search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
tile: Check for pointer add overflow in memchr
[glibc.git] / support / resolv_test.c
blob2d0ea3c17cd1cb62a34b1e0f72c331c22c87cf52
1 /* DNS test framework and libresolv redirection.
2 Copyright (C) 2016-2017 Free Software Foundation, Inc.
3 This file is part of the GNU C Library.
4
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
9
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
14
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, see
17 <http://www.gnu.org/licenses/>. */
18
19 #include <support/resolv_test.h>
20
21 #include <arpa/inet.h>
22 #include <errno.h>
23 #include <fcntl.h>
24 #include <nss.h>
25 #include <resolv.h>
26 #include <search.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <support/check.h>
30 #include <support/namespace.h>
31 #include <support/support.h>
32 #include <support/test-driver.h>
33 #include <support/xsocket.h>
34 #include <support/xthread.h>
35 #include <unistd.h>
36
37 /* Response builder. */
38
39 enum
40 {
41 max_response_length = 65536
42 };
43
44 /* List of pointers to be freed. The hash table implementation
45 (struct hsearch_data) does not provide a way to deallocate all
46 objects, so this approach is used to avoid memory leaks. */
47 struct to_be_freed
48 {
49 struct to_be_freed *next;
50 void *ptr;
51 };
52
53 struct resolv_response_builder
54 {
55 const unsigned char *query_buffer;
56 size_t query_length;
57
58 size_t offset; /* Bytes written so far in buffer. */
59 ns_sect section; /* Current section in the DNS packet. */
60 unsigned int truncate_bytes; /* Bytes to remove at end of response. */
61 bool drop; /* Discard generated response. */
62 bool close; /* Close TCP client connection. */
63
64 /* Offset of the two-byte RDATA length field in the currently
65 written RDATA sub-structure. 0 if no RDATA is being written. */
66 size_t current_rdata_offset;
67
68 /* Hash table for locating targets for label compression. */
69 struct hsearch_data compression_offsets;
70 /* List of pointers which need to be freed. Used for domain names
71 involved in label compression. */
72 struct to_be_freed *to_be_freed;
73
74 /* Must be last. Not zeroed for performance reasons. */
75 unsigned char buffer[max_response_length];
76 };
77
78 /* Response builder. */
79
80 /* Add a pointer to the list of pointers to be freed when B is
81 deallocated. */
82 static void
83 response_push_pointer_to_free (struct resolv_response_builder *b, void *ptr)
84 {
85 if (ptr == NULL)
86 return;
87 struct to_be_freed *e = xmalloc (sizeof (*e));
88 *e = (struct to_be_freed) {b->to_be_freed, ptr};
89 b->to_be_freed = e;
90 }
91
92 void
93 resolv_response_init (struct resolv_response_builder *b,
94 struct resolv_response_flags flags)
95 {
96 if (b->offset > 0)
97 FAIL_EXIT1 ("response_init: called at offset %zu", b->offset);
98 if (b->query_length < 12)
99 FAIL_EXIT1 ("response_init called for a query of size %zu",
100 b->query_length);
101 if (flags.rcode > 15)
102 FAIL_EXIT1 ("response_init: invalid RCODE %u", flags.rcode);
103
104 /* Copy the transaction ID. */
105 b->buffer[0] = b->query_buffer[0];
106 b->buffer[1] = b->query_buffer[1];
107
108 /* Initialize the flags. */
109 b->buffer[2] = 0x80; /* Mark as response. */
110 b->buffer[2] |= b->query_buffer[2] & 0x01; /* Copy the RD bit. */
111 if (flags.tc)
112 b->buffer[2] |= 0x02;
113 b->buffer[3] = 0x80 | flags.rcode; /* Always set RA. */
114
115 /* Fill in the initial section count values. */
116 b->buffer[4] = flags.qdcount >> 8;
117 b->buffer[5] = flags.qdcount;
118 b->buffer[6] = flags.ancount >> 8;
119 b->buffer[7] = flags.ancount;
120 b->buffer[8] = flags.nscount >> 8;
121 b->buffer[9] = flags.nscount;
122 b->buffer[10] = flags.adcount >> 8;
123 b->buffer[11] = flags.adcount;
124
125 b->offset = 12;
126 }
127
128 void
129 resolv_response_section (struct resolv_response_builder *b, ns_sect section)
130 {
131 if (b->offset == 0)
132 FAIL_EXIT1 ("resolv_response_section: response_init not called before");
133 if (section < b->section)
134 FAIL_EXIT1 ("resolv_response_section: cannot go back to previous section");
135 b->section = section;
136 }
137
138 /* Add a single byte to B. */
139 static inline void
140 response_add_byte (struct resolv_response_builder *b, unsigned char ch)
141 {
142 if (b->offset == max_response_length)
143 FAIL_EXIT1 ("DNS response exceeds 64 KiB limit");
144 b->buffer[b->offset] = ch;
145 ++b->offset;
146 }
147
148 /* Add a 16-bit word VAL to B, in big-endian format. */
149 static void
150 response_add_16 (struct resolv_response_builder *b, uint16_t val)
151 {
152 response_add_byte (b, val >> 8);
153 response_add_byte (b, val);
154 }
155
156 /* Increment the pers-section record counter in the packet header. */
157 static void
158 response_count_increment (struct resolv_response_builder *b)
159 {
160 unsigned int offset = b->section;
161 offset = 4 + 2 * offset;
162 ++b->buffer[offset + 1];
163 if (b->buffer[offset + 1] == 0)
164 {
165 /* Carry. */
166 ++b->buffer[offset];
167 if (b->buffer[offset] == 0)
168 /* Overflow. */
169 FAIL_EXIT1 ("too many records in section");
170 }
171 }
172
173 void
174 resolv_response_add_question (struct resolv_response_builder *b,
175 const char *name, uint16_t class, uint16_t type)
176 {
177 if (b->offset == 0)
178 FAIL_EXIT1 ("resolv_response_add_question: "
179 "resolv_response_init not called");
180 if (b->section != ns_s_qd)
181 FAIL_EXIT1 ("resolv_response_add_question: "
182 "must be called in the question section");
183
184 resolv_response_add_name (b, name);
185 response_add_16 (b, type);
186 response_add_16 (b, class);
187
188 response_count_increment (b);
189 }
190
191 void
192 resolv_response_add_name (struct resolv_response_builder *b,
193 const char *const origname)
194 {
195 /* Normalized name. */
196 char *name;
197 /* Normalized name with case preserved. */
198 char *name_case;
199 {
200 size_t namelen = strlen (origname);
201 /* Remove trailing dots. FIXME: Handle trailing quoted dots. */
202 while (namelen > 0 && origname[namelen - 1] == '.')
203 --namelen;
204 name = xmalloc (namelen + 1);
205 name_case = xmalloc (namelen + 1);
206 /* Copy and convert to lowercase. FIXME: This needs to normalize
207 escaping as well. */
208 for (size_t i = 0; i < namelen; ++i)
209 {
210 char ch = origname[i];
211 name_case[i] = ch;
212 if ('A' <= ch && ch <= 'Z')
213 ch = ch - 'A' + 'a';
214 name[i] = ch;
215 }
216 name[namelen] = 0;
217 name_case[namelen] = 0;
218 }
219 char *name_start = name;
220 char *name_case_start = name_case;
221
222 bool compression = false;
223 while (*name)
224 {
225 /* Search for a previous name we can reference. */
226 ENTRY new_entry =
227 {
228 .key = name,
229 .data = (void *) (uintptr_t) b->offset,
230 };
231
232 /* If the label can be a compression target because it is at a
233 reachable offset, add it to the hash table. */
234 ACTION action;
235 if (b->offset < (1 << 12))
236 action = ENTER;
237 else
238 action = FIND;
239
240 /* Search for known compression offsets in the hash table. */
241 ENTRY *e;
242 if (hsearch_r (new_entry, action, &e, &b->compression_offsets) == 0)
243 {
244 if (action == FIND && errno == ESRCH)
245 /* Fall through. */
246 e = NULL;
247 else
248 FAIL_EXIT1 ("hsearch_r failure in name compression: %m");
249 }
250
251 /* The name is known. Reference the previous location. */
252 if (e != NULL && e->data != new_entry.data)
253 {
254 size_t old_offset = (uintptr_t) e->data;
255 response_add_byte (b, 0xC0 | (old_offset >> 8));
256 response_add_byte (b, old_offset);
257 compression = true;
258 break;
259 }
260
261 /* The name does not exist yet. Write one label. First, add
262 room for the label length. */
263 size_t buffer_label_offset = b->offset;
264 response_add_byte (b, 0);
265
266 /* Copy the label. */
267 while (true)
268 {
269 char ch = *name_case;
270 if (ch == '\0')
271 break;
272 ++name;
273 ++name_case;
274 if (ch == '.')
275 break;
276 /* FIXME: Handle escaping. */
277 response_add_byte (b, ch);
278 }
279
280 /* Patch in the label length. */
281 size_t label_length = b->offset - buffer_label_offset - 1;
282 if (label_length == 0)
283 FAIL_EXIT1 ("empty label in name compression: %s", origname);
284 if (label_length > 63)
285 FAIL_EXIT1 ("label too long in name compression: %s", origname);
286 b->buffer[buffer_label_offset] = label_length;
287
288 /* Continue with the tail of the name and the next label. */
289 }
290
291 if (compression)
292 {
293 /* If we found an immediate match for the name, we have not put
294 it into the hash table, and can free it immediately. */
295 if (name == name_start)
296 free (name_start);
297 else
298 response_push_pointer_to_free (b, name_start);
299 }
300 else
301 {
302 /* Terminate the sequence of labels. With compression, this is
303 implicit in the compression reference. */
304 response_add_byte (b, 0);
305 response_push_pointer_to_free (b, name_start);
306 }
307
308 free (name_case_start);
309 }
310
311 void
312 resolv_response_open_record (struct resolv_response_builder *b,
313 const char *name,
314 uint16_t class, uint16_t type, uint32_t ttl)
315 {
316 if (b->section == ns_s_qd)
317 FAIL_EXIT1 ("resolv_response_open_record called in question section");
318 if (b->current_rdata_offset != 0)
319 FAIL_EXIT1 ("resolv_response_open_record called with open record");
320
321 resolv_response_add_name (b, name);
322 response_add_16 (b, type);
323 response_add_16 (b, class);
324 response_add_16 (b, ttl >> 16);
325 response_add_16 (b, ttl);
326
327 b->current_rdata_offset = b->offset;
328 /* Add room for the RDATA length. */
329 response_add_16 (b, 0);
330 }
331
332
333 void
334 resolv_response_close_record (struct resolv_response_builder *b)
335 {
336 size_t rdata_offset = b->current_rdata_offset;
337 if (rdata_offset == 0)
338 FAIL_EXIT1 ("response_close_record called without open record");
339 size_t rdata_length = b->offset - rdata_offset - 2;
340 if (rdata_length > 65535)
341 FAIL_EXIT1 ("RDATA length %zu exceeds limit", rdata_length);
342 b->buffer[rdata_offset] = rdata_length >> 8;
343 b->buffer[rdata_offset + 1] = rdata_length;
344 response_count_increment (b);
345 b->current_rdata_offset = 0;
346 }
347
348 void
349 resolv_response_add_data (struct resolv_response_builder *b,
350 const void *data, size_t length)
351 {
352 size_t remaining = max_response_length - b->offset;
353 if (remaining < length)
354 FAIL_EXIT1 ("resolv_response_add_data: not enough room for %zu bytes",
355 length);
356 memcpy (b->buffer + b->offset, data, length);
357 b->offset += length;
358 }
359
360 void
361 resolv_response_drop (struct resolv_response_builder *b)
362 {
363 b->drop = true;
364 }
365
366 void
367 resolv_response_close (struct resolv_response_builder *b)
368 {
369 b->close = true;
370 }
371
372 void
373 resolv_response_truncate_data (struct resolv_response_builder *b, size_t count)
374 {
375 if (count > 65535)
376 FAIL_EXIT1 ("resolv_response_truncate_data: argument too large: %zu",
377 count);
378 b->truncate_bytes = count;
379 }
380
381
382 size_t
383 resolv_response_length (const struct resolv_response_builder *b)
384 {
385 return b->offset;
386 }
387
388 unsigned char *
389 resolv_response_buffer (const struct resolv_response_builder *b)
390 {
391 unsigned char *result = xmalloc (b->offset);
392 memcpy (result, b->buffer, b->offset);
393 return result;
394 }
395
396 static struct resolv_response_builder *
397 response_builder_allocate
398 (const unsigned char *query_buffer, size_t query_length)
399 {
400 struct resolv_response_builder *b = xmalloc (sizeof (*b));
401 memset (b, 0, offsetof (struct resolv_response_builder, buffer));
402 b->query_buffer = query_buffer;
403 b->query_length = query_length;
404 TEST_VERIFY_EXIT (hcreate_r (10000, &b->compression_offsets) != 0);
405 return b;
406 }
407
408 static void
409 response_builder_free (struct resolv_response_builder *b)
410 {
411 struct to_be_freed *current = b->to_be_freed;
412 while (current != NULL)
413 {
414 struct to_be_freed *next = current->next;
415 free (current->ptr);
416 free (current);
417 current = next;
418 }
419 hdestroy_r (&b->compression_offsets);
420 free (b);
421 }
422
423 /* DNS query processing. */
424
425 /* Data extracted from the question section of a DNS packet. */
426 struct query_info
427 {
428 char qname[MAXDNAME];
429 uint16_t qclass;
430 uint16_t qtype;
431 };
432
433 /* Update *INFO from the specified DNS packet. */
434 static void
435 parse_query (struct query_info *info,
436 const unsigned char *buffer, size_t length)
437 {
438 if (length < 12)
439 FAIL_EXIT1 ("malformed DNS query: too short: %zu bytes", length);
440
441 int ret = dn_expand (buffer, buffer + length, buffer + 12,
442 info->qname, sizeof (info->qname));
443 if (ret < 0)
444 FAIL_EXIT1 ("malformed DNS query: cannot uncompress QNAME");
445
446 /* Obtain QTYPE and QCLASS. */
447 size_t remaining = length - (12 + ret);
448 struct
449 {
450 uint16_t qtype;
451 uint16_t qclass;
452 } qtype_qclass;
453 if (remaining < sizeof (qtype_qclass))
454 FAIL_EXIT1 ("malformed DNS query: "
455 "query lacks QCLASS/QTYPE, QNAME: %s", info->qname);
456 memcpy (&qtype_qclass, buffer + 12 + ret, sizeof (qtype_qclass));
457 info->qclass = ntohs (qtype_qclass.qclass);
458 info->qtype = ntohs (qtype_qclass.qtype);
459 }
460
461
462 /* Main testing framework. */
463
464 /* Per-server information. One struct is allocated for each test
465 server. */
466 struct resolv_test_server
467 {
468 /* Local address of the server. UDP and TCP use the same port. */
469 struct sockaddr_in address;
470
471 /* File descriptor of the UDP server, or -1 if this server is
472 disabled. */
473 int socket_udp;
474
475 /* File descriptor of the TCP server, or -1 if this server is
476 disabled. */
477 int socket_tcp;
478
479 /* Counter of the number of responses processed so far. */
480 size_t response_number;
481
482 /* Thread handles for the server threads (if not disabled in the
483 configuration). */
484 pthread_t thread_udp;
485 pthread_t thread_tcp;
486 };
487
488 /* Main struct for keeping track of libresolv redirection and
489 testing. */
490 struct resolv_test
491 {
492 /* After initialization, any access to the struct must be performed
493 while this lock is acquired. */
494 pthread_mutex_t lock;
495
496 /* Data for each test server. */
497 struct resolv_test_server servers[resolv_max_test_servers];
498
499 /* Used if config.single_thread_udp is true. */
500 pthread_t thread_udp_single;
501
502 struct resolv_redirect_config config;
503 bool termination_requested;
504 };
505
506 /* Function implementing a server thread. */
507 typedef void (*thread_callback) (struct resolv_test *, int server_index);
508
509 /* Storage for thread-specific data, for passing to the
510 thread_callback function. */
511 struct thread_closure
512 {
513 struct resolv_test *obj; /* Current test object. */
514 thread_callback callback; /* Function to call. */
515 int server_index; /* Index of the implemented server. */
516 };
517
518 /* Wrap response_callback as a function which can be passed to
519 pthread_create. */
520 static void *
521 thread_callback_wrapper (void *arg)
522 {
523 struct thread_closure *closure = arg;
524 closure->callback (closure->obj, closure->server_index);
525 free (closure);
526 return NULL;
527 }
528
529 /* Start a server thread for the specified SERVER_INDEX, implemented
530 by CALLBACK. */
531 static pthread_t
532 start_server_thread (struct resolv_test *obj, int server_index,
533 thread_callback callback)
534 {
535 struct thread_closure *closure = xmalloc (sizeof (*closure));
536 *closure = (struct thread_closure)
537 {
538 .obj = obj,
539 .callback = callback,
540 .server_index = server_index,
541 };
542 return xpthread_create (NULL, thread_callback_wrapper, closure);
543 }
544
545 /* Process one UDP query. Return false if a termination requested has
546 been detected. */
547 static bool
548 server_thread_udp_process_one (struct resolv_test *obj, int server_index)
549 {
550 unsigned char query[512];
551 struct sockaddr_storage peer;
552 socklen_t peerlen = sizeof (peer);
553 size_t length = xrecvfrom (obj->servers[server_index].socket_udp,
554 query, sizeof (query), 0,
555 (struct sockaddr *) &peer, &peerlen);
556 /* Check for termination. */
557 {
558 bool termination_requested;
559 xpthread_mutex_lock (&obj->lock);
560 termination_requested = obj->termination_requested;
561 xpthread_mutex_unlock (&obj->lock);
562 if (termination_requested)
563 return false;
564 }
565
566
567 struct query_info qinfo;
568 parse_query (&qinfo, query, length);
569 if (test_verbose > 0)
570 {
571 if (test_verbose > 1)
572 printf ("info: UDP server %d: incoming query:"
573 " %zd bytes, %s/%u/%u, tnxid=0x%02x%02x\n",
574 server_index, length, qinfo.qname, qinfo.qclass, qinfo.qtype,
575 query[0], query[1]);
576 else
577 printf ("info: UDP server %d: incoming query:"
578 " %zd bytes, %s/%u/%u\n",
579 server_index, length, qinfo.qname, qinfo.qclass, qinfo.qtype);
580 }
581
582 struct resolv_response_context ctx =
583 {
584 .query_buffer = query,
585 .query_length = length,
586 .server_index = server_index,
587 .tcp = false,
588 };
589 struct resolv_response_builder *b = response_builder_allocate (query, length);
590 obj->config.response_callback
591 (&ctx, b, qinfo.qname, qinfo.qclass, qinfo.qtype);
592
593 if (b->drop)
594 {
595 if (test_verbose)
596 printf ("info: UDP server %d: dropping response to %s/%u/%u\n",
597 server_index, qinfo.qname, qinfo.qclass, qinfo.qtype);
598 }
599 else
600 {
601 if (test_verbose)
602 {
603 if (b->offset >= 12)
604 printf ("info: UDP server %d: sending response:"
605 " %zu bytes, RCODE %d (for %s/%u/%u)\n",
606 server_index, b->offset, b->buffer[3] & 0x0f,
607 qinfo.qname, qinfo.qclass, qinfo.qtype);
608 else
609 printf ("info: UDP server %d: sending response: %zu bytes"
610 " (for %s/%u/%u)\n",
611 server_index, b->offset,
612 qinfo.qname, qinfo.qclass, qinfo.qtype);
613 if (b->truncate_bytes > 0)
614 printf ("info: truncated by %u bytes\n", b->truncate_bytes);
615 }
616 size_t to_send = b->offset;
617 if (to_send < b->truncate_bytes)
618 to_send = 0;
619 else
620 to_send -= b->truncate_bytes;
621
622 /* Ignore most errors here because the other end may have closed
623 the socket. */
624 if (sendto (obj->servers[server_index].socket_udp,
625 b->buffer, to_send, 0,
626 (struct sockaddr *) &peer, peerlen) < 0)
627 TEST_VERIFY_EXIT (errno != EBADF);
628 }
629 response_builder_free (b);
630 return true;
631 }
632
633 /* UDP thread_callback function. Variant for one thread per
634 server. */
635 static void
636 server_thread_udp (struct resolv_test *obj, int server_index)
637 {
638 while (server_thread_udp_process_one (obj, server_index))
639 ;
640 }
641
642 /* Single-threaded UDP processing function, for the single_thread_udp
643 case. */
644 static void *
645 server_thread_udp_single (void *closure)
646 {
647 struct resolv_test *obj = closure;
648
649 struct pollfd fds[resolv_max_test_servers];
650 for (int server_index = 0; server_index < resolv_max_test_servers;
651 ++server_index)
652 if (obj->config.servers[server_index].disable_udp)
653 fds[server_index] = (struct pollfd) {.fd = -1};
654 else
655 {
656 fds[server_index] = (struct pollfd)
657 {
658 .fd = obj->servers[server_index].socket_udp,
659 .events = POLLIN
660 };
661
662 /* Make the socket non-blocking. */
663 int flags = fcntl (obj->servers[server_index].socket_udp, F_GETFL, 0);
664 if (flags < 0)
665 FAIL_EXIT1 ("fcntl (F_GETFL): %m");
666 flags |= O_NONBLOCK;
667 if (fcntl (obj->servers[server_index].socket_udp, F_SETFL, flags) < 0)
668 FAIL_EXIT1 ("fcntl (F_SETFL): %m");
669 }
670
671 while (true)
672 {
673 xpoll (fds, resolv_max_test_servers, -1);
674 for (int server_index = 0; server_index < resolv_max_test_servers;
675 ++server_index)
676 if (fds[server_index].revents != 0)
677 {
678 if (!server_thread_udp_process_one (obj, server_index))
679 goto out;
680 fds[server_index].revents = 0;
681 }
682 }
683
684 out:
685 return NULL;
686 }
687
688 /* Start the single UDP handler thread (for the single_thread_udp
689 case). */
690 static void
691 start_server_thread_udp_single (struct resolv_test *obj)
692 {
693 obj->thread_udp_single
694 = xpthread_create (NULL, server_thread_udp_single, obj);
695 }
696
697 /* Data describing a TCP client connect. */
698 struct tcp_thread_closure
699 {
700 struct resolv_test *obj;
701 int server_index;
702 int client_socket;
703 };
704
705 /* Read a complete DNS query packet. If EOF_OK, an immediate
706 end-of-file condition is acceptable. */
707 static bool
708 read_fully (int fd, void *buf, size_t len, bool eof_ok)
709 {
710 const void *const end = buf + len;
711 while (buf < end)
712 {
713 ssize_t ret = read (fd, buf, end - buf);
714 if (ret == 0)
715 {
716 if (!eof_ok)
717 {
718 support_record_failure ();
719 printf ("error: unexpected EOF on TCP connection\n");
720 }
721 return false;
722 }
723 else if (ret < 0)
724 {
725 if (!eof_ok || errno != ECONNRESET)
726 {
727 support_record_failure ();
728 printf ("error: TCP read: %m\n");
729 }
730 return false;
731 }
732 buf += ret;
733 eof_ok = false;
734 }
735 return true;
736 }
737
738 /* Write an array of iovecs. Terminate the process on failure. */
739 static void
740 writev_fully (int fd, struct iovec *buffers, size_t count)
741 {
742 while (count > 0)
743 {
744 /* Skip zero-length write requests. */
745 if (buffers->iov_len == 0)
746 {
747 ++buffers;
748 --count;
749 continue;
750 }
751 /* Try to rewrite the remaing buffers. */
752 ssize_t ret = writev (fd, buffers, count);
753 if (ret < 0)
754 FAIL_EXIT1 ("writev: %m");
755 if (ret == 0)
756 FAIL_EXIT1 ("writev: invalid return value zero");
757 /* Find the buffers that were successfully written. */
758 while (ret > 0)
759 {
760 if (count == 0)
761 FAIL_EXIT1 ("internal writev consistency failure");
762 /* Current buffer was partially written. */
763 if (buffers->iov_len > (size_t) ret)
764 {
765 buffers->iov_base += ret;
766 buffers->iov_len -= ret;
767 ret = 0;
768 }
769 else
770 {
771 ret -= buffers->iov_len;
772 buffers->iov_len = 0;
773 ++buffers;
774 --count;
775 }
776 }
777 }
778 }
779
780 /* Thread callback for handling a single established TCP connection to
781 a client. */
782 static void *
783 server_thread_tcp_client (void *arg)
784 {
785 struct tcp_thread_closure *closure = arg;
786
787 while (true)
788 {
789 /* Read packet length. */
790 uint16_t query_length;
791 if (!read_fully (closure->client_socket,
792 &query_length, sizeof (query_length), true))
793 break;
794 query_length = ntohs (query_length);
795
796 /* Read the packet. */
797 unsigned char *query_buffer = xmalloc (query_length);
798 read_fully (closure->client_socket, query_buffer, query_length, false);
799
800 struct query_info qinfo;
801 parse_query (&qinfo, query_buffer, query_length);
802 if (test_verbose > 0)
803 {
804 if (test_verbose > 1)
805 printf ("info: UDP server %d: incoming query:"
806 " %d bytes, %s/%u/%u, tnxid=0x%02x%02x\n",
807 closure->server_index, query_length,
808 qinfo.qname, qinfo.qclass, qinfo.qtype,
809 query_buffer[0], query_buffer[1]);
810 else
811 printf ("info: TCP server %d: incoming query:"
812 " %u bytes, %s/%u/%u\n",
813 closure->server_index, query_length,
814 qinfo.qname, qinfo.qclass, qinfo.qtype);
815 }
816
817 struct resolv_response_context ctx =
818 {
819 .query_buffer = query_buffer,
820 .query_length = query_length,
821 .server_index = closure->server_index,
822 .tcp = true,
823 };
824 struct resolv_response_builder *b = response_builder_allocate
825 (query_buffer, query_length);
826 closure->obj->config.response_callback
827 (&ctx, b, qinfo.qname, qinfo.qclass, qinfo.qtype);
828
829 if (b->drop)
830 {
831 if (test_verbose)
832 printf ("info: TCP server %d: dropping response to %s/%u/%u\n",
833 closure->server_index,
834 qinfo.qname, qinfo.qclass, qinfo.qtype);
835 }
836 else
837 {
838 if (test_verbose)
839 printf ("info: TCP server %d: sending response: %zu bytes"
840 " (for %s/%u/%u)\n",
841 closure->server_index, b->offset,
842 qinfo.qname, qinfo.qclass, qinfo.qtype);
843 uint16_t length = htons (b->offset);
844 size_t to_send = b->offset;
845 if (to_send < b->truncate_bytes)
846 to_send = 0;
847 else
848 to_send -= b->truncate_bytes;
849 struct iovec buffers[2] =
850 {
851 {&length, sizeof (length)},
852 {b->buffer, to_send}
853 };
854 writev_fully (closure->client_socket, buffers, 2);
855 }
856 bool close_flag = b->close;
857 response_builder_free (b);
858 free (query_buffer);
859 if (close_flag)
860 break;
861 }
862
863 close (closure->client_socket);
864 free (closure);
865 return NULL;
866 }
867
868 /* thread_callback for the TCP case. Accept connections and create a
869 new thread for each client. */
870 static void
871 server_thread_tcp (struct resolv_test *obj, int server_index)
872 {
873 while (true)
874 {
875 /* Get the client conenction. */
876 int client_socket = xaccept
877 (obj->servers[server_index].socket_tcp, NULL, NULL);
878
879 /* Check for termination. */
880 xpthread_mutex_lock (&obj->lock);
881 if (obj->termination_requested)
882 {
883 xpthread_mutex_unlock (&obj->lock);
884 close (client_socket);
885 break;
886 }
887 xpthread_mutex_unlock (&obj->lock);
888
889 /* Spawn a new thread for handling this connection. */
890 struct tcp_thread_closure *closure = xmalloc (sizeof (*closure));
891 *closure = (struct tcp_thread_closure)
892 {
893 .obj = obj,
894 .server_index = server_index,
895 .client_socket = client_socket,
896 };
897
898 pthread_t thr
899 = xpthread_create (NULL, server_thread_tcp_client, closure);
900 /* TODO: We should keep track of this thread so that we can
901 block in resolv_test_end until it has exited. */
902 xpthread_detach (thr);
903 }
904 }
905
906 /* Create UDP and TCP server sockets. */
907 static void
908 make_server_sockets (struct resolv_test_server *server)
909 {
910 while (true)
911 {
912 server->socket_udp = xsocket (AF_INET, SOCK_DGRAM, IPPROTO_UDP);
913 server->socket_tcp = xsocket (AF_INET, SOCK_STREAM, IPPROTO_TCP);
914
915 /* Pick the address for the UDP socket. */
916 server->address = (struct sockaddr_in)
917 {
918 .sin_family = AF_INET,
919 .sin_addr = {.s_addr = htonl (INADDR_LOOPBACK)}
920 };
921 xbind (server->socket_udp,
922 (struct sockaddr *)&server->address, sizeof (server->address));
923
924 /* Retrieve the address. */
925 socklen_t addrlen = sizeof (server->address);
926 xgetsockname (server->socket_udp,
927 (struct sockaddr *)&server->address, &addrlen);
928
929 /* Bind the TCP socket to the same address. */
930 {
931 int on = 1;
932 xsetsockopt (server->socket_tcp, SOL_SOCKET, SO_REUSEADDR,
933 &on, sizeof (on));
934 }
935 if (bind (server->socket_tcp,
936 (struct sockaddr *)&server->address,
937 sizeof (server->address)) != 0)
938 {
939 /* Port collision. The UDP bind succeeded, but the TCP BIND
940 failed. We assume here that the kernel will pick the
941 next local UDP address randomly. */
942 if (errno == EADDRINUSE)
943 {
944 close (server->socket_udp);
945 close (server->socket_tcp);
946 continue;
947 }
948 FAIL_EXIT1 ("TCP bind: %m");
949 }
950 xlisten (server->socket_tcp, 5);
951 break;
952 }
953 }
954
955 /* One-time initialization of NSS. */
956 static void
957 resolv_redirect_once (void)
958 {
959 /* Only use nss_dns. */
960 __nss_configure_lookup ("hosts", "dns");
961 __nss_configure_lookup ("networks", "dns");
962 /* Enter a network namespace for isolation and firewall state
963 cleanup. The tests will still work if these steps fail, but they
964 may be less reliable. */
965 support_become_root ();
966 support_enter_network_namespace ();
967 }
968 pthread_once_t resolv_redirect_once_var = PTHREAD_ONCE_INIT;
969
970 void
971 resolv_test_init (void)
972 {
973 /* Perform one-time initialization of NSS. */
974 xpthread_once (&resolv_redirect_once_var, resolv_redirect_once);
975 }
976
977 /* Copy the search path from CONFIG.search to the _res object. */
978 static void
979 set_search_path (struct resolv_redirect_config config)
980 {
981 memset (_res.defdname, 0, sizeof (_res.defdname));
982 memset (_res.dnsrch, 0, sizeof (_res.dnsrch));
983
984 char *current = _res.defdname;
985 char *end = current + sizeof (_res.defdname);
986
987 for (unsigned int i = 0;
988 i < sizeof (config.search) / sizeof (config.search[0]); ++i)
989 {
990 if (config.search[i] == NULL)
991 continue;
992
993 size_t length = strlen (config.search[i]) + 1;
994 size_t remaining = end - current;
995 TEST_VERIFY_EXIT (length <= remaining);
996 memcpy (current, config.search[i], length);
997 _res.dnsrch[i] = current;
998 current += length;
999 }
1000 }
1001
1002 struct resolv_test *
1003 resolv_test_start (struct resolv_redirect_config config)
1004 {
1005 /* Apply configuration defaults. */
1006 if (config.nscount == 0)
1007 config.nscount = resolv_max_test_servers;
1008
1009 struct resolv_test *obj = xmalloc (sizeof (*obj));
1010 *obj = (struct resolv_test) {
1011 .config = config,
1012 .lock = PTHREAD_MUTEX_INITIALIZER,
1013 };
1014
1015 resolv_test_init ();
1016
1017 /* Create all the servers, to reserve the necessary ports. */
1018 for (int server_index = 0; server_index < config.nscount; ++server_index)
1019 make_server_sockets (obj->servers + server_index);
1020
1021 /* Start server threads. Disable the server ports, as
1022 requested. */
1023 for (int server_index = 0; server_index < config.nscount; ++server_index)
1024 {
1025 struct resolv_test_server *server = obj->servers + server_index;
1026 if (config.servers[server_index].disable_udp)
1027 {
1028 close (server->socket_udp);
1029 server->socket_udp = -1;
1030 }
1031 else if (!config.single_thread_udp)
1032 server->thread_udp = start_server_thread (obj, server_index,
1033 server_thread_udp);
1034 if (config.servers[server_index].disable_tcp)
1035 {
1036 close (server->socket_tcp);
1037 server->socket_tcp = -1;
1038 }
1039 else
1040 server->thread_tcp = start_server_thread (obj, server_index,
1041 server_thread_tcp);
1042 }
1043 if (config.single_thread_udp)
1044 start_server_thread_udp_single (obj);
1045
1046 int timeout = 1;
1047
1048 /* Initialize libresolv. */
1049 TEST_VERIFY_EXIT (res_init () == 0);
1050
1051 /* Disable IPv6 name server addresses. The code below only
1052 overrides the IPv4 addresses. */
1053 __res_iclose (&_res, true);
1054 _res._u._ext.nscount = 0;
1055
1056 /* Redirect queries to the server socket. */
1057 if (test_verbose)
1058 {
1059 printf ("info: old timeout value: %d\n", _res.retrans);
1060 printf ("info: old retry attempt value: %d\n", _res.retry);
1061 printf ("info: old _res.options: 0x%lx\n", _res.options);
1062 printf ("info: old _res.nscount value: %d\n", _res.nscount);
1063 printf ("info: old _res.ndots value: %d\n", _res.ndots);
1064 }
1065 _res.retrans = timeout;
1066 _res.retry = 4;
1067 _res.nscount = config.nscount;
1068 _res.options = RES_INIT | RES_RECURSE | RES_DEFNAMES | RES_DNSRCH;
1069 _res.ndots = 1;
1070 if (test_verbose)
1071 {
1072 printf ("info: new timeout value: %d\n", _res.retrans);
1073 printf ("info: new retry attempt value: %d\n", _res.retry);
1074 printf ("info: new _res.options: 0x%lx\n", _res.options);
1075 printf ("info: new _res.nscount value: %d\n", _res.nscount);
1076 printf ("info: new _res.ndots value: %d\n", _res.ndots);
1077 }
1078 for (int server_index = 0; server_index < config.nscount; ++server_index)
1079 {
1080 _res.nsaddr_list[server_index] = obj->servers[server_index].address;
1081 if (test_verbose)
1082 {
1083 char buf[256];
1084 TEST_VERIFY_EXIT
1085 (inet_ntop (AF_INET, &obj->servers[server_index].address.sin_addr,
1086 buf, sizeof (buf)) != NULL);
1087 printf ("info: server %d: %s/%u\n",
1088 server_index, buf,
1089 htons (obj->servers[server_index].address.sin_port));
1090 }
1091 }
1092
1093 set_search_path (config);
1094
1095 return obj;
1096 }
1097
1098 void
1099 resolv_test_end (struct resolv_test *obj)
1100 {
1101 res_close ();
1102
1103 xpthread_mutex_lock (&obj->lock);
1104 obj->termination_requested = true;
1105 xpthread_mutex_unlock (&obj->lock);
1106
1107 /* Send trigger packets to unblock the server threads. */
1108 for (int server_index = 0; server_index < obj->config.nscount;
1109 ++server_index)
1110 {
1111 if (!obj->config.servers[server_index].disable_udp)
1112 {
1113 int sock = xsocket (AF_INET, SOCK_DGRAM, IPPROTO_UDP);
1114 xsendto (sock, "", 1, 0,
1115 (struct sockaddr *) &obj->servers[server_index].address,
1116 sizeof (obj->servers[server_index].address));
1117 close (sock);
1118 }
1119 if (!obj->config.servers[server_index].disable_tcp)
1120 {
1121 int sock = xsocket (AF_INET, SOCK_STREAM, IPPROTO_TCP);
1122 xconnect (sock,
1123 (struct sockaddr *) &obj->servers[server_index].address,
1124 sizeof (obj->servers[server_index].address));
1125 close (sock);
1126 }
1127 }
1128
1129 if (obj->config.single_thread_udp)
1130 xpthread_join (obj->thread_udp_single);
1131
1132 /* Wait for the server threads to terminate. */
1133 for (int server_index = 0; server_index < obj->config.nscount;
1134 ++server_index)
1135 {
1136 if (!obj->config.servers[server_index].disable_udp)
1137 {
1138 if (!obj->config.single_thread_udp)
1139 xpthread_join (obj->servers[server_index].thread_udp);
1140 close (obj->servers[server_index].socket_udp);
1141 }
1142 if (!obj->config.servers[server_index].disable_tcp)
1143 {
1144 xpthread_join (obj->servers[server_index].thread_tcp);
1145 close (obj->servers[server_index].socket_tcp);
1146 }
1147 }
1148
1149 free (obj);
1150 }
sources.redhat.com git mirror of glibc CVS