1. 25 Jan, 2019 1 commit
    • Michał Kępień's avatar
      dig: return a non-zero exit code for failed TCP EOF retries · 0f168a4b
      Michał Kępień authored and Evan Hunt's avatar Evan Hunt committed
      dig retries a TCP query when a server closes the connection prematurely.
      However, dig's exit code remains unaffected even if the second attempt
      to get a response also fails with the same error for the same lookup,
      which should not be the case.  Ensure the exit code is updated
      appropriately when a retry triggered by a TCP EOF condition fails.
  2. 08 Jan, 2019 3 commits
    • Michał Kępień's avatar
      Fix cleanup upon an error before TCP socket creation · 13975b32
      Michał Kępień authored
      When a query times out after a socket is created and associated with a
      given dig_query_t structure, calling isc_socket_cancel() causes
      connect_done() to be run, which in turn takes care of all necessary
      cleanups.  However, certain errors (e.g. get_address() returning
      ISC_R_FAMILYNOSUPPORT) may prevent a TCP socket from being created in
      the first place.  Since force_timeout() may be used in code handling
      such errors, connect_timeout() needs to properly clean up a TCP query
      which is not associated with any socket.  Call clear_query() from
      connect_timeout() after attempting to send a TCP query to the next
      available server if the timed out query does not have a socket
      associated with it, in order to prevent dig from hanging indefinitely
      due to the dig_query_t structure not being detached from its parent
      dig_lookup_t structure.
    • Michał Kępień's avatar
      Refactor code sending a query to the next server upon a timeout · c108fc5c
      Michał Kępień authored
      When a query times out and another server is available for querying
      within the same lookup, the timeout handler - connect_timeout() - is
      responsible for sending the query to the next server.  Extract the
      relevant part of connect_timeout() to a separate function in order to
      improve code readability.
    • Michał Kępień's avatar
      Remove dead code handling address family mismatches for TCP sockets · ef1da873
      Michał Kępień authored
      Before commit c2ec022f, using the "-b"
      command line switch for dig did not disable use of the other address
      family than the one to which the address supplied to that option
      belonged to.  Thus, bind9_getaddresses() could e.g. prepare an
      isc_sockaddr_t structure for an IPv6 address when an IPv4 address has
      been passed to the "-b" command line option.  To avoid attempting the
      impossible (e.g. querying an IPv6 address from a socket bound to an IPv4
      address), a certain code block in send_tcp_connect() checked whether the
      address family of the server to be queried was the same as the address
      family of the socket set up for sending that query; if there was a
      mismatch, that particular server address was skipped.
      Commit c2ec022f made
      bind9_getaddresses() fail upon an address family mismatch between the
      address the hostname passed to it resolved to and the address supplied
      to the "-b" command line option.  Such failures were fatal to dig back
      Commit 7f658603 made
      bind9_getaddresses() failures non-fatal, but also ensured that a
      get_address() failure in send_tcp_connect() still causes the given query
      address to be skipped (and also made such failures trigger an early
      return from send_tcp_connect()).
      Summing up, the code block handling address family mismatches in
      send_tcp_connect() has been redundant since commit
      c2ec022f.  Remove it.
  3. 22 Nov, 2018 2 commits
  4. 13 Nov, 2018 2 commits
    • Michał Kępień's avatar
      Restore localhost fallback in bin/dig/dighost.c · 18758392
      Michał Kępień authored
      In BIND 9.11 and earlier, dig and similar tools used liblwres for
      parsing /etc/resolv.conf.  After getting a list of servers from
      liblwres, a tool would check the address family of each server found and
      reject those unusable.  When the resulting list of usable servers was
      empty, localhost addresses were queried as a fallback.
      When liblwres was removed in BIND 9.12, dig and similar tools were
      updated to parse /etc/resolv.conf using libirs instead.  As part of that
      process, the localhost fallback was removed from bin/dig/dighost.c since
      the localhost fallback built into libirs was deemed to be sufficient.
      However, libirs only falls back to localhost if it does not find any
      name servers at all; if it does find any valid nameserver entry in
      /etc/resolv.conf, it just returns it to the caller because it is
      oblivious to whether the caller supports IPv4 and/or IPv6 or not.  The
      code in bin/dig/dighost.c subsequently filters the returned list of
      servers in get_server_list() according to the requested address family
      restrictions.  This may result in none of the addresses returned by
      libirs being usable, in which case a tool will attempt to work with an
      empty server list, causing a hang and subsequently a crash upon user
      Restore the localhost fallback in bin/dig/dighost.c to prevent the
      aforementioned hangs and crashes and ensure recent BIND versions behave
      identically to the older ones in the circumstances described above.
    • Michał Kępień's avatar
      Fix a shutdown race in bin/dig/dighost.c · 46217565
      Michał Kępień authored
      If a tool using the routines defined in bin/dig/dighost.c is sent an
      interruption signal around the time a connection timeout is scheduled to
      fire, connect_timeout() may be executed after destroy_libs() detaches
      from the global task (setting 'global_task' to NULL), which results in a
      crash upon a UDP retry due to bringup_timer() attempting to create a
      timer with 'task' set to NULL.  Fix by preventing connect_timeout() from
      attempting a retry when shutdown is in progress.
  5. 08 Nov, 2018 2 commits
  6. 07 Nov, 2018 1 commit
  7. 06 Nov, 2018 2 commits
  8. 05 Nov, 2018 1 commit
  9. 31 Oct, 2018 1 commit
  10. 05 Oct, 2018 1 commit
    • Petr Menšík's avatar
      Disable IDN from environment as documented · ec1d9b80
      Petr Menšík authored and Ondřej Surý's avatar Ondřej Surý committed
      Manual page of host contained instructions to disable IDN processing
      when it was built with libidn2. When refactoring IDN support however,
      support for disabling IDN in host and nslookup was lost. Use also
      environment variable and document it for nslookup, host and dig.
  11. 27 Aug, 2018 1 commit
    • Michał Kępień's avatar
      Reset dig exit code after a TCP connection is established · deb3b85c
      Michał Kępień authored and Mark Andrews's avatar Mark Andrews committed
      The "exitcode" variable is set to 9 if a TCP connection fails, but is
      not reset to 0 if a subsequent TCP connection succeeds.  This causes dig
      to return a non-zero exit code if it succeeds in getting a TCP response
      after a retry.  Fix by resetting "exitcode" to 0 if connect_done()
      receives an event with the "result" field set to ISC_R_SUCCESS.
  12. 08 Aug, 2018 2 commits
  13. 19 Jul, 2018 1 commit
  14. 10 Jul, 2018 10 commits
    • Michał Kępień's avatar
      Do not set IDN2_NFC_INPUT explicitly · bf6efbc9
      Michał Kępień authored
      IDN2_NFC_INPUT is always set implicitly by idn2_to_ascii_lz(), so there
      is no need to set it explicitly.
    • Michał Kępień's avatar
      Improve error handling in idn_ace_to_locale() · b896fc49
      Michał Kępień authored
      While idn2_to_unicode_8zlz() takes a 'flags' argument, it is ignored and
      thus cannot be used to perform IDN checks on the output string.
      The bug in libidn2 versions before 2.0.5 was not that a call to
      idn2_to_unicode_8zlz() with certain flags set did not cause IDN checks
      to be performed.  The bug was that idn2_to_unicode_8zlz() did not check
      whether a conversion can be performed between UTF-8 and the current
      locale's character encoding.  In other words, with libidn2 version
      2.0.5+, if the current locale's character encoding is ASCII, then
      idn2_to_unicode_8zlz() will fail when it is passed any Punycode string
      which decodes to a non-ASCII string, even if it is a valid IDNA2008
      Rework idn_ace_to_locale() so that invalid IDNA2008 names are properly
      and consistently detected for all libidn2 versions and locales.
      Update the "idna" system test accordingly.  Add checks for processing a
      server response containing Punycode which decodes to an invalid IDNA2008
      name.  Fix invalid subtest description.
    • Michał Kępień's avatar
      Remove redundant dns_name_totextfilter_t argument · e5ef0381
      Michał Kępień authored
      Since idn_output_filter() no longer uses its 'absolute' argument and no
      other callback is used with dns_name_settotextfilter(), remove the
      'absolute' argument from the dns_name_totextfilter_t prototype.
    • Michał Kępień's avatar
      Simplify and rename output_filter() · 19c42d46
      Michał Kępień authored
      output_filter() does not need to dot-terminate its input name because
      libidn2 properly handles both dot-terminated and non-dot-terminated
      names.  libidn2 also does not implicitly dot-terminate names passed to
      it, so parts of output_filter() handling dot termination can simply be
      Fix a logical condition to make sure 'src' can fit the terminating NULL
      byte.  Replace the MAXDLEN macro with the MXNAME macro used in the rest
      of dig source code.  Tweak comments and variable names.
      Rename output_filter() to idn_output_filter() so that it can be easily
      associated with IDN and other idn_*() functions.
    • Michał Kępień's avatar
      Simplify idn_ace_to_locale() · 5106a18e
      Michał Kępień authored
      idn_ace_to_locale() may return a string longer than MAXDLEN because it
      is using the current locale's character encoding.  Rather then imposing
      an arbitrary limit on the length of the string that function can return,
      make it pass the string prepared by libidn2 back to the caller verbatim,
      making the latter responsible for freeing that string.  In conjunction
      with the fact that libidn2 errors are considered fatal, this makes
      returning an isc_result_t from idn_ace_to_locale() unnecessary.
      Do not process success cases in conditional branches for improved
      consistency with the rest of BIND source code.  Add a comment explaining
      the purpose of idn_ace_to_locale().  Rename that function's parameters
      to match common BIND naming pattern.
    • Michał Kępień's avatar
      Simplify idn_locale_to_ace() · bcf4d206
      Michał Kępień authored
      idn_locale_to_ace() is a static function which is always used with a
      buffer of size MXNAME, i.e. one that can fit any valid domain name.
      Since libidn2 detects invalid domain names and libidn2 errors are
      considered fatal, remove size checks from idn_locale_to_ace().  This
      makes returning an isc_result_t from it unnecessary.
      Do not process success cases in conditional branches for improved
      consistency with the rest of BIND source code.  Add a comment explaining
      the purpose of idn_locale_to_ace().  Rename that function's parameters
      to match common BIND naming pattern.
    • Michał Kępień's avatar
      Remove IDNA2003 fallback from dig · 59cdaef4
      Michał Kępień authored
      Certain characters, like symbols, are allowed by IDNA2003, but not by
      IDNA2008.  Make dig reject such symbols when IDN input processing is
      enabled to ensure BIND only supports IDNA2008.  Update the "idna" system
      test so that it uses one of such symbols rather than one which is
      disallowed by both IDNA2003 and IDNA2008.
    • Michał Kępień's avatar
      Remove redundant dns_name_settotextfilter() call · 9a25368c
      Michał Kępień authored
      There is no need to call dns_name_settotextfilter() in setup_system()
      because setup_lookup() determines whether IDN output processing should
      be enabled for a specific lookup (taking the global setting into
      consideration) and calls dns_name_settotextfilter() anyway if it is.
      Remove the dns_name_settotextfilter() call from setup_system().
    • Michał Kępień's avatar
      Remove empty idn_initialize() function · fafc7c7b
      Michał Kępień authored
    • Michał Kępień's avatar
      Rework libidn2 detection · a0571d38
      Michał Kępień authored
      Clean up the parts of configure.in responsible for handling libidn2
      detection and adjust other pieces of the build system to match these
        - use pkg-config when --with-libidn2 is used without an explicit path,
        - look for idn2_to_ascii_lz() rather than idn2_to_ascii_8z() as the
          former is used in BIND while the latter is not,
        - do not look for idn2_to_unicode_8zlz() as it is present in all
          libidn2 versions which have idn2_to_ascii_lz(),
        - check whether the <idn2.h> header is usable,
        - set LDFLAGS in the Makefile for dig so that, if specified, the
          requested libidn2 path is used when linking with libidn2,
        - override CPPFLAGS when looking for libidn2 components so that the
          configure script does not produce warnings when libidn2 is not
          installed system-wide,
        - merge the AS_CASE() call into the AS_IF() call below it to simplify
        - indicate the default value of --with-libidn2 in "./configure --help"
        - use $with_libidn2 rather than $use_libidn2 to better match the name
          of the configure script argument,
        - stop differentiating between IDN "in" and "out" support, i.e. make
          dig either support libidn2 or not; remove WITH_* Autoconf macros and
          use a new one, HAVE_LIBIDN2, to determine whether libidn2 support
          should be enabled.
  15. 29 May, 2018 1 commit
    • Ondřej Surý's avatar
      Change isc_random() to be just PRNG, and add isc_nonce_buf() that uses CSPRNG · 99ba29bc
      Ondřej Surý authored
      This commit reverts the previous change to use system provided
      entropy, as (SYS_)getrandom is very slow on Linux because it is
      a syscall.
      The change introduced in this commit adds a new call isc_nonce_buf
      that uses CSPRNG from cryptographic library provider to generate
      secure data that can be and must be used for generating nonces.
      Example usage would be DNS cookies.
      The isc_random() API has been changed to use fast PRNG that is not
      cryptographically secure, but runs entirely in user space.  Two
      contestants have been considered xoroshiro family of the functions
      by Villa&Blackman and PCG by O'Neill.  After a consideration the
      xoshiro128starstar function has been used as uint32_t random number
      provider because it is very fast and has good enough properties
      for our usage pattern.
      The other change introduced in the commit is the more extensive usage
      of isc_random_uniform in places where the usage pattern was
      isc_random() % n to prevent modulo bias.  For usage patterns where
      only 16 or 8 bits are needed (DNS Message ID), the isc_random()
      functions has been renamed to isc_random32(), and isc_random16() and
      isc_random8() functions have been introduced by &-ing the
      isc_random32() output with 0xffff and 0xff.  Please note that the
      functions that uses stripped down bit count doesn't pass our
      NIST SP 800-22 based random test.
  16. 22 May, 2018 1 commit
    • Ondřej Surý's avatar
      address win32 build issues · 7ee8a7e6
      Ondřej Surý authored and Evan Hunt's avatar Evan Hunt committed
      - Replace external -DOPENSSL/-DPKCS11CRYPTO with properly AC_DEFINEd
      - Don't enforce the crypto provider from platform.h, just from dst_api.c
        and configure scripts
  17. 16 May, 2018 1 commit
    • Ondřej Surý's avatar
      Replace all random functions with isc_random, isc_random_buf and isc_random_uniform API. · 3a4f820d
      Ondřej Surý authored and Witold Krecicki's avatar Witold Krecicki committed
      The three functions has been modeled after the arc4random family of
      functions, and they will always return random bytes.
      The isc_random family of functions internally use these CSPRNG (if available):
      1. getrandom() libc call (might be available on Linux and Solaris)
      2. SYS_getrandom syscall (might be available on Linux, detected at runtime)
      3. arc4random(), arc4random_buf() and arc4random_uniform() (available on BSDs and Mac OS X)
      4. crypto library function:
      4a. RAND_bytes in case OpenSSL
      4b. pkcs_C_GenerateRandom() in case PKCS#11 library
  18. 20 Apr, 2018 2 commits
  19. 12 Apr, 2018 1 commit
  20. 09 Apr, 2018 1 commit
    • Michał Kępień's avatar
      Use dns_fixedname_initname() where possible · 4df4a8e7
      Michał Kępień authored and Ondřej Surý's avatar Ondřej Surý committed
      Replace dns_fixedname_init() calls followed by dns_fixedname_name()
      calls with calls to dns_fixedname_initname() where it is possible
      without affecting current behavior and/or performance.
      This patch was mostly prepared using Coccinelle and the following
      semantic patch:
          expression fixedname, name;
          -	dns_fixedname_init(&fixedname);
          -	name = dns_fixedname_name(&fixedname);
          +	name = dns_fixedname_initname(&fixedname);
      The resulting set of changes was then manually reviewed to exclude false
      positives and apply minor tweaks.
      It is likely that more occurrences of this pattern can be refactored in
      an identical way.  This commit only takes care of the low-hanging fruit.
  21. 06 Apr, 2018 2 commits
  22. 21 Mar, 2018 1 commit