diff options
Diffstat (limited to 'lib/dns')
81 files changed, 979 insertions, 613 deletions
diff --git a/lib/dns/acache.c b/lib/dns/acache.c index 863df35535ff..92949c753478 100644 --- a/lib/dns/acache.c +++ b/lib/dns/acache.c @@ -1669,13 +1669,14 @@ dns_acache_cancelentry(dns_acacheentry_t *entry) { REQUIRE(DNS_ACACHEENTRY_VALID(entry)); acache = entry->acache; - callback_active = ISC_TF(entry->cbarg != NULL); INSIST(DNS_ACACHE_VALID(entry->acache)); LOCK(&acache->lock); ACACHE_LOCK(&acache->entrylocks[entry->locknum], isc_rwlocktype_write); + callback_active = ISC_TF(entry->cbarg != NULL); + /* * Release dependencies stored in this entry as much as possible. * The main link cannot be released, since the acache object has diff --git a/lib/dns/acl.c b/lib/dns/acl.c index ec29bc7b54ca..860c180c779c 100644 --- a/lib/dns/acl.c +++ b/lib/dns/acl.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -288,8 +288,8 @@ dns_acl_merge(dns_acl_t *dest, dns_acl_t *source, isc_boolean_t pos) return (ISC_R_NOMEMORY); /* Copy in the original elements */ - memcpy(newmem, dest->elements, - dest->length * sizeof(dns_aclelement_t)); + memmove(newmem, dest->elements, + dest->length * sizeof(dns_aclelement_t)); /* Release the memory for the old elements array */ isc_mem_put(dest->mctx, dest->elements, diff --git a/lib/dns/adb.c b/lib/dns/adb.c index 6aa5e5a730d5..5c1f67db2952 100644 --- a/lib/dns/adb.c +++ b/lib/dns/adb.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -852,12 +852,12 @@ import_rdataset(dns_adbname_t *adbname, dns_rdataset_t *rdataset, dns_rdataset_current(rdataset, &rdata); if (rdtype == dns_rdatatype_a) { INSIST(rdata.length == 4); - memcpy(&ina.s_addr, rdata.data, 4); + memmove(&ina.s_addr, rdata.data, 4); isc_sockaddr_fromin(&sockaddr, &ina, 0); hookhead = &adbname->v4; } else { INSIST(rdata.length == 16); - memcpy(in6a.s6_addr, rdata.data, 16); + memmove(in6a.s6_addr, rdata.data, 16); isc_sockaddr_fromin6(&sockaddr, &in6a, 0); hookhead = &adbname->v6; } diff --git a/lib/dns/api b/lib/dns/api index 5241a88477cf..fb710c2e91f8 100644 --- a/lib/dns/api +++ b/lib/dns/api @@ -4,6 +4,6 @@ # 9.8: 80-89, 120-129 # 9.9: 90-109 # 9.9-sub: 130-139 -LIBINTERFACE = 122 -LIBREVISION = 1 -LIBAGE = 0 +LIBINTERFACE = 124 +LIBREVISION = 2 +LIBAGE = 2 diff --git a/lib/dns/client.c b/lib/dns/client.c index c4780f7bb010..7332917ac5eb 100644 --- a/lib/dns/client.c +++ b/lib/dns/client.c @@ -1094,11 +1094,23 @@ client_resfind(resctx_t *rctx, dns_fetchevent_t *event) { UNLOCK(&rctx->lock); } + +static void +suspend(isc_task_t *task, isc_event_t *event) { + isc_appctx_t *actx = event->ev_arg; + + UNUSED(task); + + isc_app_ctxsuspend(actx); + isc_event_free(&event); +} + static void resolve_done(isc_task_t *task, isc_event_t *event) { resarg_t *resarg = event->ev_arg; dns_clientresevent_t *rev = (dns_clientresevent_t *)event; dns_name_t *name; + isc_result_t result; UNUSED(task); @@ -1117,8 +1129,16 @@ resolve_done(isc_task_t *task, isc_event_t *event) { if (!resarg->canceled) { UNLOCK(&resarg->lock); - /* Exit from the internal event loop */ - isc_app_ctxsuspend(resarg->actx); + /* + * We may or may not be running. isc__appctx_onrun will + * fail if we are currently running otherwise we post a + * action to call isc_app_ctxsuspend when we do start + * running. + */ + result = isc_app_ctxonrun(resarg->actx, resarg->client->mctx, + task, suspend, resarg->actx); + if (result == ISC_R_ALREADYRUNNING) + isc_app_ctxsuspend(resarg->actx); } else { /* * We have already exited from the loop (due to some @@ -1310,9 +1330,8 @@ dns_client_startresolve(dns_client_t *client, dns_name_t *name, ISC_LIST_APPEND(client->resctxs, rctx, link); UNLOCK(&client->lock); - client_resfind(rctx, NULL); - *transp = (dns_clientrestrans_t *)rctx; + client_resfind(rctx, NULL); return (ISC_R_SUCCESS); diff --git a/lib/dns/diff.c b/lib/dns/diff.c index de00d0f9566b..c261d136a6bb 100644 --- a/lib/dns/diff.c +++ b/lib/dns/diff.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007-2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -78,7 +78,7 @@ dns_difftuple_create(isc_mem_t *mctx, datap = (unsigned char *)(t + 1); - memcpy(datap, name->ndata, name->length); + memmove(datap, name->ndata, name->length); dns_name_init(&t->name, NULL); dns_name_clone(name, &t->name); t->name.ndata = datap; @@ -86,7 +86,7 @@ dns_difftuple_create(isc_mem_t *mctx, t->ttl = ttl; - memcpy(datap, rdata->data, rdata->length); + memmove(datap, rdata->data, rdata->length); dns_rdata_init(&t->rdata); dns_rdata_clone(rdata, &t->rdata); t->rdata.data = datap; @@ -373,15 +373,6 @@ diff_apply(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *ver, diff->resign); dns_db_setsigningtime(db, modified, resign); - if (diff->resign == 0 && - (op == DNS_DIFFOP_ADDRESIGN || - op == DNS_DIFFOP_DELRESIGN)) - isc_log_write( - DIFF_COMMON_LOGARGS, - ISC_LOG_WARNING, - "resign requested " - "with 0 resign " - "interval"); } } else if (result == DNS_R_UNCHANGED) { /* diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c index 9848ac28a64a..992623d27f1a 100644 --- a/lib/dns/dispatch.c +++ b/lib/dns/dispatch.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009, 2011-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -695,8 +695,8 @@ destroy_disp_ok(dns_dispatch_t *disp) /* * Called when refcount reaches 0 (and safe to destroy). * - * The dispatcher must not be locked. - * The manager must be locked. + * The dispatcher must be locked. + * The manager must not be locked. */ static void destroy_disp(isc_task_t *task, isc_event_t *event) { @@ -813,6 +813,7 @@ socket_search(dns_qid_t *qid, isc_sockaddr_t *dest, in_port_t port, { dispsocket_t *dispsock; + REQUIRE(VALID_QID(qid)); REQUIRE(bucket < qid->qid_nbuckets); dispsock = ISC_LIST_HEAD(qid->sock_table[bucket]); @@ -1046,6 +1047,7 @@ entry_search(dns_qid_t *qid, isc_sockaddr_t *dest, dns_messageid_t id, { dns_dispentry_t *res; + REQUIRE(VALID_QID(qid)); REQUIRE(bucket < qid->qid_nbuckets); res = ISC_LIST_HEAD(qid->qid_table[bucket]); @@ -2507,8 +2509,7 @@ dispatch_allocate(dns_dispatchmgr_t *mgr, unsigned int maxrequests, * MUST be unlocked, and not used by anything. */ static void -dispatch_free(dns_dispatch_t **dispp) -{ +dispatch_free(dns_dispatch_t **dispp) { dns_dispatch_t *disp; dns_dispatchmgr_t *mgr; int i; @@ -3110,17 +3111,17 @@ dns_dispatch_addresponse2(dns_dispatch_t *disp, isc_sockaddr_t *dest, * Try somewhat hard to find an unique ID. */ id = (dns_messageid_t)dispatch_random(DISP_ARC4CTX(disp)); - bucket = dns_hash(qid, dest, id, localport); ok = ISC_FALSE; - for (i = 0; i < 64; i++) { + i = 0; + do { + bucket = dns_hash(qid, dest, id, localport); if (entry_search(qid, dest, id, localport, bucket) == NULL) { ok = ISC_TRUE; break; } id += qid->qid_increment; id &= 0x0000ffff; - bucket = dns_hash(qid, dest, id, localport); - } + } while (i++ < 64); if (!ok) { UNLOCK(&qid->lock); @@ -3131,9 +3132,9 @@ dns_dispatch_addresponse2(dns_dispatch_t *disp, isc_sockaddr_t *dest, res = isc_mempool_get(disp->mgr->rpool); if (res == NULL) { UNLOCK(&qid->lock); - UNLOCK(&disp->lock); if (dispsocket != NULL) destroy_dispsocket(disp, &dispsocket); + UNLOCK(&disp->lock); return (ISC_R_NOMEMORY); } @@ -3506,7 +3507,7 @@ dns_dispatch_importrecv(dns_dispatch_t *disp, isc_event_t *event) { isc_event_free(ISC_EVENT_PTR(&newsevent)); return; } - memcpy(buf, sevent->region.base, sevent->n); + memmove(buf, sevent->region.base, sevent->n); newsevent->region.base = buf; newsevent->region.length = disp->mgr->buffersize; newsevent->n = sevent->n; diff --git a/lib/dns/dns64.c b/lib/dns/dns64.c index 0b3f1d48b892..6705e629f295 100644 --- a/lib/dns/dns64.c +++ b/lib/dns/dns64.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2010-2012, 2014 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -83,10 +83,10 @@ dns_dns64_create(isc_mem_t *mctx, isc_netaddr_t *prefix, if (new == NULL) return (ISC_R_NOMEMORY); memset(new->bits, 0, sizeof(new->bits)); - memcpy(new->bits, prefix->type.in6.s6_addr, prefixlen / 8); + memmove(new->bits, prefix->type.in6.s6_addr, prefixlen / 8); if (suffix != NULL) - memcpy(new->bits + nbytes, suffix->type.in6.s6_addr + nbytes, - 16 - nbytes); + memmove(new->bits + nbytes, suffix->type.in6.s6_addr + nbytes, + 16 - nbytes); new->clients = NULL; if (clients != NULL) dns_acl_attach(clients, &new->clients); @@ -155,7 +155,7 @@ dns_dns64_aaaafroma(const dns_dns64_t *dns64, const isc_netaddr_t *reqaddr, struct in_addr ina; isc_netaddr_t netaddr; - memcpy(&ina.s_addr, a, 4); + memmove(&ina.s_addr, a, 4); isc_netaddr_fromin(&netaddr, &ina); result = dns_acl_match(&netaddr, NULL, dns64->mapped, env, &match, NULL); @@ -168,7 +168,7 @@ dns_dns64_aaaafroma(const dns_dns64_t *dns64, const isc_netaddr_t *reqaddr, nbytes = dns64->prefixlen / 8; INSIST(nbytes <= 12); /* Copy prefix. */ - memcpy(aaaa, dns64->bits, nbytes); + memmove(aaaa, dns64->bits, nbytes); /* Bits 64-71 are zeros. draft-ietf-behave-address-format-04 */ if (nbytes == 8) aaaa[nbytes++] = 0; @@ -180,7 +180,7 @@ dns_dns64_aaaafroma(const dns_dns64_t *dns64, const isc_netaddr_t *reqaddr, aaaa[nbytes++] = 0; } /* Copy suffix. */ - memcpy(aaaa + nbytes, dns64->bits + nbytes, 16 - nbytes); + memmove(aaaa + nbytes, dns64->bits + nbytes, 16 - nbytes); return (ISC_R_SUCCESS); } @@ -268,7 +268,7 @@ dns_dns64_aaaaok(const dns_dns64_t *dns64, const isc_netaddr_t *reqaddr, if (aaaaok == NULL || !aaaaok[i]) { dns_rdataset_current(rdataset, &rdata); - memcpy(&in6.s6_addr, rdata.data, 16); + memmove(&in6.s6_addr, rdata.data, 16); isc_netaddr_fromin6(&netaddr, &in6); result = dns_acl_match(&netaddr, NULL, diff --git a/lib/dns/dnssec.c b/lib/dns/dnssec.c index 587bd1c3c233..519082460fbb 100644 --- a/lib/dns/dnssec.c +++ b/lib/dns/dnssec.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -295,7 +295,7 @@ dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key, * Create an envelope for each rdata: <name|type|class|ttl>. */ isc_buffer_init(&envbuf, data, sizeof(data)); - memcpy(data, r.base, r.length); + memmove(data, r.base, r.length); isc_buffer_add(&envbuf, r.length); isc_buffer_putuint16(&envbuf, set->type); isc_buffer_putuint16(&envbuf, set->rdclass); @@ -492,10 +492,10 @@ dns_dnssec_verify2(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key, if (labels - sig.labels > 0) { isc_buffer_putuint8(&envbuf, 1); isc_buffer_putuint8(&envbuf, '*'); - memcpy(data + 2, r.base, r.length); + memmove(data + 2, r.base, r.length); } else - memcpy(data, r.base, r.length); + memmove(data, r.base, r.length); isc_buffer_add(&envbuf, r.length); isc_buffer_putuint16(&envbuf, set->type); isc_buffer_putuint16(&envbuf, set->rdclass); @@ -753,6 +753,7 @@ dns_dnssec_findzonekeys2(dns_db_t *db, dns_dbversion_t *ver, * If a key is marked inactive, skip it */ if (!key_active(keys[count], now)) { + dst_key_setinactive(pubkey, ISC_TRUE); dst_key_free(&keys[count]); keys[count] = pubkey; pubkey = NULL; @@ -1021,14 +1022,14 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg, /* * Extract the header. */ - memcpy(header, source_r.base, DNS_MESSAGE_HEADERLEN); + memmove(header, source_r.base, DNS_MESSAGE_HEADERLEN); /* * Decrement the additional field counter. */ - memcpy(&addcount, &header[DNS_MESSAGE_HEADERLEN - 2], 2); + memmove(&addcount, &header[DNS_MESSAGE_HEADERLEN - 2], 2); addcount = htons((isc_uint16_t)(ntohs(addcount) - 1)); - memcpy(&header[DNS_MESSAGE_HEADERLEN - 2], &addcount, 2); + memmove(&header[DNS_MESSAGE_HEADERLEN - 2], &addcount, 2); /* * Digest the modified header. diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c index 53978bce0701..905d849576ed 100644 --- a/lib/dns/dst_api.c +++ b/lib/dns/dst_api.c @@ -1291,10 +1291,27 @@ get_key_struct(dns_name_t *name, unsigned int alg, key->times[i] = 0; key->timeset[i] = ISC_FALSE; } + key->inactive = ISC_FALSE; key->magic = KEY_MAGIC; return (key); } +isc_boolean_t +dst_key_inactive(const dst_key_t *key) { + + REQUIRE(VALID_KEY(key)); + + return (key->inactive); +} + +void +dst_key_setinactive(dst_key_t *key, isc_boolean_t inactive) { + + REQUIRE(VALID_KEY(key)); + + key->inactive = inactive; +} + /*% * Reads a public key from disk */ diff --git a/lib/dns/dst_internal.h b/lib/dns/dst_internal.h index ee824f40e88a..d0e13f7fb219 100644 --- a/lib/dns/dst_internal.h +++ b/lib/dns/dst_internal.h @@ -1,5 +1,5 @@ /* - * Portions Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 2000-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -125,6 +125,8 @@ struct dst_key { isc_boolean_t timeset[DST_MAX_TIMES + 1]; /*%< data set? */ isc_stdtime_t nums[DST_MAX_NUMERIC + 1]; /*%< numeric metadata */ isc_boolean_t numset[DST_MAX_NUMERIC + 1]; /*%< data set? */ + isc_boolean_t inactive; /*%< private key not present as it is + inactive */ int fmt_major; /*%< private key format, major version */ int fmt_minor; /*%< private key format, minor version */ diff --git a/lib/dns/gen.c b/lib/dns/gen.c index 6b533dd23f9c..b934c9990fb3 100644 --- a/lib/dns/gen.c +++ b/lib/dns/gen.c @@ -309,7 +309,8 @@ find_typename(int type) { static void insert_into_typenames(int type, const char *typename, const char *attr) { struct ttnam *ttn = NULL; - int c, i, n; + size_t c; + int i, n; char tmp[256]; INSIST(strlen(typename) < TYPECLASSBUF); @@ -485,7 +486,7 @@ sd(int rdclass, const char *classname, const char *dirname, char filetype) { static unsigned int HASH(char *string) { - unsigned int n; + size_t n; unsigned char a, b; n = strlen(string); @@ -779,6 +780,14 @@ main(int argc, char **argv) { ttn = find_typename(i); if (ttn == NULL) continue; + /* + * Remove KEYDATA (65533) from the type to memonic + * translation as it is internal use only. This + * stops the tools from displaying KEYDATA instead + * of TYPE65533. + */ + if (i == 65533U) + continue; fprintf(stdout, "\tcase %u: return " "(str_totext(\"%s\", target)); \\\n", i, upper(ttn->typename)); diff --git a/lib/dns/gssapi_link.c b/lib/dns/gssapi_link.c index a992a8953f20..f15598a7851e 100644 --- a/lib/dns/gssapi_link.c +++ b/lib/dns/gssapi_link.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -47,7 +47,7 @@ #define GBUFFER_TO_REGION(gb, r) \ do { \ - (r).length = (gb).length; \ + (r).length = (unsigned int)(gb).length; \ (r).base = (gb).value; \ } while (0) @@ -180,7 +180,7 @@ gssapi_sign(dst_context_t *dctx, isc_buffer_t *sig) { * Copy the output into our buffer space, and release the gssapi * allocated space. */ - isc_buffer_putmem(sig, gsig.value, gsig.length); + isc_buffer_putmem(sig, gsig.value, (unsigned int)gsig.length); if (gsig.length != 0U) gss_release_buffer(&minor, &gsig); @@ -216,7 +216,7 @@ gssapi_verify(dst_context_t *dctx, const isc_region_t *sig) { buf = isc_mem_allocate(dst__memory_pool, sig->length); if (buf == NULL) return (ISC_R_FAILURE); - memcpy(buf, sig->base, sig->length); + memmove(buf, sig->base, sig->length); r.base = buf; r.length = sig->length; REGION_TO_GBUFFER(r, gsig); @@ -286,7 +286,7 @@ gssapi_destroy(dst_key_t *key) { static isc_result_t gssapi_restore(dst_key_t *key, const char *keystr) { OM_uint32 major, minor; - size_t len; + unsigned int len; isc_buffer_t *b = NULL; isc_region_t r; gss_buffer_desc gssbuffer; @@ -346,13 +346,13 @@ gssapi_dump(dst_key_t *key, isc_mem_t *mctx, char **buffer, int *length) { gss_release_buffer(&minor, &gssbuffer); return (ISC_R_NOMEMORY); } - isc_buffer_init(&b, buf, len); + isc_buffer_init(&b, buf, (unsigned int)len); GBUFFER_TO_REGION(gssbuffer, r); result = isc_base64_totext(&r, 0, "", &b); RUNTIME_CHECK(result == ISC_R_SUCCESS); gss_release_buffer(&minor, &gssbuffer); *buffer = buf; - *length = len; + *length = (int)len; return (ISC_R_SUCCESS); } diff --git a/lib/dns/gssapictx.c b/lib/dns/gssapictx.c index e4047d252190..c69534e51da7 100644 --- a/lib/dns/gssapictx.c +++ b/lib/dns/gssapictx.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -68,8 +68,12 @@ * always use one. If we're not using our own SPNEGO implementation, * we include SPNEGO's OID. */ -#if defined(GSSAPI) +#ifdef GSSAPI +#ifdef WIN32 +#include <krb5/krb5.h> +#else #include ISC_PLATFORM_KRB5HEADER +#endif static unsigned char krb5_mech_oid_bytes[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x01, 0x02, 0x02 @@ -103,7 +107,7 @@ static gss_OID_set_desc mech_oid_set = { #define GBUFFER_TO_REGION(gb, r) \ do { \ - (r).length = (gb).length; \ + (r).length = (unsigned int)(gb).length; \ (r).base = (gb).value; \ } while (0) @@ -252,12 +256,12 @@ dst_gssapi_acquirecred(dns_name_t *name, isc_boolean_t initiate, gss_cred_id_t *cred) { #ifdef GSSAPI + isc_result_t result; isc_buffer_t namebuf; gss_name_t gname; gss_buffer_desc gnamebuf; unsigned char array[DNS_NAME_MAXTEXT + 1]; OM_uint32 gret, minor; - gss_OID_set mechs; OM_uint32 lifetime; gss_cred_usage_t usage; char buf[1024]; @@ -304,16 +308,17 @@ dst_gssapi_acquirecred(dns_name_t *name, isc_boolean_t initiate, usage = GSS_C_ACCEPT; gret = gss_acquire_cred(&minor, gname, GSS_C_INDEFINITE, - &mech_oid_set, - usage, cred, &mechs, &lifetime); + &mech_oid_set, usage, cred, NULL, &lifetime); if (gret != GSS_S_COMPLETE) { gss_log(3, "failed to acquire %s credentials for %s: %s", initiate ? "initiate" : "accept", (gname != NULL) ? (char *)gnamebuf.value : "?", gss_error_tostring(gret, minor, buf, sizeof(buf))); - check_config((char *)array); - return (ISC_R_FAILURE); + if (gname != NULL) + check_config((char *)array); + result = ISC_R_FAILURE; + goto cleanup; } gss_log(4, "acquired %s credentials for %s", @@ -321,8 +326,18 @@ dst_gssapi_acquirecred(dns_name_t *name, isc_boolean_t initiate, (gname != NULL) ? (char *)gnamebuf.value : "?"); log_cred(*cred); + result = ISC_R_SUCCESS; - return (ISC_R_SUCCESS); +cleanup: + if (gname != NULL) { + gret = gss_release_name(&minor, &gname); + if (gret != GSS_S_COMPLETE) + gss_log(3, "failed gss_release_name: %s", + gss_error_tostring(gret, minor, buf, + sizeof(buf))); + } + + return (result); #else REQUIRE(cred != NULL && *cred == NULL); @@ -620,7 +635,6 @@ dst_gssapi_initctx(dns_name_t *name, isc_buffer_t *intoken, RETERR(isc_buffer_copyregion(outtoken, &r)); (void)gss_release_buffer(&minor, &gouttoken); } - (void)gss_release_name(&minor, &gname); if (gret == GSS_S_COMPLETE) result = ISC_R_SUCCESS; @@ -628,6 +642,7 @@ dst_gssapi_initctx(dns_name_t *name, isc_buffer_t *intoken, result = DNS_R_CONTINUE; out: + (void)gss_release_name(&minor, &gname); return (result); #else UNUSED(name); @@ -669,7 +684,7 @@ dst_gssapi_acceptctx(gss_cred_id_t cred, context = *ctxout; if (gssapi_keytab != NULL) { -#ifdef ISC_PLATFORM_GSSAPI_KRB5_HEADER +#if defined(ISC_PLATFORM_GSSAPI_KRB5_HEADER) || defined(WIN32) gret = gsskrb5_register_acceptor_identity(gssapi_keytab); if (gret != GSS_S_COMPLETE) { gss_log(3, "failed " @@ -730,7 +745,8 @@ dst_gssapi_acceptctx(gss_cred_id_t cred, } if (gouttoken.length > 0U) { - RETERR(isc_buffer_allocate(mctx, outtoken, gouttoken.length)); + RETERR(isc_buffer_allocate(mctx, outtoken, + (unsigned int)gouttoken.length)); GBUFFER_TO_REGION(gouttoken, r); RETERR(isc_buffer_copyregion(*outtoken, &r)); (void)gss_release_buffer(&minor, &gouttoken); diff --git a/lib/dns/hmac_link.c b/lib/dns/hmac_link.c index bc0e9a04ed07..a40a131d36df 100644 --- a/lib/dns/hmac_link.c +++ b/lib/dns/hmac_link.c @@ -1,5 +1,5 @@ /* - * Portions Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -42,6 +42,7 @@ #include <isc/md5.h> #include <isc/sha1.h> #include <isc/mem.h> +#include <isc/safe.h> #include <isc/string.h> #include <isc/util.h> @@ -138,7 +139,7 @@ hmacmd5_compare(const dst_key_t *key1, const dst_key_t *key2) { else if (hkey1 == NULL || hkey2 == NULL) return (ISC_FALSE); - if (memcmp(hkey1->key, hkey2->key, ISC_SHA1_BLOCK_LENGTH) == 0) + if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA1_BLOCK_LENGTH)) return (ISC_TRUE); else return (ISC_FALSE); @@ -227,9 +228,8 @@ hmacmd5_fromdns(dst_key_t *key, isc_buffer_t *data) { isc_md5_update(&md5ctx, r.base, r.length); isc_md5_final(&md5ctx, hkey->key); keylen = ISC_MD5_DIGESTLENGTH; - } - else { - memcpy(hkey->key, r.base, r.length); + } else { + memmove(hkey->key, r.base, r.length); keylen = r.length; } @@ -414,7 +414,7 @@ hmacsha1_compare(const dst_key_t *key1, const dst_key_t *key2) { else if (hkey1 == NULL || hkey2 == NULL) return (ISC_FALSE); - if (memcmp(hkey1->key, hkey2->key, ISC_SHA1_BLOCK_LENGTH) == 0) + if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA1_BLOCK_LENGTH)) return (ISC_TRUE); else return (ISC_FALSE); @@ -503,9 +503,8 @@ hmacsha1_fromdns(dst_key_t *key, isc_buffer_t *data) { isc_sha1_update(&sha1ctx, r.base, r.length); isc_sha1_final(&sha1ctx, hkey->key); keylen = ISC_SHA1_DIGESTLENGTH; - } - else { - memcpy(hkey->key, r.base, r.length); + } else { + memmove(hkey->key, r.base, r.length); keylen = r.length; } @@ -690,7 +689,7 @@ hmacsha224_compare(const dst_key_t *key1, const dst_key_t *key2) { else if (hkey1 == NULL || hkey2 == NULL) return (ISC_FALSE); - if (memcmp(hkey1->key, hkey2->key, ISC_SHA224_BLOCK_LENGTH) == 0) + if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA224_BLOCK_LENGTH)) return (ISC_TRUE); else return (ISC_FALSE); @@ -781,9 +780,8 @@ hmacsha224_fromdns(dst_key_t *key, isc_buffer_t *data) { isc_sha224_update(&sha224ctx, r.base, r.length); isc_sha224_final(hkey->key, &sha224ctx); keylen = ISC_SHA224_DIGESTLENGTH; - } - else { - memcpy(hkey->key, r.base, r.length); + } else { + memmove(hkey->key, r.base, r.length); keylen = r.length; } @@ -968,7 +966,7 @@ hmacsha256_compare(const dst_key_t *key1, const dst_key_t *key2) { else if (hkey1 == NULL || hkey2 == NULL) return (ISC_FALSE); - if (memcmp(hkey1->key, hkey2->key, ISC_SHA256_BLOCK_LENGTH) == 0) + if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA256_BLOCK_LENGTH)) return (ISC_TRUE); else return (ISC_FALSE); @@ -1059,9 +1057,8 @@ hmacsha256_fromdns(dst_key_t *key, isc_buffer_t *data) { isc_sha256_update(&sha256ctx, r.base, r.length); isc_sha256_final(hkey->key, &sha256ctx); keylen = ISC_SHA256_DIGESTLENGTH; - } - else { - memcpy(hkey->key, r.base, r.length); + } else { + memmove(hkey->key, r.base, r.length); keylen = r.length; } @@ -1246,7 +1243,7 @@ hmacsha384_compare(const dst_key_t *key1, const dst_key_t *key2) { else if (hkey1 == NULL || hkey2 == NULL) return (ISC_FALSE); - if (memcmp(hkey1->key, hkey2->key, ISC_SHA384_BLOCK_LENGTH) == 0) + if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA384_BLOCK_LENGTH)) return (ISC_TRUE); else return (ISC_FALSE); @@ -1337,9 +1334,8 @@ hmacsha384_fromdns(dst_key_t *key, isc_buffer_t *data) { isc_sha384_update(&sha384ctx, r.base, r.length); isc_sha384_final(hkey->key, &sha384ctx); keylen = ISC_SHA384_DIGESTLENGTH; - } - else { - memcpy(hkey->key, r.base, r.length); + } else { + memmove(hkey->key, r.base, r.length); keylen = r.length; } @@ -1524,7 +1520,7 @@ hmacsha512_compare(const dst_key_t *key1, const dst_key_t *key2) { else if (hkey1 == NULL || hkey2 == NULL) return (ISC_FALSE); - if (memcmp(hkey1->key, hkey2->key, ISC_SHA512_BLOCK_LENGTH) == 0) + if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA512_BLOCK_LENGTH)) return (ISC_TRUE); else return (ISC_FALSE); @@ -1615,9 +1611,8 @@ hmacsha512_fromdns(dst_key_t *key, isc_buffer_t *data) { isc_sha512_update(&sha512ctx, r.base, r.length); isc_sha512_final(hkey->key, &sha512ctx); keylen = ISC_SHA512_DIGESTLENGTH; - } - else { - memcpy(hkey->key, r.base, r.length); + } else { + memmove(hkey->key, r.base, r.length); keylen = r.length; } diff --git a/lib/dns/include/dns/Makefile.in b/lib/dns/include/dns/Makefile.in index ad8bc383e4b3..bd41815da01e 100644 --- a/lib/dns/include/dns/Makefile.in +++ b/lib/dns/include/dns/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004, 2007-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007-2009, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1998-2003 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -21,7 +21,8 @@ top_srcdir = @top_srcdir@ @BIND9_VERSION@ -HEADERS = acl.h adb.h byaddr.h cache.h callbacks.h cert.h compress.h \ +HEADERS = acl.h adb.h byaddr.h cache.h callbacks.h cert.h \ + client.h compress.h \ db.h dbiterator.h dbtable.h diff.h dispatch.h dlz.h \ dnssec.h ds.h events.h fixedname.h iptable.h journal.h \ keyflags.h keytable.h keyvalues.h lib.h log.h \ @@ -30,7 +31,7 @@ HEADERS = acl.h adb.h byaddr.h cache.h callbacks.h cert.h compress.h \ rdata.h rdataclass.h rdatalist.h rdataset.h rdatasetiter.h \ rdataslab.h rdatatype.h request.h resolver.h result.h \ rootns.h rpz.h sdb.h sdlz.h secalg.h secproto.h soa.h ssu.h \ - tcpmsg.h time.h tkey.h tsig.h ttl.h types.h \ + tcpmsg.h time.h tkey.h tsec.h tsig.h ttl.h types.h \ validator.h version.h view.h xfrin.h zone.h zonekey.h zt.h GENHEADERS = enumclass.h enumtype.h rdatastruct.h diff --git a/lib/dns/include/dns/masterdump.h b/lib/dns/include/dns/masterdump.h index f7e30f13d53e..ef449f6d0f99 100644 --- a/lib/dns/include/dns/masterdump.h +++ b/lib/dns/include/dns/masterdump.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2008, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008, 2011-2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -148,6 +148,11 @@ LIBDNS_EXTERNAL_DATA extern const dns_master_style_t dns_master_style_simple; */ LIBDNS_EXTERNAL_DATA extern const dns_master_style_t dns_master_style_debug; +/*% + * The style used for dumping "key" zones. + */ +LIBDNS_EXTERNAL_DATA extern const dns_master_style_t dns_master_style_keyzone; + /*** *** Functions ***/ diff --git a/lib/dns/include/dns/message.h b/lib/dns/include/dns/message.h index a6862faab633..6b2f39fc9583 100644 --- a/lib/dns/include/dns/message.h +++ b/lib/dns/include/dns/message.h @@ -105,6 +105,7 @@ /*%< EDNS0 extended OPT codes */ #define DNS_OPT_NSID 0x0003 /*%< NSID opt code */ +#define DNS_OPT_CLIENT_SUBNET 0x0008 /*%< client subnet opt code */ #define DNS_MESSAGE_REPLYPRESERVE (DNS_MESSAGEFLAG_RD|DNS_MESSAGEFLAG_CD) #define DNS_MESSAGEEXTFLAG_REPLYPRESERVE (DNS_MESSAGEEXTFLAG_DO) diff --git a/lib/dns/include/dns/nsec3.h b/lib/dns/include/dns/nsec3.h index 588dd053c06e..c0ac3a5bdb17 100644 --- a/lib/dns/include/dns/nsec3.h +++ b/lib/dns/include/dns/nsec3.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2010, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2008-2010, 2012, 2013 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -43,7 +43,7 @@ /* * Test "unknown" algorithm. Is mapped to dns_hash_sha1. */ -#define DNS_NSEC3_UNKNOWNALG 245U +#define DNS_NSEC3_UNKNOWNALG ((dns_hash_t)245U) ISC_LANG_BEGINDECLS diff --git a/lib/dns/include/dns/rdata.h b/lib/dns/include/dns/rdata.h index 2a67dc905219..6b6c66c76f06 100644 --- a/lib/dns/include/dns/rdata.h +++ b/lib/dns/include/dns/rdata.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -170,6 +170,9 @@ struct dns_rdata { /*% Output explanatory comments. */ #define DNS_STYLEFLAG_COMMENT 0x00000002U +/*% Output KEYDATA in human readable format. */ +#define DNS_STYLEFLAG_KEYDATA 0x00000008U + #define DNS_RDATA_DOWNCASE DNS_NAME_DOWNCASE #define DNS_RDATA_CHECKNAMES DNS_NAME_CHECKNAMES #define DNS_RDATA_CHECKNAMESFAIL DNS_NAME_CHECKNAMESFAIL diff --git a/lib/dns/include/dns/zone.h b/lib/dns/include/dns/zone.h index 6b9911d5897d..4aea8505c253 100644 --- a/lib/dns/include/dns/zone.h +++ b/lib/dns/include/dns/zone.h @@ -1906,6 +1906,12 @@ dns_zone_rpz_enable(dns_zone_t *zone); * Set the response policy associated with a zone. */ +isc_result_t +dns_zone_rpz_enable_db(dns_zone_t *zone, dns_db_t *db); +/*% + * If a zone is a response policy zone, mark its new database. + */ + isc_boolean_t dns_zone_get_rpz(dns_zone_t *zone); diff --git a/lib/dns/include/dst/dst.h b/lib/dns/include/dst/dst.h index 87d844bf2270..58c222be9251 100644 --- a/lib/dns/include/dst/dst.h +++ b/lib/dns/include/dst/dst.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -887,6 +887,23 @@ dst_key_restore(dns_name_t *name, unsigned int alg, unsigned int flags, unsigned int protocol, dns_rdataclass_t rdclass, isc_mem_t *mctx, const char *keystr, dst_key_t **keyp); +isc_boolean_t +dst_key_inactive(const dst_key_t *key); +/*%< + * Determines if the private key is missing due the key being deemed inactive. + * + * Requires: + * 'key' to be valid. + */ + +void +dst_key_setinactive(dst_key_t *key, isc_boolean_t inactive); +/*%< + * Set key inactive state. + * + * Requires: + * 'key' to be valid. + */ ISC_LANG_ENDDECLS diff --git a/lib/dns/include/dst/gssapi.h b/lib/dns/include/dst/gssapi.h index 1e81a55b9718..53c594e6b237 100644 --- a/lib/dns/include/dst/gssapi.h +++ b/lib/dns/include/dst/gssapi.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009-2011, 2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -29,7 +29,7 @@ #include <dns/types.h> #ifdef GSSAPI -#ifdef _WINDOWS +#ifdef WIN32 /* * MSVC does not like macros in #include lines. */ diff --git a/lib/dns/journal.c b/lib/dns/journal.c index 1564a811ffed..e70e68835e1c 100644 --- a/lib/dns/journal.c +++ b/lib/dns/journal.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -299,7 +299,7 @@ struct dns_journal { unsigned int magic; /*%< JOUR */ isc_mem_t *mctx; /*%< Memory context */ journal_state_t state; - const char *filename; /*%< Journal file name */ + char *filename; /*%< Journal file name */ FILE * fp; /*%< File handle */ isc_offset_t offset; /*%< Current file offset */ journal_header_t header; /*%< In-core journal header */ @@ -349,7 +349,7 @@ journal_pos_encode(journal_rawpos_t *raw, journal_pos_t *cooked) { static void journal_header_decode(journal_rawheader_t *raw, journal_header_t *cooked) { INSIST(sizeof(cooked->format) == sizeof(raw->h.format)); - memcpy(cooked->format, raw->h.format, sizeof(cooked->format)); + memmove(cooked->format, raw->h.format, sizeof(cooked->format)); journal_pos_decode(&raw->h.begin, &cooked->begin); journal_pos_decode(&raw->h.end, &cooked->end); cooked->index_size = decode_uint32(raw->h.index_size); @@ -359,7 +359,7 @@ static void journal_header_encode(journal_header_t *cooked, journal_rawheader_t *raw) { INSIST(sizeof(cooked->format) == sizeof(raw->h.format)); memset(raw->pad, 0, sizeof(raw->pad)); - memcpy(raw->h.format, cooked->format, sizeof(raw->h.format)); + memmove(raw->h.format, cooked->format, sizeof(raw->h.format)); journal_pos_encode(&raw->h.begin, &cooked->begin); journal_pos_encode(&raw->h.end, &cooked->end); encode_uint32(cooked->index_size, raw->h.index_size); @@ -395,7 +395,7 @@ journal_read(dns_journal_t *j, void *mem, size_t nbytes) { j->filename, isc_result_totext(result)); return (ISC_R_UNEXPECTED); } - j->offset += nbytes; + j->offset += (isc_offset_t)nbytes; return (ISC_R_SUCCESS); } @@ -410,7 +410,7 @@ journal_write(dns_journal_t *j, void *mem, size_t nbytes) { j->filename, isc_result_totext(result)); return (ISC_R_UNEXPECTED); } - j->offset += nbytes; + j->offset += (isc_offset_t)nbytes; return (ISC_R_SUCCESS); } @@ -512,7 +512,7 @@ journal_file_create(isc_mem_t *mctx, const char *filename) { return (ISC_R_NOMEMORY); } memset(mem, 0, size); - memcpy(mem, &rawheader, sizeof(rawheader)); + memmove(mem, &rawheader, sizeof(rawheader)); result = isc_stdio_write(mem, 1, (size_t) size, fp, NULL); if (result != ISC_R_SUCCESS) { @@ -554,10 +554,13 @@ journal_open(isc_mem_t *mctx, const char *filename, isc_boolean_t write, j->mctx = mctx; j->state = JOURNAL_STATE_INVALID; j->fp = NULL; - j->filename = filename; + j->filename = isc_mem_strdup(mctx, filename); j->index = NULL; j->rawindex = NULL; + if (j->filename == NULL) + FAIL(ISC_R_NOMEMORY); + result = isc_stdio_open(j->filename, write ? "rb+" : "rb", &fp); if (result == ISC_R_FILENOTFOUND) { @@ -660,6 +663,8 @@ journal_open(isc_mem_t *mctx, const char *filename, isc_boolean_t write, sizeof(journal_rawpos_t)); j->index = NULL; } + if (j->filename != NULL) + isc_mem_free(j->mctx, j->filename); if (j->fp != NULL) (void)isc_stdio_close(j->fp); isc_mem_put(j->mctx, j, sizeof(*j)); @@ -670,17 +675,17 @@ isc_result_t dns_journal_open(isc_mem_t *mctx, const char *filename, isc_boolean_t write, dns_journal_t **journalp) { isc_result_t result; - int namelen; + size_t namelen; char backup[1024]; result = journal_open(mctx, filename, write, write, journalp); if (result == ISC_R_NOTFOUND) { namelen = strlen(filename); - if (namelen > 4 && strcmp(filename + namelen - 4, ".jnl") == 0) + if (namelen > 4U && strcmp(filename + namelen - 4, ".jnl") == 0) namelen -= 4; result = isc_string_printf(backup, sizeof(backup), "%.*s.jbk", - namelen, filename); + (int)namelen, filename); if (result != ISC_R_SUCCESS) return (result); result = journal_open(mctx, backup, write, write, journalp); @@ -1200,7 +1205,8 @@ dns_journal_destroy(dns_journal_t **journalp) { isc_mem_put(j->mctx, j->it.target.base, j->it.target.length); if (j->it.source.base != NULL) isc_mem_put(j->mctx, j->it.source.base, j->it.source.length); - + if (j->filename != NULL) + isc_mem_free(j->mctx, j->filename); if (j->fp != NULL) (void)isc_stdio_close(j->fp); j->magic = 0; @@ -1216,9 +1222,7 @@ dns_journal_destroy(dns_journal_t **journalp) { /* XXX Share code with incoming IXFR? */ static isc_result_t -roll_forward(dns_journal_t *j, dns_db_t *db, unsigned int options, - isc_uint32_t resign) -{ +roll_forward(dns_journal_t *j, dns_db_t *db, unsigned int options) { isc_buffer_t source; /* Transaction data from disk */ isc_buffer_t target; /* Ditto after _fromwire check */ isc_uint32_t db_serial; /* Database SOA serial */ @@ -1235,7 +1239,6 @@ roll_forward(dns_journal_t *j, dns_db_t *db, unsigned int options, REQUIRE(DNS_DB_VALID(db)); dns_diff_init(j->mctx, &diff); - diff.resign = resign; /* * Set up empty initial buffers for unchecked and checked @@ -1368,6 +1371,8 @@ dns_journal_rollforward2(isc_mem_t *mctx, dns_db_t *db, unsigned int options, REQUIRE(DNS_DB_VALID(db)); REQUIRE(filename != NULL); + UNUSED(resign); + j = NULL; result = dns_journal_open(mctx, filename, ISC_FALSE, &j); if (result == ISC_R_NOTFOUND) { @@ -1380,7 +1385,7 @@ dns_journal_rollforward2(isc_mem_t *mctx, dns_db_t *db, unsigned int options, if (JOURNAL_EMPTY(&j->header)) result = DNS_R_UPTODATE; else - result = roll_forward(j, db, options, resign); + result = roll_forward(j, db, options); dns_journal_destroy(&j); @@ -2009,7 +2014,7 @@ dns_journal_compact(isc_mem_t *mctx, char *filename, isc_uint32_t serial, dns_journal_t *new = NULL; journal_rawheader_t rawheader; unsigned int copy_length; - int namelen; + size_t namelen; char *buf = NULL; unsigned int size = 0; isc_result_t result; @@ -2019,16 +2024,16 @@ dns_journal_compact(isc_mem_t *mctx, char *filename, isc_uint32_t serial, isc_boolean_t is_backup = ISC_FALSE; namelen = strlen(filename); - if (namelen > 4 && strcmp(filename + namelen - 4, ".jnl") == 0) + if (namelen > 4U && strcmp(filename + namelen - 4, ".jnl") == 0) namelen -= 4; result = isc_string_printf(newname, sizeof(newname), "%.*s.jnw", - namelen, filename); + (int)namelen, filename); if (result != ISC_R_SUCCESS) return (result); result = isc_string_printf(backup, sizeof(backup), "%.*s.jbk", - namelen, filename); + (int)namelen, filename); if (result != ISC_R_SUCCESS) return (result); diff --git a/lib/dns/keydata.c b/lib/dns/keydata.c index 822bd467dc55..cb1ed38dd7e3 100644 --- a/lib/dns/keydata.c +++ b/lib/dns/keydata.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -51,7 +51,7 @@ dns_keydata_todnskey(dns_rdata_keydata_t *keydata, dnskey->data = isc_mem_allocate(mctx, dnskey->datalen); if (dnskey->data == NULL) return (ISC_R_NOMEMORY); - memcpy(dnskey->data, keydata->data, dnskey->datalen); + memmove(dnskey->data, keydata->data, dnskey->datalen); } return (ISC_R_SUCCESS); @@ -82,7 +82,7 @@ dns_keydata_fromdnskey(dns_rdata_keydata_t *keydata, keydata->data = isc_mem_allocate(mctx, keydata->datalen); if (keydata->data == NULL) return (ISC_R_NOMEMORY); - memcpy(keydata->data, dnskey->data, keydata->datalen); + memmove(keydata->data, dnskey->data, keydata->datalen); } return (ISC_R_SUCCESS); diff --git a/lib/dns/master.c b/lib/dns/master.c index 1b7460c45673..5d9c13b5da36 100644 --- a/lib/dns/master.c +++ b/lib/dns/master.c @@ -684,7 +684,7 @@ genname(char *name, int it, char *buffer, size_t length) { isc_boolean_t nibblemode; r.base = buffer; - r.length = length; + r.length = (unsigned int)length; while (*name != '\0') { if (*name == '$') { @@ -2081,7 +2081,7 @@ read_and_check(isc_boolean_t do_read, isc_buffer_t *buffer, f, NULL); if (result != ISC_R_SUCCESS) return (result); - isc_buffer_add(buffer, len); + isc_buffer_add(buffer, (unsigned int)len); } else if (isc_buffer_remaininglength(buffer) < len) return (ISC_R_RANGE); @@ -2241,7 +2241,7 @@ load_raw(dns_loadctx_t *lctx) { lctx->f, NULL); if (result != ISC_R_SUCCESS) goto cleanup; - isc_buffer_add(&target, readlen); + isc_buffer_add(&target, (unsigned int)readlen); /* Construct RRset headers */ rdatalist.rdclass = isc_buffer_getuint16(&target); diff --git a/lib/dns/masterdump.c b/lib/dns/masterdump.c index a10e6f2d559e..aa1ccca9c8ea 100644 --- a/lib/dns/masterdump.c +++ b/lib/dns/masterdump.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -100,6 +100,20 @@ typedef struct dns_totext_ctx { } dns_totext_ctx_t; LIBDNS_EXTERNAL_DATA const dns_master_style_t +dns_master_style_keyzone = { + DNS_STYLEFLAG_OMIT_OWNER | + DNS_STYLEFLAG_OMIT_CLASS | + DNS_STYLEFLAG_REL_OWNER | + DNS_STYLEFLAG_REL_DATA | + DNS_STYLEFLAG_OMIT_TTL | + DNS_STYLEFLAG_TTL | + DNS_STYLEFLAG_COMMENT | + DNS_STYLEFLAG_MULTILINE | + DNS_STYLEFLAG_KEYDATA, + 24, 24, 24, 32, 80, 8 +}; + +LIBDNS_EXTERNAL_DATA const dns_master_style_t dns_master_style_default = { DNS_STYLEFLAG_OMIT_OWNER | DNS_STYLEFLAG_OMIT_CLASS | @@ -228,7 +242,7 @@ indent(unsigned int *current, unsigned int to, int tabwidth, int n = t; if (n > N_TABS) n = N_TABS; - memcpy(p, tabs, n); + memmove(p, tabs, n); p += n; t -= n; } @@ -249,7 +263,7 @@ indent(unsigned int *current, unsigned int to, int tabwidth, int n = t; if (n > N_SPACES) n = N_SPACES; - memcpy(p, spaces, n); + memmove(p, spaces, n); p += n; t -= n; } @@ -339,7 +353,7 @@ str_totext(const char *source, isc_buffer_t *target) { if (l > region.length) return (ISC_R_NOSPACE); - memcpy(region.base, source, l); + memmove(region.base, source, l); isc_buffer_add(target, l); return (ISC_R_SUCCESS); } @@ -456,7 +470,7 @@ rdataset_totext(dns_rdataset_t *rdataset, isc_buffer_availableregion(target, &r); if (r.length < length) return (ISC_R_NOSPACE); - memcpy(r.base, ttlbuf, length); + memmove(r.base, ttlbuf, length); isc_buffer_add(target, length); column += length; @@ -501,9 +515,22 @@ rdataset_totext(dns_rdataset_t *rdataset, type_start = target->used; if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) RETERR(str_totext("\\-", target)); - result = dns_rdatatype_totext(type, target); - if (result != ISC_R_SUCCESS) - return (result); + switch (type) { + case dns_rdatatype_keydata: +#define KEYDATA "KEYDATA" + if ((ctx->style.flags & DNS_STYLEFLAG_KEYDATA) != 0) { + if (isc_buffer_availablelength(target) < + (sizeof(KEYDATA) - 1)) + return (ISC_R_NOSPACE); + isc_buffer_putstr(target, KEYDATA); + break; + } + /* FALLTHROUGH */ + default: + result = dns_rdatatype_totext(type, target); + if (result != ISC_R_SUCCESS) + return (result); + } column += (target->used - type_start); /* diff --git a/lib/dns/message.c b/lib/dns/message.c index d36edbae3b14..681628c2e682 100644 --- a/lib/dns/message.c +++ b/lib/dns/message.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -1673,8 +1673,8 @@ dns_message_parse(dns_message_t *msg, isc_buffer_t *source, msg->saved.base = isc_mem_get(msg->mctx, msg->saved.length); if (msg->saved.base == NULL) return (ISC_R_NOMEMORY); - memcpy(msg->saved.base, isc_buffer_base(&origsource), - msg->saved.length); + memmove(msg->saved.base, isc_buffer_base(&origsource), + msg->saved.length); msg->free_saved = 1; } @@ -1746,7 +1746,7 @@ dns_message_renderchangebuffer(dns_message_t *msg, isc_buffer_t *buffer) { * Copy the contents from the old to the new buffer. */ isc_buffer_add(buffer, r.length); - memcpy(rn.base, r.base, r.length); + memmove(rn.base, r.base, r.length); msg->buffer = buffer; @@ -3466,7 +3466,7 @@ dns_message_buildopt(dns_message_t *message, dns_rdataset_t **rdatasetp, dns_rdatalist_t *rdatalist = NULL; dns_rdata_t *rdata = NULL; isc_result_t result; - size_t len = 0, i; + unsigned int len = 0, i; REQUIRE(DNS_MESSAGE_VALID(message)); REQUIRE(rdatasetp != NULL && *rdatasetp == NULL); diff --git a/lib/dns/name.c b/lib/dns/name.c index 7fb21e138c3c..9b24ed363804 100644 --- a/lib/dns/name.c +++ b/lib/dns/name.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -578,6 +578,11 @@ dns_name_fullcompare(const dns_name_t *name1, const dns_name_t *name2, REQUIRE((name1->attributes & DNS_NAMEATTR_ABSOLUTE) == (name2->attributes & DNS_NAMEATTR_ABSOLUTE)); + if (name1 == name2) { + *orderp = 0; + return (dns_namereln_equal); + } + SETUP_OFFSETS(name1, offsets1, odata1); SETUP_OFFSETS(name2, offsets2, odata2); @@ -691,6 +696,9 @@ dns_name_equal(const dns_name_t *name1, const dns_name_t *name2) { REQUIRE((name1->attributes & DNS_NAMEATTR_ABSOLUTE) == (name2->attributes & DNS_NAMEATTR_ABSOLUTE)); + if (name1 == name2) + return (ISC_TRUE); + if (name1->length != name2->length) return (ISC_FALSE); @@ -963,8 +971,8 @@ dns_name_clone(const dns_name_t *source, dns_name_t *target) { DNS_NAMEATTR_DYNOFFSETS); if (target->offsets != NULL && source->labels > 0) { if (source->offsets != NULL) - memcpy(target->offsets, source->offsets, - source->labels); + memmove(target->offsets, source->offsets, + source->labels); else set_offsets(target, target->offsets, NULL); } @@ -993,7 +1001,7 @@ dns_name_fromregion(dns_name_t *name, const isc_region_t *r) { len = (r->length < r2.length) ? r->length : r2.length; if (len > DNS_NAME_MAXWIRE) len = DNS_NAME_MAXWIRE; - memcpy(r2.base, r->base, len); + memmove(r2.base, r->base, len); name->ndata = r2.base; name->length = len; } else { @@ -1977,8 +1985,8 @@ dns_name_towire(const dns_name_t *name, dns_compress_t *cctx, if (gf) { if (target->length - target->used < gp.length) return (ISC_R_NOSPACE); - (void)memcpy((unsigned char *)target->base + target->used, - gp.ndata, (size_t)gp.length); + (void)memmove((unsigned char *)target->base + target->used, + gp.ndata, (size_t)gp.length); isc_buffer_add(target, gp.length); go |= 0xc000; if (target->length - target->used < 2) @@ -1989,8 +1997,8 @@ dns_name_towire(const dns_name_t *name, dns_compress_t *cctx, } else { if (target->length - target->used < name->length) return (ISC_R_NOSPACE); - (void)memcpy((unsigned char *)target->base + target->used, - name->ndata, (size_t)name->length); + (void)memmove((unsigned char *)target->base + target->used, + name->ndata, (size_t)name->length); isc_buffer_add(target, name->length); dns_compress_add(cctx, name, name, offset); } @@ -2070,12 +2078,7 @@ dns_name_concatenate(dns_name_t *prefix, dns_name_t *suffix, dns_name_t *name, if (copy_suffix) { if ((suffix->attributes & DNS_NAMEATTR_ABSOLUTE) != 0) absolute = ISC_TRUE; - if (suffix == name && suffix->buffer == target) - memmove(ndata + prefix_length, suffix->ndata, - suffix->length); - else - memcpy(ndata + prefix_length, suffix->ndata, - suffix->length); + memmove(ndata + prefix_length, suffix->ndata, suffix->length); } /* @@ -2084,7 +2087,7 @@ dns_name_concatenate(dns_name_t *prefix, dns_name_t *suffix, dns_name_t *name, * copy anything. */ if (copy_prefix && (prefix != name || prefix->buffer != target)) - memcpy(ndata, prefix->ndata, prefix_length); + memmove(ndata, prefix->ndata, prefix_length); name->ndata = ndata; name->labels = labels; @@ -2158,7 +2161,7 @@ dns_name_dup(const dns_name_t *source, isc_mem_t *mctx, if (target->ndata == NULL) return (ISC_R_NOMEMORY); - memcpy(target->ndata, source->ndata, source->length); + memmove(target->ndata, source->ndata, source->length); target->length = source->length; target->labels = source->labels; @@ -2167,8 +2170,8 @@ dns_name_dup(const dns_name_t *source, isc_mem_t *mctx, target->attributes |= DNS_NAMEATTR_ABSOLUTE; if (target->offsets != NULL) { if (source->offsets != NULL) - memcpy(target->offsets, source->offsets, - source->labels); + memmove(target->offsets, source->offsets, + source->labels); else set_offsets(target, target->offsets, NULL); } @@ -2200,7 +2203,7 @@ dns_name_dupwithoffsets(dns_name_t *source, isc_mem_t *mctx, if (target->ndata == NULL) return (ISC_R_NOMEMORY); - memcpy(target->ndata, source->ndata, source->length); + memmove(target->ndata, source->ndata, source->length); target->length = source->length; target->labels = source->labels; @@ -2210,7 +2213,7 @@ dns_name_dupwithoffsets(dns_name_t *source, isc_mem_t *mctx, target->attributes |= DNS_NAMEATTR_ABSOLUTE; target->offsets = target->ndata + source->length; if (source->offsets != NULL) - memcpy(target->offsets, source->offsets, source->labels); + memmove(target->offsets, source->offsets, source->labels); else set_offsets(target, target->offsets, NULL); @@ -2390,7 +2393,7 @@ dns_name_tostring(dns_name_t *name, char **target, isc_mem_t *mctx) { isc_buffer_usedregion(&buf, ®); p = isc_mem_allocate(mctx, reg.length + 1); - memcpy(p, (char *) reg.base, (int) reg.length); + memmove(p, (char *) reg.base, (int) reg.length); p[reg.length] = '\0'; *target = p; @@ -2466,7 +2469,7 @@ dns_name_copy(dns_name_t *source, dns_name_t *dest, isc_buffer_t *target) { ndata = (unsigned char *)target->base + target->used; dest->ndata = target->base; - memcpy(ndata, source->ndata, source->length); + memmove(ndata, source->ndata, source->length); dest->ndata = ndata; dest->labels = source->labels; @@ -2478,7 +2481,7 @@ dns_name_copy(dns_name_t *source, dns_name_t *dest, isc_buffer_t *target) { if (dest->labels > 0 && dest->offsets != NULL) { if (source->offsets != NULL) - memcpy(dest->offsets, source->offsets, source->labels); + memmove(dest->offsets, source->offsets, source->labels); else set_offsets(dest, dest->offsets, NULL); } diff --git a/lib/dns/nsec.c b/lib/dns/nsec.c index 41b5dc3293ea..8da1ac84b35b 100644 --- a/lib/dns/nsec.c +++ b/lib/dns/nsec.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007-2009, 2011-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007-2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -63,7 +63,7 @@ bit_isset(unsigned char *array, unsigned int index) { shift = 7 - (index % 8); mask = 1 << shift; - return ((byte & mask) != 0); + return (ISC_TF(byte & mask)); } isc_result_t @@ -83,7 +83,7 @@ dns_nsec_buildrdata(dns_db_t *db, dns_dbversion_t *version, memset(buffer, 0, DNS_NSEC_BUFFERSIZE); dns_name_toregion(target, &r); - memcpy(buffer, r.base, r.length); + memmove(buffer, r.base, r.length); r.base = buffer; /* * Use the end of the space for a raw bitmap leaving enough @@ -146,7 +146,7 @@ dns_nsec_buildrdata(dns_db_t *db, dns_dbversion_t *version, memmove(&nsec_bits[2], &bm[window * 32], octet + 1); nsec_bits += 3 + octet; } - r.length = nsec_bits - r.base; + r.length = (unsigned int)(nsec_bits - r.base); INSIST(r.length <= DNS_NSEC_BUFFERSIZE); dns_rdata_fromregion(rdata, dns_db_class(db), diff --git a/lib/dns/nsec3.c b/lib/dns/nsec3.c index 7ec6b4cb881d..5cccce759fad 100644 --- a/lib/dns/nsec3.c +++ b/lib/dns/nsec3.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006, 2008-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2006, 2008-2014 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -120,15 +120,15 @@ dns_nsec3_buildrdata(dns_db_t *db, dns_dbversion_t *version, *p++ = iterations >> 8; *p++ = iterations; - *p++ = salt_length; - memcpy(p, salt, salt_length); + *p++ = (unsigned char)salt_length; + memmove(p, salt, salt_length); p += salt_length; - *p++ = hash_length; - memcpy(p, nexthash, hash_length); + *p++ = (unsigned char)hash_length; + memmove(p, nexthash, hash_length); p += hash_length; - r.length = p - buffer; + r.length = (unsigned int)(p - buffer); r.base = buffer; /* @@ -215,7 +215,7 @@ dns_nsec3_buildrdata(dns_db_t *db, dns_dbversion_t *version, memmove(&nsec_bits[2], &bm[window * 32], octet + 1); nsec_bits += 3 + octet; } - r.length = nsec_bits - r.base; + r.length = (unsigned int)(nsec_bits - r.base); INSIST(r.length <= DNS_NSEC3_BUFFERSIZE); dns_rdata_fromregion(rdata, dns_db_class(db), dns_rdatatype_nsec3, &r); @@ -282,7 +282,8 @@ dns_nsec3_hashname(dns_fixedname_t *result, dns_name_downcase(name, downcased, NULL); /* hash the node name */ - len = isc_iterated_hash(rethash, hashalg, iterations, salt, saltlength, + len = isc_iterated_hash(rethash, hashalg, iterations, + salt, (int)saltlength, downcased->ndata, downcased->length); if (len == 0U) return (DNS_R_BADALG); @@ -292,7 +293,7 @@ dns_nsec3_hashname(dns_fixedname_t *result, /* convert the hash to base32hex */ region.base = rethash; - region.length = len; + region.length = (unsigned int)len; isc_buffer_init(&namebuffer, nametext, sizeof nametext); isc_base32hex_totext(®ion, 1, "", &namebuffer); @@ -338,7 +339,6 @@ do_one_tuple(dns_difftuple_t **tuple, dns_db_t *db, dns_dbversion_t *ver, * Create a singleton diff. */ dns_diff_init(diff->mctx, &temp_diff); - temp_diff.resign = diff->resign; ISC_LIST_APPEND(temp_diff.tuples, *tuple, link); /* @@ -629,7 +629,7 @@ dns_nsec3_addnsec3(dns_db_t *db, dns_dbversion_t *version, flags = nsec3.flags; next_length = nsec3.next_length; INSIST(next_length <= sizeof(nexthash)); - memcpy(nexthash, nsec3.next, next_length); + memmove(nexthash, nsec3.next, next_length); dns_rdataset_disassociate(&rdataset); /* * If the NSEC3 is not for a unsecure delegation then @@ -717,7 +717,7 @@ dns_nsec3_addnsec3(dns_db_t *db, dns_dbversion_t *version, * Fixup the previous NSEC3. */ nsec3.next = nexthash; - nsec3.next_length = next_length; + nsec3.next_length = (unsigned char)next_length; isc_buffer_init(&buffer, nsec3buf, sizeof(nsec3buf)); CHECK(dns_rdata_fromstruct(&rdata, rdataset.rdclass, dns_rdatatype_nsec3, &nsec3, @@ -726,7 +726,7 @@ dns_nsec3_addnsec3(dns_db_t *db, dns_dbversion_t *version, rdataset.ttl, &rdata, &tuple)); CHECK(do_one_tuple(&tuple, db, version, diff)); INSIST(old_length <= sizeof(nexthash)); - memcpy(nexthash, old_next, old_length); + memmove(nexthash, old_next, old_length); if (!CREATE(nsec3param->flags)) flags = nsec3.flags; dns_rdata_reset(&rdata); @@ -836,7 +836,7 @@ dns_nsec3_addnsec3(dns_db_t *db, dns_dbversion_t *version, * Fixup the previous NSEC3. */ nsec3.next = nexthash; - nsec3.next_length = next_length; + nsec3.next_length = (unsigned char)next_length; isc_buffer_init(&buffer, nsec3buf, sizeof(nsec3buf)); CHECK(dns_rdata_fromstruct(&rdata, rdataset.rdclass, @@ -847,7 +847,7 @@ dns_nsec3_addnsec3(dns_db_t *db, dns_dbversion_t *version, &tuple)); CHECK(do_one_tuple(&tuple, db, version, diff)); INSIST(old_length <= sizeof(nexthash)); - memcpy(nexthash, old_next, old_length); + memmove(nexthash, old_next, old_length); if (!CREATE(nsec3param->flags)) flags = nsec3.flags; dns_rdata_reset(&rdata); @@ -977,7 +977,7 @@ dns_nsec3param_fromprivate(dns_rdata_t *src, dns_rdata_t *target, isc_buffer_init(&buf1, src->data + 1, src->length - 1); isc_buffer_add(&buf1, src->length - 1); isc_buffer_setactive(&buf1, src->length - 1); - isc_buffer_init(&buf2, buf, buflen); + isc_buffer_init(&buf2, buf, (unsigned int)buflen); dns_decompress_init(&dctx, -1, DNS_DECOMPRESS_NONE); result = dns_rdata_fromwire(target, src->rdclass, dns_rdatatype_nsec3param, @@ -996,7 +996,7 @@ dns_nsec3param_toprivate(dns_rdata_t *src, dns_rdata_t *target, REQUIRE(DNS_RDATA_INITIALIZED(target)); - memcpy(buf + 1, src->data, src->length); + memmove(buf + 1, src->data, src->length); buf[0] = 0; target->data = buf; target->length = src->length + 1; @@ -1131,7 +1131,7 @@ dns_nsec3param_deletechains(dns_db_t *db, dns_dbversion_t *ver, result = dns_rdataset_next(&rdataset)) { dns_rdataset_current(&rdataset, &rdata); INSIST(rdata.length <= sizeof(buf)); - memcpy(buf, rdata.data, rdata.length); + memmove(buf, rdata.data, rdata.length); /* * Private NSEC3 record length >= 6. @@ -1395,7 +1395,7 @@ dns_nsec3_delnsec3(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name, if (result == ISC_R_SUCCESS) { next_length = nsec3.next_length; INSIST(next_length <= sizeof(nexthash)); - memcpy(nexthash, nsec3.next, next_length); + memmove(nexthash, nsec3.next, next_length); } dns_rdataset_disassociate(&rdataset); if (result == ISC_R_NOMORE) @@ -1439,7 +1439,7 @@ dns_nsec3_delnsec3(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name, * Fixup the previous NSEC3. */ nsec3.next = nexthash; - nsec3.next_length = next_length; + nsec3.next_length = (unsigned char)next_length; if (CREATE(nsec3param->flags)) nsec3.flags = nsec3param->flags & DNS_NSEC3FLAG_OPTOUT; isc_buffer_init(&buffer, nsec3buf, sizeof(nsec3buf)); @@ -1498,7 +1498,7 @@ dns_nsec3_delnsec3(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name, if (result == ISC_R_SUCCESS) { next_length = nsec3.next_length; INSIST(next_length <= sizeof(nexthash)); - memcpy(nexthash, nsec3.next, next_length); + memmove(nexthash, nsec3.next, next_length); } dns_rdataset_disassociate(&rdataset); if (result == ISC_R_NOMORE) @@ -1539,7 +1539,7 @@ dns_nsec3_delnsec3(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name, * Fixup the previous NSEC3. */ nsec3.next = nexthash; - nsec3.next_length = next_length; + nsec3.next_length = (unsigned char)next_length; isc_buffer_init(&buffer, nsec3buf, sizeof(nsec3buf)); CHECK(dns_rdata_fromstruct(&rdata, rdataset.rdclass, diff --git a/lib/dns/openssldh_link.c b/lib/dns/openssldh_link.c index 9fe9bb52524f..aaaf69c00ffe 100644 --- a/lib/dns/openssldh_link.c +++ b/lib/dns/openssldh_link.c @@ -1,5 +1,5 @@ /* - * Portions Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2009, 2011-2013 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -608,11 +608,11 @@ BN_fromhex(BIGNUM *b, const char *str) { s = strchr(hexdigits, tolower((unsigned char)str[i])); RUNTIME_CHECK(s != NULL); - high = s - hexdigits; + high = (unsigned int)(s - hexdigits); s = strchr(hexdigits, tolower((unsigned char)str[i + 1])); RUNTIME_CHECK(s != NULL); - low = s - hexdigits; + low = (unsigned int)(s - hexdigits); data[i/2] = (unsigned char)((high << 4) + low); } diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c index 1cf30f839ab9..78d2d0ceb9d9 100644 --- a/lib/dns/opensslecdsa_link.c +++ b/lib/dns/opensslecdsa_link.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2012-2014 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -371,7 +371,7 @@ opensslecdsa_todns(const dst_key_t *key, isc_buffer_t *data) { cp = buf; if (!i2o_ECPublicKey(eckey, &cp)) DST_RET (dst__openssl_toresult(ISC_R_FAILURE)); - memcpy(r.base, buf + 1, len); + memmove(r.base, buf + 1, len); isc_buffer_add(data, len); ret = ISC_R_SUCCESS; @@ -414,7 +414,7 @@ opensslecdsa_fromdns(dst_key_t *key, isc_buffer_t *data) { return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); buf[0] = POINT_CONVERSION_UNCOMPRESSED; - memcpy(buf + 1, r.base, len); + memmove(buf + 1, r.base, len); cp = buf; if (o2i_ECPublicKey(&eckey, (const unsigned char **) &cp, diff --git a/lib/dns/opensslgost_link.c b/lib/dns/opensslgost_link.c index 098e31243df4..a7e728cff9ed 100644 --- a/lib/dns/opensslgost_link.c +++ b/lib/dns/opensslgost_link.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2010-2012, 2014 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -253,7 +253,7 @@ opensslgost_todns(const dst_key_t *key, isc_buffer_t *data) { len = i2d_PUBKEY(pkey, &p); INSIST(len == sizeof(der)); INSIST(memcmp(gost_prefix, der, 37) == 0); - memcpy(r.base, der + 37, 64); + memmove(r.base, der + 37, 64); isc_buffer_add(data, 64); return (ISC_R_SUCCESS); @@ -272,8 +272,8 @@ opensslgost_fromdns(dst_key_t *key, isc_buffer_t *data) { if (r.length != 64) return (DST_R_INVALIDPUBLICKEY); - memcpy(der, gost_prefix, 37); - memcpy(der + 37, r.base, 64); + memmove(der, gost_prefix, 37); + memmove(der + 37, r.base, 64); isc_buffer_forward(data, 64); p = der; diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c index 2430f2429135..06921a2e3e44 100644 --- a/lib/dns/opensslrsa_link.c +++ b/lib/dns/opensslrsa_link.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -474,7 +474,7 @@ opensslrsa_sign(dst_context_t *dctx, isc_buffer_t *sig) { INSIST(prefixlen + digestlen <= sizeof(digest)); memmove(digest + prefixlen, digest, digestlen); - memcpy(digest, prefix, prefixlen); + memmove(digest, prefix, prefixlen); status = RSA_private_encrypt(digestlen + prefixlen, digest, r.base, rsa, RSA_PKCS1_PADDING); diff --git a/lib/dns/portlist.c b/lib/dns/portlist.c index 5bc89f482984..754eef668792 100644 --- a/lib/dns/portlist.c +++ b/lib/dns/portlist.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -80,7 +80,7 @@ dns_portlist_create(isc_mem_t *mctx, dns_portlist_t **portlistp) { portlist = isc_mem_get(mctx, sizeof(*portlist)); if (portlist == NULL) return (ISC_R_NOMEMORY); - result = isc_mutex_init(&portlist->lock); + result = isc_mutex_init(&portlist->lock); if (result != ISC_R_SUCCESS) { isc_mem_put(mctx, portlist, sizeof(*portlist)); return (result); @@ -111,7 +111,7 @@ find_port(dns_element_t *list, unsigned int len, in_port_t port) { for (;;) { if (list[xtry].port == port) return (&list[xtry]); - if (port > list[xtry].port) { + if (port > list[xtry].port) { if (xtry == max) break; min = xtry; @@ -164,8 +164,8 @@ dns_portlist_add(dns_portlist_t *portlist, int af, in_port_t port) { goto unlock; } if (portlist->list != NULL) { - memcpy(el, portlist->list, - portlist->allocated * sizeof(*el)); + memmove(el, portlist->list, + portlist->allocated * sizeof(*el)); isc_mem_put(portlist->mctx, portlist->list, portlist->allocated * sizeof(*el)); } @@ -215,7 +215,7 @@ isc_boolean_t dns_portlist_match(dns_portlist_t *portlist, int af, in_port_t port) { dns_element_t *el; isc_boolean_t result = ISC_FALSE; - + REQUIRE(DNS_VALID_PORTLIST(portlist)); REQUIRE(af == AF_INET || af == AF_INET6); LOCK(&portlist->lock); @@ -227,7 +227,7 @@ dns_portlist_match(dns_portlist_t *portlist, int af, in_port_t port) { if (af == AF_INET6 && (el->flags & DNS_PL_INET6) != 0) result = ISC_TRUE; } - } + } UNLOCK(&portlist->lock); return (result); } diff --git a/lib/dns/rbt.c b/lib/dns/rbt.c index eb95d14fbc22..ffa110238f24 100644 --- a/lib/dns/rbt.c +++ b/lib/dns/rbt.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007-2009, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -1478,8 +1478,8 @@ create_node(isc_mem_t *mctx, dns_name_t *name, dns_rbtnode_t **nodep) { OLDOFFSETLEN(node) = OFFSETLEN(node) = labels; ATTRS(node) = name->attributes; - memcpy(NAME(node), region.base, region.length); - memcpy(OFFSETS(node), name->offsets, labels); + memmove(NAME(node), region.base, region.length); + memmove(OFFSETS(node), name->offsets, labels); #if DNS_RBT_USEMAGIC node->magic = DNS_RBTNODE_MAGIC; @@ -1840,7 +1840,7 @@ dns_rbt_deletefromlevel(dns_rbtnode_t *delete, dns_rbtnode_t **rootp) { * information, which will be needed when linking up * delete to the successor's old location. */ - memcpy(tmp, successor, sizeof(dns_rbtnode_t)); + memmove(tmp, successor, sizeof(dns_rbtnode_t)); if (IS_ROOT(delete)) { *rootp = successor; diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c index f6f96ab9315a..a4a5acffece4 100644 --- a/lib/dns/rbtdb.c +++ b/lib/dns/rbtdb.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -1121,8 +1121,8 @@ newversion(dns_db_t *db, dns_dbversion_t **versionp) { version->hash = rbtdb->current_version->hash; version->salt_length = rbtdb->current_version->salt_length; - memcpy(version->salt, rbtdb->current_version->salt, - version->salt_length); + memmove(version->salt, rbtdb->current_version->salt, + version->salt_length); } else { version->flags = 0; version->iterations = 0; @@ -1706,8 +1706,11 @@ decrement_reference(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, nodelock = &rbtdb->node_locks[bucket]; +#define KEEP_NODE(n, r) \ + ((n)->data != NULL || (n)->down != NULL || (n) == (r)->origin_node) + /* Handle easy and typical case first. */ - if (!node->dirty && (node->data != NULL || node->down != NULL)) { + if (!node->dirty && KEEP_NODE(node, rbtdb)) { dns_rbtnode_refdecrement(node, &nrefs); INSIST((int)nrefs >= 0); if (nrefs == 0) { @@ -1776,12 +1779,11 @@ decrement_reference(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, isc_refcount_decrement(&nodelock->references, &refs); INSIST((int)refs >= 0); - /* - * XXXDCL should this only be done for cache zones? - */ - if (node->data != NULL || node->down != NULL) + if (KEEP_NODE(node, rbtdb)) goto restore_locks; +#undef KEEP_NODE + if (write_locked) { /* * We can now delete the node. @@ -2127,8 +2129,8 @@ setnsec3parameters(dns_db_t *db, rbtdb_version_t *version) { if (nsec3param.flags != 0) continue; - memcpy(version->salt, nsec3param.salt, - nsec3param.salt_length); + memmove(version->salt, nsec3param.salt, + nsec3param.salt_length); version->hash = nsec3param.hash; version->salt_length = nsec3param.salt_length; version->iterations = nsec3param.iterations; @@ -4168,7 +4170,7 @@ cache_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) { header_prev = NULL; for (header = node->data; header != NULL; header = header_next) { header_next = header->next; - if (header->rdh_ttl <= search->now) { + if (header->rdh_ttl < search->now) { /* * This rdataset is stale. If no one else is * using the node, we can clean it up right @@ -4176,7 +4178,7 @@ cache_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) { * the node as dirty, so it will get cleaned * up later. */ - if ((header->rdh_ttl <= search->now - RBTDB_VIRTUAL) && + if ((header->rdh_ttl < search->now - RBTDB_VIRTUAL) && (locktype == isc_rwlocktype_write || NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS)) { /* @@ -4292,7 +4294,7 @@ find_deepest_zonecut(rbtdb_search_t *search, dns_rbtnode_t *node, header != NULL; header = header_next) { header_next = header->next; - if (header->rdh_ttl <= search->now) { + if (header->rdh_ttl < search->now) { /* * This rdataset is stale. If no one else is * using the node, we can clean it up right @@ -4300,7 +4302,7 @@ find_deepest_zonecut(rbtdb_search_t *search, dns_rbtnode_t *node, * the node as dirty, so it will get cleaned * up later. */ - if ((header->rdh_ttl <= search->now - + if ((header->rdh_ttl < search->now - RBTDB_VIRTUAL) && (locktype == isc_rwlocktype_write || NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS)) { @@ -4469,7 +4471,7 @@ find_coveringnsec(rbtdb_search_t *search, dns_dbnode_t **nodep, header != NULL; header = header_next) { header_next = header->next; - if (header->rdh_ttl <= now) { + if (header->rdh_ttl < now) { /* * This rdataset is stale. If no one else is * using the node, we can clean it up right @@ -4477,7 +4479,7 @@ find_coveringnsec(rbtdb_search_t *search, dns_dbnode_t **nodep, * node as dirty, so it will get cleaned up * later. */ - if ((header->rdh_ttl <= now - RBTDB_VIRTUAL) && + if ((header->rdh_ttl < now - RBTDB_VIRTUAL) && (locktype == isc_rwlocktype_write || NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS)) { /* @@ -4625,12 +4627,12 @@ rpz_findips(dns_rpz_zone_t *rpz, dns_rpz_type_t rpz_type, switch (rdata.type) { case dns_rdatatype_a: INSIST(rdata.length == 4); - memcpy(&ina.s_addr, rdata.data, 4); + memmove(&ina.s_addr, rdata.data, 4); isc_netaddr_fromin(&netaddr, &ina); break; case dns_rdatatype_aaaa: INSIST(rdata.length == 16); - memcpy(in6a.s6_addr, rdata.data, 16); + memmove(in6a.s6_addr, rdata.data, 16); isc_netaddr_fromin6(&netaddr, &in6a); break; default: @@ -4875,14 +4877,14 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, header_prev = NULL; for (header = node->data; header != NULL; header = header_next) { header_next = header->next; - if (header->rdh_ttl <= now) { + if (header->rdh_ttl < now) { /* * This rdataset is stale. If no one else is using the * node, we can clean it up right now, otherwise we * mark it as stale, and the node as dirty, so it will * get cleaned up later. */ - if ((header->rdh_ttl <= now - RBTDB_VIRTUAL) && + if ((header->rdh_ttl < now - RBTDB_VIRTUAL) && (locktype == isc_rwlocktype_write || NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS)) { /* @@ -5182,14 +5184,14 @@ cache_findzonecut(dns_db_t *db, dns_name_t *name, unsigned int options, header_prev = NULL; for (header = node->data; header != NULL; header = header_next) { header_next = header->next; - if (header->rdh_ttl <= now) { + if (header->rdh_ttl < now) { /* * This rdataset is stale. If no one else is using the * node, we can clean it up right now, otherwise we * mark it as stale, and the node as dirty, so it will * get cleaned up later. */ - if ((header->rdh_ttl <= now - RBTDB_VIRTUAL) && + if ((header->rdh_ttl < now - RBTDB_VIRTUAL) && (locktype == isc_rwlocktype_write || NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS)) { /* @@ -5671,8 +5673,8 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, for (header = rbtnode->data; header != NULL; header = header_next) { header_next = header->next; - if (header->rdh_ttl <= now) { - if ((header->rdh_ttl <= now - RBTDB_VIRTUAL) && + if (header->rdh_ttl < now) { + if ((header->rdh_ttl < now - RBTDB_VIRTUAL) && (locktype == isc_rwlocktype_write || NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS)) { /* @@ -5980,7 +5982,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, } } if (topheader != NULL && EXISTS(topheader) && - topheader->rdh_ttl > now) { + topheader->rdh_ttl >= now) { /* * Found one. */ @@ -6046,7 +6048,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, * has no effect, provided that the cache data isn't stale. */ if (rbtversion == NULL && trust < header->trust && - (header->rdh_ttl > now || header_nx)) { + (header->rdh_ttl >= now || header_nx)) { free_rdataset(rbtdb, rbtdb->common.mctx, newheader); if (addedrdataset != NULL) bind_rdataset(rbtdb, rbtnode, header, now, @@ -6116,7 +6118,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, * Don't lower trust of existing record if the * update is forced. */ - if (IS_CACHE(rbtdb) && header->rdh_ttl > now && + if (IS_CACHE(rbtdb) && header->rdh_ttl >= now && header->type == dns_rdatatype_ns && !header_nx && !newheader_nx && header->trust >= newheader->trust && @@ -6152,7 +6154,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, * to be no more than the current NS RRset's TTL. This * ensures the delegations that are withdrawn are honoured. */ - if (IS_CACHE(rbtdb) && header->rdh_ttl > now && + if (IS_CACHE(rbtdb) && header->rdh_ttl >= now && header->type == dns_rdatatype_ns && !header_nx && !newheader_nx && header->trust <= newheader->trust) { @@ -6160,7 +6162,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, newheader->rdh_ttl = header->rdh_ttl; } } - if (IS_CACHE(rbtdb) && header->rdh_ttl > now && + if (IS_CACHE(rbtdb) && header->rdh_ttl >= now && (header->type == dns_rdatatype_a || header->type == dns_rdatatype_aaaa || header->type == dns_rdatatype_ds || @@ -6563,7 +6565,7 @@ addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, cleanup_dead_nodes(rbtdb, rbtnode->locknum); header = isc_heap_element(rbtdb->heaps[rbtnode->locknum], 1); - if (header && header->rdh_ttl <= now - RBTDB_VIRTUAL) + if (header && header->rdh_ttl < now - RBTDB_VIRTUAL) expire_header(rbtdb, header, tree_locked); /* @@ -6867,28 +6869,21 @@ static isc_result_t loadnode(dns_rbtdb_t *rbtdb, dns_name_t *name, dns_rbtnode_t **nodep, isc_boolean_t hasnsec) { - isc_result_t noderesult, nsecresult; - dns_rbtnode_t *nsecnode; - - noderesult = dns_rbt_addnode(rbtdb->tree, name, nodep); - -#ifdef BIND9 - if (noderesult == ISC_R_SUCCESS && rbtdb->rpz_cidr != NULL) - dns_rpz_cidr_addip(rbtdb->rpz_cidr, name); -#endif + isc_result_t noderesult, nsecresult, tmpresult; + dns_rbtnode_t *nsecnode = NULL, *node = NULL; + noderesult = dns_rbt_addnode(rbtdb->tree, name, &node); if (!hasnsec) - return (noderesult); + goto done; if (noderesult == ISC_R_EXISTS) { /* * Add a node to the auxiliary NSEC tree for an old node * just now getting an NSEC record. */ - if ((*nodep)->nsec == DNS_RBT_NSEC_HAS_NSEC) - return (noderesult); - } else if (noderesult != ISC_R_SUCCESS) { - return (noderesult); - } + if (node->nsec == DNS_RBT_NSEC_HAS_NSEC) + goto done; + } else if (noderesult != ISC_R_SUCCESS) + goto done; /* * Build the auxiliary tree for NSECs as we go. @@ -6898,12 +6893,11 @@ loadnode(dns_rbtdb_t *rbtdb, dns_name_t *name, dns_rbtnode_t **nodep, * Add nodes to the auxiliary tree after corresponding nodes have * been added to the main tree. */ - nsecnode = NULL; nsecresult = dns_rbt_addnode(rbtdb->nsec, name, &nsecnode); if (nsecresult == ISC_R_SUCCESS) { nsecnode->nsec = DNS_RBT_NSEC_NSEC; - (*nodep)->nsec = DNS_RBT_NSEC_HAS_NSEC; - return (noderesult); + node->nsec = DNS_RBT_NSEC_HAS_NSEC; + goto done; } if (nsecresult == ISC_R_EXISTS) { @@ -6914,21 +6908,41 @@ loadnode(dns_rbtdb_t *rbtdb, dns_name_t *name, dns_rbtnode_t **nodep, ISC_LOG_WARNING, "addnode: NSEC node already exists"); #endif - (*nodep)->nsec = DNS_RBT_NSEC_HAS_NSEC; - return (noderesult); + node->nsec = DNS_RBT_NSEC_HAS_NSEC; + goto done; } - nsecresult = dns_rbt_deletenode(rbtdb->tree, *nodep, ISC_FALSE); - if (nsecresult != ISC_R_SUCCESS) - isc_log_write(dns_lctx, - DNS_LOGCATEGORY_DATABASE, - DNS_LOGMODULE_CACHE, - ISC_LOG_WARNING, - "loading_addrdataset: " - "dns_rbt_deletenode: %s after " - "dns_rbt_addnode(NSEC): %s", - isc_result_totext(nsecresult), - isc_result_totext(noderesult)); + if (noderesult == ISC_R_SUCCESS) { + /* + * Remove the node we just added above. + */ + tmpresult = dns_rbt_deletenode(rbtdb->tree, node, ISC_FALSE); + if (tmpresult != ISC_R_SUCCESS) + isc_log_write(dns_lctx, + DNS_LOGCATEGORY_DATABASE, + DNS_LOGMODULE_CACHE, + ISC_LOG_WARNING, + "loading_addrdataset: " + "dns_rbt_deletenode: %s after " + "dns_rbt_addnode(NSEC): %s", + isc_result_totext(tmpresult), + isc_result_totext(noderesult)); + + } + + /* + * Set the error condition to be returned. + */ + noderesult = nsecresult; + + done: +#ifdef BIND9 + if (noderesult == ISC_R_SUCCESS && rbtdb->rpz_cidr != NULL) + dns_rpz_cidr_addip(rbtdb->rpz_cidr, name); +#endif + if (noderesult == ISC_R_SUCCESS || noderesult == ISC_R_EXISTS) + *nodep = node; + return (noderesult); } @@ -7265,7 +7279,8 @@ getnsec3parameters(dns_db_t *db, dns_dbversion_t *version, dns_hash_t *hash, *hash = rbtversion->hash; if (salt != NULL && salt_length != NULL) { REQUIRE(*salt_length >= rbtversion->salt_length); - memcpy(salt, rbtversion->salt, rbtversion->salt_length); + memmove(salt, rbtversion->salt, + rbtversion->salt_length); } if (salt_length != NULL) *salt_length = rbtversion->salt_length; @@ -9284,7 +9299,7 @@ overmem_purge(dns_rbtdb_t *rbtdb, unsigned int locknum_start, isc_rwlocktype_write); header = isc_heap_element(rbtdb->heaps[locknum], 1); - if (header && header->rdh_ttl <= now - RBTDB_VIRTUAL) { + if (header && header->rdh_ttl < now - RBTDB_VIRTUAL) { expire_header(rbtdb, header, tree_locked); purgecount--; } diff --git a/lib/dns/rcode.c b/lib/dns/rcode.c index 0b7fe8c28051..69007f881efd 100644 --- a/lib/dns/rcode.c +++ b/lib/dns/rcode.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -194,7 +194,7 @@ str_totext(const char *source, isc_buffer_t *target) { if (l > region.length) return (ISC_R_NOSPACE); - memcpy(region.base, source, l); + memmove(region.base, source, l); isc_buffer_add(target, l); return (ISC_R_SUCCESS); } @@ -381,9 +381,9 @@ dns_keyflags_fromtext(dns_keyflags_t *flagsp, isc_textregion_t *source) unsigned int len; char *delim = memchr(text, '|', end - text); if (delim != NULL) - len = delim - text; + len = (unsigned int)(delim - text); else - len = end - text; + len = (unsigned int)(end - text); for (p = keyflags; p->name != NULL; p++) { if (strncasecmp(p->name, text, len) == 0) break; diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c index 3865f42fe086..c85b64d462f7 100644 --- a/lib/dns/rdata.c +++ b/lib/dns/rdata.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -279,7 +279,7 @@ locator_pton(const char *src, unsigned char *dst) { } if (tp != endp) return (0); - memcpy(dst, tmp, NS_LOCATORSZ); + memmove(dst, tmp, NS_LOCATORSZ); return (1); } @@ -320,7 +320,7 @@ mem_maybedup(isc_mem_t *mctx, void *source, size_t length) { return (source); new = isc_mem_allocate(mctx, length); if (new != NULL) - memcpy(new, source, length); + memmove(new, source, length); return (new); } @@ -500,7 +500,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, dns_rdataclass_t rdclass, isc_buffer_t st; isc_boolean_t use_default = ISC_FALSE; isc_uint32_t activelength; - size_t length; + unsigned int length; REQUIRE(dctx != NULL); if (rdata != NULL) { @@ -587,7 +587,7 @@ dns_rdata_towire(dns_rdata_t *rdata, dns_compress_t *cctx, isc_buffer_availableregion(target, &tr); if (tr.length < rdata->length) return (ISC_R_NOSPACE); - memcpy(tr.base, rdata->data, rdata->length); + memmove(tr.base, rdata->data, rdata->length); isc_buffer_add(target, rdata->length); return (ISC_R_SUCCESS); } @@ -681,7 +681,7 @@ dns_rdata_fromtext(dns_rdata_t *rdata, dns_rdataclass_t rdclass, unsigned long line; void (*callback)(dns_rdatacallbacks_t *, const char *, ...); isc_result_t tresult; - size_t length; + unsigned int length; isc_boolean_t unknown; REQUIRE(origin == NULL || dns_name_isabsolute(origin) == ISC_TRUE); @@ -908,7 +908,7 @@ dns_rdata_fromstruct(dns_rdata_t *rdata, dns_rdataclass_t rdclass, isc_buffer_t st; isc_region_t region; isc_boolean_t use_default = ISC_FALSE; - size_t length; + unsigned int length; REQUIRE(source != NULL); if (rdata != NULL) { @@ -1171,7 +1171,7 @@ txt_totext(isc_region_t *source, isc_buffer_t *target) { return (ISC_R_NOSPACE); *tp++ = '"'; tl--; - isc_buffer_add(target, tp - (char *)region.base); + isc_buffer_add(target, (unsigned int)(tp - (char *)region.base)); isc_region_consume(source, *source->base + 1); return (ISC_R_SUCCESS); } @@ -1237,7 +1237,7 @@ txt_fromtext(isc_textregion_t *source, isc_buffer_t *target) { } if (escape) return (DNS_R_SYNTAX); - *tregion.base = t - tregion.base - 1; + *tregion.base = (unsigned char)(t - tregion.base - 1); isc_buffer_add(target, *tregion.base + 1); return (ISC_R_SUCCESS); } @@ -1260,7 +1260,7 @@ txt_fromwire(isc_buffer_t *source, isc_buffer_t *target) { return (ISC_R_NOSPACE); if (tregion.base != sregion.base) - memcpy(tregion.base, sregion.base, n); + memmove(tregion.base, sregion.base, n); isc_buffer_forward(source, n); isc_buffer_add(target, n); return (ISC_R_SUCCESS); @@ -1318,7 +1318,7 @@ multitxt_totext(isc_region_t *source, isc_buffer_t *target) { return (ISC_R_NOSPACE); *tp++ = '"'; tl--; - isc_buffer_add(target, tp - (char *)region.base); + isc_buffer_add(target, (unsigned int)(tp - (char *)region.base)); return (ISC_R_SUCCESS); } @@ -1382,7 +1382,7 @@ multitxt_fromtext(isc_textregion_t *source, isc_buffer_t *target) { } if (escape) return (DNS_R_SYNTAX); - *t0 = t - t0 - 1; + *t0 = (unsigned char)(t - t0 - 1); isc_buffer_add(target, *t0 + 1); } while (n != 0); return (ISC_R_SUCCESS); @@ -1409,7 +1409,7 @@ multitxt_fromwire(isc_buffer_t *source, isc_buffer_t *target) { if (n > tregion.length) return (ISC_R_NOSPACE); - memcpy(tregion.base, sregion.base, n); + memmove(tregion.base, sregion.base, n); isc_buffer_forward(source, n); isc_buffer_add(target, n); isc_buffer_activeregion(source, &sregion); @@ -1460,7 +1460,7 @@ str_totext(const char *source, isc_buffer_t *target) { if (l > region.length) return (ISC_R_NOSPACE); - memcpy(region.base, source, l); + memmove(region.base, source, l); isc_buffer_add(target, l); return (ISC_R_SUCCESS); } @@ -1586,7 +1586,7 @@ mem_tobuffer(isc_buffer_t *target, void *base, unsigned int length) { if (length > tr.length) return (ISC_R_NOSPACE); if (tr.base != base) - memcpy(tr.base, base, length); + memmove(tr.base, base, length); isc_buffer_add(target, length); return (ISC_R_SUCCESS); } @@ -1604,7 +1604,7 @@ hexvalue(char value) { c = tolower(c); if ((s = strchr(hexdigits, c)) == NULL) return (-1); - return (s - hexdigits); + return (int)(s - hexdigits); } static int @@ -1619,7 +1619,7 @@ decvalue(char value) { return (-1); if ((s = strchr(decdigits, value)) == NULL) return (-1); - return (s - decdigits); + return (int)(s - decdigits); } static const char atob_digits[86] = @@ -1679,15 +1679,15 @@ byte_atob(int c, isc_buffer_t *target, struct state *state) { } } else if ((s = strchr(atob_digits, c)) != NULL) { if (bcount == 0) { - word = s - atob_digits; + word = (isc_int32_t)(s - atob_digits); ++bcount; } else if (bcount < 4) { word = times85(word); - word += s - atob_digits; + word += (isc_int32_t)(s - atob_digits); ++bcount; } else { word = times85(word); - word += s - atob_digits; + word += (isc_int32_t)(s - atob_digits); RETERR(putbyte((word >> 24) & 0xff, target, state)); RETERR(putbyte((word >> 16) & 0xff, target, state)); RETERR(putbyte((word >> 8) & 0xff, target, state)); diff --git a/lib/dns/rdata/ch_3/a_1.c b/lib/dns/rdata/ch_3/a_1.c index e3f98106514d..d25fcb50ac40 100644 --- a/lib/dns/rdata/ch_3/a_1.c +++ b/lib/dns/rdata/ch_3/a_1.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -117,7 +117,7 @@ fromwire_ch_a(ARGS_FROMWIRE) { if (tregion.length < 2) return (ISC_R_NOSPACE); - memcpy(tregion.base, sregion.base, 2); + memmove(tregion.base, sregion.base, 2); isc_buffer_forward(source, 2); isc_buffer_add(target, 2); @@ -149,7 +149,7 @@ towire_ch_a(ARGS_TOWIRE) { if (tregion.length < 2) return (ISC_R_NOSPACE); - memcpy(tregion.base, sregion.base, 2); + memmove(tregion.base, sregion.base, 2); isc_buffer_add(target, 2); return (ISC_R_SUCCESS); } diff --git a/lib/dns/rdata/generic/afsdb_18.c b/lib/dns/rdata/generic/afsdb_18.c index 279f86c677d7..af95fa12e91b 100644 --- a/lib/dns/rdata/generic/afsdb_18.c +++ b/lib/dns/rdata/generic/afsdb_18.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -113,7 +113,7 @@ fromwire_afsdb(ARGS_FROMWIRE) { return (ISC_R_NOSPACE); if (sr.length < 2) return (ISC_R_UNEXPECTEDEND); - memcpy(tr.base, sr.base, 2); + memmove(tr.base, sr.base, 2); isc_buffer_forward(source, 2); isc_buffer_add(target, 2); return (dns_name_fromwire(&name, source, dctx, options, target)); @@ -134,7 +134,7 @@ towire_afsdb(ARGS_TOWIRE) { dns_rdata_toregion(rdata, &sr); if (tr.length < 2) return (ISC_R_NOSPACE); - memcpy(tr.base, sr.base, 2); + memmove(tr.base, sr.base, 2); isc_region_consume(&sr, 2); isc_buffer_add(target, 2); diff --git a/lib/dns/rdata/generic/dnskey_48.c b/lib/dns/rdata/generic/dnskey_48.c index b7eeb34f2b02..d0768eedcabe 100644 --- a/lib/dns/rdata/generic/dnskey_48.c +++ b/lib/dns/rdata/generic/dnskey_48.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -32,6 +32,7 @@ static inline isc_result_t fromtext_dnskey(ARGS_FROMTEXT) { + isc_result_t result; isc_token_t token; dns_secalg_t alg; dns_secproto_t proto; @@ -67,7 +68,15 @@ fromtext_dnskey(ARGS_FROMTEXT) { if ((flags & 0xc000) == 0xc000) return (ISC_R_SUCCESS); - return (isc_base64_tobuffer(lexer, target, -1)); + result = isc_base64_tobuffer(lexer, target, -1); + if (result != ISC_R_SUCCESS) + return (result); + + /* Ensure there's at least enough data to compute a key ID for MD5 */ + if (alg == DST_ALG_RSAMD5 && isc_buffer_usedlength(target) < 7) + return (ISC_R_UNEXPECTEDEND); + + return (ISC_R_SUCCESS); } static inline isc_result_t @@ -173,6 +182,15 @@ fromwire_dnskey(ARGS_FROMWIRE) { dns_name_init(&name, NULL); RETERR(dns_name_fromwire(&name, source, dctx, options, target)); } + + /* + * RSAMD5 computes key ID differently from other + * algorithms: we need to ensure there's enough data + * present for the computation + */ + if (algorithm == DST_ALG_RSAMD5 && sr.length < 3) + return (ISC_R_UNEXPECTEDEND); + isc_buffer_activeregion(source, &sr); isc_buffer_forward(source, sr.length); return (mem_tobuffer(target, sr.base, sr.length)); diff --git a/lib/dns/rdata/generic/eui48_108.c b/lib/dns/rdata/generic/eui48_108.c index 3e52fec0ed4a..b25a7b7e03e4 100644 --- a/lib/dns/rdata/generic/eui48_108.c +++ b/lib/dns/rdata/generic/eui48_108.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2013, 2014 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -142,7 +142,7 @@ tostruct_eui48(ARGS_TOSTRUCT) { eui48->common.rdtype = rdata->type; ISC_LINK_INIT(&eui48->common, link); - memcpy(eui48->eui48, rdata->data, rdata->length); + memmove(eui48->eui48, rdata->data, rdata->length); return (ISC_R_SUCCESS); } diff --git a/lib/dns/rdata/generic/eui64_109.c b/lib/dns/rdata/generic/eui64_109.c index 245994fdf5c0..33d2f637c825 100644 --- a/lib/dns/rdata/generic/eui64_109.c +++ b/lib/dns/rdata/generic/eui64_109.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2013, 2014 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -147,7 +147,7 @@ tostruct_eui64(ARGS_TOSTRUCT) { eui64->common.rdtype = rdata->type; ISC_LINK_INIT(&eui64->common, link); - memcpy(eui64->eui64, rdata->data, rdata->length); + memmove(eui64->eui64, rdata->data, rdata->length); return (ISC_R_SUCCESS); } diff --git a/lib/dns/rdata/generic/hip_55.c b/lib/dns/rdata/generic/hip_55.c index 5a5140f8ddd6..5198497dcb07 100644 --- a/lib/dns/rdata/generic/hip_55.c +++ b/lib/dns/rdata/generic/hip_55.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -76,7 +76,7 @@ fromtext_hip(ARGS_FROMTEXT) { len = (unsigned char *)isc_buffer_used(target) - start; if (len > 0xffU) RETTOK(ISC_R_RANGE); - RETERR(uint8_tobuffer(len, &hit_len)); + RETERR(uint8_tobuffer((isc_uint32_t)len, &hit_len)); /* * Public key (base64). @@ -92,7 +92,7 @@ fromtext_hip(ARGS_FROMTEXT) { len = (unsigned char *)isc_buffer_used(target) - start; if (len > 0xffffU) RETTOK(ISC_R_RANGE); - RETERR(uint16_tobuffer(len, &key_len)); + RETERR(uint16_tobuffer((isc_uint32_t)len, &key_len)); /* * Rendezvous Servers. @@ -122,7 +122,7 @@ static inline isc_result_t totext_hip(ARGS_TOTEXT) { isc_region_t region; dns_name_t name; - size_t length, key_len, hit_len; + unsigned int length, key_len, hit_len; unsigned char algorithm; char buf[sizeof("225 ")]; diff --git a/lib/dns/rdata/generic/ipseckey_45.c b/lib/dns/rdata/generic/ipseckey_45.c index 7e65e655d290..379f6c9b89e9 100644 --- a/lib/dns/rdata/generic/ipseckey_45.c +++ b/lib/dns/rdata/generic/ipseckey_45.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005, 2007, 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2005, 2007, 2009, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -87,7 +87,7 @@ fromtext_ipseckey(ARGS_FROMTEXT) { isc_buffer_availableregion(target, ®ion); if (region.length < 4) return (ISC_R_NOSPACE); - memcpy(region.base, &addr, 4); + memmove(region.base, &addr, 4); isc_buffer_add(target, 4); break; @@ -97,7 +97,7 @@ fromtext_ipseckey(ARGS_FROMTEXT) { isc_buffer_availableregion(target, ®ion); if (region.length < 16) return (ISC_R_NOSPACE); - memcpy(region.base, addr6, 16); + memmove(region.base, addr6, 16); isc_buffer_add(target, 16); break; @@ -361,7 +361,7 @@ tostruct_ipseckey(ARGS_TOSTRUCT) { break; case 2: - memcpy(ipseckey->in6_addr.s6_addr, region.base, 16); + memmove(ipseckey->in6_addr.s6_addr, region.base, 16); isc_region_consume(®ion, 16); break; diff --git a/lib/dns/rdata/generic/isdn_20.c b/lib/dns/rdata/generic/isdn_20.c index 5aac73f3713f..0bf2146013e8 100644 --- a/lib/dns/rdata/generic/isdn_20.c +++ b/lib/dns/rdata/generic/isdn_20.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009, 2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -127,6 +127,8 @@ fromstruct_isdn(ARGS_FROMSTRUCT) { RETERR(uint8_tobuffer(isdn->isdn_len, target)); RETERR(mem_tobuffer(target, isdn->isdn, isdn->isdn_len)); + if (isdn->subaddress == NULL) + return (ISC_R_SUCCESS); RETERR(uint8_tobuffer(isdn->subaddress_len, target)); return (mem_tobuffer(target, isdn->subaddress, isdn->subaddress_len)); } @@ -153,11 +155,17 @@ tostruct_isdn(ARGS_TOSTRUCT) { return (ISC_R_NOMEMORY); isc_region_consume(&r, isdn->isdn_len); - isdn->subaddress_len = uint8_fromregion(&r); - isc_region_consume(&r, 1); - isdn->subaddress = mem_maybedup(mctx, r.base, isdn->subaddress_len); - if (isdn->subaddress == NULL) - goto cleanup; + if (r.length == 0) { + isdn->subaddress_len = 0; + isdn->subaddress = NULL; + } else { + isdn->subaddress_len = uint8_fromregion(&r); + isc_region_consume(&r, 1); + isdn->subaddress = mem_maybedup(mctx, r.base, + isdn->subaddress_len); + if (isdn->subaddress == NULL) + goto cleanup; + } isdn->mctx = mctx; return (ISC_R_SUCCESS); diff --git a/lib/dns/rdata/generic/key_25.c b/lib/dns/rdata/generic/key_25.c index 26ca9a9b82da..1ebf2eea6b2f 100644 --- a/lib/dns/rdata/generic/key_25.c +++ b/lib/dns/rdata/generic/key_25.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -32,6 +32,7 @@ static inline isc_result_t fromtext_key(ARGS_FROMTEXT) { + isc_result_t result; isc_token_t token; dns_secalg_t alg; dns_secproto_t proto; @@ -67,7 +68,15 @@ fromtext_key(ARGS_FROMTEXT) { if ((flags & 0xc000) == 0xc000) return (ISC_R_SUCCESS); - return (isc_base64_tobuffer(lexer, target, -1)); + result = isc_base64_tobuffer(lexer, target, -1); + if (result != ISC_R_SUCCESS) + return (result); + + /* Ensure there's at least enough data to compute a key ID for MD5 */ + if (alg == DST_ALG_RSAMD5 && isc_buffer_usedlength(target) < 7) + return (ISC_R_UNEXPECTEDEND); + + return (ISC_R_SUCCESS); } static inline isc_result_t @@ -173,6 +182,15 @@ fromwire_key(ARGS_FROMWIRE) { dns_name_init(&name, NULL); RETERR(dns_name_fromwire(&name, source, dctx, options, target)); } + + /* + * RSAMD5 computes key ID differently from other + * algorithms: we need to ensure there's enough data + * present for the computation + */ + if (algorithm == DST_ALG_RSAMD5 && sr.length < 3) + return (ISC_R_UNEXPECTEDEND); + isc_buffer_activeregion(source, &sr); isc_buffer_forward(source, sr.length); return (mem_tobuffer(target, sr.base, sr.length)); diff --git a/lib/dns/rdata/generic/keydata_65533.c b/lib/dns/rdata/generic/keydata_65533.c index 317e1a87246a..abcaa3e83e55 100644 --- a/lib/dns/rdata/generic/keydata_65533.c +++ b/lib/dns/rdata/generic/keydata_65533.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2009, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -21,10 +21,11 @@ #include <dst/dst.h> -#define RRTYPE_KEYDATA_ATTRIBUTES (DNS_RDATATYPEATTR_DNSSEC) +#define RRTYPE_KEYDATA_ATTRIBUTES (0) static inline isc_result_t fromtext_keydata(ARGS_FROMTEXT) { + isc_result_t result; isc_token_t token; dns_secalg_t alg; dns_secproto_t proto; @@ -79,7 +80,15 @@ fromtext_keydata(ARGS_FROMTEXT) { if ((flags & 0xc000) == 0xc000) return (ISC_R_SUCCESS); - return (isc_base64_tobuffer(lexer, target, -1)); + result = isc_base64_tobuffer(lexer, target, -1); + if (result != ISC_R_SUCCESS) + return (result); + + /* Ensure there's at least enough data to compute a key ID for MD5 */ + if (alg == DST_ALG_RSAMD5 && isc_buffer_usedlength(target) < 19) + return (ISC_R_UNEXPECTEDEND); + + return (ISC_R_SUCCESS); } static inline isc_result_t @@ -91,7 +100,9 @@ totext_keydata(ARGS_TOTEXT) { unsigned long when; REQUIRE(rdata->type == 65533); - REQUIRE(rdata->length != 0); + + if ((tctx->flags & DNS_STYLEFLAG_KEYDATA) == 0 || rdata->length < 16) + return (unknown_totext(rdata, tctx, target)); dns_rdata_toregion(rdata, &sr); @@ -176,9 +187,6 @@ fromwire_keydata(ARGS_FROMWIRE) { UNUSED(options); isc_buffer_activeregion(source, &sr); - if (sr.length < 16) - return (ISC_R_UNEXPECTEDEND); - isc_buffer_forward(source, sr.length); return (mem_tobuffer(target, sr.base, sr.length)); } @@ -188,7 +196,6 @@ towire_keydata(ARGS_TOWIRE) { isc_region_t sr; REQUIRE(rdata->type == 65533); - REQUIRE(rdata->length != 0); UNUSED(cctx); @@ -204,8 +211,6 @@ compare_keydata(ARGS_COMPARE) { REQUIRE(rdata1->type == rdata2->type); REQUIRE(rdata1->rdclass == rdata2->rdclass); REQUIRE(rdata1->type == 65533); - REQUIRE(rdata1->length != 0); - REQUIRE(rdata2->length != 0); dns_rdata_toregion(rdata1, &r1); dns_rdata_toregion(rdata2, &r2); @@ -253,7 +258,6 @@ tostruct_keydata(ARGS_TOSTRUCT) { REQUIRE(rdata->type == 65533); REQUIRE(target != NULL); - REQUIRE(rdata->length != 0); keydata->common.rdclass = rdata->rdclass; keydata->common.rdtype = rdata->type; diff --git a/lib/dns/rdata/generic/l32_105.c b/lib/dns/rdata/generic/l32_105.c index 763ddb953fed..d191624ebc25 100644 --- a/lib/dns/rdata/generic/l32_105.c +++ b/lib/dns/rdata/generic/l32_105.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2013, 2014 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -51,7 +51,7 @@ fromtext_l32(ARGS_FROMTEXT) { isc_buffer_availableregion(target, ®ion); if (region.length < 4) return (ISC_R_NOSPACE); - memcpy(region.base, &addr, 4); + memmove(region.base, &addr, 4); isc_buffer_add(target, 4); return (ISC_R_SUCCESS); } diff --git a/lib/dns/rdata/generic/l64_106.c b/lib/dns/rdata/generic/l64_106.c index ff20663355ca..d811d29ae515 100644 --- a/lib/dns/rdata/generic/l64_106.c +++ b/lib/dns/rdata/generic/l64_106.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2013, 2014 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -155,7 +155,7 @@ tostruct_l64(ARGS_TOSTRUCT) { dns_rdata_toregion(rdata, ®ion); l64->pref = uint16_fromregion(®ion); - memcpy(l64->l64, region.base, region.length); + memmove(l64->l64, region.base, region.length); return (ISC_R_SUCCESS); } diff --git a/lib/dns/rdata/generic/nid_104.c b/lib/dns/rdata/generic/nid_104.c index c96b0bf9c980..39f16ed6f02b 100644 --- a/lib/dns/rdata/generic/nid_104.c +++ b/lib/dns/rdata/generic/nid_104.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2013, 2014 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -155,7 +155,7 @@ tostruct_nid(ARGS_TOSTRUCT) { dns_rdata_toregion(rdata, ®ion); nid->pref = uint16_fromregion(®ion); - memcpy(nid->nid, region.base, region.length); + memmove(nid->nid, region.base, region.length); return (ISC_R_SUCCESS); } diff --git a/lib/dns/rdata/generic/opt_41.c b/lib/dns/rdata/generic/opt_41.c index fa349f1f5808..afb25b63ba81 100644 --- a/lib/dns/rdata/generic/opt_41.c +++ b/lib/dns/rdata/generic/opt_41.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009, 2012-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -93,6 +93,7 @@ static inline isc_result_t fromwire_opt(ARGS_FROMWIRE) { isc_region_t sregion; isc_region_t tregion; + isc_uint16_t opt; isc_uint16_t length; unsigned int total; @@ -108,17 +109,48 @@ fromwire_opt(ARGS_FROMWIRE) { while (sregion.length != 0) { if (sregion.length < 4) return (ISC_R_UNEXPECTEDEND); - /* - * Eat the 16bit option code. There is nothing to - * be done with it currently. - */ + opt = uint16_fromregion(&sregion); isc_region_consume(&sregion, 2); length = uint16_fromregion(&sregion); isc_region_consume(&sregion, 2); total += 4; if (sregion.length < length) return (ISC_R_UNEXPECTEDEND); - isc_region_consume(&sregion, length); + switch (opt) { + case DNS_OPT_CLIENT_SUBNET: { + isc_uint16_t family; + isc_uint8_t addrlen; + isc_uint8_t scope; + isc_uint8_t addrbytes; + + if (length < 4) + return (DNS_R_FORMERR); + family = uint16_fromregion(&sregion); + isc_region_consume(&sregion, 2); + addrlen = uint8_fromregion(&sregion); + isc_region_consume(&sregion, 1); + scope = uint8_fromregion(&sregion); + isc_region_consume(&sregion, 1); + switch (family) { + case 1: + if (addrlen > 32U || scope > 32U) + return (DNS_R_FORMERR); + break; + case 2: + if (addrlen > 128U || scope > 128U) + return (DNS_R_FORMERR); + break; + } + addrbytes = (addrlen + 7) / 8; + if (addrbytes + 4 != length) + return (DNS_R_FORMERR); + isc_region_consume(&sregion, addrbytes); + break; + } + default: + isc_region_consume(&sregion, length); + break; + } total += length; } @@ -126,7 +158,7 @@ fromwire_opt(ARGS_FROMWIRE) { isc_buffer_availableregion(target, &tregion); if (tregion.length < total) return (ISC_R_NOSPACE); - memcpy(tregion.base, sregion.base, total); + memmove(tregion.base, sregion.base, total); isc_buffer_forward(source, total); isc_buffer_add(target, total); diff --git a/lib/dns/rdata/generic/rrsig_46.c b/lib/dns/rdata/generic/rrsig_46.c index 82dfce69d31e..040aae9c3281 100644 --- a/lib/dns/rdata/generic/rrsig_46.c +++ b/lib/dns/rdata/generic/rrsig_46.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -90,7 +90,20 @@ fromtext_rrsig(ARGS_FROMTEXT) { */ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string, ISC_FALSE)); - RETTOK(dns_time32_fromtext(DNS_AS_STR(token), &time_expire)); + if (strlen(DNS_AS_STR(token)) <= 10U && + *DNS_AS_STR(token) != '-' && *DNS_AS_STR(token) != '+') { + char *end; + unsigned long u; + isc_uint64_t u64; + + u64 = u = strtoul(DNS_AS_STR(token), &end, 10); + if (u == ULONG_MAX || *end != 0) + RETTOK(DNS_R_SYNTAX); + if (u64 > 0xffffffffUL) + RETTOK(ISC_R_RANGE); + time_expire = u; + } else + RETTOK(dns_time32_fromtext(DNS_AS_STR(token), &time_expire)); RETERR(uint32_tobuffer(time_expire, target)); /* @@ -98,7 +111,20 @@ fromtext_rrsig(ARGS_FROMTEXT) { */ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string, ISC_FALSE)); - RETTOK(dns_time32_fromtext(DNS_AS_STR(token), &time_signed)); + if (strlen(DNS_AS_STR(token)) <= 10U && + *DNS_AS_STR(token) != '-' && *DNS_AS_STR(token) != '+') { + char *end; + unsigned long u; + isc_uint64_t u64; + + u64 = u = strtoul(DNS_AS_STR(token), &end, 10); + if (u == ULONG_MAX || *end != 0) + RETTOK(DNS_R_SYNTAX); + if (u64 > 0xffffffffUL) + RETTOK(ISC_R_RANGE); + time_signed = u; + } else + RETTOK(dns_time32_fromtext(DNS_AS_STR(token), &time_signed)); RETERR(uint32_tobuffer(time_signed, target)); /* diff --git a/lib/dns/rdata/generic/rt_21.c b/lib/dns/rdata/generic/rt_21.c index 8f71a2afc850..86fe2480b799 100644 --- a/lib/dns/rdata/generic/rt_21.c +++ b/lib/dns/rdata/generic/rt_21.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -109,7 +109,7 @@ fromwire_rt(ARGS_FROMWIRE) { return (ISC_R_NOSPACE); if (sregion.length < 2) return (ISC_R_UNEXPECTEDEND); - memcpy(tregion.base, sregion.base, 2); + memmove(tregion.base, sregion.base, 2); isc_buffer_forward(source, 2); isc_buffer_add(target, 2); return (dns_name_fromwire(&name, source, dctx, options, target)); @@ -130,7 +130,7 @@ towire_rt(ARGS_TOWIRE) { dns_rdata_toregion(rdata, ®ion); if (tr.length < 2) return (ISC_R_NOSPACE); - memcpy(tr.base, region.base, 2); + memmove(tr.base, region.base, 2); isc_region_consume(®ion, 2); isc_buffer_add(target, 2); diff --git a/lib/dns/rdata/generic/soa_6.c b/lib/dns/rdata/generic/soa_6.c index a86761035751..48c0ea78f365 100644 --- a/lib/dns/rdata/generic/soa_6.c +++ b/lib/dns/rdata/generic/soa_6.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007, 2009, 2012, 2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -186,7 +186,7 @@ fromwire_soa(ARGS_FROMWIRE) { if (tregion.length < 20) return (ISC_R_NOSPACE); - memcpy(tregion.base, sregion.base, 20); + memmove(tregion.base, sregion.base, 20); isc_buffer_forward(source, 20); isc_buffer_add(target, 20); @@ -224,7 +224,7 @@ towire_soa(ARGS_TOWIRE) { if (tregion.length < 20) return (ISC_R_NOSPACE); - memcpy(tregion.base, sregion.base, 20); + memmove(tregion.base, sregion.base, 20); isc_buffer_add(target, 20); return (ISC_R_SUCCESS); } diff --git a/lib/dns/rdata/generic/spf_99.c b/lib/dns/rdata/generic/spf_99.c index 492e315d4542..c7cdfc9fbbad 100644 --- a/lib/dns/rdata/generic/spf_99.c +++ b/lib/dns/rdata/generic/spf_99.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -103,7 +103,7 @@ towire_spf(ARGS_TOWIRE) { if (region.length < rdata->length) return (ISC_R_NOSPACE); - memcpy(region.base, rdata->data, rdata->length); + memmove(region.base, rdata->data, rdata->length); isc_buffer_add(target, rdata->length); return (ISC_R_SUCCESS); } diff --git a/lib/dns/rdata/generic/txt_16.c b/lib/dns/rdata/generic/txt_16.c index e1bce6a0deb9..76109251a766 100644 --- a/lib/dns/rdata/generic/txt_16.c +++ b/lib/dns/rdata/generic/txt_16.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2007-2009, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007-2009, 2012, 2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -110,7 +110,7 @@ towire_txt(ARGS_TOWIRE) { if (region.length < rdata->length) return (ISC_R_NOSPACE); - memcpy(region.base, rdata->data, rdata->length); + memmove(region.base, rdata->data, rdata->length); isc_buffer_add(target, rdata->length); return (ISC_R_SUCCESS); } diff --git a/lib/dns/rdata/hs_4/a_1.c b/lib/dns/rdata/hs_4/a_1.c index 50ae25d52b83..5f8a87504c0e 100644 --- a/lib/dns/rdata/hs_4/a_1.c +++ b/lib/dns/rdata/hs_4/a_1.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -48,7 +48,7 @@ fromtext_hs_a(ARGS_FROMTEXT) { isc_buffer_availableregion(target, ®ion); if (region.length < 4) return (ISC_R_NOSPACE); - memcpy(region.base, &addr, 4); + memmove(region.base, &addr, 4); isc_buffer_add(target, 4); return (ISC_R_SUCCESS); } @@ -87,7 +87,7 @@ fromwire_hs_a(ARGS_FROMWIRE) { if (tregion.length < 4) return (ISC_R_NOSPACE); - memcpy(tregion.base, sregion.base, 4); + memmove(tregion.base, sregion.base, 4); isc_buffer_forward(source, 4); isc_buffer_add(target, 4); return (ISC_R_SUCCESS); @@ -106,7 +106,7 @@ towire_hs_a(ARGS_TOWIRE) { isc_buffer_availableregion(target, ®ion); if (region.length < rdata->length) return (ISC_R_NOSPACE); - memcpy(region.base, rdata->data, rdata->length); + memmove(region.base, rdata->data, rdata->length); isc_buffer_add(target, 4); return (ISC_R_SUCCESS); } diff --git a/lib/dns/rdata/in_1/a6_38.c b/lib/dns/rdata/in_1/a6_38.c index 8619f8a21363..b6ef68878e2f 100644 --- a/lib/dns/rdata/in_1/a6_38.c +++ b/lib/dns/rdata/in_1/a6_38.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -122,7 +122,7 @@ totext_in_a6(ARGS_TOTEXT) { if (prefixlen != 128) { octets = prefixlen/8; memset(addr, 0, sizeof(addr)); - memcpy(&addr[octets], sr.base, 16 - octets); + memmove(&addr[octets], sr.base, 16 - octets); mask = 0xff >> (prefixlen % 8); addr[octets] &= mask; ar.base = addr; @@ -347,7 +347,7 @@ tostruct_in_a6(ARGS_TOSTRUCT) { if (a6->prefixlen != 128) { octets = 16 - a6->prefixlen / 8; INSIST(r.length >= octets); - memcpy(a6->in6_addr.s6_addr + 16 - octets, r.base, octets); + memmove(a6->in6_addr.s6_addr + 16 - octets, r.base, octets); isc_region_consume(&r, octets); } diff --git a/lib/dns/rdata/in_1/a_1.c b/lib/dns/rdata/in_1/a_1.c index 902932e02548..fcdcaae0545b 100644 --- a/lib/dns/rdata/in_1/a_1.c +++ b/lib/dns/rdata/in_1/a_1.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -50,7 +50,7 @@ fromtext_in_a(ARGS_FROMTEXT) { isc_buffer_availableregion(target, ®ion); if (region.length < 4) return (ISC_R_NOSPACE); - memcpy(region.base, &addr, 4); + memmove(region.base, &addr, 4); isc_buffer_add(target, 4); return (ISC_R_SUCCESS); } @@ -89,7 +89,7 @@ fromwire_in_a(ARGS_FROMWIRE) { if (tregion.length < 4) return (ISC_R_NOSPACE); - memcpy(tregion.base, sregion.base, 4); + memmove(tregion.base, sregion.base, 4); isc_buffer_forward(source, 4); isc_buffer_add(target, 4); return (ISC_R_SUCCESS); @@ -108,7 +108,7 @@ towire_in_a(ARGS_TOWIRE) { isc_buffer_availableregion(target, ®ion); if (region.length < rdata->length) return (ISC_R_NOSPACE); - memcpy(region.base, rdata->data, rdata->length); + memmove(region.base, rdata->data, rdata->length); isc_buffer_add(target, 4); return (ISC_R_SUCCESS); } diff --git a/lib/dns/rdata/in_1/aaaa_28.c b/lib/dns/rdata/in_1/aaaa_28.c index 5aa59b2ccc2c..3f88c4db0f2f 100644 --- a/lib/dns/rdata/in_1/aaaa_28.c +++ b/lib/dns/rdata/in_1/aaaa_28.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -51,7 +51,7 @@ fromtext_in_aaaa(ARGS_FROMTEXT) { isc_buffer_availableregion(target, ®ion); if (region.length < 16) return (ISC_R_NOSPACE); - memcpy(region.base, addr, 16); + memmove(region.base, addr, 16); isc_buffer_add(target, 16); return (ISC_R_SUCCESS); } @@ -90,7 +90,7 @@ fromwire_in_aaaa(ARGS_FROMWIRE) { if (tregion.length < 16) return (ISC_R_NOSPACE); - memcpy(tregion.base, sregion.base, 16); + memmove(tregion.base, sregion.base, 16); isc_buffer_forward(source, 16); isc_buffer_add(target, 16); return (ISC_R_SUCCESS); @@ -109,7 +109,7 @@ towire_in_aaaa(ARGS_TOWIRE) { isc_buffer_availableregion(target, ®ion); if (region.length < rdata->length) return (ISC_R_NOSPACE); - memcpy(region.base, rdata->data, rdata->length); + memmove(region.base, rdata->data, rdata->length); isc_buffer_add(target, 16); return (ISC_R_SUCCESS); } @@ -165,7 +165,7 @@ tostruct_in_aaaa(ARGS_TOSTRUCT) { dns_rdata_toregion(rdata, &r); INSIST(r.length == 16); - memcpy(aaaa->in6_addr.s6_addr, r.base, 16); + memmove(aaaa->in6_addr.s6_addr, r.base, 16); return (ISC_R_SUCCESS); } diff --git a/lib/dns/rdata/in_1/apl_42.c b/lib/dns/rdata/in_1/apl_42.c index eb927b9219e3..94133bae6296 100644 --- a/lib/dns/rdata/in_1/apl_42.c +++ b/lib/dns/rdata/in_1/apl_42.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007-2009, 2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -148,7 +148,7 @@ totext_in_apl(ARGS_TOTEXT) { INSIST(len <= 4); INSIST(prefix <= 32); memset(buf, 0, sizeof(buf)); - memcpy(buf, sr.base, len); + memmove(buf, sr.base, len); RETERR(inet_totext(AF_INET, &ir, target)); break; @@ -156,7 +156,7 @@ totext_in_apl(ARGS_TOTEXT) { INSIST(len <= 16); INSIST(prefix <= 128); memset(buf, 0, sizeof(buf)); - memcpy(buf, sr.base, len); + memmove(buf, sr.base, len); RETERR(inet_totext(AF_INET6, &ir, target)); break; diff --git a/lib/dns/rdata/in_1/wks_11.c b/lib/dns/rdata/in_1/wks_11.c index 1da2611da9b5..4587c813afab 100644 --- a/lib/dns/rdata/in_1/wks_11.c +++ b/lib/dns/rdata/in_1/wks_11.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2007, 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007, 2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -98,7 +98,7 @@ fromtext_in_wks(ARGS_FROMTEXT) { RETTOK(DNS_R_BADDOTTEDQUAD); if (region.length < 4) return (ISC_R_NOSPACE); - memcpy(region.base, &addr, 4); + memmove(region.base, &addr, 4); isc_buffer_add(target, 4); /* @@ -222,7 +222,7 @@ fromwire_in_wks(ARGS_FROMWIRE) { if (tr.length < sr.length) return (ISC_R_NOSPACE); - memcpy(tr.base, sr.base, sr.length); + memmove(tr.base, sr.base, sr.length); isc_buffer_add(target, sr.length); isc_buffer_forward(source, sr.length); @@ -278,7 +278,7 @@ fromstruct_in_wks(ARGS_FROMSTRUCT) { a = ntohl(wks->in_addr.s_addr); RETERR(uint32_tobuffer(a, target)); - RETERR(uint16_tobuffer(wks->protocol, target)); + RETERR(uint8_tobuffer(wks->protocol, target)); return (mem_tobuffer(target, wks->map, wks->map_len)); } @@ -300,8 +300,8 @@ tostruct_in_wks(ARGS_TOSTRUCT) { n = uint32_fromregion(®ion); wks->in_addr.s_addr = htonl(n); isc_region_consume(®ion, 4); - wks->protocol = uint16_fromregion(®ion); - isc_region_consume(®ion, 2); + wks->protocol = uint8_fromregion(®ion); + isc_region_consume(®ion, 1); wks->map_len = region.length; wks->map = mem_maybedup(mctx, region.base, region.length); if (wks->map == NULL) diff --git a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c index cb9ae5425ef9..1c02b60201b2 100644 --- a/lib/dns/rdataslab.c +++ b/lib/dns/rdataslab.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -318,7 +318,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx, *rawbuf++ |= (x[i].rdata.flags & DNS_RDATA_OFFLINE) ? DNS_RDATASLAB_OFFLINE : 0; } - memcpy(rawbuf, x[i].rdata.data, x[i].rdata.length); + memmove(rawbuf, x[i].rdata.data, x[i].rdata.length); rawbuf += x[i].rdata.length; } @@ -711,7 +711,7 @@ dns_rdataslab_merge(unsigned char *oslab, unsigned char *nslab, tstart = isc_mem_get(mctx, tlength); if (tstart == NULL) return (ISC_R_NOMEMORY); - memcpy(tstart, nslab, reservelen); + memmove(tstart, nslab, reservelen); tcurrent = tstart + reservelen; #if DNS_RDATASET_FIXED offsetbase = tcurrent; @@ -790,7 +790,7 @@ dns_rdataslab_merge(unsigned char *oslab, unsigned char *nslab, #if DNS_RDATASET_FIXED tcurrent += 2; /* fill in later */ #endif - memcpy(tcurrent, data, length); + memmove(tcurrent, data, length); tcurrent += length; oadded++; if (oadded < ocount) { @@ -817,7 +817,7 @@ dns_rdataslab_merge(unsigned char *oslab, unsigned char *nslab, #if DNS_RDATASET_FIXED tcurrent += 2; /* fill in later */ #endif - memcpy(tcurrent, data, length); + memmove(tcurrent, data, length); tcurrent += length; nadded++; if (nadded < ncount) { @@ -913,7 +913,7 @@ dns_rdataslab_subtract(unsigned char *mslab, unsigned char *sslab, * This rdata isn't in the sslab, and thus isn't * being subtracted. */ - tlength += mcurrent - mrdatabegin; + tlength += (unsigned int)(mcurrent - mrdatabegin); tcount++; } else rcount++; @@ -949,7 +949,7 @@ dns_rdataslab_subtract(unsigned char *mslab, unsigned char *sslab, tstart = isc_mem_get(mctx, tlength); if (tstart == NULL) return (ISC_R_NOMEMORY); - memcpy(tstart, mslab, reservelen); + memmove(tstart, mslab, reservelen); tcurrent = tstart + reservelen; #if DNS_RDATASET_FIXED offsetbase = tcurrent; @@ -1000,11 +1000,12 @@ dns_rdataslab_subtract(unsigned char *mslab, unsigned char *sslab, * This rdata isn't in the sslab, and thus should be * copied to the tslab. */ - unsigned int length = mcurrent - mrdatabegin; + unsigned int length; + length = (unsigned int)(mcurrent - mrdatabegin); #if DNS_RDATASET_FIXED offsettable[order] = tcurrent - offsetbase; #endif - memcpy(tcurrent, mrdatabegin, length); + memmove(tcurrent, mrdatabegin, length); tcurrent += length; } dns_rdata_reset(&mrdata); diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c index e21d97e1e66b..8e80c1a1eaab 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -104,6 +104,7 @@ #define RTRACE(m) #define RRTRACE(r, m) #define FCTXTRACE(m) +#define FCTXTRACE2(m1, m2) #define FTRACE(m) #define QTRACE(m) #endif @@ -1132,6 +1133,10 @@ log_edns(fetchctx_t *fctx) { if (fctx->reason == NULL) return; + /* + * We do not know if fctx->domain is the actual domain the record + * lives in or a parent domain so we have a '?' after it. + */ dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf)); isc_log_write(dns_lctx, DNS_LOGCATEGORY_EDNS_DISABLED, DNS_LOGMODULE_RESOLVER, ISC_LOG_INFO, @@ -3604,12 +3609,14 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type, */ if (dns_rdatatype_atparent(fctx->type)) findoptions |= DNS_DBFIND_NOEXACT; - result = dns_view_findzonecut(res->view, name, domain, - 0, findoptions, ISC_TRUE, + result = dns_view_findzonecut(res->view, fwdname, + domain, 0, findoptions, + ISC_TRUE, &fctx->nameservers, NULL); if (result != ISC_R_SUCCESS) goto cleanup_name; + result = dns_name_dup(domain, mctx, &fctx->domain); if (result != ISC_R_SUCCESS) { dns_rdataset_disassociate(&fctx->nameservers); @@ -5433,11 +5440,11 @@ is_answeraddress_allowed(dns_view_t *view, dns_name_t *name, dns_rdataset_current(rdataset, &rdata); if (rdataset->type == dns_rdatatype_a) { INSIST(rdata.length == sizeof(ina.s_addr)); - memcpy(&ina.s_addr, rdata.data, sizeof(ina.s_addr)); + memmove(&ina.s_addr, rdata.data, sizeof(ina.s_addr)); isc_netaddr_fromin(&netaddr, &ina); } else { INSIST(rdata.length == sizeof(in6a.s6_addr)); - memcpy(in6a.s6_addr, rdata.data, sizeof(in6a.s6_addr)); + memmove(in6a.s6_addr, rdata.data, sizeof(in6a.s6_addr)); isc_netaddr_fromin6(&netaddr, &in6a); } @@ -6649,7 +6656,7 @@ log_nsid(isc_buffer_t *opt, size_t nsid_len, resquery_t *query, unsigned char *p, *buf, *nsid; /* Allocate buffer for storing hex version of the NSID */ - buflen = nsid_len * 2 + 1; + buflen = (isc_uint16_t)nsid_len * 2 + 1; buf = isc_mem_get(mctx, buflen); if (buf == NULL) return; @@ -7301,9 +7308,12 @@ resquery_response(isc_task_t *task, isc_event_t *event) { * NXDOMAIN, NXRDATASET, or referral. */ result = noanswer_response(fctx, NULL, 0); - if (result == DNS_R_CHASEDSSERVERS) { - } else if (result == DNS_R_DELEGATION) { - force_referral: + switch (result) { + case ISC_R_SUCCESS: + case DNS_R_CHASEDSSERVERS: + break; + case DNS_R_DELEGATION: + force_referral: /* * We don't have the answer, but we know a better * place to look. @@ -7328,7 +7338,8 @@ resquery_response(isc_task_t *task, isc_event_t *event) { fctx->adberr = 0; result = ISC_R_SUCCESS; - } else if (result != ISC_R_SUCCESS) { + break; + default: /* * Something has gone wrong. */ @@ -8839,7 +8850,7 @@ dns_resolver_disable_algorithm(dns_resolver_t *resolver, dns_name_t *name, } memset(new, 0, len); if (algorithms != NULL) - memcpy(new, algorithms, *algorithms); + memmove(new, algorithms, *algorithms); new[len-1] |= mask; *new = len; node->data = new; diff --git a/lib/dns/rootns.c b/lib/dns/rootns.c index 3502022c2ae1..34971788dd89 100644 --- a/lib/dns/rootns.c +++ b/lib/dns/rootns.c @@ -201,7 +201,7 @@ dns_rootns_create(isc_mem_t *mctx, dns_rdataclass_t rdclass, { isc_result_t result, eresult; isc_buffer_t source; - size_t len; + unsigned int len; dns_rdatacallbacks_t callbacks; dns_db_t *db = NULL; diff --git a/lib/dns/rpz.c b/lib/dns/rpz.c index 2d689e7ba128..f617fe7b7c6a 100644 --- a/lib/dns/rpz.c +++ b/lib/dns/rpz.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2011-2014 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -1115,7 +1115,7 @@ dns_rpz_cidr_find(dns_rpz_cidr_t *cidr, const isc_netaddr_t *netaddr, * one could cast netaddr->type.in6 to dns_rpz_cidr_key_t *, * but there are objections. */ - memcpy(src_ip6.w, &netaddr->type.in6, sizeof(src_ip6.w)); + memmove(src_ip6.w, &netaddr->type.in6, sizeof(src_ip6.w)); for (i = 0; i < 4; i++) { tgt_ip.w[i] = ntohl(src_ip6.w[i]); } diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c index 0c1c8583650d..2da79f8b55ce 100644 --- a/lib/dns/spnego.c +++ b/lib/dns/spnego.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2006-2014 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -463,7 +463,7 @@ code_NegTokenArg(OM_uint32 * minor_status, free(buf); return (GSS_S_FAILURE); } - memcpy(*outbuf, buf + buf_size - buf_len, buf_len); + memmove(*outbuf, buf + buf_size - buf_len, buf_len); *outbuf_size = buf_len; free(buf); @@ -856,7 +856,7 @@ der_get_octet_string(const unsigned char *p, size_t len, data->data = malloc(len); if (data->data == NULL) return (ENOMEM); - memcpy(data->data, p, len); + memmove(data->data, p, len); } else data->data = NULL; if (size) @@ -1107,7 +1107,7 @@ length_len(size_t len) if (len < 128U) return (1); else - return (len_unsigned(len) + 1); + return (len_unsigned((unsigned int)len) + 1); } @@ -1191,18 +1191,18 @@ der_put_length(unsigned char *p, size_t len, size_t val, size_t *size) if (len < 1U) return (ASN1_OVERFLOW); if (val < 128U) { - *p = val; + *p = (unsigned char)val; *size = 1; return (0); } else { size_t l; int e; - e = der_put_unsigned(p, len - 1, val, &l); + e = der_put_unsigned(p, len - 1, (unsigned int)val, &l); if (e) return (e); p -= l; - *p = 0x80 | l; + *p = 0x80 | (unsigned char)l; *size = l + 1; return (0); } @@ -1217,7 +1217,7 @@ der_put_octet_string(unsigned char *p, size_t len, p -= data->length; len -= data->length; POST(len); - memcpy(p + 1, data->data, data->length); + memmove(p + 1, data->data, data->length); *size = data->length; return (0); } @@ -1227,10 +1227,10 @@ der_put_oid(unsigned char *p, size_t len, const oid *data, size_t *size) { unsigned char *base = p; - int n; + size_t n; - for (n = data->length - 1; n >= 2; --n) { - unsigned u = data->components[n]; + for (n = data->length; n >= 3u; --n) { + unsigned u = data->components[n - 1]; if (len < 1U) return (ASN1_OVERFLOW); @@ -1397,7 +1397,7 @@ gssapi_mech_make_header(u_char *p, p += len_len; *p++ = 0x06; *p++ = mech->length; - memcpy(p, mech->elements, mech->length); + memmove(p, mech->elements, mech->length); p += mech->length; return (p); } @@ -1430,7 +1430,7 @@ gssapi_spnego_encapsulate(OM_uint32 * minor_status, gss_release_buffer(minor_status, output_token); return (GSS_S_FAILURE); } - memcpy(p, buf, buf_size); + memmove(p, buf, buf_size); return (GSS_S_COMPLETE); } diff --git a/lib/dns/spnego_asn1.c b/lib/dns/spnego_asn1.c index b50605456693..a90f1be63c2c 100644 --- a/lib/dns/spnego_asn1.c +++ b/lib/dns/spnego_asn1.c @@ -229,7 +229,7 @@ encode_MechTypeList(unsigned char *p, size_t len, const MechTypeList * data, siz int i, e; for (i = (data)->len - 1; i >= 0; --i) { - int oldret = ret; + size_t oldret = ret; ret = 0; e = encode_MechType(p, len, &(data)->val[i], &l); BACK; @@ -257,7 +257,7 @@ decode_MechTypeList(const unsigned char *p, size_t len, MechTypeList * data, siz len = reallen; { size_t origlen = len; - int oldret = ret; + size_t oldret = ret; ret = 0; (data)->len = 0; (data)->val = NULL; @@ -418,7 +418,7 @@ encode_NegTokenInit(unsigned char *p, size_t len, const NegTokenInit * data, siz int e; if ((data)->mechListMIC) { - int oldret = ret; + size_t oldret = ret; ret = 0; e = encode_octet_string(p, len, (data)->mechListMIC, &l); BACK; @@ -427,7 +427,7 @@ encode_NegTokenInit(unsigned char *p, size_t len, const NegTokenInit * data, siz ret += oldret; } if ((data)->mechToken) { - int oldret = ret; + size_t oldret = ret; ret = 0; e = encode_octet_string(p, len, (data)->mechToken, &l); BACK; @@ -436,7 +436,7 @@ encode_NegTokenInit(unsigned char *p, size_t len, const NegTokenInit * data, siz ret += oldret; } if ((data)->reqFlags) { - int oldret = ret; + size_t oldret = ret; ret = 0; e = encode_ContextFlags(p, len, (data)->reqFlags, &l); BACK; @@ -444,7 +444,7 @@ encode_NegTokenInit(unsigned char *p, size_t len, const NegTokenInit * data, siz BACK; ret += oldret; } { - int oldret = ret; + size_t oldret = ret; ret = 0; e = encode_MechTypeList(p, len, &(data)->mechTypes, &l); BACK; @@ -641,7 +641,7 @@ encode_NegTokenResp(unsigned char *p, size_t len, const NegTokenResp * data, siz int e; if ((data)->mechListMIC) { - int oldret = ret; + size_t oldret = ret; ret = 0; e = encode_octet_string(p, len, (data)->mechListMIC, &l); BACK; @@ -650,7 +650,7 @@ encode_NegTokenResp(unsigned char *p, size_t len, const NegTokenResp * data, siz ret += oldret; } if ((data)->responseToken) { - int oldret = ret; + size_t oldret = ret; ret = 0; e = encode_octet_string(p, len, (data)->responseToken, &l); BACK; @@ -659,7 +659,7 @@ encode_NegTokenResp(unsigned char *p, size_t len, const NegTokenResp * data, siz ret += oldret; } if ((data)->supportedMech) { - int oldret = ret; + size_t oldret = ret; ret = 0; e = encode_MechType(p, len, (data)->supportedMech, &l); BACK; @@ -668,7 +668,7 @@ encode_NegTokenResp(unsigned char *p, size_t len, const NegTokenResp * data, siz ret += oldret; } if ((data)->negState) { - int oldret = ret; + size_t oldret = ret; ret = 0; e = encode_enumerated(p, len, (data)->negState, &l); BACK; diff --git a/lib/dns/ssu.c b/lib/dns/ssu.c index 49a777a6447e..7adb769cf35e 100644 --- a/lib/dns/ssu.c +++ b/lib/dns/ssu.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2008, 2010, 2011, 2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008, 2010, 2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -217,7 +217,7 @@ dns_ssutable_addrule(dns_ssutable_t *table, isc_boolean_t grant, result = ISC_R_NOMEMORY; goto failure; } - memcpy(rule->types, types, ntypes * sizeof(dns_rdatatype_t)); + memmove(rule->types, types, ntypes * sizeof(dns_rdatatype_t)); } else rule->types = NULL; diff --git a/lib/dns/ssu_external.c b/lib/dns/ssu_external.c index 43d231d63eb0..759482768d8f 100644 --- a/lib/dns/ssu_external.c +++ b/lib/dns/ssu_external.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2011-2013 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -131,7 +131,7 @@ dns_ssu_external_match(dns_name_t *identity, isc_buffer_t *tkey_token = NULL; int fd; const char *sock_path; - size_t req_len; + unsigned int req_len; isc_region_t token_region; unsigned char *data; isc_buffer_t buf; diff --git a/lib/dns/time.c b/lib/dns/time.c index 0f245a246a9d..d331ca3bfe10 100644 --- a/lib/dns/time.c +++ b/lib/dns/time.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2009-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009-2012, 2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -98,7 +98,7 @@ dns_time64_totext(isc_int64_t t, isc_buffer_t *target) { if (l > region.length) return (ISC_R_NOSPACE); - memcpy(region.base, buf, l); + memmove(region.base, buf, l); isc_buffer_add(target, l); return (ISC_R_SUCCESS); } diff --git a/lib/dns/tkey.c b/lib/dns/tkey.c index 161c18808ef4..11b4f49eb04b 100644 --- a/lib/dns/tkey.c +++ b/lib/dns/tkey.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -152,7 +152,7 @@ add_rdata_to_list(dns_message_t *msg, dns_name_t *name, dns_rdata_t *rdata, dns_rdata_toregion(rdata, &r); RETERR(isc_buffer_allocate(msg->mctx, &tmprdatabuf, r.length)); isc_buffer_availableregion(tmprdatabuf, &newr); - memcpy(newr.base, r.base, r.length); + memmove(newr.base, r.base, r.length); dns_rdata_fromregion(newrdata, rdata->rdclass, rdata->type, &newr); dns_message_takebuffer(msg, &tmprdatabuf); @@ -252,12 +252,12 @@ compute_secret(isc_buffer_t *shared, isc_region_t *queryrandomness, if (r.length < sizeof(digests) || r.length < r2.length) return (ISC_R_NOSPACE); if (r2.length > sizeof(digests)) { - memcpy(r.base, r2.base, r2.length); + memmove(r.base, r2.base, r2.length); for (i = 0; i < sizeof(digests); i++) r.base[i] ^= digests[i]; isc_buffer_add(secret, r2.length); } else { - memcpy(r.base, digests, sizeof(digests)); + memmove(r.base, digests, sizeof(digests)); for (i = 0; i < r2.length; i++) r.base[i] ^= r2.base[i]; isc_buffer_add(secret, sizeof(digests)); @@ -534,7 +534,7 @@ process_gsstkey(dns_name_t *name, dns_rdata_tkey_t *tkeyin, goto failure; } tkeyout->keylen = isc_buffer_usedlength(outtoken); - memcpy(tkeyout->key, isc_buffer_base(outtoken), + memmove(tkeyout->key, isc_buffer_base(outtoken), isc_buffer_usedlength(outtoken)); isc_buffer_free(&outtoken); } else { @@ -544,7 +544,7 @@ process_gsstkey(dns_name_t *name, dns_rdata_tkey_t *tkeyin, goto failure; } tkeyout->keylen = tkeyin->keylen; - memcpy(tkeyout->key, tkeyin->key, tkeyin->keylen); + memmove(tkeyout->key, tkeyin->key, tkeyin->keylen); } tkeyout->error = dns_rcode_noerror; diff --git a/lib/dns/tsig.c b/lib/dns/tsig.c index c7768f4c788a..00ab570d9e34 100644 --- a/lib/dns/tsig.c +++ b/lib/dns/tsig.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -1370,21 +1370,21 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, * Extract the header. */ isc_buffer_usedregion(source, &r); - memcpy(header, r.base, DNS_MESSAGE_HEADERLEN); + memmove(header, r.base, DNS_MESSAGE_HEADERLEN); isc_region_consume(&r, DNS_MESSAGE_HEADERLEN); /* * Decrement the additional field counter. */ - memcpy(&addcount, &header[DNS_MESSAGE_HEADERLEN - 2], 2); + memmove(&addcount, &header[DNS_MESSAGE_HEADERLEN - 2], 2); addcount = htons((isc_uint16_t)(ntohs(addcount) - 1)); - memcpy(&header[DNS_MESSAGE_HEADERLEN - 2], &addcount, 2); + memmove(&header[DNS_MESSAGE_HEADERLEN - 2], &addcount, 2); /* * Put in the original id. */ id = htons(tsig.originalid); - memcpy(&header[0], &id, 2); + memmove(&header[0], &id, 2); /* * Digest the modified header. @@ -1609,16 +1609,16 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) { * Extract the header. */ isc_buffer_usedregion(source, &r); - memcpy(header, r.base, DNS_MESSAGE_HEADERLEN); + memmove(header, r.base, DNS_MESSAGE_HEADERLEN); isc_region_consume(&r, DNS_MESSAGE_HEADERLEN); /* * Decrement the additional field counter if necessary. */ if (has_tsig) { - memcpy(&addcount, &header[DNS_MESSAGE_HEADERLEN - 2], 2); + memmove(&addcount, &header[DNS_MESSAGE_HEADERLEN - 2], 2); addcount = htons((isc_uint16_t)(ntohs(addcount) - 1)); - memcpy(&header[DNS_MESSAGE_HEADERLEN - 2], &addcount, 2); + memmove(&header[DNS_MESSAGE_HEADERLEN - 2], &addcount, 2); } /* @@ -1627,7 +1627,7 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) { /* XXX Can TCP transfers be forwarded? How would that work? */ if (has_tsig) { id = htons(tsig.originalid); - memcpy(&header[0], &id, 2); + memmove(&header[0], &id, 2); } /* diff --git a/lib/dns/ttl.c b/lib/dns/ttl.c index d3cf024138db..c794859064a0 100644 --- a/lib/dns/ttl.c +++ b/lib/dns/ttl.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2011-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -53,7 +53,7 @@ ttlfmt(unsigned int t, const char *s, isc_boolean_t verbose, isc_boolean_t space, isc_buffer_t *target) { char tmp[60]; - size_t len; + unsigned int len; isc_region_t region; if (verbose) @@ -68,7 +68,7 @@ ttlfmt(unsigned int t, const char *s, isc_boolean_t verbose, isc_buffer_availableregion(target, ®ion); if (len > region.length) return (ISC_R_NOSPACE); - memcpy(region.base, tmp, len); + memmove(region.base, tmp, len); isc_buffer_add(target, len); return (ISC_R_SUCCESS); diff --git a/lib/dns/validator.c b/lib/dns/validator.c index 3d7518a2bebf..d33a683c5d31 100644 --- a/lib/dns/validator.c +++ b/lib/dns/validator.c @@ -3750,8 +3750,7 @@ dns_validator_create(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type, val->keytable = NULL; result = dns_view_getsecroots(val->view, &val->keytable); if (result != ISC_R_SUCCESS) - return (result); - + goto cleanup_mutex; val->keynode = NULL; val->key = NULL; val->siginfo = NULL; @@ -3784,6 +3783,9 @@ dns_validator_create(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type, return (ISC_R_SUCCESS); + cleanup_mutex: + DESTROYLOCK(&val->lock); + cleanup_event: isc_task_detach(&tclone); isc_event_free(ISC_EVENT_PTR(&event)); diff --git a/lib/dns/view.c b/lib/dns/view.c index 5b6ad6587d20..feacdab885cb 100644 --- a/lib/dns/view.c +++ b/lib/dns/view.c @@ -547,6 +547,8 @@ dialup(dns_zone_t *zone, void *dummy) { void dns_view_dialup(dns_view_t *view) { REQUIRE(DNS_VIEW_VALID(view)); + REQUIRE(view->zonetable != NULL); + (void)dns_zt_apply(view->zonetable, ISC_FALSE, dialup, NULL); } #endif @@ -855,6 +857,7 @@ dns_view_addzone(dns_view_t *view, dns_zone_t *zone) { REQUIRE(DNS_VIEW_VALID(view)); REQUIRE(!view->frozen); + REQUIRE(view->zonetable != NULL); result = dns_zt_mount(view->zonetable, zone); @@ -869,6 +872,7 @@ dns_view_findzone(dns_view_t *view, dns_name_t *name, dns_zone_t **zonep) { REQUIRE(DNS_VIEW_VALID(view)); + LOCK(&view->lock); if (view->zonetable != NULL) { result = dns_zt_find(view->zonetable, name, 0, NULL, zonep); if (result == DNS_R_PARTIALMATCH) { @@ -877,6 +881,7 @@ dns_view_findzone(dns_view_t *view, dns_name_t *name, dns_zone_t **zonep) { } } else result = ISC_R_NOTFOUND; + UNLOCK(&view->lock); return (result); } @@ -939,7 +944,12 @@ dns_view_find2(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type, is_staticstub_zone = ISC_FALSE; #ifdef BIND9 zone = NULL; - result = dns_zt_find(view->zonetable, name, 0, NULL, &zone); + LOCK(&view->lock); + if (view->zonetable != NULL) + result = dns_zt_find(view->zonetable, name, 0, NULL, &zone); + else + result = ISC_R_NOTFOUND; + UNLOCK(&view->lock); if (zone != NULL && dns_zone_gettype(zone) == dns_zone_staticstub && !use_static_stub) { result = ISC_R_NOTFOUND; @@ -1210,9 +1220,14 @@ dns_view_findzonecut2(dns_view_t *view, dns_name_t *name, dns_name_t *fname, */ #ifdef BIND9 zone = NULL; - result = dns_zt_find(view->zonetable, name, 0, NULL, &zone); + LOCK(&view->lock); + if (view->zonetable != NULL) + result = dns_zt_find(view->zonetable, name, 0, NULL, &zone); + else + result = ISC_R_NOTFOUND; if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) result = dns_zone_getdb(zone, &db); + UNLOCK(&view->lock); #else result = ISC_R_NOTFOUND; #endif @@ -1402,7 +1417,13 @@ dns_viewlist_findzone(dns_viewlist_t *list, dns_name_t *name, * treat it as not found. */ zp = (zone1 == NULL) ? &zone1 : &zone2; - result = dns_zt_find(view->zonetable, name, 0, NULL, zp); + LOCK(&view->lock); + if (view->zonetable != NULL) + result = dns_zt_find(view->zonetable, name, 0, + NULL, zp); + else + result = ISC_R_NOTFOUND; + UNLOCK(&view->lock); INSIST(result == ISC_R_SUCCESS || result == ISC_R_NOTFOUND || result == DNS_R_PARTIALMATCH); @@ -1434,6 +1455,7 @@ isc_result_t dns_view_load(dns_view_t *view, isc_boolean_t stop) { REQUIRE(DNS_VIEW_VALID(view)); + REQUIRE(view->zonetable != NULL); return (dns_zt_load(view->zonetable, stop)); } @@ -1442,6 +1464,7 @@ isc_result_t dns_view_loadnew(dns_view_t *view, isc_boolean_t stop) { REQUIRE(DNS_VIEW_VALID(view)); + REQUIRE(view->zonetable != NULL); return (dns_zt_loadnew(view->zonetable, stop)); } @@ -1674,13 +1697,17 @@ dns_view_getrootdelonly(dns_view_t *view) { #ifdef BIND9 isc_result_t dns_view_freezezones(dns_view_t *view, isc_boolean_t value) { + REQUIRE(DNS_VIEW_VALID(view)); + REQUIRE(view->zonetable != NULL); + return (dns_zt_freezezones(view->zonetable, value)); } #endif void dns_view_setresstats(dns_view_t *view, isc_stats_t *stats) { + REQUIRE(DNS_VIEW_VALID(view)); REQUIRE(!view->frozen); REQUIRE(view->resstats == NULL); diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c index 3026af97cdb1..eff96f13ccd7 100644 --- a/lib/dns/xfrin.c +++ b/lib/dns/xfrin.c @@ -221,7 +221,6 @@ static isc_result_t xfrin_start(dns_xfrin_ctx_t *xfr); static void xfrin_connect_done(isc_task_t *task, isc_event_t *event); static isc_result_t xfrin_send_request(dns_xfrin_ctx_t *xfr); static void xfrin_send_done(isc_task_t *task, isc_event_t *event); -static void xfrin_sendlen_done(isc_task_t *task, isc_event_t *event); static void xfrin_recv_done(isc_task_t *task, isc_event_t *event); static void xfrin_timeout(isc_task_t *task, isc_event_t *event); @@ -270,13 +269,18 @@ axfr_init(dns_xfrin_ctx_t *xfr) { static isc_result_t axfr_makedb(dns_xfrin_ctx_t *xfr, dns_db_t **dbp) { - return (dns_db_create(xfr->mctx, /* XXX */ - "rbt", /* XXX guess */ - &xfr->name, - dns_dbtype_zone, - xfr->rdclass, - 0, NULL, /* XXX guess */ - dbp)); + isc_result_t result; + + result = dns_db_create(xfr->mctx, /* XXX */ + "rbt", /* XXX guess */ + &xfr->name, + dns_dbtype_zone, + xfr->rdclass, + 0, NULL, /* XXX guess */ + dbp); + if (result == ISC_R_SUCCESS) + result = dns_zone_rpz_enable_db(xfr->zone, *dbp); + return (result); } static isc_result_t @@ -860,8 +864,11 @@ xfrin_create(isc_mem_t *mctx, xfr->sourceaddr = *sourceaddr; isc_sockaddr_setport(&xfr->sourceaddr, 0); - isc_buffer_init(&xfr->qbuffer, xfr->qbuffer_data, - sizeof(xfr->qbuffer_data)); + /* + * Reserve 2 bytes for TCP length at the begining of the buffer. + */ + isc_buffer_init(&xfr->qbuffer, &xfr->qbuffer_data[2], + sizeof(xfr->qbuffer_data) - 2); xfr->magic = XFRIN_MAGIC; *xfrp = xfr; @@ -937,6 +944,8 @@ xfrin_connect_done(isc_task_t *task, isc_event_t *event) { isc_result_t result = cev->result; char sourcetext[ISC_SOCKADDR_FORMATSIZE]; isc_sockaddr_t sockaddr; + dns_zonemgr_t * zmgr; + isc_time_t now; REQUIRE(VALID_XFRIN(xfr)); @@ -951,16 +960,16 @@ xfrin_connect_done(isc_task_t *task, isc_event_t *event) { return; } - if (result != ISC_R_SUCCESS) { - dns_zonemgr_t * zmgr = dns_zone_getmgr(xfr->zone); - isc_time_t now; - - if (zmgr != NULL) { + zmgr = dns_zone_getmgr(xfr->zone); + if (zmgr != NULL) { + if (result != ISC_R_SUCCESS) { TIME_NOW(&now); dns_zonemgr_unreachableadd(zmgr, &xfr->masteraddr, &xfr->sourceaddr, &now); - } - goto failure; + goto failure; + } else + dns_zonemgr_unreachabledel(zmgr, &xfr->masteraddr, + &xfr->sourceaddr); } result = isc_socket_getsockname(xfr->socket, &sockaddr); @@ -1041,10 +1050,8 @@ static isc_result_t xfrin_send_request(dns_xfrin_ctx_t *xfr) { isc_result_t result; isc_region_t region; - isc_region_t lregion; dns_rdataset_t *qrdataset = NULL; dns_message_t *msg = NULL; - unsigned char length[2]; dns_difftuple_t *soatuple = NULL; dns_name_t *qname = NULL; dns_dbversion_t *ver = NULL; @@ -1113,12 +1120,16 @@ xfrin_send_request(dns_xfrin_ctx_t *xfr) { isc_buffer_usedregion(&xfr->qbuffer, ®ion); INSIST(region.length <= 65535); - length[0] = region.length >> 8; - length[1] = region.length & 0xFF; - lregion.base = length; - lregion.length = 2; - CHECK(isc_socket_send(xfr->socket, &lregion, xfr->task, - xfrin_sendlen_done, xfr)); + /* + * Record message length and adjust region to include TCP + * length field. + */ + xfr->qbuffer_data[0] = (region.length >> 8) & 0xff; + xfr->qbuffer_data[1] = region.length & 0xff; + region.base -= 2; + region.length += 2; + CHECK(isc_socket_send(xfr->socket, ®ion, xfr->task, + xfrin_send_done, xfr)); xfr->sends++; failure: @@ -1135,42 +1146,6 @@ xfrin_send_request(dns_xfrin_ctx_t *xfr) { return (result); } -/* XXX there should be library support for sending DNS TCP messages */ - -static void -xfrin_sendlen_done(isc_task_t *task, isc_event_t *event) { - isc_socketevent_t *sev = (isc_socketevent_t *) event; - dns_xfrin_ctx_t *xfr = (dns_xfrin_ctx_t *) event->ev_arg; - isc_result_t evresult = sev->result; - isc_result_t result; - isc_region_t region; - - REQUIRE(VALID_XFRIN(xfr)); - - UNUSED(task); - - INSIST(event->ev_type == ISC_SOCKEVENT_SENDDONE); - isc_event_free(&event); - - xfr->sends--; - if (xfr->shuttingdown) { - maybe_free(xfr); - return; - } - - xfrin_log(xfr, ISC_LOG_DEBUG(3), "sent request length prefix"); - CHECK(evresult); - - isc_buffer_usedregion(&xfr->qbuffer, ®ion); - CHECK(isc_socket_send(xfr->socket, ®ion, xfr->task, - xfrin_send_done, xfr)); - xfr->sends++; - failure: - if (result != ISC_R_SUCCESS) - xfrin_fail(xfr, result, "failed sending request length prefix"); -} - - static void xfrin_send_done(isc_task_t *task, isc_event_t *event) { isc_socketevent_t *sev = (isc_socketevent_t *) event; diff --git a/lib/dns/zone.c b/lib/dns/zone.c index c212bf68490b..c2aeabc1dd35 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -427,6 +427,7 @@ struct dns_unreachable { isc_sockaddr_t local; isc_uint32_t expire; isc_uint32_t last; + isc_uint32_t count; }; struct dns_zonemgr { @@ -438,7 +439,8 @@ struct dns_zonemgr { isc_socketmgr_t * socketmgr; isc_taskpool_t * zonetasks; isc_task_t * task; - isc_ratelimiter_t * rl; + isc_ratelimiter_t * notifyrl; + isc_ratelimiter_t * refreshrl; isc_rwlock_t rwlock; isc_mutex_t iolock; isc_rwlock_t urlock; @@ -686,8 +688,6 @@ static isc_result_t delete_nsec(dns_db_t *db, dns_dbversion_t *ver, dns_dbnode_t *node, dns_name_t *name, dns_diff_t *diff); static void zone_rekey(dns_zone_t *zone); -static isc_boolean_t delsig_ok(dns_rdata_rrsig_t *rrsig_ptr, - dst_key_t **keys, unsigned int nkeys); #define ENTER zone_debuglog(zone, me, 1, "enter") @@ -1431,6 +1431,18 @@ dns_zone_get_rpz(dns_zone_t *zone) { return (zone->is_rpz); } +/* + * If a zone is a response policy zone, mark its new database. + */ +isc_result_t +dns_zone_rpz_enable_db(dns_zone_t *zone, dns_db_t *db) { +#ifdef BIND9 + if (zone->is_rpz) + return (dns_db_rpz_enabled(db, NULL)); +#endif + return (ISC_R_SUCCESS); +} + static isc_result_t zone_load(dns_zone_t *zone, unsigned int flags) { isc_result_t result; @@ -1679,9 +1691,7 @@ zone_gotreadhandle(isc_task_t *task, isc_event_t *event) { result = dns_master_loadfileinc3(load->zone->masterfile, dns_db_origin(load->db), dns_db_origin(load->db), - load->zone->rdclass, - options, - load->zone->sigresigninginterval, + load->zone->rdclass, options, 0, &load->callbacks, task, zone_loaddone, load, &load->zone->lctx, load->zone->mctx, @@ -1715,12 +1725,17 @@ zone_gotwritehandle(isc_task_t *task, isc_event_t *event) { LOCK_ZONE(zone); ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read); if (zone->db != NULL) { + const dns_master_style_t *output_style; + dns_db_currentversion(zone->db, &version); + if (zone->type == dns_zone_key) + output_style = &dns_master_style_keyzone; + else + output_style = &dns_master_style_default; result = dns_master_dumpinc2(zone->mctx, zone->db, version, - &dns_master_style_default, - zone->masterfile, zone->task, - dump_done, zone, &zone->dctx, - zone->masterformat); + output_style, zone->masterfile, + zone->task, dump_done, zone, + &zone->dctx, zone->masterformat); dns_db_closeversion(zone->db, &version, ISC_FALSE); } else result = ISC_R_CANCELED; @@ -1741,14 +1756,9 @@ zone_startload(dns_db_t *db, dns_zone_t *zone, isc_time_t loadtime) { isc_result_t tresult; unsigned int options; -#ifdef BIND9 - if (zone->is_rpz) { - result = dns_db_rpz_enabled(db, NULL); - if (result != ISC_R_SUCCESS) - return (result); - } -#endif - + result = dns_zone_rpz_enable_db(zone, db); + if (result != ISC_R_SUCCESS) + return (result); options = get_master_options(zone); if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_MANYERRORS)) options |= DNS_MASTER_MANYERRORS; @@ -1795,9 +1805,8 @@ zone_startload(dns_db_t *db, dns_zone_t *zone, isc_time_t loadtime) { return (result); result = dns_master_loadfile3(zone->masterfile, &zone->origin, &zone->origin, zone->rdclass, - options, zone->sigresigninginterval, - &callbacks, zone->mctx, - zone->masterformat); + options, 0, &callbacks, + zone->mctx, zone->masterformat); tresult = dns_db_endload(db, &callbacks.add_private); if (result == ISC_R_SUCCESS) result = tresult; @@ -2230,7 +2239,7 @@ isspf(const dns_rdata_t *rdata) { INSIST(tl <= rdl); if (len > sizeof(buf) - i - 1) len = sizeof(buf) - i - 1; - memcpy(buf + i, data, len); + memmove(buf + i, data, len); i += len; data += tl; rdl -= tl; @@ -2552,7 +2561,7 @@ zone_addnsec3chain(dns_zone_t *zone, dns_rdata_nsec3param_t *nsec3param) { nsec3chain->nsec3param.iterations = nsec3param->iterations; nsec3chain->nsec3param.flags = nsec3param->flags; nsec3chain->nsec3param.salt_length = nsec3param->salt_length; - memcpy(nsec3chain->salt, nsec3param->salt, nsec3param->salt_length); + memmove(nsec3chain->salt, nsec3param->salt, nsec3param->salt_length); nsec3chain->nsec3param.salt = nsec3chain->salt; nsec3chain->seen_nsec = ISC_FALSE; nsec3chain->delete_nsec = ISC_FALSE; @@ -2701,20 +2710,35 @@ set_resigntime(dns_zone_t *zone) { unsigned int resign; isc_result_t result; isc_uint32_t nanosecs; + dns_db_t *db = NULL; dns_rdataset_init(&rdataset); dns_fixedname_init(&fixed); - result = dns_db_getsigningtime(zone->db, &rdataset, + + ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read); + if (zone->db != NULL) + dns_db_attach(zone->db, &db); + ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read); + if (db == NULL) { + isc_time_settoepoch(&zone->resigntime); + return; + } + + result = dns_db_getsigningtime(db, &rdataset, dns_fixedname_name(&fixed)); if (result != ISC_R_SUCCESS) { isc_time_settoepoch(&zone->resigntime); - return; + goto cleanup; } - resign = rdataset.resign; + + resign = rdataset.resign - zone->sigresigninginterval; dns_rdataset_disassociate(&rdataset); isc_random_get(&nanosecs); nanosecs %= 1000000000; isc_time_set(&zone->resigntime, resign, nanosecs); + cleanup: + dns_db_detach(&db); + return; } static isc_result_t @@ -3057,6 +3081,8 @@ load_secroots(dns_zone_t *zone, dns_name_t *name, dns_rdataset_t *rdataset) { /* Convert rdata to keydata. */ result = dns_rdata_tostruct(&rdata, &keydata, NULL); + if (result == ISC_R_UNEXPECTEDEND) + continue; RUNTIME_CHECK(result == ISC_R_SUCCESS); /* Set the key refresh timer. */ @@ -3110,7 +3136,6 @@ do_one_tuple(dns_difftuple_t **tuple, dns_db_t *db, dns_dbversion_t *ver, * Create a singleton diff. */ dns_diff_init(diff->mctx, &temp_diff); - temp_diff.resign = diff->resign; ISC_LIST_APPEND(temp_diff.tuples, *tuple, link); /* @@ -3501,8 +3526,7 @@ zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime, else options = 0; result = dns_journal_rollforward2(zone->mctx, db, options, - zone->sigresigninginterval, - zone->journal); + 0, zone->journal); if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND && result != DNS_R_UPTODATE && result != DNS_R_NOJOURNAL && result != ISC_R_RANGE) { @@ -3759,7 +3783,8 @@ zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime, dns_zone_log(zone, ISC_LOG_DEBUG(3), "next resign: %s/%s in %d seconds", namebuf, typebuf, - next.resign - timenow); + next.resign - timenow - + zone->sigresigninginterval); dns_rdataset_disassociate(&next); } else dns_zone_log(zone, ISC_LOG_WARNING, @@ -4407,7 +4432,7 @@ dns_zone_setalsonotify(dns_zone_t *zone, const isc_sockaddr_t *notify, UNLOCK_ZONE(zone); return (ISC_R_NOMEMORY); } - memcpy(new, notify, count * sizeof(*new)); + memmove(new, notify, count * sizeof(*new)); zone->notify = new; zone->notifycnt = count; } @@ -4529,7 +4554,7 @@ dns_zone_setmasterswithkeys(dns_zone_t *zone, result = ISC_R_NOMEMORY; goto unlock; } - memcpy(new, masters, count * sizeof(*new)); + memmove(new, masters, count * sizeof(*new)); /* * Similarly for mastersok. @@ -4736,19 +4761,39 @@ set_key_expiry_warning(dns_zone_t *zone, isc_stdtime_t when, isc_stdtime_t now) * have no new key. */ static isc_boolean_t -delsig_ok(dns_rdata_rrsig_t *rrsig_ptr, dst_key_t **keys, unsigned int nkeys) { +delsig_ok(dns_rdata_rrsig_t *rrsig_ptr, dst_key_t **keys, unsigned int nkeys, + isc_boolean_t *warn) +{ unsigned int i = 0; + isc_boolean_t have_ksk = ISC_FALSE, have_zsk = ISC_FALSE; + isc_boolean_t have_pksk = ISC_FALSE, have_pzsk = ISC_FALSE; - /* - * It's okay to delete a signature if there is an active ZSK - * with the same algorithm - */ for (i = 0; i < nkeys; i++) { - if (rrsig_ptr->algorithm == dst_key_alg(keys[i]) && - (dst_key_isprivate(keys[i])) && !KSK(keys[i])) - return (ISC_TRUE); + if (rrsig_ptr->algorithm != dst_key_alg(keys[i])) + continue; + if (dst_key_isprivate(keys[i])) { + if (KSK(keys[i])) + have_ksk = have_pksk = ISC_TRUE; + else + have_zsk = have_pzsk = ISC_TRUE; + } else { + if (KSK(keys[i])) + have_ksk = ISC_TRUE; + else + have_zsk = ISC_TRUE; + } } + if (have_zsk && have_ksk && !have_pzsk) + *warn = ISC_TRUE; + + /* + * It's okay to delete a signature if there is an active key + * with the same algorithm to replace it. + */ + if (have_pksk || have_pzsk) + return (ISC_TRUE); + /* * Failing that, it is *not* okay to delete a signature * if the associated public key is still in the DNSKEY RRset @@ -4816,7 +4861,8 @@ del_sigs(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, RUNTIME_CHECK(result == ISC_R_SUCCESS); if (type != dns_rdatatype_dnskey) { - if (delsig_ok(&rrsig, keys, nkeys)) { + isc_boolean_t warn = ISC_FALSE, deleted = ISC_FALSE; + if (delsig_ok(&rrsig, keys, nkeys, &warn)) { result = update_one_rr(db, ver, zonediff->diff, DNS_DIFFOP_DELRESIGN, name, rdataset.ttl, &rdata); @@ -4824,7 +4870,9 @@ del_sigs(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, changed = ISC_TRUE; if (result != ISC_R_SUCCESS) break; - } else { + deleted = ISC_TRUE; + } + if (warn) { /* * At this point, we've got an RRSIG, * which is signed by an inactive key. @@ -4834,7 +4882,7 @@ del_sigs(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, * offline will prevent us spinning waiting * for the private part. */ - if (incremental) { + if (incremental && !deleted) { result = offline(db, ver, zonediff, name, rdataset.ttl, &rdata); @@ -4882,7 +4930,9 @@ del_sigs(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, * We want the earliest offline expire time * iff there is a new offline signature. */ - if (!dst_key_isprivate(keys[i])) { + if (!dst_key_inactive(keys[i]) && + !dst_key_isprivate(keys[i])) + { isc_int64_t timeexpire = dns_time64_from32(rrsig.timeexpire); if (warn != 0 && warn > timeexpire) @@ -4900,6 +4950,7 @@ del_sigs(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, result = offline(db, ver, zonediff, name, rdataset.ttl, &rdata); + changed = ISC_TRUE; break; } result = update_one_rr(db, ver, zonediff->diff, @@ -5068,7 +5119,6 @@ zone_resigninc(dns_zone_t *zone) { dns_rdataset_init(&rdataset); dns_fixedname_init(&fixed); dns_diff_init(zone->mctx, &_sig_diff); - _sig_diff.resign = zone->sigresigninginterval; zonediff_init(&zonediff, &_sig_diff); /* @@ -5125,7 +5175,7 @@ zone_resigninc(dns_zone_t *zone) { i = 0; while (result == ISC_R_SUCCESS) { - resign = rdataset.resign; + resign = rdataset.resign - zone->sigresigninginterval; covers = rdataset.covers; dns_rdataset_disassociate(&rdataset); @@ -5987,7 +6037,6 @@ zone_nsec3chain(dns_zone_t *zone) { dns_diff_init(zone->mctx, &nsec3_diff); dns_diff_init(zone->mctx, &nsec_diff); dns_diff_init(zone->mctx, &_sig_diff); - _sig_diff.resign = zone->sigresigninginterval; zonediff_init(&zonediff, &_sig_diff); ISC_LIST_INIT(cleanup); @@ -6831,7 +6880,6 @@ zone_sign(dns_zone_t *zone) { dns_fixedname_init(&nextfixed); nextname = dns_fixedname_name(&nextfixed); dns_diff_init(zone->mctx, &_sig_diff); - _sig_diff.resign = zone->sigresigninginterval; dns_diff_init(zone->mctx, &post_diff); zonediff_init(&zonediff, &_sig_diff); ISC_LIST_INIT(cleanup); @@ -7264,7 +7312,7 @@ zone_sign(dns_zone_t *zone) { isc_time_settoepoch(&zone->signingtime); } -static void +static isc_result_t normalize_key(dns_rdata_t *rr, dns_rdata_t *target, unsigned char *data, int size) { dns_rdata_dnskey_t dnskey; @@ -7285,6 +7333,8 @@ normalize_key(dns_rdata_t *rr, dns_rdata_t *target, break; case dns_rdatatype_keydata: result = dns_rdata_tostruct(rr, &keydata, NULL); + if (result == ISC_R_UNEXPECTEDEND) + return (result); RUNTIME_CHECK(result == ISC_R_SUCCESS); dns_keydata_todnskey(&keydata, &dnskey, NULL); dns_rdata_fromstruct(target, rr->rdclass, dns_rdatatype_dnskey, @@ -7293,6 +7343,7 @@ normalize_key(dns_rdata_t *rr, dns_rdata_t *target, default: INSIST(0); } + return (ISC_R_SUCCESS); } /* @@ -7316,14 +7367,18 @@ matchkey(dns_rdataset_t *rdset, dns_rdata_t *rr) { dns_rdata_init(&rdata1); dns_rdata_init(&rdata2); - normalize_key(rr, &rdata1, data1, sizeof(data1)); + result = normalize_key(rr, &rdata1, data1, sizeof(data1)); + if (result != ISC_R_SUCCESS) + return (ISC_FALSE); for (result = dns_rdataset_first(rdset); result == ISC_R_SUCCESS; result = dns_rdataset_next(rdset)) { dns_rdata_reset(&rdata); dns_rdataset_current(rdset, &rdata); - normalize_key(&rdata, &rdata2, data2, sizeof(data2)); + result = normalize_key(&rdata, &rdata2, data2, sizeof(data2)); + if (result != ISC_R_SUCCESS) + continue; if (dns_rdata_compare(&rdata1, &rdata2) == 0) return (ISC_TRUE); } @@ -7430,7 +7485,11 @@ minimal_update(dns_keyfetch_t *kfetch, dns_dbversion_t *ver, dns_diff_t *diff) name, 0, &rdata)); /* Update refresh timer */ - CHECK(dns_rdata_tostruct(&rdata, &keydata, NULL)); + result = dns_rdata_tostruct(&rdata, &keydata, NULL); + if (result == ISC_R_UNEXPECTEDEND) + continue; + if (result != ISC_R_SUCCESS) + goto failure; keydata.refresh = refresh_time(kfetch, ISC_TRUE); set_refreshkeytimer(zone, &keydata, now); @@ -7581,7 +7640,6 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) { INSIST(result == ISC_R_SUCCESS); dns_diff_init(mctx, &diff); - diff.resign = zone->sigresigninginterval; CHECK(dns_db_newversion(kfetch->db, &ver)); @@ -8605,10 +8663,16 @@ zone_dump(dns_zone_t *zone, isc_boolean_t compact) { result = DNS_R_CONTINUE; UNLOCK_ZONE(zone); } else { + const dns_master_style_t *output_style; + + if (zone->type == dns_zone_key) + output_style = &dns_master_style_keyzone; + else + output_style = &dns_master_style_default; dns_db_currentversion(db, &version); result = dns_master_dump2(zone->mctx, db, version, - &dns_master_style_default, - masterfile, masterformat); + output_style, masterfile, + masterformat); dns_db_closeversion(db, &version, ISC_FALSE); } fail: @@ -8988,7 +9052,7 @@ notify_send_queue(dns_notify_t *notify) { return (ISC_R_NOMEMORY); e->ev_arg = notify; e->ev_sender = NULL; - result = isc_ratelimiter_enqueue(notify->zone->zmgr->rl, + result = isc_ratelimiter_enqueue(notify->zone->zmgr->notifyrl, notify->zone->task, &e); if (result != ISC_R_SUCCESS) isc_event_free(&e); @@ -10112,7 +10176,7 @@ queue_soa_query(dns_zone_t *zone) { e->ev_arg = zone; e->ev_sender = NULL; - result = isc_ratelimiter_enqueue(zone->zmgr->rl, zone->task, &e); + result = isc_ratelimiter_enqueue(zone->zmgr->refreshrl, zone->task, &e); if (result != ISC_R_SUCCESS) { zone_idetach(&dummy); isc_event_free(&e); @@ -10812,10 +10876,10 @@ zone_settimer(dns_zone_t *zone, isc_time_t *now) { isc_time_compare(&zone->refreshtime, &next) < 0) next = zone->refreshtime; } - if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED)) { - INSIST(!isc_time_isepoch(&zone->expiretime)); + if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED) && + !isc_time_isepoch(&zone->expiretime)) { if (isc_time_isepoch(&next) || - isc_time_compare(&zone->expiretime, &next) < 0) + isc_time_compare(&zone->expiretime, &next) < 0) next = zone->expiretime; } if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDDUMP) && @@ -11467,7 +11531,7 @@ zone_namerd_tostr(dns_zone_t *zone, char *buf, size_t length) { /* * Leave space for terminating '\0'. */ - isc_buffer_init(&buffer, buf, length - 1); + isc_buffer_init(&buffer, buf, (unsigned int)length - 1); if (dns_name_dynamic(&zone->origin)) result = dns_name_totext(&zone->origin, ISC_TRUE, &buffer); if (result != ISC_R_SUCCESS && @@ -11499,7 +11563,7 @@ zone_name_tostr(dns_zone_t *zone, char *buf, size_t length) { /* * Leave space for terminating '\0'. */ - isc_buffer_init(&buffer, buf, length - 1); + isc_buffer_init(&buffer, buf, (unsigned int)length - 1); if (dns_name_dynamic(&zone->origin)) result = dns_name_totext(&zone->origin, ISC_TRUE, &buffer); if (result != ISC_R_SUCCESS && @@ -11519,7 +11583,7 @@ zone_rdclass_tostr(dns_zone_t *zone, char *buf, size_t length) { /* * Leave space for terminating '\0'. */ - isc_buffer_init(&buffer, buf, length - 1); + isc_buffer_init(&buffer, buf, (unsigned int)length - 1); (void)dns_rdataclass_totext(zone->rdclass, &buffer); buf[isc_buffer_usedlength(&buffer)] = '\0'; @@ -11536,7 +11600,7 @@ zone_viewname_tostr(dns_zone_t *zone, char *buf, size_t length) { /* * Leave space for terminating '\0'. */ - isc_buffer_init(&buffer, buf, length - 1); + isc_buffer_init(&buffer, buf, (unsigned int)length - 1); if (zone->view == NULL) { isc_buffer_putstr(&buffer, "_none"); @@ -12335,9 +12399,18 @@ dns_zone_getsigvalidityinterval(dns_zone_t *zone) { void dns_zone_setsigresigninginterval(dns_zone_t *zone, isc_uint32_t interval) { + isc_time_t now; + REQUIRE(DNS_ZONE_VALID(zone)); + LOCK_ZONE(zone); zone->sigresigninginterval = interval; + set_resigntime(zone); + if (zone->task != NULL) { + TIME_NOW(&now); + zone_settimer(zone, &now); + } + UNLOCK_ZONE(zone); } isc_uint32_t @@ -12658,8 +12731,18 @@ forward_callback(isc_task_t *task, isc_event_t *event) { case dns_rcode_yxrrset: case dns_rcode_nxrrset: case dns_rcode_refused: - case dns_rcode_nxdomain: + case dns_rcode_nxdomain: { + char rcode[128]; + isc_buffer_t rb; + + isc_buffer_init(&rb, rcode, sizeof(rcode)); + (void)dns_rcode_totext(msg->rcode, &rb); + dns_zone_log(zone, ISC_LOG_INFO, + "forwarded dynamic update: " + "master %s returned: %.*s", + master, (int)rb.used, rcode); break; + } /* These should not occur if the masters/zone are valid. */ case dns_rcode_notzone: @@ -12807,7 +12890,8 @@ dns_zonemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, zmgr->socketmgr = socketmgr; zmgr->zonetasks = NULL; zmgr->task = NULL; - zmgr->rl = NULL; + zmgr->notifyrl = NULL; + zmgr->refreshrl = NULL; ISC_LIST_INIT(zmgr->zones); ISC_LIST_INIT(zmgr->waiting_for_xfrin); ISC_LIST_INIT(zmgr->xfrin_in_progress); @@ -12831,15 +12915,24 @@ dns_zonemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, isc_task_setname(zmgr->task, "zmgr", zmgr); result = isc_ratelimiter_create(mctx, timermgr, zmgr->task, - &zmgr->rl); + &zmgr->notifyrl); if (result != ISC_R_SUCCESS) goto free_task; + result = isc_ratelimiter_create(mctx, timermgr, zmgr->task, + &zmgr->refreshrl); + if (result != ISC_R_SUCCESS) + goto free_notifyrl; + /* default to 20 refresh queries / notifies per second. */ isc_interval_set(&interval, 0, 1000000000/2); - result = isc_ratelimiter_setinterval(zmgr->rl, &interval); + result = isc_ratelimiter_setinterval(zmgr->notifyrl, &interval); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + isc_ratelimiter_setpertic(zmgr->notifyrl, 10); + + result = isc_ratelimiter_setinterval(zmgr->refreshrl, &interval); RUNTIME_CHECK(result == ISC_R_SUCCESS); - isc_ratelimiter_setpertic(zmgr->rl, 10); + isc_ratelimiter_setpertic(zmgr->refreshrl, 10); zmgr->iolimit = 1; zmgr->ioactive = 0; @@ -12848,7 +12941,7 @@ dns_zonemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, result = isc_mutex_init(&zmgr->iolock); if (result != ISC_R_SUCCESS) - goto free_rl; + goto free_refreshrl; zmgr->magic = ZONEMGR_MAGIC; @@ -12859,8 +12952,10 @@ dns_zonemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, free_iolock: DESTROYLOCK(&zmgr->iolock); #endif - free_rl: - isc_ratelimiter_detach(&zmgr->rl); + free_refreshrl: + isc_ratelimiter_detach(&zmgr->refreshrl); + free_notifyrl: + isc_ratelimiter_detach(&zmgr->notifyrl); free_task: isc_task_detach(&zmgr->task); free_urlock: @@ -13028,7 +13123,8 @@ dns_zonemgr_shutdown(dns_zonemgr_t *zmgr) { REQUIRE(DNS_ZONEMGR_VALID(zmgr)); - isc_ratelimiter_shutdown(zmgr->rl); + isc_ratelimiter_shutdown(zmgr->notifyrl); + isc_ratelimiter_shutdown(zmgr->refreshrl); if (zmgr->task != NULL) isc_task_destroy(&zmgr->task); @@ -13086,7 +13182,8 @@ zonemgr_free(dns_zonemgr_t *zmgr) { zmgr->magic = 0; DESTROYLOCK(&zmgr->iolock); - isc_ratelimiter_detach(&zmgr->rl); + isc_ratelimiter_detach(&zmgr->notifyrl); + isc_ratelimiter_detach(&zmgr->refreshrl); isc_rwlock_destroy(&zmgr->urlock); isc_rwlock_destroy(&zmgr->rwlock); @@ -13475,9 +13572,14 @@ dns_zonemgr_setserialqueryrate(dns_zonemgr_t *zmgr, unsigned int value) { } isc_interval_set(&interval, s, ns); - result = isc_ratelimiter_setinterval(zmgr->rl, &interval); + + result = isc_ratelimiter_setinterval(zmgr->notifyrl, &interval); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + isc_ratelimiter_setpertic(zmgr->notifyrl, pertic); + + result = isc_ratelimiter_setinterval(zmgr->refreshrl, &interval); RUNTIME_CHECK(result == ISC_R_SUCCESS); - isc_ratelimiter_setpertic(zmgr->rl, pertic); + isc_ratelimiter_setpertic(zmgr->refreshrl, pertic); zmgr->serialqueryrate = value; } @@ -13497,6 +13599,7 @@ dns_zonemgr_unreachable(dns_zonemgr_t *zmgr, isc_sockaddr_t *remote, isc_rwlocktype_t locktype; isc_result_t result; isc_uint32_t seconds = isc_time_seconds(now); + isc_uint32_t count = 0; REQUIRE(DNS_ZONEMGR_VALID(zmgr)); @@ -13510,12 +13613,13 @@ dns_zonemgr_unreachable(dns_zonemgr_t *zmgr, isc_sockaddr_t *remote, if (result == ISC_R_SUCCESS) { locktype = isc_rwlocktype_write; zmgr->unreachable[i].last = seconds; + count = zmgr->unreachable[i].count; } break; } } RWUNLOCK(&zmgr->urlock, locktype); - return (ISC_TF(i < UNREACH_CHACHE_SIZE)); + return (ISC_TF(i < UNREACH_CHACHE_SIZE && count > 1U)); } void @@ -13589,6 +13693,10 @@ dns_zonemgr_unreachableadd(dns_zonemgr_t *zmgr, isc_sockaddr_t *remote, */ zmgr->unreachable[i].expire = seconds + UNREACH_HOLD_TIME; zmgr->unreachable[i].last = seconds; + if (zmgr->unreachable[i].expire < seconds) + zmgr->unreachable[i].count = 1; + else + zmgr->unreachable[i].count++; } else if (slot != UNREACH_CHACHE_SIZE) { /* * Found a empty slot. Add a new entry to the cache. @@ -13597,6 +13705,7 @@ dns_zonemgr_unreachableadd(dns_zonemgr_t *zmgr, isc_sockaddr_t *remote, zmgr->unreachable[slot].last = seconds; zmgr->unreachable[slot].remote = *remote; zmgr->unreachable[slot].local = *local; + zmgr->unreachable[slot].count = 1; } else { /* * Replace the least recently used entry in the cache. @@ -13605,6 +13714,7 @@ dns_zonemgr_unreachableadd(dns_zonemgr_t *zmgr, isc_sockaddr_t *remote, zmgr->unreachable[oldest].last = seconds; zmgr->unreachable[oldest].remote = *remote; zmgr->unreachable[oldest].local = *local; + zmgr->unreachable[oldest].count = 1; } RWUNLOCK(&zmgr->urlock, isc_rwlocktype_write); } @@ -14453,7 +14563,6 @@ zone_rekey(dns_zone_t *zone) { mctx = zone->mctx; dns_diff_init(mctx, &diff); dns_diff_init(mctx, &_sig_diff); - _sig_diff.resign = zone->sigresigninginterval; zonediff_init(&zonediff, &_sig_diff); CHECK(dns_zone_getdb(zone, &db)); |