS0x20` flag, which is currently disabled by default. The test cases do however enable this flag to validate this feature. Implementors using this flag will notice that responses will retain the mixed case, but since DNS names are case-insensitive, any proper implementation should not be impacted. There is currently no fallback mechanism implemented as it isn't immediately clear how this may affect a stub resolver like c-ares where we aren't querying the authoritative name server, but instead an intermediate recursive resolver where some domains may return invalid results while others return valid results, all while querying the same nameserver. Likely using DNS cookies as suggested by #620 is a better mechanism to fight cache poisoning attacks for stub resolvers. TCP queries do not use this feature even if the `ARES_FLAG_DNS0x20` flag is specified since they are not subject to cache poisoning attacks. Fixes Issue: #795 Fix By: Brad House (@bradh352)
5 months ago
}
clang-format
4 months ago
std::string name_;
int rrtype_;
int qclass_;
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
};
struct DNSRR : public DNSQuestion {
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
DNSRR(const std::string &name, int rrtype, int qclass, int ttl)
: DNSQuestion(name, rrtype, qclass), ttl_(ttl)
{
}
DNSRR(const std::string &name, int rrtype, int ttl)
: DNSQuestion(name, rrtype), ttl_(ttl)
{
}
virtual ~DNSRR()
{
}
Add DNS cookie support (RFC7873 + RFC9018) (#833) DNS cookies are a simple form of learned mutual authentication supported by most DNS server implementations these days and can help prevent DNS Cache Poisoning attacks for clients and DNS amplification attacks for servers. Fixes #620 Fix By: Brad House (@bradh352)
4 months ago
virtual std::vector<byte> data(const ares_dns_record_t *dnsrec) const = 0;
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
int ttl_;
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
};
struct DNSAddressRR : public DNSRR {
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
DNSAddressRR(const std::string &name, int rrtype, int ttl, const byte *addr,
int addrlen)
: DNSRR(name, rrtype, ttl), addr_(addr, addr + addrlen)
{
}
DNSAddressRR(const std::string &name, int rrtype, int ttl,
const std::vector<byte> &addr)
: DNSRR(name, rrtype, ttl), addr_(addr)
{
}
Add DNS cookie support (RFC7873 + RFC9018) (#833) DNS cookies are a simple form of learned mutual authentication supported by most DNS server implementations these days and can help prevent DNS Cache Poisoning attacks for clients and DNS amplification attacks for servers. Fixes #620 Fix By: Brad House (@bradh352)
4 months ago
virtual std::vector<byte> data(const ares_dns_record_t *dnsrec) const;
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
std::vector<byte> addr_;
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
};
struct DNSARR : public DNSAddressRR {
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
DNSARR(const std::string &name, int ttl, const byte *addr, int addrlen)
: DNSAddressRR(name, T_A, ttl, addr, addrlen)
{
}
DNSARR(const std::string &name, int ttl, const std::vector<byte> &addr)
: DNSAddressRR(name, T_A, ttl, addr)
{
}
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
};
struct DNSAaaaRR : public DNSAddressRR {
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
DNSAaaaRR(const std::string &name, int ttl, const byte *addr, int addrlen)
: DNSAddressRR(name, T_AAAA, ttl, addr, addrlen)
{
}
DNSAaaaRR(const std::string &name, int ttl, const std::vector<byte> &addr)
: DNSAddressRR(name, T_AAAA, ttl, addr)
{
}
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
};
struct DNSSingleNameRR : public DNSRR {
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
DNSSingleNameRR(const std::string &name, int rrtype, int ttl,
const std::string &other)
: DNSRR(name, rrtype, ttl), other_(other)
{
}
Add DNS cookie support (RFC7873 + RFC9018) (#833) DNS cookies are a simple form of learned mutual authentication supported by most DNS server implementations these days and can help prevent DNS Cache Poisoning attacks for clients and DNS amplification attacks for servers. Fixes #620 Fix By: Brad House (@bradh352)
4 months ago
virtual std::vector<byte> data(const ares_dns_record_t *dnsrec) const;
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
std::string other_;
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
};
struct DNSCnameRR : public DNSSingleNameRR {
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
DNSCnameRR(const std::string &name, int ttl, const std::string &other)
: DNSSingleNameRR(name, T_CNAME, ttl, other)
{
}
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
};
struct DNSNsRR : public DNSSingleNameRR {
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
DNSNsRR(const std::string &name, int ttl, const std::string &other)
: DNSSingleNameRR(name, T_NS, ttl, other)
{
}
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
};
struct DNSPtrRR : public DNSSingleNameRR {
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
DNSPtrRR(const std::string &name, int ttl, const std::string &other)
: DNSSingleNameRR(name, T_PTR, ttl, other)
{
}
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
};
struct DNSTxtRR : public DNSRR {
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
DNSTxtRR(const std::string &name, int ttl,
const std::vector<std::string> &txt)
: DNSRR(name, T_TXT, ttl), txt_(txt)
{
}
Add DNS cookie support (RFC7873 + RFC9018) (#833) DNS cookies are a simple form of learned mutual authentication supported by most DNS server implementations these days and can help prevent DNS Cache Poisoning attacks for clients and DNS amplification attacks for servers. Fixes #620 Fix By: Brad House (@bradh352)
4 months ago
virtual std::vector<byte> data(const ares_dns_record_t *dnsrec) const;
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
std::vector<std::string> txt_;
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
};
struct DNSMxRR : public DNSRR {
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
DNSMxRR(const std::string &name, int ttl, int pref, const std::string &other)
: DNSRR(name, T_MX, ttl), pref_(pref), other_(other)
{
}
Add DNS cookie support (RFC7873 + RFC9018) (#833) DNS cookies are a simple form of learned mutual authentication supported by most DNS server implementations these days and can help prevent DNS Cache Poisoning attacks for clients and DNS amplification attacks for servers. Fixes #620 Fix By: Brad House (@bradh352)
4 months ago
virtual std::vector<byte> data(const ares_dns_record_t *dnsrec) const;
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
int pref_;
std::string other_;
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
};
struct DNSSrvRR : public DNSRR {
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
DNSSrvRR(const std::string &name, int ttl, int prio, int weight, int port,
const std::string &target)
: DNSRR(name, T_SRV, ttl), prio_(prio), weight_(weight), port_(port),
target_(target)
{
}
Add DNS cookie support (RFC7873 + RFC9018) (#833) DNS cookies are a simple form of learned mutual authentication supported by most DNS server implementations these days and can help prevent DNS Cache Poisoning attacks for clients and DNS amplification attacks for servers. Fixes #620 Fix By: Brad House (@bradh352)
4 months ago
virtual std::vector<byte> data(const ares_dns_record_t *dnsrec) const;
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
int prio_;
int weight_;
int port_;
std::string target_;
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
};
Add support for URI(Uniform Resource Identifier) records. (#411) Add ares_parse_uri_reply() for parsing URI DNS replies. Fix By: Martin Holeš (@martin-256)
3 years ago
struct DNSUriRR : public DNSRR {
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
DNSUriRR(const std::string &name, int ttl, int prio, int weight,
const std::string &target)
: DNSRR(name, T_URI, ttl), prio_(prio), weight_(weight), target_(target)
{
}
Add DNS cookie support (RFC7873 + RFC9018) (#833) DNS cookies are a simple form of learned mutual authentication supported by most DNS server implementations these days and can help prevent DNS Cache Poisoning attacks for clients and DNS amplification attacks for servers. Fixes #620 Fix By: Brad House (@bradh352)
4 months ago
virtual std::vector<byte> data(const ares_dns_record_t *dnsrec) const;
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
int prio_;
int weight_;
std::string target_;
Add support for URI(Uniform Resource Identifier) records. (#411) Add ares_parse_uri_reply() for parsing URI DNS replies. Fix By: Martin Holeš (@martin-256)
3 years ago
};
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
struct DNSSoaRR : public DNSRR {
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
DNSSoaRR(const std::string &name, int ttl, const std::string &nsname,
const std::string &rname, int serial, int refresh, int retry,
int expire, int minimum)
: DNSRR(name, T_SOA, ttl), nsname_(nsname), rname_(rname), serial_(serial),
refresh_(refresh), retry_(retry), expire_(expire), minimum_(minimum)
{
}
Add DNS cookie support (RFC7873 + RFC9018) (#833) DNS cookies are a simple form of learned mutual authentication supported by most DNS server implementations these days and can help prevent DNS Cache Poisoning attacks for clients and DNS amplification attacks for servers. Fixes #620 Fix By: Brad House (@bradh352)
4 months ago
virtual std::vector<byte> data(const ares_dns_record_t *dnsrec) const;
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
std::string nsname_;
std::string rname_;
int serial_;
int refresh_;
int retry_;
int expire_;
int minimum_;
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
};
struct DNSNaptrRR : public DNSRR {
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
DNSNaptrRR(const std::string &name, int ttl, int order, int pref,
const std::string &flags, const std::string &service,
const std::string &regexp, const std::string &replacement)
: DNSRR(name, T_NAPTR, ttl), order_(order), pref_(pref), flags_(flags),
service_(service), regexp_(regexp), replacement_(replacement)
{
}
Add DNS cookie support (RFC7873 + RFC9018) (#833) DNS cookies are a simple form of learned mutual authentication supported by most DNS server implementations these days and can help prevent DNS Cache Poisoning attacks for clients and DNS amplification attacks for servers. Fixes #620 Fix By: Brad House (@bradh352)
4 months ago
virtual std::vector<byte> data(const ares_dns_record_t *dnsrec) const;
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
int order_;
int pref_;
std::string flags_;
std::string service_;
std::string regexp_;
std::string replacement_;
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
};
struct DNSOption {
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
int code_;
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
std::vector<byte> data_;
};
struct DNSOptRR : public DNSRR {
Refactor connection handling (#839) Refactor some connection handling to reduce code duplication and to unify the TCP and UDP codepaths a bit more. This will make some future changes easier to make. This also does some structure renaming to better conform with current standards: - `struct server_state` -> `ares_server_t` - `struct server_connection` -> `ares_conn_t` - `struct query` -> `ares_query_t` Authored-by: Brad House (@bradh352)
4 months ago
DNSOptRR(unsigned char extrcode, unsigned char version, unsigned short flags,
int udpsize, std::vector<byte> client_cookie,
std::vector<byte> server_cookie, bool expect_server_cookie)
: DNSRR("", T_OPT, static_cast<int>(udpsize),
((int)extrcode) << 24 | ((int)version) << 16 |
((int)flags) /* ttl */)
{
client_cookie_ = client_cookie;
server_cookie_ = server_cookie;
server cookie wasn't being passed back due to missing length During the implementation of server cookies, test cases were missing to validate the server cookie in a prior reply was passed back, and it turns out they were not. This also adds tests for verification. Fix By: Brad House (@bradh352)
4 months ago
expect_server_cookie_ = expect_server_cookie;
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
}
Add DNS cookie support (RFC7873 + RFC9018) (#833) DNS cookies are a simple form of learned mutual authentication supported by most DNS server implementations these days and can help prevent DNS Cache Poisoning attacks for clients and DNS amplification attacks for servers. Fixes #620 Fix By: Brad House (@bradh352)
4 months ago
virtual std::vector<byte> data(const ares_dns_record_t *dnsrec) const;
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
std::vector<DNSOption> opts_;
Add DNS cookie support (RFC7873 + RFC9018) (#833) DNS cookies are a simple form of learned mutual authentication supported by most DNS server implementations these days and can help prevent DNS Cache Poisoning attacks for clients and DNS amplification attacks for servers. Fixes #620 Fix By: Brad House (@bradh352)
4 months ago
std::vector<byte> client_cookie_;
std::vector<byte> server_cookie_;
server cookie wasn't being passed back due to missing length During the implementation of server cookies, test cases were missing to validate the server cookie in a prior reply was passed back, and it turns out they were not. This also adds tests for verification. Fix By: Brad House (@bradh352)
4 months ago
bool expect_server_cookie_;
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
};
struct DNSPacket {
DNSPacket()
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
: qid_(0), response_(false), opcode_(O_QUERY), aa_(false), tc_(false),
rd_(false), ra_(false), z_(false), ad_(false), cd_(false), rcode_(NOERROR)
{
}
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
// Convenience functions that take ownership of given pointers.
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
DNSPacket &add_question(DNSQuestion *q)
{
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
questions_.push_back(std::unique_ptr<DNSQuestion>(q));
return *this;
}
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
DNSPacket &add_answer(DNSRR *q)
{
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
answers_.push_back(std::unique_ptr<DNSRR>(q));
return *this;
}
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
DNSPacket &add_auth(DNSRR *q)
{
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
auths_.push_back(std::unique_ptr<DNSRR>(q));
return *this;
}
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
DNSPacket &add_additional(DNSRR *q)
{
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
adds_.push_back(std::unique_ptr<DNSRR>(q));
return *this;
}
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
// Chainable setters.
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
DNSPacket &set_qid(int qid)
{
qid_ = qid;
return *this;
}
DNSPacket &set_response(bool v = true)
{
response_ = v;
return *this;
}
DNSPacket &set_aa(bool v = true)
{
aa_ = v;
return *this;
}
DNSPacket &set_tc(bool v = true)
{
tc_ = v;
return *this;
}
DNSPacket &set_rd(bool v = true)
{
rd_ = v;
return *this;
}
DNSPacket &set_ra(bool v = true)
{
ra_ = v;
return *this;
}
DNSPacket &set_z(bool v = true)
{
z_ = v;
return *this;
}
DNSPacket &set_ad(bool v = true)
{
ad_ = v;
return *this;
}
DNSPacket &set_cd(bool v = true)
{
cd_ = v;
return *this;
}
DNSPacket &set_rcode(int rcode)
{
rcode_ = rcode;
return *this;
}
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
// Return the encoded packet.
Refactor connection handling (#839) Refactor some connection handling to reduce code duplication and to unify the TCP and UDP codepaths a bit more. This will make some future changes easier to make. This also does some structure renaming to better conform with current standards: - `struct server_state` -> `ares_server_t` - `struct server_connection` -> `ares_conn_t` - `struct query` -> `ares_query_t` Authored-by: Brad House (@bradh352)
4 months ago
std::vector<byte> data(const char *request_name,
const ares_dns_record_t *dnsrec) const;
clang-format
4 months ago
std::vector<byte> data() const
DNS 0x20 implementation (#800) This PR enables DNS 0x20 as per https://datatracker.ietf.org/doc/html/draft-vixie-dnsext-dns0x20-00 . DNS 0x20 adds additional entropy to the request by randomly altering the case of the DNS question to help prevent cache poisoning attacks. Google DNS has implemented this support as of 2023, even though this is a proposed and expired standard from 2008: https://groups.google.com/g/public-dns-discuss/c/KxIDPOydA5M There have been documented cases of name server and caching server non-conformance, though it is expected to become more rare, especially since Google has started using this. This can be enabled via the `ARES_FLAG_DNS0x20` flag, which is currently disabled by default. The test cases do however enable this flag to validate this feature. Implementors using this flag will notice that responses will retain the mixed case, but since DNS names are case-insensitive, any proper implementation should not be impacted. There is currently no fallback mechanism implemented as it isn't immediately clear how this may affect a stub resolver like c-ares where we aren't querying the authoritative name server, but instead an intermediate recursive resolver where some domains may return invalid results while others return valid results, all while querying the same nameserver. Likely using DNS cookies as suggested by #620 is a better mechanism to fight cache poisoning attacks for stub resolvers. TCP queries do not use this feature even if the `ARES_FLAG_DNS0x20` flag is specified since they are not subject to cache poisoning attacks. Fixes Issue: #795 Fix By: Brad House (@bradh352)
5 months ago
{
Add DNS cookie support (RFC7873 + RFC9018) (#833) DNS cookies are a simple form of learned mutual authentication supported by most DNS server implementations these days and can help prevent DNS Cache Poisoning attacks for clients and DNS amplification attacks for servers. Fixes #620 Fix By: Brad House (@bradh352)
4 months ago
return data(nullptr, nullptr);
DNS 0x20 implementation (#800) This PR enables DNS 0x20 as per https://datatracker.ietf.org/doc/html/draft-vixie-dnsext-dns0x20-00 . DNS 0x20 adds additional entropy to the request by randomly altering the case of the DNS question to help prevent cache poisoning attacks. Google DNS has implemented this support as of 2023, even though this is a proposed and expired standard from 2008: https://groups.google.com/g/public-dns-discuss/c/KxIDPOydA5M There have been documented cases of name server and caching server non-conformance, though it is expected to become more rare, especially since Google has started using this. This can be enabled via the `ARES_FLAG_DNS0x20` flag, which is currently disabled by default. The test cases do however enable this flag to validate this feature. Implementors using this flag will notice that responses will retain the mixed case, but since DNS names are case-insensitive, any proper implementation should not be impacted. There is currently no fallback mechanism implemented as it isn't immediately clear how this may affect a stub resolver like c-ares where we aren't querying the authoritative name server, but instead an intermediate recursive resolver where some domains may return invalid results while others return valid results, all while querying the same nameserver. Likely using DNS cookies as suggested by #620 is a better mechanism to fight cache poisoning attacks for stub resolvers. TCP queries do not use this feature even if the `ARES_FLAG_DNS0x20` flag is specified since they are not subject to cache poisoning attacks. Fixes Issue: #795 Fix By: Brad House (@bradh352)
5 months ago
}
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
int qid_;
bool response_;
int opcode_;
bool aa_;
bool tc_;
bool rd_;
bool ra_;
bool z_;
bool ad_;
bool cd_;
int rcode_;
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
std::vector<std::unique_ptr<DNSQuestion>> questions_;
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i */*.c */*.h */*/*.c */*/*.h ``` Fix By: Brad House (@bradh352)
1 year ago
std::vector<std::unique_ptr<DNSRR>> answers_;
std::vector<std::unique_ptr<DNSRR>> auths_;
std::vector<std::unique_ptr<DNSRR>> adds_;
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn)
4 years ago
};
} // namespace ares
#endif