search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Avoid infinite loop in nss_dns getnetbyname [BZ #17630]
[glibc.git] / resolv / nss_dns / dns-network.c
blob08cf0a6462ce9bb12ea04507041b5958a1ea24e3
1 /* Copyright (C) 1996-2014 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3 Extended from original form by Ulrich Drepper <drepper@cygnus.com>, 1996.
4
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
9
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
14
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, see
17 <http://www.gnu.org/licenses/>. */
18
19 /* Parts of this file are plain copies of the file `getnetnamadr.c' from
20 the bind package and it has the following copyright. */
21
22 /* Copyright (c) 1993 Carlos Leandro and Rui Salgueiro
23 * Dep. Matematica Universidade de Coimbra, Portugal, Europe
24 *
25 * Permission to use, copy, modify, and distribute this software for any
26 * purpose with or without fee is hereby granted, provided that the above
27 * copyright notice and this permission notice appear in all copies.
28 */
29 /*
30 * Copyright (c) 1983, 1993
31 * The Regents of the University of California. All rights reserved.
32 *
33 * Redistribution and use in source and binary forms, with or without
34 * modification, are permitted provided that the following conditions
35 * are met:
36 * 1. Redistributions of source code must retain the above copyright
37 * notice, this list of conditions and the following disclaimer.
38 * 2. Redistributions in binary form must reproduce the above copyright
39 * notice, this list of conditions and the following disclaimer in the
40 * documentation and/or other materials provided with the distribution.
41 * 4. Neither the name of the University nor the names of its contributors
42 * may be used to endorse or promote products derived from this software
43 * without specific prior written permission.
44 *
45 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
46 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
47 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
48 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
49 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
50 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
51 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
53 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
54 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
55 * SUCH DAMAGE.
56 */
57
58 #include <ctype.h>
59 #include <errno.h>
60 #include <netdb.h>
61 #include <stdio.h>
62 #include <stdlib.h>
63 #include <string.h>
64 #include <stdint.h>
65
66 #include "nsswitch.h"
67 #include <arpa/inet.h>
68
69 /* Maximum number of aliases we allow. */
70 #define MAX_NR_ALIASES 48
71
72
73 #if PACKETSZ > 65536
74 # define MAXPACKET PACKETSZ
75 #else
76 # define MAXPACKET 65536
77 #endif
78
79
80 typedef enum
81 {
82 BYADDR,
83 BYNAME
84 } lookup_method;
85
86
87 /* We need this time later. */
88 typedef union querybuf
89 {
90 HEADER hdr;
91 u_char buf[MAXPACKET];
92 } querybuf;
93
94 /* These functions are defined in res_comp.c. */
95 #define NS_MAXCDNAME 255 /* maximum compressed domain name */
96 extern int __ns_name_ntop (const u_char *, char *, size_t) __THROW;
97 extern int __ns_name_unpack (const u_char *, const u_char *,
98 const u_char *, u_char *, size_t) __THROW;
99
100
101 /* Prototypes for local functions. */
102 static enum nss_status getanswer_r (const querybuf *answer, int anslen,
103 struct netent *result, char *buffer,
104 size_t buflen, int *errnop, int *h_errnop,
105 lookup_method net_i);
106
107
108 enum nss_status
109 _nss_dns_getnetbyname_r (const char *name, struct netent *result,
110 char *buffer, size_t buflen, int *errnop,
111 int *herrnop)
112 {
113 /* Return entry for network with NAME. */
114 union
115 {
116 querybuf *buf;
117 u_char *ptr;
118 } net_buffer;
119 querybuf *orig_net_buffer;
120 int anslen;
121 char *qbuf;
122 enum nss_status status;
123
124 if (__res_maybe_init (&_res, 0) == -1)
125 return NSS_STATUS_UNAVAIL;
126
127 qbuf = strdupa (name);
128
129 net_buffer.buf = orig_net_buffer = (querybuf *) alloca (1024);
130
131 anslen = __libc_res_nsearch (&_res, qbuf, C_IN, T_PTR, net_buffer.buf->buf,
132 1024, &net_buffer.ptr, NULL, NULL, NULL, NULL);
133 if (anslen < 0)
134 {
135 /* Nothing found. */
136 *errnop = errno;
137 if (net_buffer.buf != orig_net_buffer)
138 free (net_buffer.buf);
139 return (errno == ECONNREFUSED
140 || errno == EPFNOSUPPORT
141 || errno == EAFNOSUPPORT)
142 ? NSS_STATUS_UNAVAIL : NSS_STATUS_NOTFOUND;
143 }
144
145 status = getanswer_r (net_buffer.buf, anslen, result, buffer, buflen,
146 errnop, herrnop, BYNAME);
147 if (net_buffer.buf != orig_net_buffer)
148 free (net_buffer.buf);
149 return status;
150 }
151
152
153 enum nss_status
154 _nss_dns_getnetbyaddr_r (uint32_t net, int type, struct netent *result,
155 char *buffer, size_t buflen, int *errnop,
156 int *herrnop)
157 {
158 /* Return entry for network with NAME. */
159 enum nss_status status;
160 union
161 {
162 querybuf *buf;
163 u_char *ptr;
164 } net_buffer;
165 querybuf *orig_net_buffer;
166 unsigned int net_bytes[4];
167 char qbuf[MAXDNAME];
168 int cnt, anslen;
169 u_int32_t net2;
170 int olderr = errno;
171
172 /* No net address lookup for IPv6 yet. */
173 if (type != AF_INET)
174 return NSS_STATUS_UNAVAIL;
175
176 if (__res_maybe_init (&_res, 0) == -1)
177 return NSS_STATUS_UNAVAIL;
178
179 net2 = (u_int32_t) net;
180 for (cnt = 4; net2 != 0; net2 >>= 8)
181 net_bytes[--cnt] = net2 & 0xff;
182
183 switch (cnt)
184 {
185 case 3:
186 /* Class A network. */
187 sprintf (qbuf, "0.0.0.%u.in-addr.arpa", net_bytes[3]);
188 break;
189 case 2:
190 /* Class B network. */
191 sprintf (qbuf, "0.0.%u.%u.in-addr.arpa", net_bytes[3], net_bytes[2]);
192 break;
193 case 1:
194 /* Class C network. */
195 sprintf (qbuf, "0.%u.%u.%u.in-addr.arpa", net_bytes[3], net_bytes[2],
196 net_bytes[1]);
197 break;
198 case 0:
199 /* Class D - E network. */
200 sprintf (qbuf, "%u.%u.%u.%u.in-addr.arpa", net_bytes[3], net_bytes[2],
201 net_bytes[1], net_bytes[0]);
202 break;
203 }
204
205 net_buffer.buf = orig_net_buffer = (querybuf *) alloca (1024);
206
207 anslen = __libc_res_nquery (&_res, qbuf, C_IN, T_PTR, net_buffer.buf->buf,
208 1024, &net_buffer.ptr, NULL, NULL, NULL, NULL);
209 if (anslen < 0)
210 {
211 /* Nothing found. */
212 int err = errno;
213 __set_errno (olderr);
214 if (net_buffer.buf != orig_net_buffer)
215 free (net_buffer.buf);
216 return (err == ECONNREFUSED
217 || err == EPFNOSUPPORT
218 || err == EAFNOSUPPORT)
219 ? NSS_STATUS_UNAVAIL : NSS_STATUS_NOTFOUND;
220 }
221
222 status = getanswer_r (net_buffer.buf, anslen, result, buffer, buflen,
223 errnop, herrnop, BYADDR);
224 if (net_buffer.buf != orig_net_buffer)
225 free (net_buffer.buf);
226 if (status == NSS_STATUS_SUCCESS)
227 {
228 /* Strip trailing zeros. */
229 unsigned int u_net = net; /* Maybe net should be unsigned? */
230
231 while ((u_net & 0xff) == 0 && u_net != 0)
232 u_net >>= 8;
233 result->n_net = u_net;
234 }
235
236 return status;
237 }
238
239
240 #undef offsetof
241 #define offsetof(Type, Member) ((size_t) &((Type *) NULL)->Member)
242
243 static enum nss_status
244 getanswer_r (const querybuf *answer, int anslen, struct netent *result,
245 char *buffer, size_t buflen, int *errnop, int *h_errnop,
246 lookup_method net_i)
247 {
248 /*
249 * Find first satisfactory answer
250 *
251 * answer --> +------------+ ( MESSAGE )
252 * | Header |
253 * +------------+
254 * | Question | the question for the name server
255 * +------------+
256 * | Answer | RRs answering the question
257 * +------------+
258 * | Authority | RRs pointing toward an authority
259 * | Additional | RRs holding additional information
260 * +------------+
261 */
262 struct net_data
263 {
264 char *aliases[MAX_NR_ALIASES];
265 char linebuffer[0];
266 } *net_data;
267
268 uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct net_data);
269 buffer += pad;
270
271 if (__glibc_unlikely (buflen < sizeof (*net_data) + pad))
272 {
273 /* The buffer is too small. */
274 too_small:
275 *errnop = ERANGE;
276 *h_errnop = NETDB_INTERNAL;
277 return NSS_STATUS_TRYAGAIN;
278 }
279 buflen -= pad;
280
281 net_data = (struct net_data *) buffer;
282 int linebuflen = buflen - offsetof (struct net_data, linebuffer);
283 if (buflen - offsetof (struct net_data, linebuffer) != linebuflen)
284 linebuflen = INT_MAX;
285 const unsigned char *end_of_message = &answer->buf[anslen];
286 const HEADER *header_pointer = &answer->hdr;
287 /* #/records in the answer section. */
288 int answer_count = ntohs (header_pointer->ancount);
289 /* #/entries in the question section. */
290 int question_count = ntohs (header_pointer->qdcount);
291 char *bp = net_data->linebuffer;
292 const unsigned char *cp = &answer->buf[HFIXEDSZ];
293 char **alias_pointer;
294 int have_answer;
295 u_char packtmp[NS_MAXCDNAME];
296
297 if (question_count == 0)
298 {
299 /* FIXME: the Sun version uses for host name lookup an additional
300 parameter for pointing to h_errno. this is missing here.
301 OSF/1 has a per-thread h_errno variable. */
302 if (header_pointer->aa != 0)
303 {
304 __set_h_errno (HOST_NOT_FOUND);
305 return NSS_STATUS_NOTFOUND;
306 }
307 else
308 {
309 __set_h_errno (TRY_AGAIN);
310 return NSS_STATUS_TRYAGAIN;
311 }
312 }
313
314 /* Skip the question part. */
315 while (question_count-- > 0)
316 {
317 int n = __dn_skipname (cp, end_of_message);
318 if (n < 0 || end_of_message - (cp + n) < QFIXEDSZ)
319 {
320 __set_h_errno (NO_RECOVERY);
321 return NSS_STATUS_UNAVAIL;
322 }
323 cp += n + QFIXEDSZ;
324 }
325
326 alias_pointer = result->n_aliases = &net_data->aliases[0];
327 *alias_pointer = NULL;
328 have_answer = 0;
329
330 while (--answer_count >= 0 && cp < end_of_message)
331 {
332 int n = dn_expand (answer->buf, end_of_message, cp, bp, linebuflen);
333 int type, class;
334
335 n = __ns_name_unpack (answer->buf, end_of_message, cp,
336 packtmp, sizeof packtmp);
337 if (n != -1 && __ns_name_ntop (packtmp, bp, linebuflen) == -1)
338 {
339 if (errno == EMSGSIZE)
340 goto too_small;
341
342 n = -1;
343 }
344
345 if (n > 0 && bp[0] == '.')
346 bp[0] = '\0';
347
348 if (n < 0 || res_dnok (bp) == 0)
349 break;
350 cp += n;
351 GETSHORT (type, cp);
352 GETSHORT (class, cp);
353 cp += INT32SZ; /* TTL */
354 GETSHORT (n, cp);
355
356 if (class == C_IN && type == T_PTR)
357 {
358 n = __ns_name_unpack (answer->buf, end_of_message, cp,
359 packtmp, sizeof packtmp);
360 if (n != -1 && __ns_name_ntop (packtmp, bp, linebuflen) == -1)
361 {
362 if (errno == EMSGSIZE)
363 goto too_small;
364
365 n = -1;
366 }
367
368 if (n < 0 || !res_hnok (bp))
369 {
370 /* XXX What does this mean? The original form from bind
371 returns NULL. Incrementing cp has no effect in any case.
372 What should I return here. ??? */
373 cp += n;
374 return NSS_STATUS_UNAVAIL;
375 }
376 cp += n;
377 if (alias_pointer + 2 < &net_data->aliases[MAX_NR_ALIASES])
378 {
379 *alias_pointer++ = bp;
380 n = strlen (bp) + 1;
381 bp += n;
382 linebuflen -= n;
383 result->n_addrtype = class == C_IN ? AF_INET : AF_UNSPEC;
384 ++have_answer;
385 }
386 }
387 }
388
389 if (have_answer)
390 {
391 *alias_pointer = NULL;
392 switch (net_i)
393 {
394 case BYADDR:
395 result->n_name = *result->n_aliases++;
396 result->n_net = 0L;
397 return NSS_STATUS_SUCCESS;
398
399 case BYNAME:
400 {
401 char **ap;
402 for (ap = result->n_aliases; *ap != NULL; ++ap)
403 {
404 /* Check each alias name for being of the forms:
405 4.3.2.1.in-addr.arpa = net 1.2.3.4
406 3.2.1.in-addr.arpa = net 0.1.2.3
407 2.1.in-addr.arpa = net 0.0.1.2
408 1.in-addr.arpa = net 0.0.0.1
409 */
410 uint32_t val = 0; /* Accumulator for n_net value. */
411 unsigned int shift = 0; /* Which part we are parsing now. */
412 const char *p = *ap; /* Consuming the string. */
413 do
414 {
415 /* Match the leading 0 or 0[xX] base indicator. */
416 unsigned int base = 10;
417 if (*p == '0' && p[1] != '.')
418 {
419 base = 8;
420 ++p;
421 if (*p == 'x' || *p == 'X')
422 {
423 base = 16;
424 ++p;
425 if (*p == '.')
426 break; /* No digit here. Give up on alias. */
427 }
428 if (*p == '\0')
429 break;
430 }
431
432 uint32_t part = 0; /* Accumulates this part's number. */
433 do
434 {
435 if (isdigit (*p) && (*p - '0' < base))
436 part = (part * base) + (*p - '0');
437 else if (base == 16 && isxdigit (*p))
438 part = (part << 4) + 10 + (tolower (*p) - 'a');
439 ++p;
440 } while (*p != '\0' && *p != '.');
441
442 if (*p != '.')
443 break; /* Bad form. Give up on this name. */
444
445 /* Install this as the next more significant byte. */
446 val |= part << shift;
447 shift += 8;
448 ++p;
449
450 /* If we are out of digits now, there are two cases:
451 1. We are done with digits and now see "in-addr.arpa".
452 2. This is not the droid we are looking for. */
453 if (!isdigit (*p) && !strcasecmp (p, "in-addr.arpa"))
454 {
455 result->n_net = val;
456 return NSS_STATUS_SUCCESS;
457 }
458
459 /* Keep going when we have seen fewer than 4 parts. */
460 } while (shift < 32);
461 }
462 }
463 break;
464 }
465 }
466
467 __set_h_errno (TRY_AGAIN);
468 return NSS_STATUS_TRYAGAIN;
469 }
sources.redhat.com git mirror of glibc CVS