diff options
| author | peter <peter@FreeBSD.org> | 2008-07-12 05:00:28 +0000 |
|---|---|---|
| committer | peter <peter@FreeBSD.org> | 2008-07-12 05:00:28 +0000 |
| commit | ba8f85b49c38af7bc2a9acdef5dcde2de008d25e (patch) | |
| tree | ceac31a567976fd5866cb5791b059781f6e045de /contrib/bind9/lib/bind/nameser | |
| parent | 0f328cea2580ffb8f9e363be671a517787111472 (diff) | |
| download | FreeBSD-src-ba8f85b49c38af7bc2a9acdef5dcde2de008d25e.zip FreeBSD-src-ba8f85b49c38af7bc2a9acdef5dcde2de008d25e.tar.gz | |
Flatten bind9 vendor work area
Diffstat (limited to 'contrib/bind9/lib/bind/nameser')
| -rw-r--r-- | contrib/bind9/lib/bind/nameser/Makefile.in | 31 | ||||
| -rw-r--r-- | contrib/bind9/lib/bind/nameser/ns_date.c | 129 | ||||
| -rw-r--r-- | contrib/bind9/lib/bind/nameser/ns_name.c | 973 | ||||
| -rw-r--r-- | contrib/bind9/lib/bind/nameser/ns_netint.c | 58 | ||||
| -rw-r--r-- | contrib/bind9/lib/bind/nameser/ns_parse.c | 211 | ||||
| -rw-r--r-- | contrib/bind9/lib/bind/nameser/ns_print.c | 897 | ||||
| -rw-r--r-- | contrib/bind9/lib/bind/nameser/ns_samedomain.c | 207 | ||||
| -rw-r--r-- | contrib/bind9/lib/bind/nameser/ns_sign.c | 387 | ||||
| -rw-r--r-- | contrib/bind9/lib/bind/nameser/ns_ttl.c | 162 | ||||
| -rw-r--r-- | contrib/bind9/lib/bind/nameser/ns_verify.c | 484 |
10 files changed, 0 insertions, 3539 deletions
diff --git a/contrib/bind9/lib/bind/nameser/Makefile.in b/contrib/bind9/lib/bind/nameser/Makefile.in deleted file mode 100644 index d033eee..0000000 --- a/contrib/bind9/lib/bind/nameser/Makefile.in +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") -# Copyright (C) 2001 Internet Software Consortium. -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -# $Id: Makefile.in,v 1.5 2004/03/16 05:22:19 marka Exp $ - -srcdir= @srcdir@ -VPATH = @srcdir@ - -OBJS= ns_date.@O@ ns_name.@O@ ns_netint.@O@ ns_parse.@O@ ns_print.@O@ \ - ns_samedomain.@O@ ns_sign.@O@ ns_ttl.@O@ ns_verify.@O@ - -SRCS= ns_date.c ns_name.c ns_netint.c ns_parse.c ns_print.c \ - ns_samedomain.c ns_sign.c ns_ttl.c ns_verify.c - -TARGETS= ${OBJS} - -CINCLUDES= -I.. -I${srcdir}/../include - -@BIND9_MAKE_RULES@ diff --git a/contrib/bind9/lib/bind/nameser/ns_date.c b/contrib/bind9/lib/bind/nameser/ns_date.c deleted file mode 100644 index af1455c..0000000 --- a/contrib/bind9/lib/bind/nameser/ns_date.c +++ /dev/null @@ -1,129 +0,0 @@ -/* - * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") - * Copyright (c) 1999 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef lint -static const char rcsid[] = "$Id: ns_date.c,v 1.5.18.1 2005/04/27 05:01:08 sra Exp $"; -#endif - -/* Import. */ - -#include "port_before.h" - -#include <arpa/nameser.h> - -#include <ctype.h> -#include <errno.h> -#include <stdio.h> -#include <string.h> -#include <time.h> - -#include "port_after.h" - -#ifdef SPRINTF_CHAR -# define SPRINTF(x) strlen(sprintf/**/x) -#else -# define SPRINTF(x) ((size_t)sprintf x) -#endif - -/* Forward. */ - -static int datepart(const char *, int, int, int, int *); - -/* Public. */ - -/*% - * Convert a date in ASCII into the number of seconds since - * 1 January 1970 (GMT assumed). Format is yyyymmddhhmmss, all - * digits required, no spaces allowed. - */ - -u_int32_t -ns_datetosecs(const char *cp, int *errp) { - struct tm time; - u_int32_t result; - int mdays, i; - static const int days_per_month[12] = - {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}; - - if (strlen(cp) != 14U) { - *errp = 1; - return (0); - } - *errp = 0; - - memset(&time, 0, sizeof time); - time.tm_year = datepart(cp + 0, 4, 1990, 9999, errp) - 1900; - time.tm_mon = datepart(cp + 4, 2, 01, 12, errp) - 1; - time.tm_mday = datepart(cp + 6, 2, 01, 31, errp); - time.tm_hour = datepart(cp + 8, 2, 00, 23, errp); - time.tm_min = datepart(cp + 10, 2, 00, 59, errp); - time.tm_sec = datepart(cp + 12, 2, 00, 59, errp); - if (*errp) /*%< Any parse errors? */ - return (0); - - /* - * OK, now because timegm() is not available in all environments, - * we will do it by hand. Roll up sleeves, curse the gods, begin! - */ - -#define SECS_PER_DAY ((u_int32_t)24*60*60) -#define isleap(y) ((((y) % 4) == 0 && ((y) % 100) != 0) || ((y) % 400) == 0) - - result = time.tm_sec; /*%< Seconds */ - result += time.tm_min * 60; /*%< Minutes */ - result += time.tm_hour * (60*60); /*%< Hours */ - result += (time.tm_mday - 1) * SECS_PER_DAY; /*%< Days */ - /* Months are trickier. Look without leaping, then leap */ - mdays = 0; - for (i = 0; i < time.tm_mon; i++) - mdays += days_per_month[i]; - result += mdays * SECS_PER_DAY; /*%< Months */ - if (time.tm_mon > 1 && isleap(1900+time.tm_year)) - result += SECS_PER_DAY; /*%< Add leapday for this year */ - /* First figure years without leapdays, then add them in. */ - /* The loop is slow, FIXME, but simple and accurate. */ - result += (time.tm_year - 70) * (SECS_PER_DAY*365); /*%< Years */ - for (i = 70; i < time.tm_year; i++) - if (isleap(1900+i)) - result += SECS_PER_DAY; /*%< Add leapday for prev year */ - return (result); -} - -/* Private. */ - -/*% - * Parse part of a date. Set error flag if any error. - * Don't reset the flag if there is no error. - */ -static int -datepart(const char *buf, int size, int min, int max, int *errp) { - int result = 0; - int i; - - for (i = 0; i < size; i++) { - if (!isdigit((unsigned char)(buf[i]))) - *errp = 1; - result = (result * 10) + buf[i] - '0'; - } - if (result < min) - *errp = 1; - if (result > max) - *errp = 1; - return (result); -} - -/*! \file */ diff --git a/contrib/bind9/lib/bind/nameser/ns_name.c b/contrib/bind9/lib/bind/nameser/ns_name.c deleted file mode 100644 index 31dee36..0000000 --- a/contrib/bind9/lib/bind/nameser/ns_name.c +++ /dev/null @@ -1,973 +0,0 @@ -/* - * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") - * Copyright (c) 1996,1999 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef lint -static const char rcsid[] = "$Id: ns_name.c,v 1.8.18.2 2005/04/27 05:01:08 sra Exp $"; -#endif - -#include "port_before.h" - -#include <sys/types.h> - -#include <netinet/in.h> -#include <arpa/nameser.h> - -#include <errno.h> -#include <resolv.h> -#include <string.h> -#include <ctype.h> -#include <stdlib.h> -#include <limits.h> - -#include "port_after.h" - -#ifdef SPRINTF_CHAR -# define SPRINTF(x) strlen(sprintf/**/x) -#else -# define SPRINTF(x) ((size_t)sprintf x) -#endif - -#define NS_TYPE_ELT 0x40 /*%< EDNS0 extended label type */ -#define DNS_LABELTYPE_BITSTRING 0x41 - -/* Data. */ - -static const char digits[] = "0123456789"; - -static const char digitvalue[256] = { - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*16*/ - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*32*/ - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*48*/ - 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, -1, -1, -1, -1, -1, -1, /*64*/ - -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*80*/ - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*96*/ - -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*112*/ - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*128*/ - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*256*/ -}; - -/* Forward. */ - -static int special(int); -static int printable(int); -static int dn_find(const u_char *, const u_char *, - const u_char * const *, - const u_char * const *); -static int encode_bitsring(const char **, const char *, - unsigned char **, unsigned char **, - unsigned const char *); -static int labellen(const u_char *); -static int decode_bitstring(const unsigned char **, - char *, const char *); - -/* Public. */ - -/*% - * Convert an encoded domain name to printable ascii as per RFC1035. - - * return: - *\li Number of bytes written to buffer, or -1 (with errno set) - * - * notes: - *\li The root is returned as "." - *\li All other domains are returned in non absolute form - */ -int -ns_name_ntop(const u_char *src, char *dst, size_t dstsiz) -{ - const u_char *cp; - char *dn, *eom; - u_char c; - u_int n; - int l; - - cp = src; - dn = dst; - eom = dst + dstsiz; - - while ((n = *cp++) != 0) { - if ((n & NS_CMPRSFLGS) == NS_CMPRSFLGS) { - /* Some kind of compression pointer. */ - errno = EMSGSIZE; - return (-1); - } - if (dn != dst) { - if (dn >= eom) { - errno = EMSGSIZE; - return (-1); - } - *dn++ = '.'; - } - if ((l = labellen(cp - 1)) < 0) { - errno = EMSGSIZE; /*%< XXX */ - return(-1); - } - if (dn + l >= eom) { - errno = EMSGSIZE; - return (-1); - } - if ((n & NS_CMPRSFLGS) == NS_TYPE_ELT) { - int m; - - if (n != DNS_LABELTYPE_BITSTRING) { - /* XXX: labellen should reject this case */ - errno = EINVAL; - return(-1); - } - if ((m = decode_bitstring(&cp, dn, eom)) < 0) - { - errno = EMSGSIZE; - return(-1); - } - dn += m; - continue; - } - for ((void)NULL; l > 0; l--) { - c = *cp++; - if (special(c)) { - if (dn + 1 >= eom) { - errno = EMSGSIZE; - return (-1); - } - *dn++ = '\\'; - *dn++ = (char)c; - } else if (!printable(c)) { - if (dn + 3 >= eom) { - errno = EMSGSIZE; - return (-1); - } - *dn++ = '\\'; - *dn++ = digits[c / 100]; - *dn++ = digits[(c % 100) / 10]; - *dn++ = digits[c % 10]; - } else { - if (dn >= eom) { - errno = EMSGSIZE; - return (-1); - } - *dn++ = (char)c; - } - } - } - if (dn == dst) { - if (dn >= eom) { - errno = EMSGSIZE; - return (-1); - } - *dn++ = '.'; - } - if (dn >= eom) { - errno = EMSGSIZE; - return (-1); - } - *dn++ = '\0'; - return (dn - dst); -} - -/*% - * Convert a ascii string into an encoded domain name as per RFC1035. - * - * return: - * - *\li -1 if it fails - *\li 1 if string was fully qualified - *\li 0 is string was not fully qualified - * - * notes: - *\li Enforces label and domain length limits. - */ - -int -ns_name_pton(const char *src, u_char *dst, size_t dstsiz) -{ - u_char *label, *bp, *eom; - int c, n, escaped, e = 0; - char *cp; - - escaped = 0; - bp = dst; - eom = dst + dstsiz; - label = bp++; - - while ((c = *src++) != 0) { - if (escaped) { - if (c == '[') { /*%< start a bit string label */ - if ((cp = strchr(src, ']')) == NULL) { - errno = EINVAL; /*%< ??? */ - return(-1); - } - if ((e = encode_bitsring(&src, cp + 2, - &label, &bp, eom)) - != 0) { - errno = e; - return(-1); - } - escaped = 0; - label = bp++; - if ((c = *src++) == 0) - goto done; - else if (c != '.') { - errno = EINVAL; - return(-1); - } - continue; - } - else if ((cp = strchr(digits, c)) != NULL) { - n = (cp - digits) * 100; - if ((c = *src++) == 0 || - (cp = strchr(digits, c)) == NULL) { - errno = EMSGSIZE; - return (-1); - } - n += (cp - digits) * 10; - if ((c = *src++) == 0 || - (cp = strchr(digits, c)) == NULL) { - errno = EMSGSIZE; - return (-1); - } - n += (cp - digits); - if (n > 255) { - errno = EMSGSIZE; - return (-1); - } - c = n; - } - escaped = 0; - } else if (c == '\\') { - escaped = 1; - continue; - } else if (c == '.') { - c = (bp - label - 1); - if ((c & NS_CMPRSFLGS) != 0) { /*%< Label too big. */ - errno = EMSGSIZE; - return (-1); - } - if (label >= eom) { - errno = EMSGSIZE; - return (-1); - } - *label = c; - /* Fully qualified ? */ - if (*src == '\0') { - if (c != 0) { - if (bp >= eom) { - errno = EMSGSIZE; - return (-1); - } - *bp++ = '\0'; - } - if ((bp - dst) > MAXCDNAME) { - errno = EMSGSIZE; - return (-1); - } - return (1); - } - if (c == 0 || *src == '.') { - errno = EMSGSIZE; - return (-1); - } - label = bp++; - continue; - } - if (bp >= eom) { - errno = EMSGSIZE; - return (-1); - } - *bp++ = (u_char)c; - } - c = (bp - label - 1); - if ((c & NS_CMPRSFLGS) != 0) { /*%< Label too big. */ - errno = EMSGSIZE; - return (-1); - } - done: - if (label >= eom) { - errno = EMSGSIZE; - return (-1); - } - *label = c; - if (c != 0) { - if (bp >= eom) { - errno = EMSGSIZE; - return (-1); - } - *bp++ = 0; - } - if ((bp - dst) > MAXCDNAME) { /*%< src too big */ - errno = EMSGSIZE; - return (-1); - } - return (0); -} - -/*% - * Convert a network strings labels into all lowercase. - * - * return: - *\li Number of bytes written to buffer, or -1 (with errno set) - * - * notes: - *\li Enforces label and domain length limits. - */ - -int -ns_name_ntol(const u_char *src, u_char *dst, size_t dstsiz) -{ - const u_char *cp; - u_char *dn, *eom; - u_char c; - u_int n; - int l; - - cp = src; - dn = dst; - eom = dst + dstsiz; - - if (dn >= eom) { - errno = EMSGSIZE; - return (-1); - } - while ((n = *cp++) != 0) { - if ((n & NS_CMPRSFLGS) == NS_CMPRSFLGS) { - /* Some kind of compression pointer. */ - errno = EMSGSIZE; - return (-1); - } - *dn++ = n; - if ((l = labellen(cp - 1)) < 0) { - errno = EMSGSIZE; - return (-1); - } - if (dn + l >= eom) { - errno = EMSGSIZE; - return (-1); - } - for ((void)NULL; l > 0; l--) { - c = *cp++; - if (isupper(c)) - *dn++ = tolower(c); - else - *dn++ = c; - } - } - *dn++ = '\0'; - return (dn - dst); -} - -/*% - * Unpack a domain name from a message, source may be compressed. - * - * return: - *\li -1 if it fails, or consumed octets if it succeeds. - */ -int -ns_name_unpack(const u_char *msg, const u_char *eom, const u_char *src, - u_char *dst, size_t dstsiz) -{ - const u_char *srcp, *dstlim; - u_char *dstp; - int n, len, checked, l; - - len = -1; - checked = 0; - dstp = dst; - srcp = src; - dstlim = dst + dstsiz; - if (srcp < msg || srcp >= eom) { - errno = EMSGSIZE; - return (-1); - } - /* Fetch next label in domain name. */ - while ((n = *srcp++) != 0) { - /* Check for indirection. */ - switch (n & NS_CMPRSFLGS) { - case 0: - case NS_TYPE_ELT: - /* Limit checks. */ - if ((l = labellen(srcp - 1)) < 0) { - errno = EMSGSIZE; - return(-1); - } - if (dstp + l + 1 >= dstlim || srcp + l >= eom) { - errno = EMSGSIZE; - return (-1); - } - checked += l + 1; - *dstp++ = n; - memcpy(dstp, srcp, l); - dstp += l; - srcp += l; - break; - - case NS_CMPRSFLGS: - if (srcp >= eom) { - errno = EMSGSIZE; - return (-1); - } - if (len < 0) - len = srcp - src + 1; - srcp = msg + (((n & 0x3f) << 8) | (*srcp & 0xff)); - if (srcp < msg || srcp >= eom) { /*%< Out of range. */ - errno = EMSGSIZE; - return (-1); - } - checked += 2; - /* - * Check for loops in the compressed name; - * if we've looked at the whole message, - * there must be a loop. - */ - if (checked >= eom - msg) { - errno = EMSGSIZE; - return (-1); - } - break; - - default: - errno = EMSGSIZE; - return (-1); /*%< flag error */ - } - } - *dstp = '\0'; - if (len < 0) - len = srcp - src; - return (len); -} - -/*% - * Pack domain name 'domain' into 'comp_dn'. - * - * return: - *\li Size of the compressed name, or -1. - * - * notes: - *\li 'dnptrs' is an array of pointers to previous compressed names. - *\li dnptrs[0] is a pointer to the beginning of the message. The array - * ends with NULL. - *\li 'lastdnptr' is a pointer to the end of the array pointed to - * by 'dnptrs'. - * - * Side effects: - *\li The list of pointers in dnptrs is updated for labels inserted into - * the message as we compress the name. If 'dnptr' is NULL, we don't - * try to compress names. If 'lastdnptr' is NULL, we don't update the - * list. - */ -int -ns_name_pack(const u_char *src, u_char *dst, int dstsiz, - const u_char **dnptrs, const u_char **lastdnptr) -{ - u_char *dstp; - const u_char **cpp, **lpp, *eob, *msg; - const u_char *srcp; - int n, l, first = 1; - - srcp = src; - dstp = dst; - eob = dstp + dstsiz; - lpp = cpp = NULL; - if (dnptrs != NULL) { - if ((msg = *dnptrs++) != NULL) { - for (cpp = dnptrs; *cpp != NULL; cpp++) - (void)NULL; - lpp = cpp; /*%< end of list to search */ - } - } else - msg = NULL; - - /* make sure the domain we are about to add is legal */ - l = 0; - do { - int l0; - - n = *srcp; - if ((n & NS_CMPRSFLGS) == NS_CMPRSFLGS) { - errno = EMSGSIZE; - return (-1); - } - if ((l0 = labellen(srcp)) < 0) { - errno = EINVAL; - return(-1); - } - l += l0 + 1; - if (l > MAXCDNAME) { - errno = EMSGSIZE; - return (-1); - } - srcp += l0 + 1; - } while (n != 0); - - /* from here on we need to reset compression pointer array on error */ - srcp = src; - do { - /* Look to see if we can use pointers. */ - n = *srcp; - if (n != 0 && msg != NULL) { - l = dn_find(srcp, msg, (const u_char * const *)dnptrs, - (const u_char * const *)lpp); - if (l >= 0) { - if (dstp + 1 >= eob) { - goto cleanup; - } - *dstp++ = (l >> 8) | NS_CMPRSFLGS; - *dstp++ = l % 256; - return (dstp - dst); - } - /* Not found, save it. */ - if (lastdnptr != NULL && cpp < lastdnptr - 1 && - (dstp - msg) < 0x4000 && first) { - *cpp++ = dstp; - *cpp = NULL; - first = 0; - } - } - /* copy label to buffer */ - if ((n & NS_CMPRSFLGS) == NS_CMPRSFLGS) { - /* Should not happen. */ - goto cleanup; - } - n = labellen(srcp); - if (dstp + 1 + n >= eob) { - goto cleanup; - } - memcpy(dstp, srcp, n + 1); - srcp += n + 1; - dstp += n + 1; - } while (n != 0); - - if (dstp > eob) { -cleanup: - if (msg != NULL) - *lpp = NULL; - errno = EMSGSIZE; - return (-1); - } - return (dstp - dst); -} - -/*% - * Expand compressed domain name to presentation format. - * - * return: - *\li Number of bytes read out of `src', or -1 (with errno set). - * - * note: - *\li Root domain returns as "." not "". - */ -int -ns_name_uncompress(const u_char *msg, const u_char *eom, const u_char *src, - char *dst, size_t dstsiz) -{ - u_char tmp[NS_MAXCDNAME]; - int n; - - if ((n = ns_name_unpack(msg, eom, src, tmp, sizeof tmp)) == -1) - return (-1); - if (ns_name_ntop(tmp, dst, dstsiz) == -1) - return (-1); - return (n); -} - -/*% - * Compress a domain name into wire format, using compression pointers. - * - * return: - *\li Number of bytes consumed in `dst' or -1 (with errno set). - * - * notes: - *\li 'dnptrs' is an array of pointers to previous compressed names. - *\li dnptrs[0] is a pointer to the beginning of the message. - *\li The list ends with NULL. 'lastdnptr' is a pointer to the end of the - * array pointed to by 'dnptrs'. Side effect is to update the list of - * pointers for labels inserted into the message as we compress the name. - *\li If 'dnptr' is NULL, we don't try to compress names. If 'lastdnptr' - * is NULL, we don't update the list. - */ -int -ns_name_compress(const char *src, u_char *dst, size_t dstsiz, - const u_char **dnptrs, const u_char **lastdnptr) -{ - u_char tmp[NS_MAXCDNAME]; - - if (ns_name_pton(src, tmp, sizeof tmp) == -1) - return (-1); - return (ns_name_pack(tmp, dst, dstsiz, dnptrs, lastdnptr)); -} - -/*% - * Reset dnptrs so that there are no active references to pointers at or - * after src. - */ -void -ns_name_rollback(const u_char *src, const u_char **dnptrs, - const u_char **lastdnptr) -{ - while (dnptrs < lastdnptr && *dnptrs != NULL) { - if (*dnptrs >= src) { - *dnptrs = NULL; - break; - } - dnptrs++; - } -} - -/*% - * Advance *ptrptr to skip over the compressed name it points at. - * - * return: - *\li 0 on success, -1 (with errno set) on failure. - */ -int -ns_name_skip(const u_char **ptrptr, const u_char *eom) -{ - const u_char *cp; - u_int n; - int l; - - cp = *ptrptr; - while (cp < eom && (n = *cp++) != 0) { - /* Check for indirection. */ - switch (n & NS_CMPRSFLGS) { - case 0: /*%< normal case, n == len */ - cp += n; - continue; - case NS_TYPE_ELT: /*%< EDNS0 extended label */ - if ((l = labellen(cp - 1)) < 0) { - errno = EMSGSIZE; /*%< XXX */ - return(-1); - } - cp += l; - continue; - case NS_CMPRSFLGS: /*%< indirection */ - cp++; - break; - default: /*%< illegal type */ - errno = EMSGSIZE; - return (-1); - } - break; - } - if (cp > eom) { - errno = EMSGSIZE; - return (-1); - } - *ptrptr = cp; - return (0); -} - -/* Private. */ - -/*% - * Thinking in noninternationalized USASCII (per the DNS spec), - * is this characted special ("in need of quoting") ? - * - * return: - *\li boolean. - */ -static int -special(int ch) { - switch (ch) { - case 0x22: /*%< '"' */ - case 0x2E: /*%< '.' */ - case 0x3B: /*%< ';' */ - case 0x5C: /*%< '\\' */ - case 0x28: /*%< '(' */ - case 0x29: /*%< ')' */ - /* Special modifiers in zone files. */ - case 0x40: /*%< '@' */ - case 0x24: /*%< '$' */ - return (1); - default: - return (0); - } -} - -/*% - * Thinking in noninternationalized USASCII (per the DNS spec), - * is this character visible and not a space when printed ? - * - * return: - *\li boolean. - */ -static int -printable(int ch) { - return (ch > 0x20 && ch < 0x7f); -} - -/*% - * Thinking in noninternationalized USASCII (per the DNS spec), - * convert this character to lower case if it's upper case. - */ -static int -mklower(int ch) { - if (ch >= 0x41 && ch <= 0x5A) - return (ch + 0x20); - return (ch); -} - -/*% - * Search for the counted-label name in an array of compressed names. - * - * return: - *\li offset from msg if found, or -1. - * - * notes: - *\li dnptrs is the pointer to the first name on the list, - *\li not the pointer to the start of the message. - */ -static int -dn_find(const u_char *domain, const u_char *msg, - const u_char * const *dnptrs, - const u_char * const *lastdnptr) -{ - const u_char *dn, *cp, *sp; - const u_char * const *cpp; - u_int n; - - for (cpp = dnptrs; cpp < lastdnptr; cpp++) { - sp = *cpp; - /* - * terminate search on: - * root label - * compression pointer - * unusable offset - */ - while (*sp != 0 && (*sp & NS_CMPRSFLGS) == 0 && - (sp - msg) < 0x4000) { - dn = domain; - cp = sp; - while ((n = *cp++) != 0) { - /* - * check for indirection - */ - switch (n & NS_CMPRSFLGS) { - case 0: /*%< normal case, n == len */ - n = labellen(cp - 1); /*%< XXX */ - if (n != *dn++) - goto next; - - for ((void)NULL; n > 0; n--) - if (mklower(*dn++) != - mklower(*cp++)) - goto next; - /* Is next root for both ? */ - if (*dn == '\0' && *cp == '\0') - return (sp - msg); - if (*dn) - continue; - goto next; - case NS_CMPRSFLGS: /*%< indirection */ - cp = msg + (((n & 0x3f) << 8) | *cp); - break; - - default: /*%< illegal type */ - errno = EMSGSIZE; - return (-1); - } - } - next: ; - sp += *sp + 1; - } - } - errno = ENOENT; - return (-1); -} - -static int -decode_bitstring(const unsigned char **cpp, char *dn, const char *eom) -{ - const unsigned char *cp = *cpp; - char *beg = dn, tc; - int b, blen, plen, i; - - if ((blen = (*cp & 0xff)) == 0) - blen = 256; - plen = (blen + 3) / 4; - plen += sizeof("\\[x/]") + (blen > 99 ? 3 : (blen > 9) ? 2 : 1); - if (dn + plen >= eom) - return(-1); - - cp++; - i = SPRINTF((dn, "\\[x")); - if (i < 0) - return (-1); - dn += i; - for (b = blen; b > 7; b -= 8, cp++) { - i = SPRINTF((dn, "%02x", *cp & 0xff)); - if (i < 0) - return (-1); - dn += i; - } - if (b > 4) { - tc = *cp++; - i = SPRINTF((dn, "%02x", tc & (0xff << (8 - b)))); - if (i < 0) - return (-1); - dn += i; - } else if (b > 0) { - tc = *cp++; - i = SPRINTF((dn, "%1x", - ((tc >> 4) & 0x0f) & (0x0f << (4 - b)))); - if (i < 0) - return (-1); - dn += i; - } - i = SPRINTF((dn, "/%d]", blen)); - if (i < 0) - return (-1); - dn += i; - - *cpp = cp; - return(dn - beg); -} - -static int -encode_bitsring(const char **bp, const char *end, unsigned char **labelp, - unsigned char ** dst, unsigned const char *eom) -{ - int afterslash = 0; - const char *cp = *bp; - unsigned char *tp; - char c; - const char *beg_blen; - char *end_blen = NULL; - int value = 0, count = 0, tbcount = 0, blen = 0; - - beg_blen = end_blen = NULL; - - /* a bitstring must contain at least 2 characters */ - if (end - cp < 2) - return(EINVAL); - - /* XXX: currently, only hex strings are supported */ - if (*cp++ != 'x') - return(EINVAL); - if (!isxdigit((*cp) & 0xff)) /*%< reject '\[x/BLEN]' */ - return(EINVAL); - - for (tp = *dst + 1; cp < end && tp < eom; cp++) { - switch((c = *cp)) { - case ']': /*%< end of the bitstring */ - if (afterslash) { - if (beg_blen == NULL) - return(EINVAL); - blen = (int)strtol(beg_blen, &end_blen, 10); - if (*end_blen != ']') - return(EINVAL); - } - if (count) - *tp++ = ((value << 4) & 0xff); - cp++; /*%< skip ']' */ - goto done; - case '/': - afterslash = 1; - break; - default: - if (afterslash) { - if (!isdigit(c&0xff)) - return(EINVAL); - if (beg_blen == NULL) { - - if (c == '0') { - /* blen never begings with 0 */ - return(EINVAL); - } - beg_blen = cp; - } - } else { - if (!isxdigit(c&0xff)) - return(EINVAL); - value <<= 4; - value += digitvalue[(int)c]; - count += 4; - tbcount += 4; - if (tbcount > 256) - return(EINVAL); - if (count == 8) { - *tp++ = value; - count = 0; - } - } - break; - } - } - done: - if (cp >= end || tp >= eom) - return(EMSGSIZE); - - /* - * bit length validation: - * If a <length> is present, the number of digits in the <bit-data> - * MUST be just sufficient to contain the number of bits specified - * by the <length>. If there are insignificant bits in a final - * hexadecimal or octal digit, they MUST be zero. - * RFC2673, Section 3.2. - */ - if (blen > 0) { - int traillen; - - if (((blen + 3) & ~3) != tbcount) - return(EINVAL); - traillen = tbcount - blen; /*%< between 0 and 3 */ - if (((value << (8 - traillen)) & 0xff) != 0) - return(EINVAL); - } - else - blen = tbcount; - if (blen == 256) - blen = 0; - - /* encode the type and the significant bit fields */ - **labelp = DNS_LABELTYPE_BITSTRING; - **dst = blen; - - *bp = cp; - *dst = tp; - - return(0); -} - -static int -labellen(const u_char *lp) -{ - int bitlen; - u_char l = *lp; - - if ((l & NS_CMPRSFLGS) == NS_CMPRSFLGS) { - /* should be avoided by the caller */ - return(-1); - } - - if ((l & NS_CMPRSFLGS) == NS_TYPE_ELT) { - if (l == DNS_LABELTYPE_BITSTRING) { - if ((bitlen = *(lp + 1)) == 0) - bitlen = 256; - return((bitlen + 7 ) / 8 + 1); - } - return(-1); /*%< unknwon ELT */ - } - return(l); -} - -/*! \file */ diff --git a/contrib/bind9/lib/bind/nameser/ns_netint.c b/contrib/bind9/lib/bind/nameser/ns_netint.c deleted file mode 100644 index b08c58b..0000000 --- a/contrib/bind9/lib/bind/nameser/ns_netint.c +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") - * Copyright (c) 1996,1999 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef lint -static const char rcsid[] = "$Id: ns_netint.c,v 1.2.18.1 2005/04/27 05:01:08 sra Exp $"; -#endif - -/* Import. */ - -#include "port_before.h" - -#include <arpa/nameser.h> - -#include "port_after.h" - -/* Public. */ - -u_int -ns_get16(const u_char *src) { - u_int dst; - - NS_GET16(dst, src); - return (dst); -} - -u_long -ns_get32(const u_char *src) { - u_long dst; - - NS_GET32(dst, src); - return (dst); -} - -void -ns_put16(u_int src, u_char *dst) { - NS_PUT16(src, dst); -} - -void -ns_put32(u_long src, u_char *dst) { - NS_PUT32(src, dst); -} - -/*! \file */ diff --git a/contrib/bind9/lib/bind/nameser/ns_parse.c b/contrib/bind9/lib/bind/nameser/ns_parse.c deleted file mode 100644 index c4658d8..0000000 --- a/contrib/bind9/lib/bind/nameser/ns_parse.c +++ /dev/null @@ -1,211 +0,0 @@ -/* - * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") - * Copyright (c) 1996,1999 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef lint -static const char rcsid[] = "$Id: ns_parse.c,v 1.5.18.4 2007/08/27 03:34:24 marka Exp $"; -#endif - -/* Import. */ - -#include "port_before.h" - -#include <sys/types.h> - -#include <netinet/in.h> -#include <arpa/nameser.h> - -#include <errno.h> -#include <resolv.h> -#include <string.h> - -#include "port_after.h" - -/* Forward. */ - -static void setsection(ns_msg *msg, ns_sect sect); - -/* Macros. */ - -#if !defined(SOLARIS2) || defined(__COVERITY__) -#define RETERR(err) do { errno = (err); return (-1); } while (0) -#else -#define RETERR(err) \ - do { errno = (err); if (errno == errno) return (-1); } while (0) -#endif - -/* Public. */ - -/* These need to be in the same order as the nres.h:ns_flag enum. */ -struct _ns_flagdata _ns_flagdata[16] = { - { 0x8000, 15 }, /*%< qr. */ - { 0x7800, 11 }, /*%< opcode. */ - { 0x0400, 10 }, /*%< aa. */ - { 0x0200, 9 }, /*%< tc. */ - { 0x0100, 8 }, /*%< rd. */ - { 0x0080, 7 }, /*%< ra. */ - { 0x0040, 6 }, /*%< z. */ - { 0x0020, 5 }, /*%< ad. */ - { 0x0010, 4 }, /*%< cd. */ - { 0x000f, 0 }, /*%< rcode. */ - { 0x0000, 0 }, /*%< expansion (1/6). */ - { 0x0000, 0 }, /*%< expansion (2/6). */ - { 0x0000, 0 }, /*%< expansion (3/6). */ - { 0x0000, 0 }, /*%< expansion (4/6). */ - { 0x0000, 0 }, /*%< expansion (5/6). */ - { 0x0000, 0 }, /*%< expansion (6/6). */ -}; - -int ns_msg_getflag(ns_msg handle, int flag) { - return(((handle)._flags & _ns_flagdata[flag].mask) >> _ns_flagdata[flag].shift); -} - -int -ns_skiprr(const u_char *ptr, const u_char *eom, ns_sect section, int count) { - const u_char *optr = ptr; - - for ((void)NULL; count > 0; count--) { - int b, rdlength; - - b = dn_skipname(ptr, eom); - if (b < 0) - RETERR(EMSGSIZE); - ptr += b/*Name*/ + NS_INT16SZ/*Type*/ + NS_INT16SZ/*Class*/; - if (section != ns_s_qd) { - if (ptr + NS_INT32SZ + NS_INT16SZ > eom) - RETERR(EMSGSIZE); - ptr += NS_INT32SZ/*TTL*/; - NS_GET16(rdlength, ptr); - ptr += rdlength/*RData*/; - } - } - if (ptr > eom) - RETERR(EMSGSIZE); - return (ptr - optr); -} - -int -ns_initparse(const u_char *msg, int msglen, ns_msg *handle) { - const u_char *eom = msg + msglen; - int i; - - memset(handle, 0x5e, sizeof *handle); - handle->_msg = msg; - handle->_eom = eom; - if (msg + NS_INT16SZ > eom) - RETERR(EMSGSIZE); - NS_GET16(handle->_id, msg); - if (msg + NS_INT16SZ > eom) - RETERR(EMSGSIZE); - NS_GET16(handle->_flags, msg); - for (i = 0; i < ns_s_max; i++) { - if (msg + NS_INT16SZ > eom) - RETERR(EMSGSIZE); - NS_GET16(handle->_counts[i], msg); - } - for (i = 0; i < ns_s_max; i++) - if (handle->_counts[i] == 0) - handle->_sections[i] = NULL; - else { - int b = ns_skiprr(msg, eom, (ns_sect)i, - handle->_counts[i]); - - if (b < 0) - return (-1); - handle->_sections[i] = msg; - msg += b; - } - if (msg != eom) - RETERR(EMSGSIZE); - setsection(handle, ns_s_max); - return (0); -} - -int -ns_parserr(ns_msg *handle, ns_sect section, int rrnum, ns_rr *rr) { - int b; - int tmp; - - /* Make section right. */ - tmp = section; - if (tmp < 0 || section >= ns_s_max) - RETERR(ENODEV); - if (section != handle->_sect) - setsection(handle, section); - - /* Make rrnum right. */ - if (rrnum == -1) - rrnum = handle->_rrnum; - if (rrnum < 0 || rrnum >= handle->_counts[(int)section]) - RETERR(ENODEV); - if (rrnum < handle->_rrnum) - setsection(handle, section); - if (rrnum > handle->_rrnum) { - b = ns_skiprr(handle->_msg_ptr, handle->_eom, section, - rrnum - handle->_rrnum); - - if (b < 0) - return (-1); - handle->_msg_ptr += b; - handle->_rrnum = rrnum; - } - - /* Do the parse. */ - b = dn_expand(handle->_msg, handle->_eom, - handle->_msg_ptr, rr->name, NS_MAXDNAME); - if (b < 0) - return (-1); - handle->_msg_ptr += b; - if (handle->_msg_ptr + NS_INT16SZ + NS_INT16SZ > handle->_eom) - RETERR(EMSGSIZE); - NS_GET16(rr->type, handle->_msg_ptr); - NS_GET16(rr->rr_class, handle->_msg_ptr); - if (section == ns_s_qd) { - rr->ttl = 0; - rr->rdlength = 0; - rr->rdata = NULL; - } else { - if (handle->_msg_ptr + NS_INT32SZ + NS_INT16SZ > handle->_eom) - RETERR(EMSGSIZE); - NS_GET32(rr->ttl, handle->_msg_ptr); - NS_GET16(rr->rdlength, handle->_msg_ptr); - if (handle->_msg_ptr + rr->rdlength > handle->_eom) - RETERR(EMSGSIZE); - rr->rdata = handle->_msg_ptr; - handle->_msg_ptr += rr->rdlength; - } - if (++handle->_rrnum > handle->_counts[(int)section]) - setsection(handle, (ns_sect)((int)section + 1)); - - /* All done. */ - return (0); -} - -/* Private. */ - -static void -setsection(ns_msg *msg, ns_sect sect) { - msg->_sect = sect; - if (sect == ns_s_max) { - msg->_rrnum = -1; - msg->_msg_ptr = NULL; - } else { - msg->_rrnum = 0; - msg->_msg_ptr = msg->_sections[(int)sect]; - } -} - -/*! \file */ diff --git a/contrib/bind9/lib/bind/nameser/ns_print.c b/contrib/bind9/lib/bind/nameser/ns_print.c deleted file mode 100644 index 0679ba4..0000000 --- a/contrib/bind9/lib/bind/nameser/ns_print.c +++ /dev/null @@ -1,897 +0,0 @@ -/* - * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") - * Copyright (c) 1996-1999 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef lint -static const char rcsid[] = "$Id: ns_print.c,v 1.6.18.4 2005/04/27 05:01:09 sra Exp $"; -#endif - -/* Import. */ - -#include "port_before.h" - -#include <sys/types.h> -#include <sys/socket.h> - -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <arpa/inet.h> - -#include <isc/assertions.h> -#include <isc/dst.h> -#include <errno.h> -#include <resolv.h> -#include <string.h> -#include <ctype.h> - -#include "port_after.h" - -#ifdef SPRINTF_CHAR -# define SPRINTF(x) strlen(sprintf/**/x) -#else -# define SPRINTF(x) ((size_t)sprintf x) -#endif - -/* Forward. */ - -static size_t prune_origin(const char *name, const char *origin); -static int charstr(const u_char *rdata, const u_char *edata, - char **buf, size_t *buflen); -static int addname(const u_char *msg, size_t msglen, - const u_char **p, const char *origin, - char **buf, size_t *buflen); -static void addlen(size_t len, char **buf, size_t *buflen); -static int addstr(const char *src, size_t len, - char **buf, size_t *buflen); -static int addtab(size_t len, size_t target, int spaced, - char **buf, size_t *buflen); - -/* Macros. */ - -#define T(x) \ - do { \ - if ((x) < 0) \ - return (-1); \ - } while (0) - -/* Public. */ - -/*% - * Convert an RR to presentation format. - * - * return: - *\li Number of characters written to buf, or -1 (check errno). - */ -int -ns_sprintrr(const ns_msg *handle, const ns_rr *rr, - const char *name_ctx, const char *origin, - char *buf, size_t buflen) -{ - int n; - - n = ns_sprintrrf(ns_msg_base(*handle), ns_msg_size(*handle), - ns_rr_name(*rr), ns_rr_class(*rr), ns_rr_type(*rr), - ns_rr_ttl(*rr), ns_rr_rdata(*rr), ns_rr_rdlen(*rr), - name_ctx, origin, buf, buflen); - return (n); -} - -/*% - * Convert the fields of an RR into presentation format. - * - * return: - *\li Number of characters written to buf, or -1 (check errno). - */ -int -ns_sprintrrf(const u_char *msg, size_t msglen, - const char *name, ns_class class, ns_type type, - u_long ttl, const u_char *rdata, size_t rdlen, - const char *name_ctx, const char *origin, - char *buf, size_t buflen) -{ - const char *obuf = buf; - const u_char *edata = rdata + rdlen; - int spaced = 0; - - const char *comment; - char tmp[100]; - int len, x; - - /* - * Owner. - */ - if (name_ctx != NULL && ns_samename(name_ctx, name) == 1) { - T(addstr("\t\t\t", 3, &buf, &buflen)); - } else { - len = prune_origin(name, origin); - if (*name == '\0') { - goto root; - } else if (len == 0) { - T(addstr("@\t\t\t", 4, &buf, &buflen)); - } else { - T(addstr(name, len, &buf, &buflen)); - /* Origin not used or not root, and no trailing dot? */ - if (((origin == NULL || origin[0] == '\0') || - (origin[0] != '.' && origin[1] != '\0' && - name[len] == '\0')) && name[len - 1] != '.') { - root: - T(addstr(".", 1, &buf, &buflen)); - len++; - } - T(spaced = addtab(len, 24, spaced, &buf, &buflen)); - } - } - - /* - * TTL, Class, Type. - */ - T(x = ns_format_ttl(ttl, buf, buflen)); - addlen(x, &buf, &buflen); - len = SPRINTF((tmp, " %s %s", p_class(class), p_type(type))); - T(addstr(tmp, len, &buf, &buflen)); - T(spaced = addtab(x + len, 16, spaced, &buf, &buflen)); - - /* - * RData. - */ - switch (type) { - case ns_t_a: - if (rdlen != (size_t)NS_INADDRSZ) - goto formerr; - (void) inet_ntop(AF_INET, rdata, buf, buflen); - addlen(strlen(buf), &buf, &buflen); - break; - - case ns_t_cname: - case ns_t_mb: - case ns_t_mg: - case ns_t_mr: - case ns_t_ns: - case ns_t_ptr: - case ns_t_dname: - T(addname(msg, msglen, &rdata, origin, &buf, &buflen)); - break; - - case ns_t_hinfo: - case ns_t_isdn: - /* First word. */ - T(len = charstr(rdata, edata, &buf, &buflen)); - if (len == 0) - goto formerr; - rdata += len; - T(addstr(" ", 1, &buf, &buflen)); - - - /* Second word, optional in ISDN records. */ - if (type == ns_t_isdn && rdata == edata) - break; - - T(len = charstr(rdata, edata, &buf, &buflen)); - if (len == 0) - goto formerr; - rdata += len; - break; - - case ns_t_soa: { - u_long t; - - /* Server name. */ - T(addname(msg, msglen, &rdata, origin, &buf, &buflen)); - T(addstr(" ", 1, &buf, &buflen)); - - /* Administrator name. */ - T(addname(msg, msglen, &rdata, origin, &buf, &buflen)); - T(addstr(" (\n", 3, &buf, &buflen)); - spaced = 0; - - if ((edata - rdata) != 5*NS_INT32SZ) - goto formerr; - - /* Serial number. */ - t = ns_get32(rdata); rdata += NS_INT32SZ; - T(addstr("\t\t\t\t\t", 5, &buf, &buflen)); - len = SPRINTF((tmp, "%lu", t)); - T(addstr(tmp, len, &buf, &buflen)); - T(spaced = addtab(len, 16, spaced, &buf, &buflen)); - T(addstr("; serial\n", 9, &buf, &buflen)); - spaced = 0; - - /* Refresh interval. */ - t = ns_get32(rdata); rdata += NS_INT32SZ; - T(addstr("\t\t\t\t\t", 5, &buf, &buflen)); - T(len = ns_format_ttl(t, buf, buflen)); - addlen(len, &buf, &buflen); - T(spaced = addtab(len, 16, spaced, &buf, &buflen)); - T(addstr("; refresh\n", 10, &buf, &buflen)); - spaced = 0; - - /* Retry interval. */ - t = ns_get32(rdata); rdata += NS_INT32SZ; - T(addstr("\t\t\t\t\t", 5, &buf, &buflen)); - T(len = ns_format_ttl(t, buf, buflen)); - addlen(len, &buf, &buflen); - T(spaced = addtab(len, 16, spaced, &buf, &buflen)); - T(addstr("; retry\n", 8, &buf, &buflen)); - spaced = 0; - - /* Expiry. */ - t = ns_get32(rdata); rdata += NS_INT32SZ; - T(addstr("\t\t\t\t\t", 5, &buf, &buflen)); - T(len = ns_format_ttl(t, buf, buflen)); - addlen(len, &buf, &buflen); - T(spaced = addtab(len, 16, spaced, &buf, &buflen)); - T(addstr("; expiry\n", 9, &buf, &buflen)); - spaced = 0; - - /* Minimum TTL. */ - t = ns_get32(rdata); rdata += NS_INT32SZ; - T(addstr("\t\t\t\t\t", 5, &buf, &buflen)); - T(len = ns_format_ttl(t, buf, buflen)); - addlen(len, &buf, &buflen); - T(addstr(" )", 2, &buf, &buflen)); - T(spaced = addtab(len, 16, spaced, &buf, &buflen)); - T(addstr("; minimum\n", 10, &buf, &buflen)); - - break; - } - - case ns_t_mx: - case ns_t_afsdb: - case ns_t_rt: { - u_int t; - - if (rdlen < (size_t)NS_INT16SZ) - goto formerr; - - /* Priority. */ - t = ns_get16(rdata); - rdata += NS_INT16SZ; - len = SPRINTF((tmp, "%u ", t)); - T(addstr(tmp, len, &buf, &buflen)); - - /* Target. */ - T(addname(msg, msglen, &rdata, origin, &buf, &buflen)); - - break; - } - - case ns_t_px: { - u_int t; - - if (rdlen < (size_t)NS_INT16SZ) - goto formerr; - - /* Priority. */ - t = ns_get16(rdata); - rdata += NS_INT16SZ; - len = SPRINTF((tmp, "%u ", t)); - T(addstr(tmp, len, &buf, &buflen)); - - /* Name1. */ - T(addname(msg, msglen, &rdata, origin, &buf, &buflen)); - T(addstr(" ", 1, &buf, &buflen)); - - /* Name2. */ - T(addname(msg, msglen, &rdata, origin, &buf, &buflen)); - - break; - } - - case ns_t_x25: - T(len = charstr(rdata, edata, &buf, &buflen)); - if (len == 0) - goto formerr; - rdata += len; - break; - - case ns_t_txt: - while (rdata < edata) { - T(len = charstr(rdata, edata, &buf, &buflen)); - if (len == 0) - goto formerr; - rdata += len; - if (rdata < edata) - T(addstr(" ", 1, &buf, &buflen)); - } - break; - - case ns_t_nsap: { - char t[2+255*3]; - - (void) inet_nsap_ntoa(rdlen, rdata, t); - T(addstr(t, strlen(t), &buf, &buflen)); - break; - } - - case ns_t_aaaa: - if (rdlen != (size_t)NS_IN6ADDRSZ) - goto formerr; - (void) inet_ntop(AF_INET6, rdata, buf, buflen); - addlen(strlen(buf), &buf, &buflen); - break; - - case ns_t_loc: { - char t[255]; - - /* XXX protocol format checking? */ - (void) loc_ntoa(rdata, t); - T(addstr(t, strlen(t), &buf, &buflen)); - break; - } - - case ns_t_naptr: { - u_int order, preference; - char t[50]; - - if (rdlen < 2U*NS_INT16SZ) - goto formerr; - - /* Order, Precedence. */ - order = ns_get16(rdata); rdata += NS_INT16SZ; - preference = ns_get16(rdata); rdata += NS_INT16SZ; - len = SPRINTF((t, "%u %u ", order, preference)); - T(addstr(t, len, &buf, &buflen)); - - /* Flags. */ - T(len = charstr(rdata, edata, &buf, &buflen)); - if (len == 0) - goto formerr; - rdata += len; - T(addstr(" ", 1, &buf, &buflen)); - - /* Service. */ - T(len = charstr(rdata, edata, &buf, &buflen)); - if (len == 0) - goto formerr; - rdata += len; - T(addstr(" ", 1, &buf, &buflen)); - - /* Regexp. */ - T(len = charstr(rdata, edata, &buf, &buflen)); - if (len < 0) - return (-1); - if (len == 0) - goto formerr; - rdata += len; - T(addstr(" ", 1, &buf, &buflen)); - - /* Server. */ - T(addname(msg, msglen, &rdata, origin, &buf, &buflen)); - break; - } - - case ns_t_srv: { - u_int priority, weight, port; - char t[50]; - - if (rdlen < 3U*NS_INT16SZ) - goto formerr; - - /* Priority, Weight, Port. */ - priority = ns_get16(rdata); rdata += NS_INT16SZ; - weight = ns_get16(rdata); rdata += NS_INT16SZ; - port = ns_get16(rdata); rdata += NS_INT16SZ; - len = SPRINTF((t, "%u %u %u ", priority, weight, port)); - T(addstr(t, len, &buf, &buflen)); - - /* Server. */ - T(addname(msg, msglen, &rdata, origin, &buf, &buflen)); - break; - } - - case ns_t_minfo: - case ns_t_rp: - /* Name1. */ - T(addname(msg, msglen, &rdata, origin, &buf, &buflen)); - T(addstr(" ", 1, &buf, &buflen)); - - /* Name2. */ - T(addname(msg, msglen, &rdata, origin, &buf, &buflen)); - - break; - - case ns_t_wks: { - int n, lcnt; - - if (rdlen < 1U + NS_INT32SZ) - goto formerr; - - /* Address. */ - (void) inet_ntop(AF_INET, rdata, buf, buflen); - addlen(strlen(buf), &buf, &buflen); - rdata += NS_INADDRSZ; - - /* Protocol. */ - len = SPRINTF((tmp, " %u ( ", *rdata)); - T(addstr(tmp, len, &buf, &buflen)); - rdata += NS_INT8SZ; - - /* Bit map. */ - n = 0; - lcnt = 0; - while (rdata < edata) { - u_int c = *rdata++; - do { - if (c & 0200) { - if (lcnt == 0) { - T(addstr("\n\t\t\t\t", 5, - &buf, &buflen)); - lcnt = 10; - spaced = 0; - } - len = SPRINTF((tmp, "%d ", n)); - T(addstr(tmp, len, &buf, &buflen)); - lcnt--; - } - c <<= 1; - } while (++n & 07); - } - T(addstr(")", 1, &buf, &buflen)); - - break; - } - - case ns_t_key: { - char base64_key[NS_MD5RSA_MAX_BASE64]; - u_int keyflags, protocol, algorithm, key_id; - const char *leader; - int n; - - if (rdlen < 0U + NS_INT16SZ + NS_INT8SZ + NS_INT8SZ) - goto formerr; - - /* Key flags, Protocol, Algorithm. */ - key_id = dst_s_dns_key_id(rdata, edata-rdata); - keyflags = ns_get16(rdata); rdata += NS_INT16SZ; - protocol = *rdata++; - algorithm = *rdata++; - len = SPRINTF((tmp, "0x%04x %u %u", - keyflags, protocol, algorithm)); - T(addstr(tmp, len, &buf, &buflen)); - - /* Public key data. */ - len = b64_ntop(rdata, edata - rdata, - base64_key, sizeof base64_key); - if (len < 0) - goto formerr; - if (len > 15) { - T(addstr(" (", 2, &buf, &buflen)); - leader = "\n\t\t"; - spaced = 0; - } else - leader = " "; - for (n = 0; n < len; n += 48) { - T(addstr(leader, strlen(leader), &buf, &buflen)); - T(addstr(base64_key + n, MIN(len - n, 48), - &buf, &buflen)); - } - if (len > 15) - T(addstr(" )", 2, &buf, &buflen)); - n = SPRINTF((tmp, " ; key_tag= %u", key_id)); - T(addstr(tmp, n, &buf, &buflen)); - - break; - } - - case ns_t_sig: { - char base64_key[NS_MD5RSA_MAX_BASE64]; - u_int type, algorithm, labels, footprint; - const char *leader; - u_long t; - int n; - - if (rdlen < 22U) - goto formerr; - - /* Type covered, Algorithm, Label count, Original TTL. */ - type = ns_get16(rdata); rdata += NS_INT16SZ; - algorithm = *rdata++; - labels = *rdata++; - t = ns_get32(rdata); rdata += NS_INT32SZ; - len = SPRINTF((tmp, "%s %d %d %lu ", - p_type(type), algorithm, labels, t)); - T(addstr(tmp, len, &buf, &buflen)); - if (labels > (u_int)dn_count_labels(name)) - goto formerr; - - /* Signature expiry. */ - t = ns_get32(rdata); rdata += NS_INT32SZ; - len = SPRINTF((tmp, "%s ", p_secstodate(t))); - T(addstr(tmp, len, &buf, &buflen)); - - /* Time signed. */ - t = ns_get32(rdata); rdata += NS_INT32SZ; - len = SPRINTF((tmp, "%s ", p_secstodate(t))); - T(addstr(tmp, len, &buf, &buflen)); - - /* Signature Footprint. */ - footprint = ns_get16(rdata); rdata += NS_INT16SZ; - len = SPRINTF((tmp, "%u ", footprint)); - T(addstr(tmp, len, &buf, &buflen)); - - /* Signer's name. */ - T(addname(msg, msglen, &rdata, origin, &buf, &buflen)); - - /* Signature. */ - len = b64_ntop(rdata, edata - rdata, - base64_key, sizeof base64_key); - if (len > 15) { - T(addstr(" (", 2, &buf, &buflen)); - leader = "\n\t\t"; - spaced = 0; - } else - leader = " "; - if (len < 0) - goto formerr; - for (n = 0; n < len; n += 48) { - T(addstr(leader, strlen(leader), &buf, &buflen)); - T(addstr(base64_key + n, MIN(len - n, 48), - &buf, &buflen)); - } - if (len > 15) - T(addstr(" )", 2, &buf, &buflen)); - break; - } - - case ns_t_nxt: { - int n, c; - - /* Next domain name. */ - T(addname(msg, msglen, &rdata, origin, &buf, &buflen)); - - /* Type bit map. */ - n = edata - rdata; - for (c = 0; c < n*8; c++) - if (NS_NXT_BIT_ISSET(c, rdata)) { - len = SPRINTF((tmp, " %s", p_type(c))); - T(addstr(tmp, len, &buf, &buflen)); - } - break; - } - - case ns_t_cert: { - u_int c_type, key_tag, alg; - int n; - unsigned int siz; - char base64_cert[8192], tmp[40]; - const char *leader; - - c_type = ns_get16(rdata); rdata += NS_INT16SZ; - key_tag = ns_get16(rdata); rdata += NS_INT16SZ; - alg = (u_int) *rdata++; - - len = SPRINTF((tmp, "%d %d %d ", c_type, key_tag, alg)); - T(addstr(tmp, len, &buf, &buflen)); - siz = (edata-rdata)*4/3 + 4; /* "+4" accounts for trailing \0 */ - if (siz > sizeof(base64_cert) * 3/4) { - const char *str = "record too long to print"; - T(addstr(str, strlen(str), &buf, &buflen)); - } - else { - len = b64_ntop(rdata, edata-rdata, base64_cert, siz); - - if (len < 0) - goto formerr; - else if (len > 15) { - T(addstr(" (", 2, &buf, &buflen)); - leader = "\n\t\t"; - spaced = 0; - } - else - leader = " "; - - for (n = 0; n < len; n += 48) { - T(addstr(leader, strlen(leader), - &buf, &buflen)); - T(addstr(base64_cert + n, MIN(len - n, 48), - &buf, &buflen)); - } - if (len > 15) - T(addstr(" )", 2, &buf, &buflen)); - } - break; - } - - case ns_t_tkey: { - /* KJD - need to complete this */ - u_long t; - int mode, err, keysize; - - /* Algorithm name. */ - T(addname(msg, msglen, &rdata, origin, &buf, &buflen)); - T(addstr(" ", 1, &buf, &buflen)); - - /* Inception. */ - t = ns_get32(rdata); rdata += NS_INT32SZ; - len = SPRINTF((tmp, "%s ", p_secstodate(t))); - T(addstr(tmp, len, &buf, &buflen)); - - /* Experation. */ - t = ns_get32(rdata); rdata += NS_INT32SZ; - len = SPRINTF((tmp, "%s ", p_secstodate(t))); - T(addstr(tmp, len, &buf, &buflen)); - - /* Mode , Error, Key Size. */ - /* Priority, Weight, Port. */ - mode = ns_get16(rdata); rdata += NS_INT16SZ; - err = ns_get16(rdata); rdata += NS_INT16SZ; - keysize = ns_get16(rdata); rdata += NS_INT16SZ; - len = SPRINTF((tmp, "%u %u %u ", mode, err, keysize)); - T(addstr(tmp, len, &buf, &buflen)); - - /* XXX need to dump key, print otherdata length & other data */ - break; - } - - case ns_t_tsig: { - /* BEW - need to complete this */ - int n; - - T(len = addname(msg, msglen, &rdata, origin, &buf, &buflen)); - T(addstr(" ", 1, &buf, &buflen)); - rdata += 8; /*%< time */ - n = ns_get16(rdata); rdata += INT16SZ; - rdata += n; /*%< sig */ - n = ns_get16(rdata); rdata += INT16SZ; /*%< original id */ - sprintf(buf, "%d", ns_get16(rdata)); - rdata += INT16SZ; - addlen(strlen(buf), &buf, &buflen); - break; - } - - case ns_t_a6: { - struct in6_addr a; - int pbyte, pbit; - - /* prefix length */ - if (rdlen == 0U) goto formerr; - len = SPRINTF((tmp, "%d ", *rdata)); - T(addstr(tmp, len, &buf, &buflen)); - pbit = *rdata; - if (pbit > 128) goto formerr; - pbyte = (pbit & ~7) / 8; - rdata++; - - /* address suffix: provided only when prefix len != 128 */ - if (pbit < 128) { - if (rdata + pbyte >= edata) goto formerr; - memset(&a, 0, sizeof(a)); - memcpy(&a.s6_addr[pbyte], rdata, sizeof(a) - pbyte); - (void) inet_ntop(AF_INET6, &a, buf, buflen); - addlen(strlen(buf), &buf, &buflen); - rdata += sizeof(a) - pbyte; - } - - /* prefix name: provided only when prefix len > 0 */ - if (pbit == 0) - break; - if (rdata >= edata) goto formerr; - T(addstr(" ", 1, &buf, &buflen)); - T(addname(msg, msglen, &rdata, origin, &buf, &buflen)); - - break; - } - - case ns_t_opt: { - len = SPRINTF((tmp, "%u bytes", class)); - T(addstr(tmp, len, &buf, &buflen)); - break; - } - - default: - comment = "unknown RR type"; - goto hexify; - } - return (buf - obuf); - formerr: - comment = "RR format error"; - hexify: { - int n, m; - char *p; - - len = SPRINTF((tmp, "\\# %u%s\t; %s", (unsigned)(edata - rdata), - rdlen != 0U ? " (" : "", comment)); - T(addstr(tmp, len, &buf, &buflen)); - while (rdata < edata) { - p = tmp; - p += SPRINTF((p, "\n\t")); - spaced = 0; - n = MIN(16, edata - rdata); - for (m = 0; m < n; m++) - p += SPRINTF((p, "%02x ", rdata[m])); - T(addstr(tmp, p - tmp, &buf, &buflen)); - if (n < 16) { - T(addstr(")", 1, &buf, &buflen)); - T(addtab(p - tmp + 1, 48, spaced, &buf, &buflen)); - } - p = tmp; - p += SPRINTF((p, "; ")); - for (m = 0; m < n; m++) - *p++ = (isascii(rdata[m]) && isprint(rdata[m])) - ? rdata[m] - : '.'; - T(addstr(tmp, p - tmp, &buf, &buflen)); - rdata += n; - } - return (buf - obuf); - } -} - -/* Private. */ - -/*% - * size_t - * prune_origin(name, origin) - * Find out if the name is at or under the current origin. - * return: - * Number of characters in name before start of origin, - * or length of name if origin does not match. - * notes: - * This function should share code with samedomain(). - */ -static size_t -prune_origin(const char *name, const char *origin) { - const char *oname = name; - - while (*name != '\0') { - if (origin != NULL && ns_samename(name, origin) == 1) - return (name - oname - (name > oname)); - while (*name != '\0') { - if (*name == '\\') { - name++; - /* XXX need to handle \nnn form. */ - if (*name == '\0') - break; - } else if (*name == '.') { - name++; - break; - } - name++; - } - } - return (name - oname); -} - -/*% - * int - * charstr(rdata, edata, buf, buflen) - * Format a <character-string> into the presentation buffer. - * return: - * Number of rdata octets consumed - * 0 for protocol format error - * -1 for output buffer error - * side effects: - * buffer is advanced on success. - */ -static int -charstr(const u_char *rdata, const u_char *edata, char **buf, size_t *buflen) { - const u_char *odata = rdata; - size_t save_buflen = *buflen; - char *save_buf = *buf; - - if (addstr("\"", 1, buf, buflen) < 0) - goto enospc; - if (rdata < edata) { - int n = *rdata; - - if (rdata + 1 + n <= edata) { - rdata++; - while (n-- > 0) { - if (strchr("\n\"\\", *rdata) != NULL) - if (addstr("\\", 1, buf, buflen) < 0) - goto enospc; - if (addstr((const char *)rdata, 1, - buf, buflen) < 0) - goto enospc; - rdata++; - } - } - } - if (addstr("\"", 1, buf, buflen) < 0) - goto enospc; - return (rdata - odata); - enospc: - errno = ENOSPC; - *buf = save_buf; - *buflen = save_buflen; - return (-1); -} - -static int -addname(const u_char *msg, size_t msglen, - const u_char **pp, const char *origin, - char **buf, size_t *buflen) -{ - size_t newlen, save_buflen = *buflen; - char *save_buf = *buf; - int n; - - n = dn_expand(msg, msg + msglen, *pp, *buf, *buflen); - if (n < 0) - goto enospc; /*%< Guess. */ - newlen = prune_origin(*buf, origin); - if (**buf == '\0') { - goto root; - } else if (newlen == 0U) { - /* Use "@" instead of name. */ - if (newlen + 2 > *buflen) - goto enospc; /* No room for "@\0". */ - (*buf)[newlen++] = '@'; - (*buf)[newlen] = '\0'; - } else { - if (((origin == NULL || origin[0] == '\0') || - (origin[0] != '.' && origin[1] != '\0' && - (*buf)[newlen] == '\0')) && (*buf)[newlen - 1] != '.') { - /* No trailing dot. */ - root: - if (newlen + 2 > *buflen) - goto enospc; /* No room for ".\0". */ - (*buf)[newlen++] = '.'; - (*buf)[newlen] = '\0'; - } - } - *pp += n; - addlen(newlen, buf, buflen); - **buf = '\0'; - return (newlen); - enospc: - errno = ENOSPC; - *buf = save_buf; - *buflen = save_buflen; - return (-1); -} - -static void -addlen(size_t len, char **buf, size_t *buflen) { - INSIST(len <= *buflen); - *buf += len; - *buflen -= len; -} - -static int -addstr(const char *src, size_t len, char **buf, size_t *buflen) { - if (len >= *buflen) { - errno = ENOSPC; - return (-1); - } - memcpy(*buf, src, len); - addlen(len, buf, buflen); - **buf = '\0'; - return (0); -} - -static int -addtab(size_t len, size_t target, int spaced, char **buf, size_t *buflen) { - size_t save_buflen = *buflen; - char *save_buf = *buf; - int t; - - if (spaced || len >= target - 1) { - T(addstr(" ", 2, buf, buflen)); - spaced = 1; - } else { - for (t = (target - len - 1) / 8; t >= 0; t--) - if (addstr("\t", 1, buf, buflen) < 0) { - *buflen = save_buflen; - *buf = save_buf; - return (-1); - } - spaced = 0; - } - return (spaced); -} - -/*! \file */ diff --git a/contrib/bind9/lib/bind/nameser/ns_samedomain.c b/contrib/bind9/lib/bind/nameser/ns_samedomain.c deleted file mode 100644 index a720f6a..0000000 --- a/contrib/bind9/lib/bind/nameser/ns_samedomain.c +++ /dev/null @@ -1,207 +0,0 @@ -/* - * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") - * Copyright (c) 1995,1999 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef lint -static const char rcsid[] = "$Id: ns_samedomain.c,v 1.5.18.1 2005/04/27 05:01:09 sra Exp $"; -#endif - -#include "port_before.h" - -#include <sys/types.h> -#include <arpa/nameser.h> -#include <errno.h> -#include <string.h> - -#include "port_after.h" - -/*% - * Check whether a name belongs to a domain. - * - * Inputs: - *\li a - the domain whose ancestory is being verified - *\li b - the potential ancestor we're checking against - * - * Return: - *\li boolean - is a at or below b? - * - * Notes: - *\li Trailing dots are first removed from name and domain. - * Always compare complete subdomains, not only whether the - * domain name is the trailing string of the given name. - * - *\li "host.foobar.top" lies in "foobar.top" and in "top" and in "" - * but NOT in "bar.top" - */ - -int -ns_samedomain(const char *a, const char *b) { - size_t la, lb; - int diff, i, escaped; - const char *cp; - - la = strlen(a); - lb = strlen(b); - - /* Ignore a trailing label separator (i.e. an unescaped dot) in 'a'. */ - if (la != 0U && a[la - 1] == '.') { - escaped = 0; - /* Note this loop doesn't get executed if la==1. */ - for (i = la - 2; i >= 0; i--) - if (a[i] == '\\') { - if (escaped) - escaped = 0; - else - escaped = 1; - } else - break; - if (!escaped) - la--; - } - - /* Ignore a trailing label separator (i.e. an unescaped dot) in 'b'. */ - if (lb != 0U && b[lb - 1] == '.') { - escaped = 0; - /* note this loop doesn't get executed if lb==1 */ - for (i = lb - 2; i >= 0; i--) - if (b[i] == '\\') { - if (escaped) - escaped = 0; - else - escaped = 1; - } else - break; - if (!escaped) - lb--; - } - - /* lb == 0 means 'b' is the root domain, so 'a' must be in 'b'. */ - if (lb == 0U) - return (1); - - /* 'b' longer than 'a' means 'a' can't be in 'b'. */ - if (lb > la) - return (0); - - /* 'a' and 'b' being equal at this point indicates sameness. */ - if (lb == la) - return (strncasecmp(a, b, lb) == 0); - - /* Ok, we know la > lb. */ - - diff = la - lb; - - /* - * If 'a' is only 1 character longer than 'b', then it can't be - * a subdomain of 'b' (because of the need for the '.' label - * separator). - */ - if (diff < 2) - return (0); - - /* - * If the character before the last 'lb' characters of 'b' - * isn't '.', then it can't be a match (this lets us avoid - * having "foobar.com" match "bar.com"). - */ - if (a[diff - 1] != '.') - return (0); - - /* - * We're not sure about that '.', however. It could be escaped - * and thus not a really a label separator. - */ - escaped = 0; - for (i = diff - 2; i >= 0; i--) - if (a[i] == '\\') { - if (escaped) - escaped = 0; - else - escaped = 1; - } else - break; - if (escaped) - return (0); - - /* Now compare aligned trailing substring. */ - cp = a + diff; - return (strncasecmp(cp, b, lb) == 0); -} - -/*% - * is "a" a subdomain of "b"? - */ -int -ns_subdomain(const char *a, const char *b) { - return (ns_samename(a, b) != 1 && ns_samedomain(a, b)); -} - -/*% - * make a canonical copy of domain name "src" - * - * notes: - * \code - * foo -> foo. - * foo. -> foo. - * foo.. -> foo. - * foo\. -> foo\.. - * foo\\. -> foo\\. - * \endcode - */ - -int -ns_makecanon(const char *src, char *dst, size_t dstsize) { - size_t n = strlen(src); - - if (n + sizeof "." > dstsize) { /*%< Note: sizeof == 2 */ - errno = EMSGSIZE; - return (-1); - } - strcpy(dst, src); - while (n >= 1U && dst[n - 1] == '.') /*%< Ends in "." */ - if (n >= 2U && dst[n - 2] == '\\' && /*%< Ends in "\." */ - (n < 3U || dst[n - 3] != '\\')) /*%< But not "\\." */ - break; - else - dst[--n] = '\0'; - dst[n++] = '.'; - dst[n] = '\0'; - return (0); -} - -/*% - * determine whether domain name "a" is the same as domain name "b" - * - * return: - *\li -1 on error - *\li 0 if names differ - *\li 1 if names are the same - */ - -int -ns_samename(const char *a, const char *b) { - char ta[NS_MAXDNAME], tb[NS_MAXDNAME]; - - if (ns_makecanon(a, ta, sizeof ta) < 0 || - ns_makecanon(b, tb, sizeof tb) < 0) - return (-1); - if (strcasecmp(ta, tb) == 0) - return (1); - else - return (0); -} - -/*! \file */ diff --git a/contrib/bind9/lib/bind/nameser/ns_sign.c b/contrib/bind9/lib/bind/nameser/ns_sign.c deleted file mode 100644 index ab4b0ef..0000000 --- a/contrib/bind9/lib/bind/nameser/ns_sign.c +++ /dev/null @@ -1,387 +0,0 @@ -/* - * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") - * Copyright (c) 1999 by Internet Software Consortium, Inc. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef lint -static const char rcsid[] = "$Id: ns_sign.c,v 1.4.18.2 2006/03/10 00:20:08 marka Exp $"; -#endif - -/* Import. */ - -#include "port_before.h" -#include "fd_setsize.h" - -#include <sys/types.h> -#include <sys/param.h> - -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <arpa/inet.h> - -#include <errno.h> -#include <netdb.h> -#include <resolv.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <time.h> -#include <unistd.h> - -#include <isc/dst.h> -#include <isc/assertions.h> - -#include "port_after.h" - -#define BOUNDS_CHECK(ptr, count) \ - do { \ - if ((ptr) + (count) > eob) { \ - errno = EMSGSIZE; \ - return(NS_TSIG_ERROR_NO_SPACE); \ - } \ - } while (0) - -/*% - * ns_sign - * - * Parameters: - *\li msg message to be sent - *\li msglen input - length of message - * output - length of signed message - *\li msgsize length of buffer containing message - *\li error value to put in the error field - *\li key tsig key used for signing - *\li querysig (response), the signature in the query - *\li querysiglen (response), the length of the signature in the query - *\li sig a buffer to hold the generated signature - *\li siglen input - length of signature buffer - * output - length of signature - * - * Errors: - *\li - bad input data (-1) - *\li - bad key / sign failed (-BADKEY) - *\li - not enough space (NS_TSIG_ERROR_NO_SPACE) - */ -int -ns_sign(u_char *msg, int *msglen, int msgsize, int error, void *k, - const u_char *querysig, int querysiglen, u_char *sig, int *siglen, - time_t in_timesigned) -{ - return(ns_sign2(msg, msglen, msgsize, error, k, - querysig, querysiglen, sig, siglen, - in_timesigned, NULL, NULL)); -} - -int -ns_sign2(u_char *msg, int *msglen, int msgsize, int error, void *k, - const u_char *querysig, int querysiglen, u_char *sig, int *siglen, - time_t in_timesigned, u_char **dnptrs, u_char **lastdnptr) -{ - HEADER *hp = (HEADER *)msg; - DST_KEY *key = (DST_KEY *)k; - u_char *cp, *eob; - u_char *lenp; - u_char *alg; - int n; - time_t timesigned; - u_char name[NS_MAXCDNAME]; - - dst_init(); - if (msg == NULL || msglen == NULL || sig == NULL || siglen == NULL) - return (-1); - - cp = msg + *msglen; - eob = msg + msgsize; - - /* Name. */ - if (key != NULL && error != ns_r_badsig && error != ns_r_badkey) { - n = ns_name_pton(key->dk_key_name, name, sizeof name); - if (n != -1) - n = ns_name_pack(name, cp, eob - cp, - (const u_char **)dnptrs, - (const u_char **)lastdnptr); - - } else { - n = ns_name_pton("", name, sizeof name); - if (n != -1) - n = ns_name_pack(name, cp, eob - cp, NULL, NULL); - } - if (n < 0) - return (NS_TSIG_ERROR_NO_SPACE); - cp += n; - - /* Type, class, ttl, length (not filled in yet). */ - BOUNDS_CHECK(cp, INT16SZ + INT16SZ + INT32SZ + INT16SZ); - PUTSHORT(ns_t_tsig, cp); - PUTSHORT(ns_c_any, cp); - PUTLONG(0, cp); /*%< TTL */ - lenp = cp; - cp += 2; - - /* Alg. */ - if (key != NULL && error != ns_r_badsig && error != ns_r_badkey) { - if (key->dk_alg != KEY_HMAC_MD5) - return (-ns_r_badkey); - n = dn_comp(NS_TSIG_ALG_HMAC_MD5, cp, eob - cp, NULL, NULL); - } - else - n = dn_comp("", cp, eob - cp, NULL, NULL); - if (n < 0) - return (NS_TSIG_ERROR_NO_SPACE); - alg = cp; - cp += n; - - /* Time. */ - BOUNDS_CHECK(cp, INT16SZ + INT32SZ + INT16SZ); - PUTSHORT(0, cp); - timesigned = time(NULL); - if (error != ns_r_badtime) - PUTLONG(timesigned, cp); - else - PUTLONG(in_timesigned, cp); - PUTSHORT(NS_TSIG_FUDGE, cp); - - /* Compute the signature. */ - if (key != NULL && error != ns_r_badsig && error != ns_r_badkey) { - void *ctx; - u_char buf[NS_MAXCDNAME], *cp2; - int n; - - dst_sign_data(SIG_MODE_INIT, key, &ctx, NULL, 0, NULL, 0); - - /* Digest the query signature, if this is a response. */ - if (querysiglen > 0 && querysig != NULL) { - u_int16_t len_n = htons(querysiglen); - dst_sign_data(SIG_MODE_UPDATE, key, &ctx, - (u_char *)&len_n, INT16SZ, NULL, 0); - dst_sign_data(SIG_MODE_UPDATE, key, &ctx, - querysig, querysiglen, NULL, 0); - } - - /* Digest the message. */ - dst_sign_data(SIG_MODE_UPDATE, key, &ctx, msg, *msglen, - NULL, 0); - - /* Digest the key name. */ - n = ns_name_ntol(name, buf, sizeof(buf)); - INSIST(n > 0); - dst_sign_data(SIG_MODE_UPDATE, key, &ctx, buf, n, NULL, 0); - - /* Digest the class and TTL. */ - cp2 = buf; - PUTSHORT(ns_c_any, cp2); - PUTLONG(0, cp2); - dst_sign_data(SIG_MODE_UPDATE, key, &ctx, buf, cp2-buf, - NULL, 0); - - /* Digest the algorithm. */ - n = ns_name_ntol(alg, buf, sizeof(buf)); - INSIST(n > 0); - dst_sign_data(SIG_MODE_UPDATE, key, &ctx, buf, n, NULL, 0); - - /* Digest the time signed, fudge, error, and other data */ - cp2 = buf; - PUTSHORT(0, cp2); /*%< Top 16 bits of time */ - if (error != ns_r_badtime) - PUTLONG(timesigned, cp2); - else - PUTLONG(in_timesigned, cp2); - PUTSHORT(NS_TSIG_FUDGE, cp2); - PUTSHORT(error, cp2); /*%< Error */ - if (error != ns_r_badtime) - PUTSHORT(0, cp2); /*%< Other data length */ - else { - PUTSHORT(INT16SZ+INT32SZ, cp2); /*%< Other data length */ - PUTSHORT(0, cp2); /*%< Top 16 bits of time */ - PUTLONG(timesigned, cp2); - } - dst_sign_data(SIG_MODE_UPDATE, key, &ctx, buf, cp2-buf, - NULL, 0); - - n = dst_sign_data(SIG_MODE_FINAL, key, &ctx, NULL, 0, - sig, *siglen); - if (n < 0) - return (-ns_r_badkey); - *siglen = n; - } else - *siglen = 0; - - /* Add the signature. */ - BOUNDS_CHECK(cp, INT16SZ + (*siglen)); - PUTSHORT(*siglen, cp); - memcpy(cp, sig, *siglen); - cp += (*siglen); - - /* The original message ID & error. */ - BOUNDS_CHECK(cp, INT16SZ + INT16SZ); - PUTSHORT(ntohs(hp->id), cp); /*%< already in network order */ - PUTSHORT(error, cp); - - /* Other data. */ - BOUNDS_CHECK(cp, INT16SZ); - if (error != ns_r_badtime) - PUTSHORT(0, cp); /*%< Other data length */ - else { - PUTSHORT(INT16SZ+INT32SZ, cp); /*%< Other data length */ - BOUNDS_CHECK(cp, INT32SZ+INT16SZ); - PUTSHORT(0, cp); /*%< Top 16 bits of time */ - PUTLONG(timesigned, cp); - } - - /* Go back and fill in the length. */ - PUTSHORT(cp - lenp - INT16SZ, lenp); - - hp->arcount = htons(ntohs(hp->arcount) + 1); - *msglen = (cp - msg); - return (0); -} - -int -ns_sign_tcp_init(void *k, const u_char *querysig, int querysiglen, - ns_tcp_tsig_state *state) -{ - dst_init(); - if (state == NULL || k == NULL || querysig == NULL || querysiglen < 0) - return (-1); - state->counter = -1; - state->key = k; - if (state->key->dk_alg != KEY_HMAC_MD5) - return (-ns_r_badkey); - if (querysiglen > (int)sizeof(state->sig)) - return (-1); - memcpy(state->sig, querysig, querysiglen); - state->siglen = querysiglen; - return (0); -} - -int -ns_sign_tcp(u_char *msg, int *msglen, int msgsize, int error, - ns_tcp_tsig_state *state, int done) -{ - return (ns_sign_tcp2(msg, msglen, msgsize, error, state, - done, NULL, NULL)); -} - -int -ns_sign_tcp2(u_char *msg, int *msglen, int msgsize, int error, - ns_tcp_tsig_state *state, int done, - u_char **dnptrs, u_char **lastdnptr) -{ - u_char *cp, *eob, *lenp; - u_char buf[MAXDNAME], *cp2; - HEADER *hp = (HEADER *)msg; - time_t timesigned; - int n; - - if (msg == NULL || msglen == NULL || state == NULL) - return (-1); - - state->counter++; - if (state->counter == 0) - return (ns_sign2(msg, msglen, msgsize, error, state->key, - state->sig, state->siglen, - state->sig, &state->siglen, 0, - dnptrs, lastdnptr)); - - if (state->siglen > 0) { - u_int16_t siglen_n = htons(state->siglen); - dst_sign_data(SIG_MODE_INIT, state->key, &state->ctx, - NULL, 0, NULL, 0); - dst_sign_data(SIG_MODE_UPDATE, state->key, &state->ctx, - (u_char *)&siglen_n, INT16SZ, NULL, 0); - dst_sign_data(SIG_MODE_UPDATE, state->key, &state->ctx, - state->sig, state->siglen, NULL, 0); - state->siglen = 0; - } - - dst_sign_data(SIG_MODE_UPDATE, state->key, &state->ctx, msg, *msglen, - NULL, 0); - - if (done == 0 && (state->counter % 100 != 0)) - return (0); - - cp = msg + *msglen; - eob = msg + msgsize; - - /* Name. */ - n = dn_comp(state->key->dk_key_name, cp, eob - cp, dnptrs, lastdnptr); - if (n < 0) - return (NS_TSIG_ERROR_NO_SPACE); - cp += n; - - /* Type, class, ttl, length (not filled in yet). */ - BOUNDS_CHECK(cp, INT16SZ + INT16SZ + INT32SZ + INT16SZ); - PUTSHORT(ns_t_tsig, cp); - PUTSHORT(ns_c_any, cp); - PUTLONG(0, cp); /*%< TTL */ - lenp = cp; - cp += 2; - - /* Alg. */ - n = dn_comp(NS_TSIG_ALG_HMAC_MD5, cp, eob - cp, NULL, NULL); - if (n < 0) - return (NS_TSIG_ERROR_NO_SPACE); - cp += n; - - /* Time. */ - BOUNDS_CHECK(cp, INT16SZ + INT32SZ + INT16SZ); - PUTSHORT(0, cp); - timesigned = time(NULL); - PUTLONG(timesigned, cp); - PUTSHORT(NS_TSIG_FUDGE, cp); - - /* - * Compute the signature. - */ - - /* Digest the time signed and fudge. */ - cp2 = buf; - PUTSHORT(0, cp2); /*%< Top 16 bits of time */ - PUTLONG(timesigned, cp2); - PUTSHORT(NS_TSIG_FUDGE, cp2); - - dst_sign_data(SIG_MODE_UPDATE, state->key, &state->ctx, - buf, cp2 - buf, NULL, 0); - - n = dst_sign_data(SIG_MODE_FINAL, state->key, &state->ctx, NULL, 0, - state->sig, sizeof(state->sig)); - if (n < 0) - return (-ns_r_badkey); - state->siglen = n; - - /* Add the signature. */ - BOUNDS_CHECK(cp, INT16SZ + state->siglen); - PUTSHORT(state->siglen, cp); - memcpy(cp, state->sig, state->siglen); - cp += state->siglen; - - /* The original message ID & error. */ - BOUNDS_CHECK(cp, INT16SZ + INT16SZ); - PUTSHORT(ntohs(hp->id), cp); /*%< already in network order */ - PUTSHORT(error, cp); - - /* Other data. */ - BOUNDS_CHECK(cp, INT16SZ); - PUTSHORT(0, cp); - - /* Go back and fill in the length. */ - PUTSHORT(cp - lenp - INT16SZ, lenp); - - hp->arcount = htons(ntohs(hp->arcount) + 1); - *msglen = (cp - msg); - return (0); -} - -/*! \file */ diff --git a/contrib/bind9/lib/bind/nameser/ns_ttl.c b/contrib/bind9/lib/bind/nameser/ns_ttl.c deleted file mode 100644 index 627ddf1..0000000 --- a/contrib/bind9/lib/bind/nameser/ns_ttl.c +++ /dev/null @@ -1,162 +0,0 @@ -/* - * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") - * Copyright (c) 1996,1999 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef lint -static const char rcsid[] = "$Id: ns_ttl.c,v 1.2.18.2 2005/07/28 07:38:10 marka Exp $"; -#endif - -/* Import. */ - -#include "port_before.h" - -#include <arpa/nameser.h> - -#include <ctype.h> -#include <errno.h> -#include <stdio.h> -#include <string.h> - -#include "port_after.h" - -#ifdef SPRINTF_CHAR -# define SPRINTF(x) strlen(sprintf/**/x) -#else -# define SPRINTF(x) ((size_t)sprintf x) -#endif - -/* Forward. */ - -static int fmt1(int t, char s, char **buf, size_t *buflen); - -/* Macros. */ - -#define T(x) if ((x) < 0) return (-1); else (void)NULL - -/* Public. */ - -int -ns_format_ttl(u_long src, char *dst, size_t dstlen) { - char *odst = dst; - int secs, mins, hours, days, weeks, x; - char *p; - - secs = src % 60; src /= 60; - mins = src % 60; src /= 60; - hours = src % 24; src /= 24; - days = src % 7; src /= 7; - weeks = src; src = 0; - - x = 0; - if (weeks) { - T(fmt1(weeks, 'W', &dst, &dstlen)); - x++; - } - if (days) { - T(fmt1(days, 'D', &dst, &dstlen)); - x++; - } - if (hours) { - T(fmt1(hours, 'H', &dst, &dstlen)); - x++; - } - if (mins) { - T(fmt1(mins, 'M', &dst, &dstlen)); - x++; - } - if (secs || !(weeks || days || hours || mins)) { - T(fmt1(secs, 'S', &dst, &dstlen)); - x++; - } - - if (x > 1) { - int ch; - - for (p = odst; (ch = *p) != '\0'; p++) - if (isascii(ch) && isupper(ch)) - *p = tolower(ch); - } - - return (dst - odst); -} - -int -ns_parse_ttl(const char *src, u_long *dst) { - u_long ttl, tmp; - int ch, digits, dirty; - - ttl = 0; - tmp = 0; - digits = 0; - dirty = 0; - while ((ch = *src++) != '\0') { - if (!isascii(ch) || !isprint(ch)) - goto einval; - if (isdigit(ch)) { - tmp *= 10; - tmp += (ch - '0'); - digits++; - continue; - } - if (digits == 0) - goto einval; - if (islower(ch)) - ch = toupper(ch); - switch (ch) { - case 'W': tmp *= 7; - case 'D': tmp *= 24; - case 'H': tmp *= 60; - case 'M': tmp *= 60; - case 'S': break; - default: goto einval; - } - ttl += tmp; - tmp = 0; - digits = 0; - dirty = 1; - } - if (digits > 0) { - if (dirty) - goto einval; - else - ttl += tmp; - } else if (!dirty) - goto einval; - *dst = ttl; - return (0); - - einval: - errno = EINVAL; - return (-1); -} - -/* Private. */ - -static int -fmt1(int t, char s, char **buf, size_t *buflen) { - char tmp[50]; - size_t len; - - len = SPRINTF((tmp, "%d%c", t, s)); - if (len + 1 > *buflen) - return (-1); - strcpy(*buf, tmp); - *buf += len; - *buflen -= len; - return (0); -} - -/*! \file */ diff --git a/contrib/bind9/lib/bind/nameser/ns_verify.c b/contrib/bind9/lib/bind/nameser/ns_verify.c deleted file mode 100644 index b80b588..0000000 --- a/contrib/bind9/lib/bind/nameser/ns_verify.c +++ /dev/null @@ -1,484 +0,0 @@ -/* - * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") - * Copyright (c) 1999 by Internet Software Consortium, Inc. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef lint -static const char rcsid[] = "$Id: ns_verify.c,v 1.2.18.3 2006/03/10 00:20:08 marka Exp $"; -#endif - -/* Import. */ - -#include "port_before.h" -#include "fd_setsize.h" - -#include <sys/types.h> -#include <sys/param.h> - -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <arpa/inet.h> - -#include <errno.h> -#include <netdb.h> -#include <resolv.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <time.h> -#include <unistd.h> - -#include <isc/dst.h> - -#include "port_after.h" - -/* Private. */ - -#define BOUNDS_CHECK(ptr, count) \ - do { \ - if ((ptr) + (count) > eom) { \ - return (NS_TSIG_ERROR_FORMERR); \ - } \ - } while (0) - -/* Public. */ - -u_char * -ns_find_tsig(u_char *msg, u_char *eom) { - HEADER *hp = (HEADER *)msg; - int n, type; - u_char *cp = msg, *start; - - if (msg == NULL || eom == NULL || msg > eom) - return (NULL); - - if (cp + HFIXEDSZ >= eom) - return (NULL); - - if (hp->arcount == 0) - return (NULL); - - cp += HFIXEDSZ; - - n = ns_skiprr(cp, eom, ns_s_qd, ntohs(hp->qdcount)); - if (n < 0) - return (NULL); - cp += n; - - n = ns_skiprr(cp, eom, ns_s_an, ntohs(hp->ancount)); - if (n < 0) - return (NULL); - cp += n; - - n = ns_skiprr(cp, eom, ns_s_ns, ntohs(hp->nscount)); - if (n < 0) - return (NULL); - cp += n; - - n = ns_skiprr(cp, eom, ns_s_ar, ntohs(hp->arcount) - 1); - if (n < 0) - return (NULL); - cp += n; - - start = cp; - n = dn_skipname(cp, eom); - if (n < 0) - return (NULL); - cp += n; - if (cp + INT16SZ >= eom) - return (NULL); - - GETSHORT(type, cp); - if (type != ns_t_tsig) - return (NULL); - return (start); -} - -/* ns_verify - * - * Parameters: - *\li statp res stuff - *\li msg received message - *\li msglen length of message - *\li key tsig key used for verifying. - *\li querysig (response), the signature in the query - *\li querysiglen (response), the length of the signature in the query - *\li sig (query), a buffer to hold the signature - *\li siglen (query), input - length of signature buffer - * output - length of signature - * - * Errors: - *\li - bad input (-1) - *\li - invalid dns message (NS_TSIG_ERROR_FORMERR) - *\li - TSIG is not present (NS_TSIG_ERROR_NO_TSIG) - *\li - key doesn't match (-ns_r_badkey) - *\li - TSIG verification fails with BADKEY (-ns_r_badkey) - *\li - TSIG verification fails with BADSIG (-ns_r_badsig) - *\li - TSIG verification fails with BADTIME (-ns_r_badtime) - *\li - TSIG verification succeeds, error set to BAKEY (ns_r_badkey) - *\li - TSIG verification succeeds, error set to BADSIG (ns_r_badsig) - *\li - TSIG verification succeeds, error set to BADTIME (ns_r_badtime) - */ -int -ns_verify(u_char *msg, int *msglen, void *k, - const u_char *querysig, int querysiglen, u_char *sig, int *siglen, - time_t *timesigned, int nostrip) -{ - HEADER *hp = (HEADER *)msg; - DST_KEY *key = (DST_KEY *)k; - u_char *cp = msg, *eom; - char name[MAXDNAME], alg[MAXDNAME]; - u_char *recstart, *rdatastart; - u_char *sigstart, *otherstart; - int n; - int error; - u_int16_t type, length; - u_int16_t fudge, sigfieldlen, otherfieldlen; - - dst_init(); - if (msg == NULL || msglen == NULL || *msglen < 0) - return (-1); - - eom = msg + *msglen; - - recstart = ns_find_tsig(msg, eom); - if (recstart == NULL) - return (NS_TSIG_ERROR_NO_TSIG); - - cp = recstart; - - /* Read the key name. */ - n = dn_expand(msg, eom, cp, name, MAXDNAME); - if (n < 0) - return (NS_TSIG_ERROR_FORMERR); - cp += n; - - /* Read the type. */ - BOUNDS_CHECK(cp, 2*INT16SZ + INT32SZ + INT16SZ); - GETSHORT(type, cp); - if (type != ns_t_tsig) - return (NS_TSIG_ERROR_NO_TSIG); - - /* Skip the class and TTL, save the length. */ - cp += INT16SZ + INT32SZ; - GETSHORT(length, cp); - if (eom - cp != length) - return (NS_TSIG_ERROR_FORMERR); - - /* Read the algorithm name. */ - rdatastart = cp; - n = dn_expand(msg, eom, cp, alg, MAXDNAME); - if (n < 0) - return (NS_TSIG_ERROR_FORMERR); - if (ns_samename(alg, NS_TSIG_ALG_HMAC_MD5) != 1) - return (-ns_r_badkey); - cp += n; - - /* Read the time signed and fudge. */ - BOUNDS_CHECK(cp, INT16SZ + INT32SZ + INT16SZ); - cp += INT16SZ; - GETLONG((*timesigned), cp); - GETSHORT(fudge, cp); - - /* Read the signature. */ - BOUNDS_CHECK(cp, INT16SZ); - GETSHORT(sigfieldlen, cp); - BOUNDS_CHECK(cp, sigfieldlen); - sigstart = cp; - cp += sigfieldlen; - - /* Skip id and read error. */ - BOUNDS_CHECK(cp, 2*INT16SZ); - cp += INT16SZ; - GETSHORT(error, cp); - - /* Parse the other data. */ - BOUNDS_CHECK(cp, INT16SZ); - GETSHORT(otherfieldlen, cp); - BOUNDS_CHECK(cp, otherfieldlen); - otherstart = cp; - cp += otherfieldlen; - - if (cp != eom) - return (NS_TSIG_ERROR_FORMERR); - - /* Verify that the key used is OK. */ - if (key != NULL) { - if (key->dk_alg != KEY_HMAC_MD5) - return (-ns_r_badkey); - if (error != ns_r_badsig && error != ns_r_badkey) { - if (ns_samename(key->dk_key_name, name) != 1) - return (-ns_r_badkey); - } - } - - hp->arcount = htons(ntohs(hp->arcount) - 1); - - /* - * Do the verification. - */ - - if (key != NULL && error != ns_r_badsig && error != ns_r_badkey) { - void *ctx; - u_char buf[MAXDNAME]; - u_char buf2[MAXDNAME]; - - /* Digest the query signature, if this is a response. */ - dst_verify_data(SIG_MODE_INIT, key, &ctx, NULL, 0, NULL, 0); - if (querysiglen > 0 && querysig != NULL) { - u_int16_t len_n = htons(querysiglen); - dst_verify_data(SIG_MODE_UPDATE, key, &ctx, - (u_char *)&len_n, INT16SZ, NULL, 0); - dst_verify_data(SIG_MODE_UPDATE, key, &ctx, - querysig, querysiglen, NULL, 0); - } - - /* Digest the message. */ - dst_verify_data(SIG_MODE_UPDATE, key, &ctx, msg, recstart - msg, - NULL, 0); - - /* Digest the key name. */ - n = ns_name_pton(name, buf2, sizeof(buf2)); - if (n < 0) - return (-1); - n = ns_name_ntol(buf2, buf, sizeof(buf)); - if (n < 0) - return (-1); - dst_verify_data(SIG_MODE_UPDATE, key, &ctx, buf, n, NULL, 0); - - /* Digest the class and TTL. */ - dst_verify_data(SIG_MODE_UPDATE, key, &ctx, - recstart + dn_skipname(recstart, eom) + INT16SZ, - INT16SZ + INT32SZ, NULL, 0); - - /* Digest the algorithm. */ - n = ns_name_pton(alg, buf2, sizeof(buf2)); - if (n < 0) - return (-1); - n = ns_name_ntol(buf2, buf, sizeof(buf)); - if (n < 0) - return (-1); - dst_verify_data(SIG_MODE_UPDATE, key, &ctx, buf, n, NULL, 0); - - /* Digest the time signed and fudge. */ - dst_verify_data(SIG_MODE_UPDATE, key, &ctx, - rdatastart + dn_skipname(rdatastart, eom), - INT16SZ + INT32SZ + INT16SZ, NULL, 0); - - /* Digest the error and other data. */ - dst_verify_data(SIG_MODE_UPDATE, key, &ctx, - otherstart - INT16SZ - INT16SZ, - otherfieldlen + INT16SZ + INT16SZ, NULL, 0); - - n = dst_verify_data(SIG_MODE_FINAL, key, &ctx, NULL, 0, - sigstart, sigfieldlen); - - if (n < 0) - return (-ns_r_badsig); - - if (sig != NULL && siglen != NULL) { - if (*siglen < sigfieldlen) - return (NS_TSIG_ERROR_NO_SPACE); - memcpy(sig, sigstart, sigfieldlen); - *siglen = sigfieldlen; - } - } else { - if (sigfieldlen > 0) - return (NS_TSIG_ERROR_FORMERR); - if (sig != NULL && siglen != NULL) - *siglen = 0; - } - - /* Reset the counter, since we still need to check for badtime. */ - hp->arcount = htons(ntohs(hp->arcount) + 1); - - /* Verify the time. */ - if (abs((*timesigned) - time(NULL)) > fudge) - return (-ns_r_badtime); - - if (nostrip == 0) { - *msglen = recstart - msg; - hp->arcount = htons(ntohs(hp->arcount) - 1); - } - - if (error != NOERROR) - return (error); - - return (0); -} - -int -ns_verify_tcp_init(void *k, const u_char *querysig, int querysiglen, - ns_tcp_tsig_state *state) -{ - dst_init(); - if (state == NULL || k == NULL || querysig == NULL || querysiglen < 0) - return (-1); - state->counter = -1; - state->key = k; - if (state->key->dk_alg != KEY_HMAC_MD5) - return (-ns_r_badkey); - if (querysiglen > (int)sizeof(state->sig)) - return (-1); - memcpy(state->sig, querysig, querysiglen); - state->siglen = querysiglen; - return (0); -} - -int -ns_verify_tcp(u_char *msg, int *msglen, ns_tcp_tsig_state *state, - int required) -{ - HEADER *hp = (HEADER *)msg; - u_char *recstart, *sigstart; - unsigned int sigfieldlen, otherfieldlen; - u_char *cp, *eom, *cp2; - char name[MAXDNAME], alg[MAXDNAME]; - u_char buf[MAXDNAME]; - int n, type, length, fudge, error; - time_t timesigned; - - if (msg == NULL || msglen == NULL || state == NULL) - return (-1); - - eom = msg + *msglen; - - state->counter++; - if (state->counter == 0) - return (ns_verify(msg, msglen, state->key, - state->sig, state->siglen, - state->sig, &state->siglen, ×igned, 0)); - - if (state->siglen > 0) { - u_int16_t siglen_n = htons(state->siglen); - - dst_verify_data(SIG_MODE_INIT, state->key, &state->ctx, - NULL, 0, NULL, 0); - dst_verify_data(SIG_MODE_UPDATE, state->key, &state->ctx, - (u_char *)&siglen_n, INT16SZ, NULL, 0); - dst_verify_data(SIG_MODE_UPDATE, state->key, &state->ctx, - state->sig, state->siglen, NULL, 0); - state->siglen = 0; - } - - cp = recstart = ns_find_tsig(msg, eom); - - if (recstart == NULL) { - if (required) - return (NS_TSIG_ERROR_NO_TSIG); - dst_verify_data(SIG_MODE_UPDATE, state->key, &state->ctx, - msg, *msglen, NULL, 0); - return (0); - } - - hp->arcount = htons(ntohs(hp->arcount) - 1); - dst_verify_data(SIG_MODE_UPDATE, state->key, &state->ctx, - msg, recstart - msg, NULL, 0); - - /* Read the key name. */ - n = dn_expand(msg, eom, cp, name, MAXDNAME); - if (n < 0) - return (NS_TSIG_ERROR_FORMERR); - cp += n; - - /* Read the type. */ - BOUNDS_CHECK(cp, 2*INT16SZ + INT32SZ + INT16SZ); - GETSHORT(type, cp); - if (type != ns_t_tsig) - return (NS_TSIG_ERROR_NO_TSIG); - - /* Skip the class and TTL, save the length. */ - cp += INT16SZ + INT32SZ; - GETSHORT(length, cp); - if (eom - cp != length) - return (NS_TSIG_ERROR_FORMERR); - - /* Read the algorithm name. */ - n = dn_expand(msg, eom, cp, alg, MAXDNAME); - if (n < 0) - return (NS_TSIG_ERROR_FORMERR); - if (ns_samename(alg, NS_TSIG_ALG_HMAC_MD5) != 1) - return (-ns_r_badkey); - cp += n; - - /* Verify that the key used is OK. */ - if ((ns_samename(state->key->dk_key_name, name) != 1 || - state->key->dk_alg != KEY_HMAC_MD5)) - return (-ns_r_badkey); - - /* Read the time signed and fudge. */ - BOUNDS_CHECK(cp, INT16SZ + INT32SZ + INT16SZ); - cp += INT16SZ; - GETLONG(timesigned, cp); - GETSHORT(fudge, cp); - - /* Read the signature. */ - BOUNDS_CHECK(cp, INT16SZ); - GETSHORT(sigfieldlen, cp); - BOUNDS_CHECK(cp, sigfieldlen); - sigstart = cp; - cp += sigfieldlen; - - /* Skip id and read error. */ - BOUNDS_CHECK(cp, 2*INT16SZ); - cp += INT16SZ; - GETSHORT(error, cp); - - /* Parse the other data. */ - BOUNDS_CHECK(cp, INT16SZ); - GETSHORT(otherfieldlen, cp); - BOUNDS_CHECK(cp, otherfieldlen); - cp += otherfieldlen; - - if (cp != eom) - return (NS_TSIG_ERROR_FORMERR); - - /* - * Do the verification. - */ - - /* Digest the time signed and fudge. */ - cp2 = buf; - PUTSHORT(0, cp2); /*%< Top 16 bits of time. */ - PUTLONG(timesigned, cp2); - PUTSHORT(NS_TSIG_FUDGE, cp2); - - dst_verify_data(SIG_MODE_UPDATE, state->key, &state->ctx, - buf, cp2 - buf, NULL, 0); - - n = dst_verify_data(SIG_MODE_FINAL, state->key, &state->ctx, NULL, 0, - sigstart, sigfieldlen); - if (n < 0) - return (-ns_r_badsig); - - if (sigfieldlen > sizeof(state->sig)) - return (NS_TSIG_ERROR_NO_SPACE); - - memcpy(state->sig, sigstart, sigfieldlen); - state->siglen = sigfieldlen; - - /* Verify the time. */ - if (abs(timesigned - time(NULL)) > fudge) - return (-ns_r_badtime); - - *msglen = recstart - msg; - - if (error != NOERROR) - return (error); - - return (0); -} - -/*! \file */ |
