rtems/rtems-libbsd
1
0
Fork 0
mirror of https://git.rtems.org/rtems-libbsd/ synced 2025-10-15 23:12:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

mDNSResponder: Update to v878.240.1

Browse Source 
The sources can be obtained via:

https://opensource.apple.com/tarballs/mDNSResponder/mDNSResponder-878.240.1.tar.gz

Update #4010.
This commit is contained in:
Sebastian Huber
2020-06-18 13:10:44 +02:00
parent b96778b363
commit 4af311eaa7
7 changed files with 47 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
mDNSResponder/Makefile
View File

@@ -17,7 +17,7 @@
include $(MAKEFILEPATH)/pb_makefiles/platform.make include $(MAKEFILEPATH)/pb_makefiles/platform.make
MVERS = "mDNSResponder-878.230.2" MVERS = "mDNSResponder-878.240.1"
VER = VER =
ifneq ($(strip $(GCC_VERSION)),) ifneq ($(strip $(GCC_VERSION)),)

4
mDNSResponder/mDNSCore/DNSCommon.c
View File

@@ -3467,8 +3467,8 @@ mDNSexport const mDNSu8 *GetLargeResourceRecord(mDNS *const m, const DNSMessage
rr->resrec.rrtype = (mDNSu16) ((mDNSu16)ptr[0] << 8 | ptr[1]); rr->resrec.rrtype = (mDNSu16) ((mDNSu16)ptr[0] << 8 | ptr[1]);
rr->resrec.rrclass = (mDNSu16)(((mDNSu16)ptr[2] << 8 | ptr[3]) & kDNSClass_Mask); rr->resrec.rrclass = (mDNSu16)(((mDNSu16)ptr[2] << 8 | ptr[3]) & kDNSClass_Mask);
rr->resrec.rroriginalttl = (mDNSu32) ((mDNSu32)ptr[4] << 24 | (mDNSu32)ptr[5] << 16 | (mDNSu32)ptr[6] << 8 | ptr[7]); rr->resrec.rroriginalttl = (mDNSu32) ((mDNSu32)ptr[4] << 24 | (mDNSu32)ptr[5] << 16 | (mDNSu32)ptr[6] << 8 | ptr[7]);
if (rr->resrec.rroriginalttl > 0x70000000UL / mDNSPlatformOneSecond && (mDNSs32)rr->resrec.rroriginalttl != -1) if (rr->resrec.rroriginalttl > mDNSMaximumTTLSeconds && (mDNSs32)rr->resrec.rroriginalttl != -1)
rr->resrec.rroriginalttl = 0x70000000UL / mDNSPlatformOneSecond; rr->resrec.rroriginalttl = mDNSMaximumTTLSeconds;
// Note: We don't have to adjust m->NextCacheCheck here -- this is just getting a record into memory for // Note: We don't have to adjust m->NextCacheCheck here -- this is just getting a record into memory for
// us to look at. If we decide to copy it into the cache, then we'll update m->NextCacheCheck accordingly. // us to look at. If we decide to copy it into the cache, then we'll update m->NextCacheCheck accordingly.
pktrdlength = (mDNSu16)((mDNSu16)ptr[8] << 8 | ptr[9]); pktrdlength = (mDNSu16)((mDNSu16)ptr[8] << 8 | ptr[9]);

7
mDNSResponder/mDNSCore/DNSCommon.h
View File

@@ -111,6 +111,13 @@ extern mDNSu32 mDNSRandom(mDNSu32 max); // Returns pseudo-random result from
#define mDNSIsLowerCase(X) ((X) >= 'a' && (X) <= 'z') #define mDNSIsLowerCase(X) ((X) >= 'a' && (X) <= 'z')
#define mDNSIsLetter(X) (mDNSIsUpperCase(X) || mDNSIsLowerCase(X)) #define mDNSIsLetter(X) (mDNSIsUpperCase(X) || mDNSIsLowerCase(X))
// We believe we have adequate safeguards to protect against cache poisoning.
// In the event that someone does find a workable cache poisoning attack, we want to limit the lifetime of the poisoned entry.
// We set the maximum allowable TTL to one hour.
// With the 25% correction factor to avoid the DNS Zeno's paradox bug, that gives us an actual maximum lifetime of 75 minutes.
#define mDNSMaximumTTLSeconds (mDNSu32)3600
#define mDNSValidHostChar(X, notfirst, notlast) (mDNSIsLetter(X) || mDNSIsDigit(X) || ((notfirst) && (notlast) && (X) == '-') ) #define mDNSValidHostChar(X, notfirst, notlast) (mDNSIsLetter(X) || mDNSIsDigit(X) || ((notfirst) && (notlast) && (X) == '-') )
extern mDNSu16 CompressedDomainNameLength(const domainname *const name, const domainname *parent); extern mDNSu16 CompressedDomainNameLength(const domainname *const name, const domainname *parent);

33
mDNSResponder/mDNSCore/mDNS.c
View File

@@ -7171,7 +7171,7 @@ mDNSlocal mDNSu8 *GenerateUnicastResponse(const DNSMessage *const query, const m
const mDNSu8 *const limit = response->data + sizeof(response->data); const mDNSu8 *const limit = response->data + sizeof(response->data);
const mDNSu8 *ptr = query->data; const mDNSu8 *ptr = query->data;
AuthRecord *rr; AuthRecord *rr;
mDNSu32 maxttl = 0x70000000; mDNSu32 maxttl = mDNSMaximumTTLSeconds;
int i; int i;
// Initialize the response fields so we can answer the questions // Initialize the response fields so we can answer the questions
@@ -8075,19 +8075,25 @@ struct UDPSocket_struct
mDNSIPPort port; // MUST BE FIRST FIELD -- mDNSCoreReceive expects every UDPSocket_struct to begin with mDNSIPPort port mDNSIPPort port; // MUST BE FIRST FIELD -- mDNSCoreReceive expects every UDPSocket_struct to begin with mDNSIPPort port
}; };
mDNSlocal DNSQuestion *ExpectingUnicastResponseForQuestion(const mDNS *const m, const mDNSIPPort port, const mDNSOpaque16 id, const DNSQuestion *const question, mDNSBool tcp) mDNSlocal DNSQuestion *ExpectingUnicastResponseForQuestion(const mDNS *const m, const mDNSIPPort port, const mDNSOpaque16 id, const DNSQuestion *const question, mDNSBool tcp, DNSQuestion ** suspiciousQ)
{ {
DNSQuestion *q; DNSQuestion *q;
for (q = m->Questions; q; q=q->next) for (q = m->Questions; q; q=q->next)
{ {
if (!tcp && !q->LocalSocket) continue; if (!tcp && !q->LocalSocket) continue;
if (mDNSSameIPPort(tcp ? q->tcpSrcPort : q->LocalSocket->port, port) && if (mDNSSameIPPort(tcp ? q->tcpSrcPort : q->LocalSocket->port, port) &&
mDNSSameOpaque16(q->TargetQID, id) &&
q->qtype == question->qtype && q->qtype == question->qtype &&
q->qclass == question->qclass && q->qclass == question->qclass &&
q->qnamehash == question->qnamehash && q->qnamehash == question->qnamehash &&
SameDomainName(&q->qname, &question->qname)) SameDomainName(&q->qname, &question->qname))
return(q); {
if (mDNSSameOpaque16(q->TargetQID, id)) return(q);
else
{
if (!tcp && suspiciousQ) *suspiciousQ = q;
return(mDNSNULL);
}
}
} }
return(mDNSNULL); return(mDNSNULL);
} }
@@ -8413,7 +8419,7 @@ mDNSlocal void mDNSCoreReceiveNoDNSSECAnswers(mDNS *const m, const DNSMessage *c
DNSQuestion pktq; DNSQuestion pktq;
DNSQuestion *qptr = mDNSNULL; DNSQuestion *qptr = mDNSNULL;
ptr = getQuestion(response, ptr, end, InterfaceID, &pktq); ptr = getQuestion(response, ptr, end, InterfaceID, &pktq);
if (ptr && (qptr = ExpectingUnicastResponseForQuestion(m, dstport, response->h.id, &pktq, !dstaddr)) && if (ptr && (qptr = ExpectingUnicastResponseForQuestion(m, dstport, response->h.id, &pktq, !dstaddr, mDNSNULL)) &&
qptr->ValidatingResponse) qptr->ValidatingResponse)
{ {
DNSQuestion *next, *q; DNSQuestion *next, *q;
@@ -8457,7 +8463,7 @@ mDNSlocal void mDNSCoreReceiveNoUnicastAnswers(mDNS *const m, const DNSMessage *
DNSQuestion q; DNSQuestion q;
DNSQuestion *qptr = mDNSNULL; DNSQuestion *qptr = mDNSNULL;
ptr = getQuestion(response, ptr, end, InterfaceID, &q); ptr = getQuestion(response, ptr, end, InterfaceID, &q);
if (ptr && (qptr = ExpectingUnicastResponseForQuestion(m, dstport, response->h.id, &q, !dstaddr))) if (ptr && (qptr = ExpectingUnicastResponseForQuestion(m, dstport, response->h.id, &q, !dstaddr, mDNSNULL)))
{ {
CacheRecord *rr, *neg = mDNSNULL; CacheRecord *rr, *neg = mDNSNULL;
CacheGroup *cg = CacheGroupForName(m, q.qnamehash, &q.qname); CacheGroup *cg = CacheGroupForName(m, q.qnamehash, &q.qname);
@@ -9037,9 +9043,9 @@ mDNSlocal void mDNSCoreReceiveResponse(mDNS *const m,
// packet number, then we deduce they are old and delete them // packet number, then we deduce they are old and delete them
for (i = 0; i < response->h.numQuestions && ptr && ptr < end; i++) for (i = 0; i < response->h.numQuestions && ptr && ptr < end; i++)
{ {
DNSQuestion q, *qptr = mDNSNULL; DNSQuestion q, *qptr = mDNSNULL, *suspiciousForQ = mDNSNULL;
ptr = getQuestion(response, ptr, end, InterfaceID, &q); ptr = getQuestion(response, ptr, end, InterfaceID, &q);
if (ptr && (qptr = ExpectingUnicastResponseForQuestion(m, dstport, response->h.id, &q, !dstaddr))) if (ptr && (qptr = ExpectingUnicastResponseForQuestion(m, dstport, response->h.id, &q, !dstaddr, &suspiciousForQ)))
{ {
if (!failure) if (!failure)
{ {
@@ -9102,6 +9108,15 @@ mDNSlocal void mDNSCoreReceiveResponse(mDNS *const m,
returnEarly = mDNStrue; returnEarly = mDNStrue;
} }
} }
else if (!InterfaceID && suspiciousForQ)
{
// If a response is suspicious for a question, then reissue the question via TCP
LogInfo("mDNSCoreReceiveResponse: Server %p responded suspiciously to query %##s (%s) qID %d != rID: %d",
suspiciousForQ->qDNSServer, q.qname.c, DNSTypeName(q.qtype),
mDNSVal16(suspiciousForQ->TargetQID), mDNSVal16(response->h.id));
uDNS_RestartQuestionAsTCP(m, suspiciousForQ, srcaddr, srcport);
return;
}
} }
if (returnEarly) if (returnEarly)
{ {

18
mDNSResponder/mDNSCore/uDNS.c
View File

@@ -3925,14 +3925,7 @@ mDNSexport void uDNS_ReceiveMsg(mDNS *const m, DNSMessage *const msg, const mDNS
if (msg->h.flags.b[0] & kDNSFlag0_TC && mDNSSameOpaque16(qptr->TargetQID, msg->h.id) && m->timenow - qptr->LastQTime < RESPONSE_WINDOW) if (msg->h.flags.b[0] & kDNSFlag0_TC && mDNSSameOpaque16(qptr->TargetQID, msg->h.id) && m->timenow - qptr->LastQTime < RESPONSE_WINDOW)
{ {
if (!srcaddr) LogMsg("uDNS_ReceiveMsg: TCP DNS response had TC bit set: ignoring"); if (!srcaddr) LogMsg("uDNS_ReceiveMsg: TCP DNS response had TC bit set: ignoring");
else else uDNS_RestartQuestionAsTCP(m, qptr, srcaddr, srcport);
{
// Don't reuse TCP connections. We might have failed over to a different DNS server
// while the first TCP connection is in progress. We need a new TCP connection to the
// new DNS server. So, always try to establish a new connection.
if (qptr->tcp) { DisposeTCPConn(qptr->tcp); qptr->tcp = mDNSNULL; }
qptr->tcp = MakeTCPConn(m, mDNSNULL, mDNSNULL, kTCPSocketFlags_Zero, srcaddr, srcport, mDNSNULL, qptr, mDNSNULL);
}
} }
} }
@@ -5745,6 +5738,15 @@ mDNSexport domainname *uDNS_GetNextSearchDomain(mDNSInterfaceID InterfaceID, mD
return mDNSNULL; return mDNSNULL;
} }
mDNSexport void uDNS_RestartQuestionAsTCP(mDNS *m, DNSQuestion *const q, const mDNSAddr *const srcaddr, const mDNSIPPort srcport)
{
// Don't reuse TCP connections. We might have failed over to a different DNS server
// while the first TCP connection is in progress. We need a new TCP connection to the
// new DNS server. So, always try to establish a new connection.
if (q->tcp) { DisposeTCPConn(q->tcp); q->tcp = mDNSNULL; }
q->tcp = MakeTCPConn(m, mDNSNULL, mDNSNULL, kTCPSocketFlags_Zero, srcaddr, srcport, mDNSNULL, q, mDNSNULL);
}
mDNSlocal void FlushAddressCacheRecords(mDNS *const m) mDNSlocal void FlushAddressCacheRecords(mDNS *const m)
{ {
mDNSu32 slot; mDNSu32 slot;

2
mDNSResponder/mDNSCore/uDNS.h
View File

@@ -130,6 +130,8 @@ extern void uDNS_StartWABQueries(mDNS *const m, int queryType);
extern void uDNS_StopWABQueries(mDNS *const m, int queryType); extern void uDNS_StopWABQueries(mDNS *const m, int queryType);
extern domainname *uDNS_GetNextSearchDomain(mDNSInterfaceID InterfaceID, mDNSs8 *searchIndex, mDNSBool ignoreDotLocal); extern domainname *uDNS_GetNextSearchDomain(mDNSInterfaceID InterfaceID, mDNSs8 *searchIndex, mDNSBool ignoreDotLocal);
extern void uDNS_RestartQuestionAsTCP(mDNS *m, DNSQuestion *const q, const mDNSAddr *const srcaddr, const mDNSIPPort srcport);
typedef enum typedef enum
{ {
uDNS_LLQ_Not = 0, // Normal uDNS answer: Flush any stale records from cache, and respect record TTL uDNS_LLQ_Not = 0, // Normal uDNS answer: Flush any stale records from cache, and respect record TTL

2
mDNSResponder/mDNSShared/dns_sd.h
View File

@@ -66,7 +66,7 @@
*/ */
#ifndef _DNS_SD_H #ifndef _DNS_SD_H
#define _DNS_SD_H 8803002 #define _DNS_SD_H 8804001
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {