As per RFC6761 Section 6.3, "localhost" lookups need to be special cased to return loopback addresses, and not forward queries to recursive dns servers.
We first look up via files (/etc/hosts or equivalent), and if that fails, we then attempt a system-specific address enumeration for loopback addresses (currently Windows-only), and finally fallback to ::1 and 127.0.0.1.
Fix By: Brad House (@bradh352)
Fixes Bug: #399
ares_gethostbyname() and ares_getaddrinfo() do a lot of similar things, however ares_getaddrinfo() has some desirable behaviors that should be imported into ares_gethostbyname(). For one, it sorts the address lists for the most likely to succeed based on the current system routes. Next, when AF_UNSPEC is specified, it properly handles search lists instead of first searching all of AF_INET6 then AF_INET, since ares_gethostbyname() searches in parallel. Therefore, this PR should also resolve the issues attempted in #94.
A few things this PR does:
1. ares_parse_a_reply() and ares_parse_aaaa_reply() had very similar code to translate struct ares_addrinfo into a struct hostent as well as into struct ares_addrttl/ares_addr6ttl this has been split out into helper functions of ares__addrinfo2hostent() and ares__addrinfo2addrttl() to prevent this duplicative code.
2. ares_getaddrinfo() was apparently never honoring HOSTALIASES, and this was discovered once ares_gethostbyname() was turned into a wrapper, the affected test cases started failing.
3. A slight API modification to save the query hostname into struct ares_addrinfo as the last element of name. Since this is the last element, and all user-level instances of struct ares_addrinfo are allocated internally by c-ares, this is not an ABI-breaking change nor would it impact any API compatibility. This was needed since struct hostent has an h_name element.
4. Test Framework: MockServer tests via TCP would fail if more than 1 request was received at a time which is common when ares_getaddrinfo() queries for both A and AAAA records simultaneously. Infact, this was a long standing issue in which the ares_getaddrinfo() test were bypassing TCP alltogether. This has been corrected, the message is now processed in a loop.
5. Some tests had to be updated for overall correctness as they were invalid but somehow passing prior to this change.
Change By: Brad House (@bradh352)
Some DNS servers may behave badly and return a valid response with no data, in this
case, continue on to the next search domain, but cache the result.
Fixes Bug: #426
Fix By: Brad House (@bradh352)
As of c-ares 1.17.2, a CNAME an in-addr.arpa delegation broke due
to not allowing '/'. This needs to be allowed to not break valid
functionality.
Fixes Bug: #427
Reported By: Adrian (@leftshift)
Fix By: Brad House (@bradh352)
c-ares 1.17.2 introduced response validation to prevent a security issue, however
it did not have (_) listed as a valid character for domain name responses which
caused issues when a CNAME referenced a SRV record which contained underscores.
While RFC2181 section 11 does explicitly state not to do validation, that applies
to servers not clients.
Fixes: #424
Fix By: Brad House (@bradh352)
When cross compiling with yocto's meta-mingw layer, getting a dependency
error.
This is caused by the fact that advapi32 is lower case in mingw builds.
Fix By: Sinan Kaya <sinan.kaya@microsoft.com>
ax_code_coverage.m4 dropped the @CODE_COVERAGE_RULES@ macro, so we need to switch to the latest recommendation from the m4 file. This requires updates to Makefile.am.
Fix By: Felix Yan (@felixonmars)
This commit adds the build directory to be ignored by git.
The motivation for adding this to .gitignore as opposed to
.git/info/exclude is that the CMake example in INSTALL.md uses build
as the name of the directory to be used by CMake. This will cause
git to report build as an untracked file.
Fix By: Daniel Bevenius (@danbev)
strdup() is used in src/lib/ares_parse_a_reply.c and src/lib/ares_parse_aaaa_reply.c whereas allocated memory is freed using ares_free().
Bug: 407
Fix By: Jean-pierre Cartal (@jeanpierrecartal)
To prevent possible users having XSS issues due to intentionally malformed DNS replies, validate hostnames returned in responses and return EBADRESP if they are not valid.
It is not clear what legitimate issues this may cause at this point.
Bug Reported By: philipp.jeitner@sit.fraunhofer.de
Fix By: Brad House (@bradh352)
RFC1035 5.1 specifies some reserved characters and escaping sequences
that are allowed to be specified. Expand the list of reserved characters
and also escape non-printable characters using the \DDD format as
specified in the RFC.
Bug Reported By: philipp.jeitner@sit.fraunhofer.de
Fix By: Brad House (@bradh352)
The bug was generated because there was no check for the number
of items in the list and invalid memory was accesed when the list
was empty. There is a check for null after calling malloc but on
some systems it always returns a valid address for size equals 0.
Relates To: #392, 0903dcecab
Fix By: @catalinh-bd
ares_freeaddrinfo() was not checking for a Null ptr during cleanup of
an aborted query.
Once that was resolved it uncovered another possible issue with
multiple simultaneous underlying queries being outstanding and
possibly prematurely cleaning up the handle.
Reported By: Michael Kourlas
Fix By: Brad House (@bradh352)