1. 25 Mar, 2020 1 commit
    • Ondřej Surý's avatar
      Fix 'Dereference of null pointer' from scan-build-10 · ddd0d356
      Ondřej Surý authored
      These are mostly false positives, the clang-analyzer FAQ[1] specifies
      why and how to fix it:
      
      > The reason the analyzer often thinks that a pointer can be null is
      > because the preceding code checked compared it against null. So if you
      > are absolutely sure that it cannot be null, remove the preceding check
      > and, preferably, add an assertion as well.
      
      The 4 warnings reported are:
      
      dnssec-cds.c:781:4: warning: Access to field 'base' results in a dereference of a null pointer (loaded from variable 'buf')
                              isc_buffer_availableregion(buf, &r);
                              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      /builds/isc-projects/bind9/lib/isc/include/isc/buffer.h:996:36: note: expanded from macro 'isc_buffer_availableregion'
                                         ^
      /builds/isc-projects/bind9/lib/isc/include/isc/buffer.h:821:16: note: expanded from macro 'ISC__BUFFER_AVAILABLEREGION'
                      (_r)->base = isc_buffer_used(_b);              \
                                   ^~~~~~~~~~~~~~~~~~~
      /builds/isc-projects/bind9/lib/isc/include/isc/buffer.h:152:29: note: expanded from macro 'isc_buffer_used'
              ((void *)((unsigned char *)(b)->base + (b)->used)) /*d*/
                                         ^~~~~~~~~
      1 warning generated.
      
      --
      
      byname_test.c:308:34: warning: Access to field 'fwdtable' results in a dereference of a null pointer (loaded from variable 'view')
                      RUNTIME_CHECK(dns_fwdtable_add(view->fwdtable, dns_rootname,
                                                     ^~~~~~~~~~~~~~
      /builds/isc-projects/bind9/lib/isc/include/isc/util.h:318:52: note: expanded from macro 'RUNTIME_CHECK'
                                                         ^~~~
      /builds/isc-projects/bind9/lib/isc/include/isc/error.h:50:21: note: expanded from macro 'ISC_ERROR_RUNTIMECHECK'
              ((void)(ISC_LIKELY(cond) ||  \
                                 ^~~~
      /builds/isc-projects/bind9/lib/isc/include/isc/likely.h:23:43: note: expanded from macro 'ISC_LIKELY'
                                                  ^
      1 warning generated.
      
      --
      
      ./rndc.c:255:6: warning: Dereference of null pointer (loaded from variable 'host')
              if (*host == '/') {
                  ^~~~~
      1 warning generated.
      
      --
      
      ./main.c:1254:9: warning: Access to field 'sctx' results in a dereference of a null pointer (loaded from variable 'named_g_server')
              sctx = named_g_server->sctx;
                     ^~~~~~~~~~~~~~~~~~~~
      1 warning generated.
      
      References:
      1. https://clang-analyzer.llvm.org/faq.html#null_pointer
      ddd0d356
  2. 18 Mar, 2020 1 commit
    • Mark Andrews's avatar
      Refactor the isc_log API so it cannot fail on memory failures · 0b793166
      Mark Andrews authored
      The isc_mem API now crashes on memory allocation failure, and this is
      the next commit in series to cleanup the code that could fail before,
      but cannot fail now, e.g. isc_result_t return type has been changed to
      void for the isc_log API functions that could only return ISC_R_SUCCESS.
      0b793166
  3. 09 Mar, 2020 1 commit
  4. 27 Feb, 2020 1 commit
  5. 14 Feb, 2020 1 commit
  6. 13 Feb, 2020 2 commits
    • Evan Hunt's avatar
      apply the modified style · e851ed0b
      Evan Hunt authored
      e851ed0b
    • Ondřej Surý's avatar
      Use clang-tidy to add curly braces around one-line statements · 056e133c
      Ondřej Surý authored
      The command used to reformat the files in this commit was:
      
      ./util/run-clang-tidy \
      	-clang-tidy-binary clang-tidy-11
      	-clang-apply-replacements-binary clang-apply-replacements-11 \
      	-checks=-*,readability-braces-around-statements \
      	-j 9 \
      	-fix \
      	-format \
      	-style=file \
      	-quiet
      clang-format -i --style=format $(git ls-files '*.c' '*.h')
      uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h')
      clang-format -i --style=format $(git ls-files '*.c' '*.h')
      056e133c
  7. 12 Feb, 2020 1 commit
  8. 03 Feb, 2020 1 commit
  9. 14 Jan, 2020 1 commit
  10. 03 Dec, 2019 1 commit
    • Ondřej Surý's avatar
      Refactor the dns_name API to use ISC_THREAD_LOCAL · 1a66aabd
      Ondřej Surý authored
      Previously, the dns_name API used isc_thread_key API for TLS, which is
      fairly complicated and requires initialization of memory contexts, etc.
      This part of code was refactored to use a ISC_THREAD_LOCAL pointer which
      greatly simplifies the whole code related to storing TLS variables.
      1a66aabd
  11. 07 Nov, 2019 1 commit
  12. 25 Sep, 2019 1 commit
  13. 12 Sep, 2019 1 commit
  14. 23 Jul, 2019 1 commit
  15. 20 May, 2019 1 commit
    • Ondřej Surý's avatar
      Make lib/isc/app.c opaque and thread-safe · eb8c9bdd
      Ondřej Surý authored
      This work cleans up the API which includes couple of things:
      
      1. Make the isc_appctx_t type fully opaque
      
      2. Protect all access to the isc_app_t members via stdatomics
      
      3. sigwait() is part of POSIX.1, remove dead non-sigwait code
      
      4. Remove unused code: isc_appctx_set{taskmgr,sockmgr,timermgr}
      eb8c9bdd
  16. 08 Mar, 2019 1 commit
  17. 08 Aug, 2018 2 commits
  18. 19 Jul, 2018 1 commit
  19. 29 May, 2018 1 commit
    • Ondřej Surý's avatar
      Change isc_random() to be just PRNG, and add isc_nonce_buf() that uses CSPRNG · 99ba29bc
      Ondřej Surý authored
      This commit reverts the previous change to use system provided
      entropy, as (SYS_)getrandom is very slow on Linux because it is
      a syscall.
      
      The change introduced in this commit adds a new call isc_nonce_buf
      that uses CSPRNG from cryptographic library provider to generate
      secure data that can be and must be used for generating nonces.
      Example usage would be DNS cookies.
      
      The isc_random() API has been changed to use fast PRNG that is not
      cryptographically secure, but runs entirely in user space.  Two
      contestants have been considered xoroshiro family of the functions
      by Villa&Blackman and PCG by O'Neill.  After a consideration the
      xoshiro128starstar function has been used as uint32_t random number
      provider because it is very fast and has good enough properties
      for our usage pattern.
      
      The other change introduced in the commit is the more extensive usage
      of isc_random_uniform in places where the usage pattern was
      isc_random() % n to prevent modulo bias.  For usage patterns where
      only 16 or 8 bits are needed (DNS Message ID), the isc_random()
      functions has been renamed to isc_random32(), and isc_random16() and
      isc_random8() functions have been introduced by &-ing the
      isc_random32() output with 0xffff and 0xff.  Please note that the
      functions that uses stripped down bit count doesn't pass our
      NIST SP 800-22 based random test.
      99ba29bc
  20. 16 May, 2018 1 commit
    • Ondřej Surý's avatar
      Replace all random functions with isc_random, isc_random_buf and isc_random_uniform API. · 3a4f820d
      Ondřej Surý authored
      The three functions has been modeled after the arc4random family of
      functions, and they will always return random bytes.
      
      The isc_random family of functions internally use these CSPRNG (if available):
      
      1. getrandom() libc call (might be available on Linux and Solaris)
      2. SYS_getrandom syscall (might be available on Linux, detected at runtime)
      3. arc4random(), arc4random_buf() and arc4random_uniform() (available on BSDs and Mac OS X)
      4. crypto library function:
      4a. RAND_bytes in case OpenSSL
      4b. pkcs_C_GenerateRandom() in case PKCS#11 library
      3a4f820d
  21. 11 May, 2018 1 commit
  22. 23 Feb, 2018 1 commit
  23. 18 Jan, 2018 2 commits
  24. 01 Dec, 2017 1 commit
  25. 05 Sep, 2017 1 commit
  26. 29 Aug, 2017 1 commit
  27. 05 Jan, 2017 1 commit
  28. 04 Jan, 2017 1 commit
    • Evan Hunt's avatar
      [master] EDNS padding and keepalive support · 58043325
      Evan Hunt authored
      4549.	[func]		Added support for the EDNS TCP Keepalive option
      			(RFC 7828). [RT #42126]
      
      4548.	[func]		Added support for the EDNS Padding option (RFC 7830).
      			[RT #42094]
      58043325
  29. 28 Sep, 2016 1 commit
  30. 23 Aug, 2016 1 commit
  31. 18 Aug, 2016 1 commit
  32. 15 Aug, 2016 1 commit
  33. 27 Jun, 2016 1 commit
  34. 18 Feb, 2016 2 commits
  35. 27 Aug, 2015 1 commit
  36. 21 Jul, 2015 1 commit
    • Mukund Sivaraman's avatar
      Update rndc usage output (#40010) · fc39b6a9
      Mukund Sivaraman authored
      Squashed commit of the following:
      
      commit 73f0bba7d8d4763763ff88731c739ac646714ac8
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Mon Jul 13 05:40:35 2015 +0530
      
          Update rndc usage output
      
          This is based on a patch sent by Tony Finch.
      fc39b6a9