* Merged latest OpenBSD changes for inet_net_pton_ipv6() into c-ares.
* Always use our own IP conversion functions now, do not delegate to OS
so we can have consistency in testing and fuzzing.
* Removed bogus test cases that never should have passed.
* Add new test case for crash bug found.
Fix By: Brad House (@bradh352)
* segment random number generation into own file
* abstract random code to make it more modular so we can have multiple backends
* rand: add support for arc4random_buf() and also direct CARES_RANDOM_FILE reading
* autotools: fix detection of arc4random_buf
* rework initial rc4 seed for PRNG as last fallback
* rc4: more proper implementation, simplified for clarity
* clarifications
As per #517 glibc allows a service/servname of "0" to be treated the
same as if NULL was provided. Also, add a sanity check to ensure
the port number is in range instead of a blind cast.
Fixes: #517
Fix By: Brad House (@bradh352)
When the condition channel->nservers < 1 holds, the function returns
prematurely, without deallocating query->tcpbuf. We rearrange the
check to be done prior to the allocations, avoiding the memory
leak. In this way, we also avoid unnecessary allocations if
channel->nservers < 1 holds.
Fix By: Nikolaos Chatzikonstantinou (@createyourpersonalaccount)
Following the README.md guidelines,
"Comments must be written in the old-style"
the comment is changed to the old style.
Fix By: Nikolaos Chatzikonstantinou (@createyourpersonalaccount)
strncasecmp on platforms that don't already have it is already #define'd to a private implementation. There is no need to have OS-specific logic. Also removes ares__strsplit.h as a header as ares_private.h already includes it.
Fix By: Nikolaos Chatzikonstantinou (@createyourpersonalaccount)
- Modify the Watcom Makefile for the source code reorganization (#352)
- Add *.map files into .gitignore
- Fix build errors with Watcom's builtin Windows SDK (which is rather
outdated). It's smart enough to understand Windows Vista, but doesn't
have PMIB_UNICASTIPADDRESS_TABLE or MIB_IPFORWARD_ROW2.
It may be possible to use a different Windows SDK with the Watcom
compiler, such as the most recent Windows 10 SDK. Alternatively the SDK
in OpenWatcom 2.0 (which is in development) should fix this.
I have no problems testing this Makefile prior to releases, just give me
a ping.
Tested with Windows Vista, Windows 7, and Windows 10 using 'adig',
'acountry', and 'ahost'. This also seems to work on Windows XP, though
this is likely due to the compiler in use.
Fix By: Douglas R. Reno (@renodr)
Fixes Bug: #352
In some conditions Windows might try to use a stack address that has gone out of scope when determining where to read the hosts data from for file lookups.
Fix By: @Chilledheart
RFC6761 6.3 states:
The domain "localhost." and any names falling within ".localhost."
We were only honoring "localhost".
Fixes: #477
Fix By: Brad House (@bradh352)
In ares_set_sortlist, it calls config_sortlist(..., sortstr) to parse
the input str and initialize a sortlist configuration.
However, ares_set_sortlist has not any checks about the validity of the input str.
It is very easy to create an arbitrary length stack overflow with the unchecked
`memcpy(ipbuf, str, q-str);` and `memcpy(ipbufpfx, str, q-str);`
statements in the config_sortlist call, which could potentially cause severe
security impact in practical programs.
This commit add necessary check for `ipbuf` and `ipbufpfx` which avoid the
potential stack overflows.
fixes#496
Fix By: @hopper-vul
Recent ASAN versions picked up that acountry was passing stack
variables to ares_gethostbyname() then leaving the stack context.
We will now allocate a buffer for this.
Fix By: Brad House (@bradh352)
* add ares_strsplit unit test
The test reveals a bug in the implementation of ares_strsplit when the
make_set parameter is set to 1, as distinct domains are confused for
equal:
out = ares_strsplit("example.com, example.co", ", ", 1, &n);
evaluates to n = 1 with out = { "example.com" }.
* bugfix and cleanup of ares_strsplit
The purpose of ares_strsplit in c-ares is to split a comma-delimited
string of unique (up to letter case) domains. However, because the
terminating NUL byte was not checked in the substrings when comparing
for uniqueness, the function would sometimes drop domains it should
not. For example,
ares_strsplit("example.com, example.co", ",")
would only result in a single domain "example.com".
Aside from this bugfix, the following cleanup is performed:
1. The tokenization now happens with the help of strcspn instead of the
custom function is_delim.
2. The function list_contains has been inlined.
3. The interface of ares_strsplit has been simplified by removing the
parameter make_set since in practice it was always 1.
4. There are fewer passes over the input string.
5. We resize the table using realloc() down to its minimum size.
6. The docstring of ares_strsplit is updated and also a couple typos
are fixed.
There occurs a single use of ares_strsplit and since the make_set
parameter has been removed, the call in ares_init.c is modified
accordingly. The unit test for ares_strsplit is also updated.
Fix By: Nikolaos Chatzikonstantinou (@createyourpersonalaccount)
On Apple platforms, libresolv reports the total timeout in retrans, not the per-query time. This patch undoes that math to get the per-query time, which is what c-ares expects. This is not perfect because libresolv is inconsistent on whether the timeout is multiplied by retry or retry+1, but I don't see any way to distinguish these cases.
Fix By: Marc Aldorasi (@marc-groundctl)
The static library should not contain version info, since it would be linked into an executable or dll with its own version info.
Fix By: @marc-groundctl
The conversion of numeric IPv4 addresses in fake_addrinfo() is broken when
the family is AF_UNSPEC. The initial call to ares_inet_pton with AF_INET
will succeed, but the subsequent call using AF_INET6 will fail. This results
in the fake_addrinfo() fast path failing, and ares_getaddrinfo() making a
query when none should be required.
Resolve this by only attempting the call to ares_inet_pton with AF_INET6
if the initial call with AF_INET was unsuccessful.
Fix By: Ridge Kennedy (@ridgek)
When using ares_getaddrinfo() with PF_UNSPEC, if a DNS server returned
good data on an A record, followed by bad data on an AAAA record, the
good record would be thrown away and an error returned.
If we got a good response from one of the two queries, regardless of
the order returned, we should honor that.
Fix By: Dmitry Karpov (dkarpov@roku.com)
Signed Off By: Brad House (@bradh352)
Since localhost is special-cased, any errors should be ignored when
reading /etc/hosts as otherwise we could return an error if there
were for instance an invalidly formatted /etc/hosts or if /etc/hosts
had a permissions error while reading.
This exact behavior appears to have been seen on OS/400 PASE
environments which allows AIX binares to run.
Fix By: Brad House (@bradh352)
There was a lot of windows initialization code specific to the era that predates Windows Vista such as reading DNS configuration from the registry, and dynamically loading libraries to get access to functions that didn't exist in XP or earlier releases.
Vista was released in January 2007, and was EOL'd in 2017, and support for Vista is still maintained with this patch set.
XP was EOL'd in Apr 8 2014.
I believe the last OS based on something earlier than Vista was POSReady 2009, as it was XP based for some reason, and that was EOL'd in January 2019. Considering any POS system falls under the PCI-DSS rules, they aren't allow to run POSReady 2009 any more so there is no reason to try to continue supporting such systems.
We have also targeted with our build system Vista support for the last few years, and while developers could change the target, we haven't had any reports that they have.
When an /etc/hosts lookup is performed, but fails with ENOTFOUND, and
a valid RFC6761 Section 6.3 fallback is performed, it could overwrite
variables that were already set and therefore leave the pointers
dangling, never to be cleaned up.
Clean up explicitly on ENOTFOUND when returning from the file parser.
Fixes: #439
Fix By: Brad House (@bradh352)
ai_addrlen was erroneously returning 16 bytes instead of the
sizeof(struct sockaddr_in6). This is a regression introduced
in 1.18.0.
Reported by: James Brown <jbrown@easypost.com>
Fix By: Brad House (@bradh352)
As per RFC6761 Section 6.3, "localhost" lookups need to be special cased to return loopback addresses, and not forward queries to recursive dns servers.
We first look up via files (/etc/hosts or equivalent), and if that fails, we then attempt a system-specific address enumeration for loopback addresses (currently Windows-only), and finally fallback to ::1 and 127.0.0.1.
Fix By: Brad House (@bradh352)
Fixes Bug: #399
ares_gethostbyname() and ares_getaddrinfo() do a lot of similar things, however ares_getaddrinfo() has some desirable behaviors that should be imported into ares_gethostbyname(). For one, it sorts the address lists for the most likely to succeed based on the current system routes. Next, when AF_UNSPEC is specified, it properly handles search lists instead of first searching all of AF_INET6 then AF_INET, since ares_gethostbyname() searches in parallel. Therefore, this PR should also resolve the issues attempted in #94.
A few things this PR does:
1. ares_parse_a_reply() and ares_parse_aaaa_reply() had very similar code to translate struct ares_addrinfo into a struct hostent as well as into struct ares_addrttl/ares_addr6ttl this has been split out into helper functions of ares__addrinfo2hostent() and ares__addrinfo2addrttl() to prevent this duplicative code.
2. ares_getaddrinfo() was apparently never honoring HOSTALIASES, and this was discovered once ares_gethostbyname() was turned into a wrapper, the affected test cases started failing.
3. A slight API modification to save the query hostname into struct ares_addrinfo as the last element of name. Since this is the last element, and all user-level instances of struct ares_addrinfo are allocated internally by c-ares, this is not an ABI-breaking change nor would it impact any API compatibility. This was needed since struct hostent has an h_name element.
4. Test Framework: MockServer tests via TCP would fail if more than 1 request was received at a time which is common when ares_getaddrinfo() queries for both A and AAAA records simultaneously. Infact, this was a long standing issue in which the ares_getaddrinfo() test were bypassing TCP alltogether. This has been corrected, the message is now processed in a loop.
5. Some tests had to be updated for overall correctness as they were invalid but somehow passing prior to this change.
Change By: Brad House (@bradh352)
Some DNS servers may behave badly and return a valid response with no data, in this
case, continue on to the next search domain, but cache the result.
Fixes Bug: #426
Fix By: Brad House (@bradh352)
As of c-ares 1.17.2, a CNAME an in-addr.arpa delegation broke due
to not allowing '/'. This needs to be allowed to not break valid
functionality.
Fixes Bug: #427
Reported By: Adrian (@leftshift)
Fix By: Brad House (@bradh352)
c-ares 1.17.2 introduced response validation to prevent a security issue, however
it did not have (_) listed as a valid character for domain name responses which
caused issues when a CNAME referenced a SRV record which contained underscores.
While RFC2181 section 11 does explicitly state not to do validation, that applies
to servers not clients.
Fixes: #424
Fix By: Brad House (@bradh352)
bradh352
lifenjoiner
Nikolaos Chatzikonstantinou
Douglas R. Reno
Chilledheart
hopper-vul
Thomas Dreibholz
bsergean
marc-groundctl
Ridge Kennedy
Manish Mehra
Jérôme Duval
Daniel Stenberg
Felix Yan