diff options
| author | dougb <dougb@FreeBSD.org> | 2002-07-01 01:07:56 +0000 |
|---|---|---|
| committer | dougb <dougb@FreeBSD.org> | 2002-07-01 01:07:56 +0000 |
| commit | 67c9dec97554c34ae92f7d669f1c0de844fcf4c8 (patch) | |
| tree | 3212d35c5abe2389cdb3a7d42620ae08e2b6167d /contrib | |
| parent | ea2af26043626cce55951657dd0c8d5ba39ab935 (diff) | |
| parent | f4bd5053ab2eb505b16099244427d9e93442fe90 (diff) | |
| download | FreeBSD-src-67c9dec97554c34ae92f7d669f1c0de844fcf4c8.zip FreeBSD-src-67c9dec97554c34ae92f7d669f1c0de844fcf4c8.tar.gz | |
This commit was generated by cvs2svn to compensate for changes in r99179,
which included commits to RCS files with non-trunk default branches.
Diffstat (limited to 'contrib')
44 files changed, 975 insertions, 213 deletions
diff --git a/contrib/bind/CHANGES b/contrib/bind/CHANGES index 768e601..25ea08f 100644 --- a/contrib/bind/CHANGES +++ b/contrib/bind/CHANGES @@ -1,4 +1,116 @@ + --- 8.3.3-REL released --- (Wed Jun 26 21:15:43 PDT 2002) + +1301. [func] log attempts to exploit #1300. + +1300. [bug] Remote buffer overrun. + +1299. [func] Log to xfer-in when a named-xfer fails and one of + the masters returned REFUSED. + +1298. [bug] named could leak a OPT record when returning a + negative response. + +1297. [func] 'ndc restart' will now attempt to preserve the + arguments named was started with. + Use 'ndc restart --' to clear the arguements. + Use 'ndc restart <new arguements>' to restart named + with a alternate set of arguements. + +1296. [bug] delay setting need_restart until the response to + ndc exec has been sent. + +1295. [func] new ndc command 'args'. returns the arguements that + named was started with %xx escaped. + +1294. [bug] #1272 broke linkage for those OS's using -lfl (flex). + Move -ll/-lfl to LIBL for all platforms. + + --- 8.3.2-REL released --- (Mon Jun 17 20:24:32 PDT 2002) + +1293. [doc] update man pages for 'dig', 'dnsquery' and 'host' + to reflect IPv6 capabilities (nslookup and nsupdate + were already IPv4/IPv6 agnostic). + +1292. [func] host: the default lookups now also include AAAA + records. + +1291. [func] 'dig -x <ip6>' now works. + +1290. [bug] 'dig @server' fail to report the IPv6 address of the + server in error messages. + +1289. [contrib] normalize_zone now handles $TTL. + +1288. [bug] named: -t and -w could not be used together. + +1287. [func] report serial(s) in out going transfer operation. + + --- 8.3.2-RC1 released --- (Thu May 30 23:06:11 PDT 2002) + +1286. [func] libbind: no longer attempts bit string labels for + IPv6 reverse resolution. Try IP6.ARPA then IP6.INT + for nibble style resolution. + +1285. [port] linux: ss_family vs __ss_family in sockaddr_storage. + +1284. [port] freebsd: 5.0 uses gid_t rather that int for + GETGROUPLIST_ARGS + +1283. [port] bsdi: 4.2 also has struct sockaddr_storage. + +1282. [bug] nslookup was using inet_ntoa() to print out a IPv6 + address. + +1281. [bug] escape '(' and ')' when coverting to presentation + form. + +1280. [func] server { edns yes_or_no; } is now supported. + +1279. [bug] nslookup: partial coversion to similar style outputs + for both -type=aaaa and -type=a. + +1278. [bug] free() of non-malloced memory in nslookup. + +1277. [port] cast all instances of yytext in commands.l to (char*) + to silence compilers on OS's where lex declares it + as (unsigned char *). + +1276. [port] hpux 11.22: ansify GetAnswer in getinfo.c to + silence compiler. + +1275. [bug] bad declaration of si in tsig_key_from_addr(). + +1274. [port] hpux 11.22: ansify hexstring() and display() in + addr.c to silence compiler. + +1273. [bug] const pointer conficts in res_debug.c. + +1272. [port] hpux 11.22: don't link against -ll unless required. + +1272. [bug] main_need_num was not last entry in enum. + main_need_tick nolonger required. + +1271. [port] hpux: treat all hpux systems as BIG_ENDIAN, don't + include <sys/mbuf.h>. + +1270. [port] hpux 11.22 namespace clash DATASIZE -> BIND_DATASIZE. + +1269. [port] hpux 11.11 interface scaning. + +1268. [port] solaris: 64 bit binary compatability. + +1267. [bug] aix4: missing IN6_IS_ADDR_V4COMPAT macro. + +1266. [bug] If you are using TSIG #1261 introduced the potential + of a infinite loop. + +1265. [bug] nslookup failed on platforms that don't have BSD 43 + style sockets. + +1264. [bug] LINK_INIT and UNLINK were not compatible with + C++, use LINK_INIT_TYPE and UNLINK_TYPE instead. + --- 8.3.2-T1B released --- (Tue May 7 18:49:58 PDT 2002) 1263. [bug] gethostans() could get out of sync parsing the diff --git a/contrib/bind/README b/contrib/bind/README index 344a3ef..a8a52ec 100644 --- a/contrib/bind/README +++ b/contrib/bind/README @@ -10,6 +10,11 @@ artifacts including BIND, INN, and DHCP. Note that BIND 8 is in "end-of-life", having been replaced by BIND 9. See http://www.isc.org/ for more details. +BIND 8.3.3 Highlights + Security Fix libbind. All applications linked against libbind + need to relinked. + 'rndc restart' now preserves named's arguements + BIND 8.3.2 Highlights dig, nslookup, host and nsupdate have improved IPv6 support. diff --git a/contrib/bind/Version b/contrib/bind/Version index 96227ce..e99a6ad 100644 --- a/contrib/bind/Version +++ b/contrib/bind/Version @@ -1 +1 @@ -8.3.2-T1B +8.3.3-REL diff --git a/contrib/bind/bin/addr/addr.c b/contrib/bind/bin/addr/addr.c index a693391..ae48ea5 100644 --- a/contrib/bind/bin/addr/addr.c +++ b/contrib/bind/bin/addr/addr.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: addr.c,v 8.8 1999/10/13 16:38:55 vixie Exp $"; +static const char rcsid[] = "$Id: addr.c,v 8.9 2002/05/21 02:26:21 marka Exp $"; #endif /* not lint */ /* @@ -47,11 +47,7 @@ usage() { /* Warning: this scribbles on `dst' even if it's going to return `0'. */ static int -hexstring(src, dst, len) - const char *src; - u_char *dst; - int len; -{ +hexstring(const char *src, u_char *dst, int len) { static const char xdigits[] = "0123456789abcdef"; u_char *ptr = dst, *end = dst + len; u_int val; @@ -100,12 +96,7 @@ hexstring(src, dst, len) } static void -display(input, af, addr, len) - const char *input; - int af; - const u_char *addr; - int len; -{ +display(const char *input, int af, const u_char *addr, int len) { static int before = 0; char p[sizeof "xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:255.255.255.255"]; int i; diff --git a/contrib/bind/bin/dig/dig.c b/contrib/bind/bin/dig/dig.c index 2054258..5bb6e7a 100644 --- a/contrib/bind/bin/dig/dig.c +++ b/contrib/bind/bin/dig/dig.c @@ -1,5 +1,5 @@ #ifndef lint -static const char rcsid[] = "$Id: dig.c,v 8.54 2002/04/24 00:38:08 marka Exp $"; +static const char rcsid[] = "$Id: dig.c,v 8.57 2002/06/18 02:26:49 marka Exp $"; #endif /* @@ -245,6 +245,7 @@ static int print_axfr(FILE *output, const u_char *msg, static struct timeval difftv(struct timeval, struct timeval); static void prnttime(struct timeval); static void stackarg(char *, char **); +static void reverse6(char *, struct in6_addr *); /* Public. */ @@ -289,6 +290,8 @@ main(int argc, char **argv) { int wait=0, delay; int envset=0, envsave=0; struct __res_state res_x, res_t; + int r; + struct in6_addr in6; ns_tsig_key key; char *keyfile = NULL, *keyname = NULL; @@ -494,6 +497,11 @@ main(int argc, char **argv) { printf("; no arg for -x?\n"); break; } + r = inet_pton(AF_INET6, addrc, &in6); + if (r > 0) { + reverse6(domain, &in6); + break; + } addrend = addrc + strlen(addrc); if (*addrend == '.') *addrend = '\0'; @@ -813,7 +821,7 @@ main(int argc, char **argv) { buf, sizeof(buf)); break; case AF_INET6: - inet_ntop(AF_INET, + inet_ntop(AF_INET6, &u[0].sin6.sin6_addr, buf, sizeof(buf)); break; @@ -1030,7 +1038,7 @@ where: server,\n\ fputs("\ notes: defname and search don't work; use fully-qualified names.\n\ this is DiG version " VSTRING "\n\ - $Id: dig.c,v 8.54 2002/04/24 00:38:08 marka Exp $\n\ + $Id: dig.c,v 8.57 2002/06/18 02:26:49 marka Exp $\n\ ", stderr); } @@ -1775,3 +1783,24 @@ stackarg(char *l, char **y) { } } } + +static void +reverse6(char *domain, struct in6_addr *in6) { + sprintf(domain, "%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.ip6.arpa", + in6->s6_addr[15] & 0x0f, (in6->s6_addr[15] >> 4) & 0x0f, + in6->s6_addr[14] & 0x0f, (in6->s6_addr[14] >> 4) & 0x0f, + in6->s6_addr[13] & 0x0f, (in6->s6_addr[13] >> 4) & 0x0f, + in6->s6_addr[12] & 0x0f, (in6->s6_addr[12] >> 4) & 0x0f, + in6->s6_addr[11] & 0x0f, (in6->s6_addr[11] >> 4) & 0x0f, + in6->s6_addr[10] & 0x0f, (in6->s6_addr[10] >> 4) & 0x0f, + in6->s6_addr[9] & 0x0f, (in6->s6_addr[9] >> 4) & 0x0f, + in6->s6_addr[8] & 0x0f, (in6->s6_addr[8] >> 4) & 0x0f, + in6->s6_addr[7] & 0x0f, (in6->s6_addr[7] >> 4) & 0x0f, + in6->s6_addr[6] & 0x0f, (in6->s6_addr[6] >> 4) & 0x0f, + in6->s6_addr[5] & 0x0f, (in6->s6_addr[5] >> 4) & 0x0f, + in6->s6_addr[4] & 0x0f, (in6->s6_addr[4] >> 4) & 0x0f, + in6->s6_addr[6] & 0x0f, (in6->s6_addr[3] >> 4) & 0x0f, + in6->s6_addr[2] & 0x0f, (in6->s6_addr[2] >> 4) & 0x0f, + in6->s6_addr[1] & 0x0f, (in6->s6_addr[1] >> 4) & 0x0f, + in6->s6_addr[0] & 0x0f, (in6->s6_addr[0] >> 4) & 0x0f); +} diff --git a/contrib/bind/bin/host/host.c b/contrib/bind/bin/host/host.c index 84b3621..5bac200 100644 --- a/contrib/bind/bin/host/host.c +++ b/contrib/bind/bin/host/host.c @@ -1,5 +1,5 @@ #ifndef lint -static const char rcsid[] = "$Id: host.c,v 8.52 2002/04/28 01:34:52 marka Exp $"; +static const char rcsid[] = "$Id: host.c,v 8.53 2002/06/18 02:34:02 marka Exp $"; #endif /* not lint */ /* @@ -675,7 +675,7 @@ gethostinfo(char *name) { static int getdomaininfo(const char *name, const char *domain) { - int val1, val2; + int val1, val2, val3; if (querytype) return (getinfo(name, domain, gettype=querytype)); @@ -683,8 +683,9 @@ getdomaininfo(const char *name, const char *domain) { val1 = getinfo(name, domain, gettype=ns_t_a); if (cname || verbose) return (val1); - val2 = getinfo(name, domain, gettype=ns_t_mx); - return (val1 || val2); + val2 = getinfo(name, domain, gettype=ns_t_aaaa); + val3 = getinfo(name, domain, gettype=ns_t_mx); + return (val1 || val2 || val3); } } @@ -1582,6 +1583,7 @@ static const char * pr_type(int type) { if (!verbose) switch (type) { case ns_t_a: + case ns_t_aaaa: return ("has address"); case ns_t_cname: return ("is a nickname for"); diff --git a/contrib/bind/bin/named/db_defs.h b/contrib/bind/bin/named/db_defs.h index 72aa19f..68869f0 100644 --- a/contrib/bind/bin/named/db_defs.h +++ b/contrib/bind/bin/named/db_defs.h @@ -1,6 +1,6 @@ /* * from db.h 4.16 (Berkeley) 6/1/90 - * $Id: db_defs.h,v 8.46 2001/11/17 15:16:46 marka Exp $ + * $Id: db_defs.h,v 8.47 2002/05/18 01:02:53 marka Exp $ */ /* @@ -147,7 +147,7 @@ struct databuf { u_int16_t d_nstime; /* NS response time, milliseconds */ u_char d_data[sizeof(void*)]; /* dynamic (padded) */ }; -#define DATASIZE(n) (sizeof(struct databuf) - sizeof(void*) + n) +#define BIND_DATASIZE(n) (sizeof(struct databuf) - sizeof(void*) + n) #ifdef HITCOUNTS extern u_int32_t db_total_hits; diff --git a/contrib/bind/bin/named/db_glue.c b/contrib/bind/bin/named/db_glue.c index e984db1..2e966f5 100644 --- a/contrib/bind/bin/named/db_glue.c +++ b/contrib/bind/bin/named/db_glue.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static const char sccsid[] = "@(#)db_glue.c 4.4 (Berkeley) 6/1/90"; -static const char rcsid[] = "$Id: db_glue.c,v 8.46 2001/11/25 23:52:19 marka Exp $"; +static const char rcsid[] = "$Id: db_glue.c,v 8.47 2002/05/18 01:02:54 marka Exp $"; #endif /* not lint */ /* @@ -441,7 +441,7 @@ nhash(const char *name) { static void db_freedata(struct databuf *dp) { - int bytes = DATASIZE(dp->d_size); + int bytes = BIND_DATASIZE(dp->d_size); if (dp->d_rcnt != 0) panic("db_freedata: d_rcnt != 0", NULL); diff --git a/contrib/bind/bin/named/db_save.c b/contrib/bind/bin/named/db_save.c index 2153e04..a8f4d2a 100644 --- a/contrib/bind/bin/named/db_save.c +++ b/contrib/bind/bin/named/db_save.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static const char sccsid[] = "@(#)db_save.c 4.16 (Berkeley) 3/21/91"; -static const char rcsid[] = "$Id: db_save.c,v 8.29 2001/04/25 13:53:09 marka Exp $"; +static const char rcsid[] = "$Id: db_save.c,v 8.30 2002/05/18 01:02:56 marka Exp $"; #endif /* not lint */ /* @@ -137,7 +137,7 @@ savedata(class, type, ttl, data, size) int size; { struct databuf *dp; - int bytes = DATASIZE(size); + int bytes = BIND_DATASIZE(size); dp = (struct databuf *)memget(bytes); if (dp == NULL) diff --git a/contrib/bind/bin/named/db_tsig.c b/contrib/bind/bin/named/db_tsig.c index 5f7b670..9bdba0e 100644 --- a/contrib/bind/bin/named/db_tsig.c +++ b/contrib/bind/bin/named/db_tsig.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: db_tsig.c,v 8.7 2001/06/18 14:42:59 marka Exp $"; +static const char rcsid[] = "$Id: db_tsig.c,v 8.8 2002/05/21 02:34:32 marka Exp $"; #endif /* not lint */ /* @@ -129,7 +129,7 @@ tsig_alg_value(char *name) { DST_KEY * tsig_key_from_addr(struct in_addr addr) { - server_info si = si = find_server(addr); + server_info si = find_server(addr); if (si == NULL || si->key_list == NULL || si->key_list->first == NULL) return(NULL); return(si->key_list->first->key); diff --git a/contrib/bind/bin/named/named.conf b/contrib/bind/bin/named/named.conf index d0d2996..7d81695 100644 --- a/contrib/bind/bin/named/named.conf +++ b/contrib/bind/bin/named/named.conf @@ -267,6 +267,8 @@ zone "non-default-acl.demo.zone" { acl key_acl { key sample_key; }; // a request signed with sample_key server 1.2.3.4 { + edns no; // if no, we won't send ends queries + // to this server bogus no; // if yes, we won't query or listen // to this server transfer-format one-answer; // set transfer format for this diff --git a/contrib/bind/bin/named/ns_config.c b/contrib/bind/bin/named/ns_config.c index 1680d91..ad4de85 100644 --- a/contrib/bind/bin/named/ns_config.c +++ b/contrib/bind/bin/named/ns_config.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_config.c,v 8.134 2002/04/25 05:27:04 marka Exp $"; +static const char rcsid[] = "$Id: ns_config.c,v 8.135 2002/05/24 03:04:59 marka Exp $"; #endif /* not lint */ /* @@ -2549,6 +2549,7 @@ new_server(struct in_addr address) { si->flags |= SERVER_INFO_SUPPORT_IXFR; else si->flags &= ~SERVER_INFO_SUPPORT_IXFR; + si->flags |= SERVER_INFO_EDNS; return (si); } @@ -2649,6 +2650,7 @@ set_server_option(server_config sc, int bool_opt, int value) { switch (bool_opt) { case SERVER_INFO_BOGUS: case SERVER_INFO_SUPPORT_IXFR: + case SERVER_INFO_EDNS: if (value) si->flags |= bool_opt; else diff --git a/contrib/bind/bin/named/ns_ctl.c b/contrib/bind/bin/named/ns_ctl.c index ee77634..c8fc907 100644 --- a/contrib/bind/bin/named/ns_ctl.c +++ b/contrib/bind/bin/named/ns_ctl.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_ctl.c,v 8.46 2001/12/19 11:53:48 marka Exp $"; +static const char rcsid[] = "$Id: ns_ctl.c,v 8.47 2002/06/24 07:11:07 marka Exp $"; #endif /* not lint */ /* @@ -112,6 +112,8 @@ static void verb_stop(struct ctl_sctx *, struct ctl_sess *, static void verb_exec(struct ctl_sctx *, struct ctl_sess *, const struct ctl_verb *, const char *, u_int, const void *, void *); +static void exec_closure(struct ctl_sctx *, struct ctl_sess *, + void *); static void verb_reload(struct ctl_sctx *, struct ctl_sess *, const struct ctl_verb *, const char *, u_int, const void *, void *); @@ -141,6 +143,9 @@ static void verb_help(struct ctl_sctx *, struct ctl_sess *, static void verb_quit(struct ctl_sctx *, struct ctl_sess *, const struct ctl_verb *, const char *, u_int, const void *, void *); +static void verb_args(struct ctl_sctx *, struct ctl_sess *, + const struct ctl_verb *, + const char *, u_int, const void *, void *); /* Private data. */ @@ -162,6 +167,7 @@ static struct ctl_verb verbs[] = { { "qrylog", verb_querylog, "qrylog"}, { "help", verb_help, "help"}, { "quit", verb_quit, "quit"}, + { "args", verb_args, "args"}, { NULL, NULL, NULL} }; @@ -794,14 +800,26 @@ verb_exec(struct ctl_sctx *ctl, struct ctl_sess *sess, saved_argv[0], save); ctl_response(sess, 502, save, 0, NULL, NULL, NULL, NULL, 0); + } else if (user_name != NULL || group_name != NULL) { + ctl_response(sess, 502, + "can't exec as user or group was specified", + 0, NULL, NULL, NULL, NULL, 0); } else { - ns_need(main_need_restart); ctl_response(sess, 250, "Restart initiated.", 0, NULL, - NULL, NULL, NULL, 0); + exec_closure, NULL, NULL, 0); } } static void +exec_closure(struct ctl_sctx *sctx, struct ctl_sess *sess, void *uap) { + + UNUSED(sctx); + UNUSED(sess); + UNUSED(uap); + ns_need(main_need_restart); +} + +static void verb_reload(struct ctl_sctx *ctl, struct ctl_sess *sess, const struct ctl_verb *verb, const char *rest, u_int respflags, const void *respctx, void *uctx) @@ -1049,3 +1067,81 @@ verb_quit(struct ctl_sctx *ctl, struct ctl_sess *sess, ctl_response(sess, 221, "End of control session.", CTL_EXIT, NULL, NULL, NULL, NULL, 0); } + +static char hex[] = "0123456789abcdef"; + +struct pvt_args { + int argc; + char text[MAX_STR_LEN]; +}; + +static void +args_closure(struct ctl_sctx *sctx, struct ctl_sess *sess, void *uap) { + struct pvt_args *pvt = ctl_getcsctx(sess); + + UNUSED(sctx); + UNUSED(uap); + + memput(pvt, sizeof *pvt); + ctl_setcsctx(sess, NULL); +} + +static void +verb_args(struct ctl_sctx *ctl, struct ctl_sess *sess, + const struct ctl_verb *verb, const char *rest, + u_int respflags, const void *respctx, void *uctx) +{ + struct pvt_args *pvt = ctl_getcsctx(sess); + char *cp, *tp; + + UNUSED(ctl); + UNUSED(verb); + UNUSED(rest); + UNUSED(respflags); + UNUSED(respctx); + UNUSED(uctx); + + if (pvt == NULL) { + unsigned int i = 0; + pvt = memget(sizeof *pvt); + if (pvt == NULL) { + ctl_response(sess, 505, "(out of memory)", + 0, NULL, NULL, NULL, NULL, 0); + return; + } + pvt->argc = 0; + ctl_setcsctx(sess, pvt); + + /* Send the arguement count. */ + while (saved_argv[i] != NULL) + i++; + sprintf(pvt->text, "%u", i); + ctl_response(sess, 250, pvt->text, CTL_MORE, + NULL, args_closure, NULL, NULL, 0); + return; + } + + /* + * Percent escape arguement. + */ + cp = saved_argv[pvt->argc++]; + tp = pvt->text; + while (cp && *cp != NULL) + if (*cp == '%' || *cp == ' ' || + !isprint((unsigned char)*cp)) { + if (tp >= pvt->text + sizeof(pvt->text) - 4) + break; + *tp++ = '%'; + *tp++ = hex[(*cp>>4)&0xf]; + *tp++ = hex[(*cp++)&0xf]; + } else { + if (tp >= pvt->text + sizeof(pvt->text) - 2) + break; + *tp++ = *cp++; + } + *tp = '\0'; + + ctl_response(sess, 250, pvt->text, + saved_argv[pvt->argc] == NULL ? 0 : CTL_MORE, + NULL, args_closure, NULL, NULL, 0); +} diff --git a/contrib/bind/bin/named/ns_defs.h b/contrib/bind/bin/named/ns_defs.h index 3474550..f8bb976 100644 --- a/contrib/bind/bin/named/ns_defs.h +++ b/contrib/bind/bin/named/ns_defs.h @@ -1,6 +1,6 @@ /* * from ns.h 4.33 (Berkeley) 8/23/90 - * $Id: ns_defs.h,v 8.118 2002/04/25 05:27:06 marka Exp $ + * $Id: ns_defs.h,v 8.121 2002/06/26 03:27:19 marka Exp $ */ /* @@ -172,9 +172,8 @@ typedef enum need { main_need_restart, /* exec() needed. */ main_need_reap, /* need to reap dead children. */ main_need_noexpired, /* ns_reconfig() needed w/ noexpired set. */ - main_need_num, /* number of needs, used for array bound. */ - main_need_tick, /* tick every second to poll for cleanup (NT) */ - main_need_tryxfer /* attemt to start a zone transfer. */ + main_need_tryxfer, /* attemt to start a zone transfer. */ + main_need_num /* MUST BE LAST. */ } main_need; /* What global options are set? */ @@ -438,6 +437,7 @@ enum zonetype { z_nil, z_master, z_slave, z_hint, z_stub, z_forward, #define XFER_SUCCESSAXFR 4 /* named-xfr recived a xfr */ #define XFER_SUCCESSIXFR 5 /* named-xfr recived a ixfr */ #define XFER_SUCCESSAXFRIXFRFILE 6 /* named-xfr received AXFR for IXFR */ +#define XFER_REFUSED 7 /* one master returned REFUSED */ #define XFER_ISAXFR -1 /* the last XFR is AXFR */ #define XFER_ISIXFR -2 /* the last XFR is IXFR */ #define XFER_ISAXFRIXFR -3 /* the last XFR is AXFR but we must create IXFR base */ @@ -835,6 +835,7 @@ typedef struct server_config { #define SERVER_INFO_BOGUS 0x01 #define SERVER_INFO_SUPPORT_IXFR 0x02 +#define SERVER_INFO_EDNS 0x04 typedef struct server_info { struct in_addr address; diff --git a/contrib/bind/bin/named/ns_forw.c b/contrib/bind/bin/named/ns_forw.c index 494a96a..746257b 100644 --- a/contrib/bind/bin/named/ns_forw.c +++ b/contrib/bind/bin/named/ns_forw.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static const char sccsid[] = "@(#)ns_forw.c 4.32 (Berkeley) 3/3/91"; -static const char rcsid[] = "$Id: ns_forw.c,v 8.90 2002/02/22 05:12:35 marka Exp $"; +static const char rcsid[] = "$Id: ns_forw.c,v 8.91 2002/05/24 03:04:57 marka Exp $"; #endif /* not lint */ /* @@ -612,6 +612,11 @@ nslookup(struct databuf *nsp[], struct qinfo *qp, qs->nsdata = dp; qs->forwarder = 0; qs->noedns = dp->d_noedns; + if (!qs->noedns) { + server_info si = find_server(nsa); + if (si && (si->flags & SERVER_INFO_EDNS) == 0) + qs->noedns = 1; + } qs->nretry = 0; /* * If this A RR has no RTT, initialize its RTT to a @@ -1285,6 +1290,11 @@ nsfwdadd(struct qinfo *qp, struct fwdinfo *fwd) { qs->nsdata = fwd->fwddata->nsdata; qs->forwarder = 1; qs->noedns = fwd->fwddata->nsdata->d_noedns; + if (!qs->noedns) { + server_info si = find_server(qs->ns_addr.sin_addr); + if (si && (si->flags & SERVER_INFO_EDNS) == 0) + qs->noedns = 1; + } qs->nretry = 0; n++; nextfwd: diff --git a/contrib/bind/bin/named/ns_glob.h b/contrib/bind/bin/named/ns_glob.h index 7f382d5..8f052f5 100644 --- a/contrib/bind/bin/named/ns_glob.h +++ b/contrib/bind/bin/named/ns_glob.h @@ -1,6 +1,6 @@ /* * from ns.h 4.33 (Berkeley) 8/23/90 - * $Id: ns_glob.h,v 8.57 2001/11/12 21:22:26 marka Exp $ + * $Id: ns_glob.h,v 8.58 2002/06/05 04:53:50 marka Exp $ */ /* @@ -336,6 +336,7 @@ DECL char * user_name INIT(NULL); DECL gid_t group_id; DECL char * group_name INIT(NULL); DECL char * chroot_dir INIT(NULL); +DECL char * working_dir INIT(NULL); DECL int loading INIT(0); diff --git a/contrib/bind/bin/named/ns_ixfr.c b/contrib/bind/bin/named/ns_ixfr.c index f14019e..0492bc0 100644 --- a/contrib/bind/bin/named/ns_ixfr.c +++ b/contrib/bind/bin/named/ns_ixfr.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_ixfr.c,v 8.31 2002/01/02 05:15:20 marka Exp $"; +static const char rcsid[] = "$Id: ns_ixfr.c,v 8.32 2002/05/18 01:02:57 marka Exp $"; #endif /* not lint */ /* @@ -201,10 +201,10 @@ sx_send_ixfr(struct qstream *qsp) { ns_panic(ns_log_update, 1, "sx_send_ixfr: unable to locate soa"); } - old_soadp = memget(DATASIZE(soa_dp->d_size)); + old_soadp = memget(BIND_DATASIZE(soa_dp->d_size)); if (old_soadp == NULL) ns_panic(ns_log_update, 1, "sx_send_ixfr: out of memory"); - memcpy(old_soadp, soa_dp, DATASIZE(soa_dp->d_size)); + memcpy(old_soadp, soa_dp, BIND_DATASIZE(soa_dp->d_size)); again: switch (qsp->xfr.state) { @@ -383,7 +383,7 @@ sx_send_ixfr(struct qstream *qsp) { qsp->xfr.top.ixfr = NULL; } cleanup: - memput(old_soadp, DATASIZE(old_soadp->d_size)); + memput(old_soadp, BIND_DATASIZE(old_soadp->d_size)); } diff --git a/contrib/bind/bin/named/ns_lexer.c b/contrib/bind/bin/named/ns_lexer.c index b10219a..b827162 100644 --- a/contrib/bind/bin/named/ns_lexer.c +++ b/contrib/bind/bin/named/ns_lexer.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_lexer.c,v 8.30 2002/04/25 05:27:08 marka Exp $"; +static const char rcsid[] = "$Id: ns_lexer.c,v 8.31 2002/05/24 03:05:03 marka Exp $"; #endif /* not lint */ /* @@ -251,6 +251,7 @@ static struct keyword keywords[] = { {"directory", T_DIRECTORY}, {"dump-file", T_DUMP_FILE}, {"dynamic", T_DYNAMIC}, + {"edns", T_EDNS}, {"explicit", T_EXPLICIT}, {"fail", T_FAIL}, {"fake-iquery", T_FAKE_IQUERY}, diff --git a/contrib/bind/bin/named/ns_main.c b/contrib/bind/bin/named/ns_main.c index d839387..f12f285 100644 --- a/contrib/bind/bin/named/ns_main.c +++ b/contrib/bind/bin/named/ns_main.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static const char sccsid[] = "@(#)ns_main.c 4.55 (Berkeley) 7/1/91"; -static const char rcsid[] = "$Id: ns_main.c,v 8.157 2002/04/13 23:26:16 marka Exp $"; +static const char rcsid[] = "$Id: ns_main.c,v 8.160 2002/06/24 07:06:55 marka Exp $"; #endif /* not lint */ /* @@ -99,8 +99,10 @@ char copyright[] = #ifdef SVR4 /* XXX */ # include <sys/sockio.h> #else +#ifndef __hpux # include <sys/mbuf.h> #endif +#endif #include <netinet/in.h> #include <net/route.h> @@ -174,7 +176,7 @@ static u_int16_t nsid_c1, nsid_c2, nsid_c3; static u_int16_t nsid_state2; static int nsid_algorithm; -static int needs = 0, needs_exit = 0; +static int needs = 0, needs_exit = 0, needs_restart = 0; static handler handlers[main_need_num]; static void savedg_waitfunc(evContext, void*, const void*); static void need_waitfunc(evContext, void *, const void *); @@ -309,14 +311,7 @@ main(int argc, char *argv[]) { break; case 'w': - if (chdir(optarg) < 0) { - syslog(LOG_CRIT, bad_directory, optarg, - strerror(errno)); - fprintf(stderr, bad_directory, optarg, - strerror(errno)); - fputc('\n', stderr); - exit(1); - } + working_dir = savestr(optarg, 1); break; #ifdef QRYLOG case 'q': @@ -434,6 +429,19 @@ main(int argc, char *argv[]) { chroot_dir = freestr(chroot_dir); #endif } + /* + * Set working directory. + */ + if (working_dir != NULL) { + if (chdir(working_dir) < 0) { + syslog(LOG_CRIT, bad_directory, working_dir, + strerror(errno)); + fprintf(stderr, bad_directory, working_dir, + strerror(errno)); + fputc('\n', stderr); + exit(1); + } + } /* Establish global event context. */ evCreate(&ev); @@ -550,7 +558,10 @@ main(int argc, char *argv[]) { else INSIST_ERR(errno == EINTR); } - ns_info(ns_log_default, "named shutting down"); + if (needs_restart) + ns_info(ns_log_default, "named restarting"); + else + ns_info(ns_log_default, "named shutting down"); #ifdef BIND_UPDATE dynamic_about_to_exit(); #endif @@ -563,8 +574,11 @@ main(int argc, char *argv[]) { else shutdown_configuration(); - /* Cleanup for system-dependent stuff */ - custom_shutdown(); + if (needs_restart) + execvp(saved_argv[0], saved_argv); + else + /* Cleanup for system-dependent stuff */ + custom_shutdown(); return (0); } @@ -2746,6 +2760,9 @@ deallocate_everything(void) { if (chroot_dir != NULL) freestr(chroot_dir); chroot_dir = NULL; + if (working_dir != NULL) + freestr(working_dir); + working_dir = NULL; if (nsid_pool != NULL) memput(nsid_pool, 0x10000 * (sizeof(u_int16_t))); nsid_pool = NULL; @@ -2764,19 +2781,8 @@ deallocate_everything(void) { static void ns_restart(void) { - ns_info(ns_log_default, "named restarting"); -#ifdef BIND_UPDATE - dynamic_about_to_exit(); -#endif - if (server_options && server_options->pid_filename) - (void)unlink(server_options->pid_filename); - ns_logstats(ev, NULL, evNowTime(), evConsTime(0, 0)); - if (NS_OPTION_P(OPTION_DEALLOC_ON_EXIT)) - deallocate_everything(); - else - shutdown_configuration(); - execvp(saved_argv[0], saved_argv); - abort(); + needs_restart = 1; + needs_exit = 1; } static void diff --git a/contrib/bind/bin/named/ns_maint.c b/contrib/bind/bin/named/ns_maint.c index 82df685..be4b6f9 100644 --- a/contrib/bind/bin/named/ns_maint.c +++ b/contrib/bind/bin/named/ns_maint.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static const char sccsid[] = "@(#)ns_maint.c 4.39 (Berkeley) 3/2/91"; -static const char rcsid[] = "$Id: ns_maint.c,v 8.135 2002/04/25 05:27:10 marka Exp $"; +static const char rcsid[] = "$Id: ns_maint.c,v 8.136 2002/06/26 03:27:20 marka Exp $"; #endif /* not lint */ /* @@ -1681,6 +1681,17 @@ endxfer() { sched_zone_maint(zp); break; + case XFER_REFUSED: + if (!(zp->z_flags & Z_SYSLOGGED)) { + zp->z_flags |= Z_SYSLOGGED; + ns_error(ns_log_xfer_in, + "zoneref: Masters for slave zone \"%s\" REFUSED transfer", + zp->z_origin); + } + ns_retrytime(zp, tt.tv_sec); + sched_zone_maint(zp); + break; + default: if (!(zp->z_flags & Z_SYSLOGGED)) { zp->z_flags |= Z_SYSLOGGED; diff --git a/contrib/bind/bin/named/ns_parser.y b/contrib/bind/bin/named/ns_parser.y index 8e62962..79f34b1 100644 --- a/contrib/bind/bin/named/ns_parser.y +++ b/contrib/bind/bin/named/ns_parser.y @@ -1,6 +1,6 @@ %{ #if !defined(lint) && !defined(SABER) -static char rcsid[] = "$Id: ns_parser.y,v 8.79 2002/04/25 05:27:13 marka Exp $"; +static char rcsid[] = "$Id: ns_parser.y,v 8.80 2002/05/24 03:05:01 marka Exp $"; #endif /* not lint */ /* @@ -191,6 +191,7 @@ int yyparse(); %token T_TRANSFERS %token T_KEYS %token T_SUPPORT_IXFR +%token T_EDNS /* Items used for "zone" statements: */ %token T_ZONE @@ -1268,6 +1269,10 @@ server_info: T_BOGUS yea_or_nay set_server_transfer_format(current_server, $2); } | T_KEYS '{' key_list '}' + | T_EDNS yea_or_nay + { + set_server_option(current_server, SERVER_INFO_EDNS, $2); + } | error ; diff --git a/contrib/bind/bin/named/ns_req.c b/contrib/bind/bin/named/ns_req.c index 1a1d756..6aca04a 100644 --- a/contrib/bind/bin/named/ns_req.c +++ b/contrib/bind/bin/named/ns_req.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static const char sccsid[] = "@(#)ns_req.c 4.47 (Berkeley) 7/1/91"; -static const char rcsid[] = "$Id: ns_req.c,v 8.168 2002/04/30 03:43:52 marka Exp $"; +static const char rcsid[] = "$Id: ns_req.c,v 8.169 2002/05/12 23:41:52 marka Exp $"; #endif /* not lint */ /* @@ -560,6 +560,8 @@ ns_req(u_char *msg, int msglen, int buflen, struct qstream *qsp, hp->arcount = htons(0); cp = msg + HFIXEDSZ; cp += ns_skiprr(cp, msg + msglen, ns_s_qd, ntohs(hp->qdcount)); + ns_name_rollback(cp, (const u_char **)dnptrs, + (const u_char **)dnptrs_end); if (opt > 0) { n = ns_add_opt(msg, cp, buflen_orig, 0, rcode, EDNS_MESSAGE_SZ, 0, NULL, 0); diff --git a/contrib/bind/bin/named/ns_resp.c b/contrib/bind/bin/named/ns_resp.c index 5be0038..91a3869 100644 --- a/contrib/bind/bin/named/ns_resp.c +++ b/contrib/bind/bin/named/ns_resp.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static const char sccsid[] = "@(#)ns_resp.c 4.65 (Berkeley) 3/3/91"; -static const char rcsid[] = "$Id: ns_resp.c,v 8.176 2002/04/17 07:10:10 marka Exp $"; +static const char rcsid[] = "$Id: ns_resp.c,v 8.178 2002/06/27 03:09:19 marka Exp $"; #endif /* not lint */ /* @@ -288,7 +288,6 @@ ns_resp(u_char *msg, int msglen, struct sockaddr_in from, struct qstream *qsp) struct namebuf *np; struct fwdinfo *fwd; struct databuf *dp; - int forcecmsg = 0; char *tname = NULL; int sendto_errno = 0; int has_tsig, oldqlen = 0; @@ -298,6 +297,7 @@ ns_resp(u_char *msg, int msglen, struct sockaddr_in from, struct qstream *qsp) u_char sig[TSIG_SIG_SIZE]; time_t tsig_time; DST_KEY *key; + int expect_cname; nameserIncr(from.sin_addr, nssRcvdR); nsp[0] = NULL; @@ -924,6 +924,7 @@ tcp_retry: } else flushset = NULL; + expect_cname = 1; for (i = 0; i < count; i++) { struct databuf *dp; int type; @@ -955,6 +956,19 @@ tcp_retry: type = dp->d_type; if (i < ancount) { /* Answer section. */ + /* + * Check for attempts to overflow the buffer in + * getnameanswer. + */ + if (type == ns_t_cname && !expect_cname) { + ns_warning(ns_log_security, + "late CNAME in answer section for %s %s from %s", + *qname ? qname : ".", p_type(qtype), + sin_ntoa(from)); + + } else if (type != ns_t_cname && type != ns_t_dname && + type != ns_t_sig) + expect_cname = 0; if (externalcname || ns_samename(name, aname) != 1) { if (!externalcname) ns_info(ns_log_resp_checks, @@ -1220,12 +1234,11 @@ tcp_retry: cache_n_resp(msg, msglen, from, qp->q_name, qp->q_class, qp->q_type); - if (!qp->q_cmsglen) { + if (!qp->q_cmsglen && validanswer) { ns_debug(ns_log_default, 3, "resp: leaving NO: auth = %d", hp->aa); goto return_msg; } - forcecmsg = 1; } /* diff --git a/contrib/bind/bin/named/ns_signal.c b/contrib/bind/bin/named/ns_signal.c index 0820bfa..a8a957d 100644 --- a/contrib/bind/bin/named/ns_signal.c +++ b/contrib/bind/bin/named/ns_signal.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static const char sccsid[] = "@(#)ns_main.c 4.55 (Berkeley) 7/1/91"; -static const char rcsid[] = "$Id: ns_signal.c,v 8.14 2001/06/18 14:43:25 marka Exp $"; +static const char rcsid[] = "$Id: ns_signal.c,v 8.15 2002/05/18 01:39:15 marka Exp $"; #endif /* not lint */ /* @@ -87,8 +87,10 @@ static const char rcsid[] = "$Id: ns_signal.c,v 8.14 2001/06/18 14:43:25 marka E #ifdef SVR4 /* XXX */ # include <sys/sockio.h> #else +#ifndef __hpux # include <sys/mbuf.h> #endif +#endif #include <netinet/in.h> #include <net/route.h> diff --git a/contrib/bind/bin/named/ns_update.c b/contrib/bind/bin/named/ns_update.c index 774bd2c..b2b5b96 100644 --- a/contrib/bind/bin/named/ns_update.c +++ b/contrib/bind/bin/named/ns_update.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_update.c,v 8.103 2002/01/03 00:25:02 marka Exp $"; +static const char rcsid[] = "$Id: ns_update.c,v 8.104 2002/05/18 01:02:59 marka Exp $"; #endif /* not lint */ /* @@ -3010,9 +3010,9 @@ incr_serial(struct zoneinfo *zp) { return (-1); dp = findzonesoa(zp); if (dp) { - olddp = memget(DATASIZE(dp->d_size)); + olddp = memget(BIND_DATASIZE(dp->d_size)); if (olddp != NULL) { - memcpy(olddp, dp, DATASIZE(dp->d_size)); + memcpy(olddp, dp, BIND_DATASIZE(dp->d_size)); cp = findsoaserial(olddp->d_data); PUTLONG(old_serial, cp); fprintf(ifp, "update: {delete} %s. %u %s %s ", @@ -3021,7 +3021,7 @@ incr_serial(struct zoneinfo *zp) { p_type(dp->d_type)); (void) rdata_dump(olddp, ifp); fprintf(ifp, "\n"); - memput(olddp, DATASIZE(dp->d_size)); + memput(olddp, BIND_DATASIZE(dp->d_size)); } fprintf(ifp, "update: {add} %s. %u %s %s ", zp->z_origin, dp->d_ttl, diff --git a/contrib/bind/bin/named/ns_xfr.c b/contrib/bind/bin/named/ns_xfr.c index d7a8505..7b1c99b 100644 --- a/contrib/bind/bin/named/ns_xfr.c +++ b/contrib/bind/bin/named/ns_xfr.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_xfr.c,v 8.68 2002/04/11 05:19:06 marka Exp $"; +static const char rcsid[] = "$Id: ns_xfr.c,v 8.69 2002/06/05 03:53:49 marka Exp $"; #endif /* not lint */ /* @@ -82,15 +82,21 @@ ns_xfr(struct qstream *qsp, struct namebuf *znp, ns_deltalist *changes; switch (type) { - case ns_t_axfr: /*FALLTHROUGH*/ case ns_t_ixfr: + ns_info(ns_log_xfer_out, + "zone transfer (%s) of \"%s\" (%s) to %s serial %u -> %u", + p_type(type), zones[zone].z_origin, p_class(class), + sin_ntoa(qsp->s_from), serial_ixfr, + zones[zone].z_serial); + break; + case ns_t_axfr: /*FALLTHROUGH*/ #ifdef BIND_ZXFR case ns_t_zxfr: #endif ns_info(ns_log_xfer_out, - "zone transfer (%s) of \"%s\" (%s) to %s", + "zone transfer (%s) of \"%s\" (%s) to %s serial %u", p_type(type), zones[zone].z_origin, p_class(class), - sin_ntoa(qsp->s_from)); + sin_ntoa(qsp->s_from), zones[zone].z_serial); break; default: ns_warning(ns_log_xfer_out, diff --git a/contrib/bind/bin/ndc/ndc.c b/contrib/bind/bin/ndc/ndc.c index aa0e4a3..d077042 100644 --- a/contrib/bind/bin/ndc/ndc.c +++ b/contrib/bind/bin/ndc/ndc.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ndc.c,v 1.21 2001/12/19 23:16:23 marka Exp $"; +static const char rcsid[] = "$Id: ndc.c,v 1.22 2002/06/24 07:28:55 marka Exp $"; #endif /* not lint */ /* @@ -250,6 +250,179 @@ slashhelp(void) { "toggle silence (suppresses nonfatal errors)"); } +struct argv { + int argc; + char **argv; + int error; +}; + +static char hexdigits[] = "0123456789abcdef"; + +static void +getargs_closure(void *arg, const char *msg, int flags) { + struct argv *argv = arg; + int len; + int i; + const char *cp, *cp2; + char *tp, c; + + UNUSED(flags); + + if (argv->error) + return; + + if (argv->argc == -1) { + i = atoi(msg + 4); + if (i < 1) { + argv->error = 1; + return; + } + argv->argc = i; + argv->argv = calloc((i+1), sizeof(char*)); + return; + } + len = 0; + cp = msg + 4; + while (*cp != NULL) { + c = *cp; + if (c == '%') { + cp2 = strchr(hexdigits, cp[1]); + if (cp2 == NULL) { + argv->error = 1; + return; + } + c = (cp2-hexdigits) << 4; + cp2 = strchr(hexdigits, cp[2]); + if (cp2 == NULL) { + argv->error = 1; + return; + } + c += (cp2-hexdigits); + cp += 2; + } + if (!isalnum((unsigned)c)) { + switch (c) { + case '+': case '-': case '=': case '/': case '.': + break; + default: + len++; + } + } + len++; + cp++; + } + i = 0; + while (argv->argv[i] != NULL) + i++; + if (i >= argv->argc) { + argv->error = 1; + return; + } + argv->argv[i] = malloc(len + 1); + if (argv->argv[i] == NULL) { + argv->error = 1; + return; + } + cp = msg + 4; + tp = argv->argv[i]; + while (*cp != NULL) { + c = *cp; + if (c == '%') { + cp2 = strchr(hexdigits, cp[1]); + if (cp2 == NULL) { + argv->error = 1; + return; + } + c = (cp2-hexdigits) << 4; + cp2 = strchr(hexdigits, cp[2]); + if (cp2 == NULL) { + argv->error = 1; + return; + } + c += (cp2-hexdigits); + cp += 2; + } + if (!isalnum((unsigned)c)) { + switch (c) { + case '+': case '-': case '=': case '/': case '.': + break; + default: + *tp = '\\'; + } + } + *tp++ = c; + cp++; + } +} + +static int +get_args(char **restp) { + struct argv argv; + int len, i; + char *rest, *p; + int result = 1; + + argv.argc = -1; + argv.argv = NULL; + argv.error = 0; + + channel_loop("args", 1, getargs_closure, &argv); + if (argv.error) { + result = 0; + goto err; + } + len = 0; + for (i = 1 ; i < argv.argc && argv.argv[i] != NULL; i++) + len += strlen(argv.argv[i]) + 1; + rest = malloc(len); + if (rest == NULL) { + result = 0; + goto err; + } + p = rest; + for (i = 1 ; i < argv.argc && argv.argv[i] != NULL; i++) { + strcpy(p, argv.argv[i]); + p += strlen(argv.argv[i]); + *p++ = ' '; + } + if (p != rest) + p[-1] = '\0'; + *restp = rest; + + err: + if (argv.argv) { + for (i = 0 ; i < argv.argc && argv.argv[i] != NULL; i++) + free(argv.argv[i]); + free(argv.argv); + } + return (result); +} + +static void +exec_closure(void *arg, const char *msg, int flags) { + int *result = arg; + UNUSED(flags); + if (atoi(msg) == 250) + *result = 1; +} + +static int +try_exec(int local_quiet) { + int good = 0; + pid_t pid; + + channel_loop("exec", 1, exec_closure, &good); + + if (good) { + sleep(3); + if (!running(0, &pid)) + error("name server has not restarted (yet?)"); + else if (!local_quiet) + result("new pid is %ld", (long)pid); + } + return (good); +} + static int builtincmd(void) { static const char spaces[] = " \t"; @@ -257,14 +430,18 @@ builtincmd(void) { pid_t pid; int save_quiet = quiet; int len; + int freerest = 0; quiet = 1; len = strcspn(cmd, spaces); rest = cmd + len; - if (*rest != '\0') { - rest++; + if (*rest != '\0') rest += strspn(rest, spaces); + if (*rest == '\0' && !strncasecmp(cmd, "restart", len)) { + if (try_exec(save_quiet)) + return (1); + freerest = get_args(&rest); } syscmd = malloc(strlen(named_path) + sizeof " " + strlen(rest)); if (syscmd == NULL) @@ -274,6 +451,8 @@ builtincmd(void) { strcat(syscmd, " "); strcat(syscmd, rest); } + if (freerest) + free(rest); if (strncasecmp(cmd, "start", len) == 0) { if (running(debug, &pid)) error("name server already running? (pid %ld)", @@ -417,6 +596,7 @@ channel_loop(const char *cmdtext, int show, closure cl, void *ua) { a.cl = cl; a.ua = ua; logger_show = show; + trace("command '%s'", cmdtext); ctl = ctl_client(ev, client_addr, impute_addrlen(client_addr), (struct sockaddr *)&server, impute_addrlen((struct sockaddr *)&server), diff --git a/contrib/bind/bin/nslookup/Makefile b/contrib/bind/bin/nslookup/Makefile index 6680bc6..27073c1 100644 --- a/contrib/bind/bin/nslookup/Makefile +++ b/contrib/bind/bin/nslookup/Makefile @@ -13,7 +13,7 @@ ## ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS ## SOFTWARE. -# $Id: Makefile,v 8.27 2001/01/31 08:44:43 marka Exp $ +# $Id: Makefile,v 8.28 2002/05/21 00:44:59 marka Exp $ DESTDIR= CC= cc @@ -31,7 +31,8 @@ A=a O=o EXE= LEX = lex -I -SYSLIBS = -ll -lutil +SYSLIBS =-lutil +LIBL=-ll DESTBIN = /usr/local/bin DESTSBIN = /usr/local/sbin DESTEXEC = /usr/local/libexec @@ -56,7 +57,7 @@ all: ${PROG}${EXE} ${PROG}${EXE}: ${OBJS} ${LIBBIND} Makefile ${CC} ${CDEBUG} ${LDFLAGS} ${BOUNDS} -o ${PROG}${EXE} ${OBJS} \ - ${LIBBIND} ${SYSLIBS} + ${LIBBIND} ${LIBL} ${SYSLIBS} .c.${O}: ${CC} ${CPPFLAGS} ${CFLAGS} ${BOUNDS} -c $*.c diff --git a/contrib/bind/bin/nslookup/send.c b/contrib/bind/bin/nslookup/send.c index de60d21..738f66a 100644 --- a/contrib/bind/bin/nslookup/send.c +++ b/contrib/bind/bin/nslookup/send.c @@ -53,7 +53,7 @@ #ifndef lint static const char sccsid[] = "@(#)send.c 5.18 (Berkeley) 3/2/91"; -static const char rcsid[] = "$Id: send.c,v 8.13 2002/04/09 05:55:23 marka Exp $"; +static const char rcsid[] = "$Id: send.c,v 8.14 2002/05/10 04:35:09 marka Exp $"; #endif /* not lint */ /* @@ -291,7 +291,7 @@ SendRequest(union res_sockaddr_union *nsAddrPtr, const u_char *buf, } #else /* BSD */ if (sendto(s, (const char *)buf, buflen, 0, - (struct sockaddr *) &nsAddrPtr, + (struct sockaddr *) nsAddrPtr, clen) != buflen) { if (res.options & RES_DEBUG) perror("sendto"); diff --git a/contrib/bind/doc/html/server.html b/contrib/bind/doc/html/server.html index b7fea33..5dea794 100644 --- a/contrib/bind/doc/html/server.html +++ b/contrib/bind/doc/html/server.html @@ -13,6 +13,7 @@ <PRE> server <VAR><A HREF="docdef.html">ip_addr</A></VAR> { + [ edns <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ] [ bogus <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ] [ support-ixfr <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ] [ transfers <VAR><A HREF="docdef.html">number</A></VAR>; ] @@ -28,6 +29,10 @@ server <VAR><A HREF="docdef.html">ip_addr</A></VAR> { <P>The server statement defines the characteristics to be associated with a remote name server.</P> +<P>If you discover that a server does not support EDNS you can prevent +named making EDNS queries to it by specifying <CODE>edns no;</CODE>. +The default value of <CODE>edns</CODE> is <CODE>yes</CODE>. + <P>If you discover that a server is giving out bad data, marking it as <CODE>bogus</CODE> will prevent further queries to it. The default value of <CODE>bogus</CODE> is <CODE>no</CODE>. Marking a server as <CODE>bogus</CODE> @@ -69,7 +74,7 @@ required to be signed by this key. <HR> <ADDRESS> -Last Updated: $Id: server.html,v 1.12 2001/08/10 05:12:29 marka Exp $ +Last Updated: $Id: server.html,v 1.13 2002/05/24 03:04:51 marka Exp $ </ADDRESS> </BODY> </HTML> diff --git a/contrib/bind/doc/man/dnsquery.1 b/contrib/bind/doc/man/dnsquery.1 index bc0307f..b6588c6 100644 --- a/contrib/bind/doc/man/dnsquery.1 +++ b/contrib/bind/doc/man/dnsquery.1 @@ -1,4 +1,4 @@ -.\" $Id: dnsquery.1,v 8.4 2001/08/08 07:49:58 marka Exp $ +.\" $Id: dnsquery.1,v 8.5 2002/06/18 02:04:54 marka Exp $ .\" .\"Copyright (c) 1995,1996,1999 by Internet Software Consortium .\" @@ -49,8 +49,10 @@ are treated without case-sensitivity. .Bl -tag -width Fl .It Fl n Ar nameserver The nameserver to be used in the query. Nameservers can appear as either -Internet addresses of the form -.Ar w.x.y.z +Internet addresses of the form +.Ar ( w.x.y.z +or +.Ar xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx ) or can appear as domain names. (Default: as specified in .Pa /etc/resolv.conf . ) diff --git a/contrib/bind/doc/man/named.conf.5 b/contrib/bind/doc/man/named.conf.5 index df07b1a..532af69 100644 --- a/contrib/bind/doc/man/named.conf.5 +++ b/contrib/bind/doc/man/named.conf.5 @@ -1895,6 +1895,7 @@ Any number of trusted keys can be specified. .Ss Syntax .Bd -literal server \fIip_addr\fR { + [ edns \fIyes_or_no\fR; ] [ bogus \fIyes_or_no\fR; ] [ support-ixfr \fIyes_or_no\fR; ] [ transfers \fInumber\fR; ] @@ -1906,6 +1907,15 @@ server \fIip_addr\fR { The server statement defines the characteristics to be associated with a remote name server. .Pp +If you discover that a server does not support EDNS you can prevent +named making EDNS queries to it by specifying +.Ic edns +.Ic no; . +The default value of +.Ic edns +is +.Ic yes . +.Pp If you discover that a server is giving out bad data, marking it as .Ic bogus will prevent further queries to it. The default value of diff --git a/contrib/bind/doc/misc/rfc2317-notes.txt b/contrib/bind/doc/misc/rfc2317-notes.txt new file mode 100644 index 0000000..0b62d2a --- /dev/null +++ b/contrib/bind/doc/misc/rfc2317-notes.txt @@ -0,0 +1,105 @@ +Message-Id: <200005230246.WAA03750@hrothgar.gw.com> +To: ... +Subject: Notes on RFC-2317 +Date: Mon, 22 May 2000 22:46:55 -0400 +From: Kimmo Suominen <kim@tac.nyc.ny.us> + +Hi! + +I wrote down some notes on RFC-2317. I've had discussions with all of +you regarding classless IN-ADDR.ARPA delegations, and I would very much +appreciate any comments you may have. Please feel free to forward this +to other parties as you see necessary or appropriate. + +The goal of these notes is to try and clarify the reasoning behind the +recommendations I've been making on implementing RFC-2317 delegations. +In particular the following issues keep coming up with again and again +with each vendor: + + - why use "-" instead of "/" + - why use particular NS records + - why delegate within IN-ADDR.ARPA + +I am hoping that the these notes could eventually be used to convince +ISPs to provide an efficient and smooth implementation of RFC-2317 with +the least amount of headache for the end-user. + +Regards, ++ Kim + + + +NOTES ON IMPLEMENTING CLASSLESS IN-ADDR.ARPA DELEGATION PER RFC-2317 + +1. Selecting the CNAME target zone + + RFC-2317 shows an example case where the target zone is a delegated + sub-zone of the IN-ADDR.ARPA zone for the natural class C network. + This will allow for the NS records for the zone can be independently + selected (see benefits described below). An example of such a zone + would be 0-28.150.80.204.IN-ADDR.ARPA. + + Now pay careful attention to the last paragraph of RFC-2317. There + are broken resolver implementations that apply the "valid host name" + restrictions on the CNAME target (it should only be applied to the + PTR target name). To avoid problems with such implementations it + is best to use a character that is allowed in a hostname. I prefer + using a hyphen, as I did in the example above. + + Some ISPs may at first refuse to delegate these zones (without any + explanation). Approach such ISPs with the reasoning in here first, + but if that fails consider using your "forward" zone as a fallback. + + There is nothing magic about the IN-ADDR.ARPA zone for RFC-2317 + delegations. You will have to sacrifice the optimization provided + by a correct IN-ADDR.ARPA delegation, but you will still retain + the ease of local administration for all name changes. + + I recommend using a dedicated subdomain for the PTR records, e.g. if + your "forward" domain is "HOME.GW.COM" use "REV.HOME.GW.COM" for the + PTR records. + +2. Selecting the NS records + + The NS records for the delegated zone should include all the NS + records of the parent zone, in addition to any NS records pointing + to the public name servers the delegate may want to use. Having the + name servers of the parent zone secondary the delegated zone allows + them to have the necessary authoritative data to return the CNAME + target in the additional records of a response to a PTR record query + (minimizing the number of queries needed to resolve an address). + + This can be achieved using any zone (i.e. even a subdomain of your + "forward" domain), of course. However, having the ISP delegate an + IN-ADDR.ARPA zone for your PTR records rather than you delegating a + zone to your ISP maintains the logical "owner" and "delegate" roles. + + If the primary server for the delegated zone is not permanently on + the Internet (e.g. a dial-on-demand connection) then you would not + want to advertise it in the NS records. It would just be a stealth + server which the advertised secondaries poll for updates. + +3. Example delegation + + To delegate our example zone 0-28.150.80.204.IN-ADDR.ARPA first look + at the NS records of the parent zone 150.80.204.IN-ADDR.ARPA. Let's + say they are the following: + + $ORIGIN 150.80.204.IN-ADDR.ARPA. + @ IN NS GRENDEL.GW.COM. + IN NS PYRY.GW.COM. + + To delegate 204.80.150.0/28 to SRV.HOME.GW.COM you would then insert + these records in the parent zone data: + + $ORIGIN 150.80.204.IN-ADDR.ARPA. + 0-28 IN NS SRV.HOME.GW.COM. + IN NS GRENDEL.GW.COM. + IN NS PYRY.GW.COM. + $GENERATE 0-15 $ IN CNAME $.0-28.150.80.204.IN-ADDR.ARPA. + + The necessary modifications to /etc/named.conf will be left as an + exercise to the reader. + +Kimmo Suominen +Global Wire Oy diff --git a/contrib/bind/include/arpa/nameser_compat.h b/contrib/bind/include/arpa/nameser_compat.h index a32485a..cbceb6e 100644 --- a/contrib/bind/include/arpa/nameser_compat.h +++ b/contrib/bind/include/arpa/nameser_compat.h @@ -32,7 +32,7 @@ /* * from nameser.h 8.1 (Berkeley) 6/2/93 - * $Id: nameser_compat.h,v 8.13 2001/09/24 02:20:25 marka Exp $ + * $Id: nameser_compat.h,v 8.14 2002/05/18 01:39:11 marka Exp $ */ #ifndef _ARPA_NAMESER_COMPAT_ @@ -64,7 +64,7 @@ defined(apollo) || defined(__convex__) || defined(_CRAY) || \ defined(__hppa) || defined(__hp9000) || \ defined(__hp9000s300) || defined(__hp9000s700) || \ - defined(__hp3000s900) || defined(MPE) || \ + defined(__hp3000s900) || defined(__hpux) || defined(MPE) || \ defined (BIT_ZERO_ON_LEFT) || defined(m68k) || \ (defined(__Lynx__) && \ (defined(__68k__) || defined(__sparc__) || defined(__powerpc__))) diff --git a/contrib/bind/include/isc/list.h b/contrib/bind/include/isc/list.h index 21dd565..0aa6f7d 100644 --- a/contrib/bind/include/isc/list.h +++ b/contrib/bind/include/isc/list.h @@ -24,11 +24,13 @@ do { (list).head = NULL; (list).tail = NULL; } while (0) #define LINK(type) struct { type *prev, *next; } -#define INIT_LINK(elt, link) \ +#define INIT_LINK_TYPE(elt, link, type) \ do { \ - (elt)->link.prev = (void *)(-1); \ - (elt)->link.next = (void *)(-1); \ + (elt)->link.prev = (type *)(-1); \ + (elt)->link.next = (type *)(-1); \ } while (0) +#define INIT_LINK(elt, link) \ + INIT_LINK_TYPE(elt, link, void) #define LINKED(elt, link) ((void *)((elt)->link.prev) != (void *)(-1)) #define HEAD(list) ((list).head) @@ -59,7 +61,7 @@ (list).tail = (elt); \ } while (0) -#define UNLINK(list, elt, link) \ +#define UNLINK_TYPE(list, elt, link, type) \ do { \ INSIST(LINKED(elt, link));\ if ((elt)->link.next != NULL) \ @@ -70,8 +72,10 @@ (elt)->link.prev->link.next = (elt)->link.next; \ else \ (list).head = (elt)->link.next; \ - INIT_LINK(elt, link); \ + INIT_LINK_TYPE(elt, link, type); \ } while (0) +#define UNLINK(list, elt, link) \ + UNLINK_TYPE(list, elt, link, void) #define PREV(elt, link) ((elt)->link.prev) #define NEXT(elt, link) ((elt)->link.next) diff --git a/contrib/bind/include/resolv.h b/contrib/bind/include/resolv.h index ff3c01f..5497f30 100644 --- a/contrib/bind/include/resolv.h +++ b/contrib/bind/include/resolv.h @@ -50,7 +50,7 @@ /* * @(#)resolv.h 8.1 (Berkeley) 6/2/93 - * $Id: resolv.h,v 8.45 2002/04/12 06:27:48 marka Exp $ + * $Id: resolv.h,v 8.48 2002/05/31 06:05:29 marka Exp $ */ #ifndef _RESOLV_H_ @@ -156,7 +156,11 @@ struct __res_state_ext; struct __res_state { int retrans; /* retransmition time interval */ int retry; /* number of times to retransmit */ +#ifdef sun + u_int options; /* option flags - see below. */ +#else u_long options; /* option flags - see below. */ +#endif int nscount; /* number of name servers */ struct sockaddr_in nsaddr_list[MAXNS]; /* address of name server */ @@ -164,7 +168,11 @@ struct __res_state { u_short id; /* current message id */ char *dnsrch[MAXDNSRCH+1]; /* components of domain to search */ char defdname[256]; /* default domain (deprecated) */ +#ifdef sun + u_int pfcode; /* RES_PRF_ flags - see below. */ +#else u_long pfcode; /* RES_PRF_ flags - see below. */ +#endif unsigned ndots:4; /* threshold for initial abs. query */ unsigned nsort:4; /* number of elements in sort_list[] */ char unused[3]; @@ -177,9 +185,10 @@ struct __res_state { int res_h_errno; /* last one set for this context */ int _vcsock; /* PRIVATE: for res_send VC i/o */ u_int _flags; /* PRIVATE: see below */ + u_int _pad; /* make _u 64 bit aligned */ union { /* On an 32-bit arch this means 512b total. */ - char pad[72 - 3*sizeof (int) - 2*sizeof (void *)]; + char pad[72 - 4*sizeof (int) - 2*sizeof (void *)]; struct { u_int16_t nscount; u_int16_t nstimes[MAXNS]; /* ms. */ @@ -245,6 +254,7 @@ union res_sockaddr_union { #define RES_USE_DNAME 0x10000000 /* use DNAME */ #define RES_USE_A6 0x20000000 /* use A6 */ #define RES_USE_EDNS0 0x40000000 /* use EDNS0 if configured */ +#define RES_NO_NIBBLE2 0x80000000 /* disable alternate nibble lookup */ #define RES_DEFAULT (RES_RECURSE | RES_DEFNAMES | RES_DNSRCH) @@ -460,6 +470,7 @@ const char * res_protocolname __P((int num)); void res_destroyprotolist __P((void)); void res_buildprotolist __P((void)); const char * res_get_nibblesuffix __P((res_state)); +const char * res_get_nibblesuffix2 __P((res_state)); const char * res_get_bitstringsuffix __P((res_state)); void res_ndestroy __P((res_state)); u_int16_t res_nametoclass __P((const char *buf, int *success)); diff --git a/contrib/bind/lib/irs/dns_ho.c b/contrib/bind/lib/irs/dns_ho.c index 7d64e53..6c0a6e7 100644 --- a/contrib/bind/lib/irs/dns_ho.c +++ b/contrib/bind/lib/irs/dns_ho.c @@ -52,7 +52,7 @@ /* BIND Id: gethnamaddr.c,v 8.15 1996/05/22 04:56:30 vixie Exp $ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: dns_ho.c,v 1.35 2002/05/08 01:49:27 marka Exp $"; +static const char rcsid[] = "$Id: dns_ho.c,v 1.39 2002/06/27 03:56:32 marka Exp $"; #endif /* LIBC_SCCS and not lint */ /* Imports. */ @@ -74,6 +74,7 @@ static const char rcsid[] = "$Id: dns_ho.c,v 1.35 2002/05/08 01:49:27 marka Exp #include <resolv.h> #include <stdio.h> #include <string.h> +#include <syslog.h> #include <isc/memcluster.h> #include <irs.h> @@ -161,7 +162,7 @@ static struct addrinfo * ho_addrinfo(struct irs_ho *this, const char *name, const struct addrinfo *pai); static void map_v4v6_hostent(struct hostent *hp, char **bp, - int *len); + char *ep); static void addrsort(res_state, char **, int); static struct hostent * gethostans(struct irs_ho *this, const u_char *ansbuf, int anslen, @@ -404,15 +405,12 @@ ho_byaddr(struct irs_ho *this, const void *addr, int len, int af) q->answer = q->qbuf.buf; q->anslen = sizeof(q->qbuf); q->next = q2; - if ((pvt->res->options & RES_NO_BITSTRING) != 0) - q->action = RESTGT_IGNORE; - else - q->action = RESTGT_DOALWAYS; + q->action = RESTGT_DOALWAYS; q2->qclass = C_IN; q2->qtype = T_PTR; q2->answer = q2->qbuf.buf; q2->anslen = sizeof(q2->qbuf); - if ((pvt->res->options & RES_NO_NIBBLE) != 0) + if ((pvt->res->options & RES_NO_NIBBLE2) != 0) q2->action = RESTGT_IGNORE; else q2->action = RESTGT_AFTERFAILURE; @@ -441,11 +439,12 @@ ho_byaddr(struct irs_ho *this, const void *addr, int len, int af) case AF_INET6: if (q->action != RESTGT_IGNORE) { qp = q->qname; - qp += SPRINTF((qp, "\\[x")); - for (n = 0; n < IN6ADDRSZ; n++) - qp += SPRINTF((qp, "%02x", uaddr[n])); - SPRINTF((qp, "/128].%s", - res_get_bitstringsuffix(pvt->res))); + for (n = IN6ADDRSZ - 1; n >= 0; n--) { + qp += SPRINTF((qp, "%x.%x.", + uaddr[n] & 0xf, + (uaddr[n] >> 4) & 0xf)); + } + strcpy(qp, res_get_nibblesuffix(pvt->res)); } if (q2->action != RESTGT_IGNORE) { qp = q2->qname; @@ -454,7 +453,7 @@ ho_byaddr(struct irs_ho *this, const void *addr, int len, int af) uaddr[n] & 0xf, (uaddr[n] >> 4) & 0xf)); } - strcpy(qp, res_get_nibblesuffix(pvt->res)); + strcpy(qp, res_get_nibblesuffix2(pvt->res)); } break; default: @@ -1081,7 +1080,7 @@ gethostans(struct irs_ho *this, struct addrinfo **ret_aip, const struct addrinfo *pai) { struct pvt *pvt = (struct pvt *)this->private; - int type, class, buflen, ancount, qdcount, n, haveanswer, had_error; + int type, class, ancount, qdcount, n, haveanswer, had_error; int error = NETDB_SUCCESS, arcount; int (*name_ok)(const char *); const HEADER *hp; @@ -1090,7 +1089,7 @@ gethostans(struct irs_ho *this, const u_char *cp; const char *tname; const char *hname; - char *bp, **ap, **hap; + char *bp, *ep, **ap, **hap; char tbuf[MAXDNAME+1]; struct addrinfo sentinel, *cur, ai; const u_char *arp = NULL; @@ -1133,13 +1132,13 @@ gethostans(struct irs_ho *this, qdcount = ntohs(hp->qdcount); arcount = ntohs(hp->arcount); bp = pvt->hostbuf; - buflen = sizeof pvt->hostbuf; + ep = pvt->hostbuf + sizeof(pvt->hostbuf); cp = ansbuf + HFIXEDSZ; if (qdcount != 1) { RES_SET_H_ERRNO(pvt->res, NO_RECOVERY); return (NULL); } - n = dn_expand(ansbuf, eom, cp, bp, buflen); + n = dn_expand(ansbuf, eom, cp, bp, ep - bp); if (n < 0 || !maybe_ok(pvt->res, bp, name_ok)) { RES_SET_H_ERRNO(pvt->res, NO_RECOVERY); return (NULL); @@ -1163,7 +1162,6 @@ gethostans(struct irs_ho *this, pvt->host.h_name = bp; hname = bp; bp += n; - buflen -= n; /* The qname can be abbreviated, but hname is now absolute. */ qname = pvt->host.h_name; } @@ -1176,7 +1174,7 @@ gethostans(struct irs_ho *this, haveanswer = 0; had_error = 0; while (ancount-- > 0 && cp < eom && !had_error) { - n = dn_expand(ansbuf, eom, cp, bp, buflen); + n = dn_expand(ansbuf, eom, cp, bp, ep - bp); if (n < 0 || !maybe_ok(pvt->res, bp, name_ok)) { had_error++; continue; @@ -1197,6 +1195,15 @@ gethostans(struct irs_ho *this, eor = cp + n; if ((qtype == T_A || qtype == T_AAAA || qtype == ns_t_a6 || qtype == T_ANY) && type == T_CNAME) { + if (haveanswer) { + int level = LOG_CRIT; +#ifdef LOG_SECURITY + level |= LOG_SECURITY; +#endif + syslog(level, + "gethostans: possible attempt to exploit buffer overflow while looking up %s", + *qname ? qname : "."); + } n = dn_expand(ansbuf, eor, cp, tbuf, sizeof tbuf); if (n < 0 || !maybe_ok(pvt->res, tbuf, name_ok)) { had_error++; @@ -1209,10 +1216,9 @@ gethostans(struct irs_ho *this, *ap++ = bp; n = strlen(bp) + 1; /* for the \0 */ bp += n; - buflen -= n; /* Get canonical name. */ n = strlen(tbuf) + 1; /* for the \0 */ - if (n > buflen || n > MAXHOSTNAMELEN) { + if (n > (ep - bp) || n > MAXHOSTNAMELEN) { had_error++; continue; } @@ -1220,7 +1226,6 @@ gethostans(struct irs_ho *this, pvt->host.h_name = bp; hname = bp; bp += n; - buflen -= n; continue; } if (type == ns_t_dname) { @@ -1256,7 +1261,7 @@ gethostans(struct irs_ho *this, cp += n; n = strlen(t) + 1; /* for the \0 */ - if (n > buflen) { + if (n > (ep - bp)) { had_error++; continue; } @@ -1266,7 +1271,6 @@ gethostans(struct irs_ho *this, else hname = bp; bp += n; - buflen -= n; continue; } @@ -1292,14 +1296,13 @@ gethostans(struct irs_ho *this, } /* Get canonical name. */ n = strlen(tbuf) + 1; /* for the \0 */ - if (n > buflen) { + if (n > (ep - bp)) { had_error++; continue; } strcpy(bp, tbuf); tname = bp; bp += n; - buflen -= n; continue; } if (qtype == T_ANY) { @@ -1323,7 +1326,7 @@ gethostans(struct irs_ho *this, cp += n; continue; } - n = dn_expand(ansbuf, eor, cp, bp, buflen); + n = dn_expand(ansbuf, eor, cp, bp, ep - bp); if (n < 0 || !maybe_hnok(pvt->res, bp) || n >= MAXHOSTNAMELEN) { had_error++; @@ -1341,7 +1344,6 @@ gethostans(struct irs_ho *this, if (n != -1) { n = strlen(bp) + 1; /* for the \0 */ bp += n; - buflen -= n; } break; case ns_t_a6: { @@ -1441,7 +1443,6 @@ gethostans(struct irs_ho *this, pvt->host.h_name = bp; hname = bp; bp += nn; - buflen -= nn; } /* Ensure alignment. */ bp = (char *)(((u_long)bp + (sizeof(align) - 1)) & @@ -1495,15 +1496,14 @@ gethostans(struct irs_ho *this, haveanswer); if (pvt->host.h_name == NULL) { n = strlen(qname) + 1; /* for the \0 */ - if (n > buflen || n >= MAXHOSTNAMELEN) + if (n > (ep - bp) || n >= MAXHOSTNAMELEN) goto no_recovery; strcpy(bp, qname); pvt->host.h_name = bp; bp += n; - buflen -= n; } if (pvt->res->options & RES_USE_INET6) - map_v4v6_hostent(&pvt->host, &bp, &buflen); + map_v4v6_hostent(&pvt->host, &bp, ep); RES_SET_H_ERRNO(pvt->res, NETDB_SUCCESS); return (&pvt->host); } else { @@ -1577,7 +1577,7 @@ add_hostent(struct pvt *pvt, char *bp, char **hap, struct addrinfo *ai) } static void -map_v4v6_hostent(struct hostent *hp, char **bpp, int *lenp) { +map_v4v6_hostent(struct hostent *hp, char **bpp, char *ep) { char **ap; if (hp->h_addrtype != AF_INET || hp->h_length != INADDRSZ) @@ -1590,17 +1590,15 @@ map_v4v6_hostent(struct hostent *hp, char **bpp, int *lenp) { if (i != 0) i = sizeof(align) - i; - if (*lenp < (i + IN6ADDRSZ)) { + if ((ep - *bpp) < (i + IN6ADDRSZ)) { /* Out of memory. Truncate address list here. */ *ap = NULL; return; } *bpp += i; - *lenp -= i; map_v4v6_address(*ap, *bpp); *ap = *bpp; *bpp += IN6ADDRSZ; - *lenp -= IN6ADDRSZ; } } diff --git a/contrib/bind/lib/irs/dns_nw.c b/contrib/bind/lib/irs/dns_nw.c index fbc613f..f39a59a 100644 --- a/contrib/bind/lib/irs/dns_nw.c +++ b/contrib/bind/lib/irs/dns_nw.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: dns_nw.c,v 1.22 2002/02/27 03:50:10 marka Exp $"; +static const char rcsid[] = "$Id: dns_nw.c,v 1.23 2002/06/26 07:42:06 marka Exp $"; #endif /* LIBC_SCCS and not lint */ /* Imports. */ @@ -299,8 +299,8 @@ get1101answer(struct irs_nw *this, int af, const char *name, const u_char *addr, int addrlen) { struct pvt *pvt = (struct pvt *)this->private; - int type, class, buflen, ancount, qdcount, haveanswer; - char *bp, **ap; + int type, class, ancount, qdcount, haveanswer; + char *bp, *ep, **ap; u_char *cp, *eom; HEADER *hp; @@ -332,7 +332,7 @@ get1101answer(struct irs_nw *this, /* Prepare a return structure. */ bp = pvt->buf; - buflen = sizeof pvt->buf; + ep = pvt->buf + sizeof(pvt->buf); pvt->net.n_name = NULL; pvt->net.n_aliases = pvt->ali; pvt->net.n_addrtype = af; @@ -345,20 +345,19 @@ get1101answer(struct irs_nw *this, if (name != NULL) { int n = strlen(name) + 1; - if (n > buflen) { + if (n > (ep - bp)) { RES_SET_H_ERRNO(pvt->res, NO_RECOVERY); return (NULL); } pvt->net.n_name = strcpy(bp, name); bp += n; - buflen -= n; } break; case by_addr: if (addr != NULL && addrlen != 0) { int n = addrlen / 8 + ((addrlen % 8) != 0); - if (INADDRSZ > buflen) { + if (INADDRSZ > (ep - bp)) { RES_SET_H_ERRNO(pvt->res, NO_RECOVERY); return (NULL); } @@ -366,7 +365,6 @@ get1101answer(struct irs_nw *this, memcpy(bp, addr, n); pvt->net.n_addr = bp; bp += INADDRSZ; - buflen -= INADDRSZ; } break; default: @@ -377,7 +375,7 @@ get1101answer(struct irs_nw *this, ap = pvt->ali; haveanswer = 0; while (--ancount >= 0 && cp < eom) { - int n = dn_expand(ansbuf, eom, cp, bp, buflen); + int n = dn_expand(ansbuf, eom, cp, bp, ep - bp); cp += n; /* Owner */ if (n < 0 || !maybe_dnok(pvt->res, bp) || @@ -392,7 +390,7 @@ get1101answer(struct irs_nw *this, if (class == C_IN && type == T_PTR) { int nn; - nn = dn_expand(ansbuf, eom, cp, bp, buflen); + nn = dn_expand(ansbuf, eom, cp, bp, ep - bp); if (nn < 0 || !maybe_hnok(pvt->res, bp) || nn != n) { RES_SET_H_ERRNO(pvt->res, NO_RECOVERY); return (NULL); @@ -408,7 +406,6 @@ get1101answer(struct irs_nw *this, *ap++ = bp; nn = strlen(bp) + 1; bp += nn; - buflen -= nn; haveanswer++; break; } @@ -419,7 +416,7 @@ get1101answer(struct irs_nw *this, sscanf(bp, "%u.%u.%u.%u.in-addr.arpa", &b1, &b2, &b3, &b4) != 4) break; - if (buflen < INADDRSZ) { + if ((ep - bp) < INADDRSZ) { RES_SET_H_ERRNO(pvt->res, NO_RECOVERY); return (NULL); } @@ -428,7 +425,6 @@ get1101answer(struct irs_nw *this, *bp++ = b3; *bp++ = b2; *bp++ = b1; - buflen -= INADDRSZ; pvt->net.n_length = INADDRSZ * 8; haveanswer++; } diff --git a/contrib/bind/lib/irs/gethostent.c b/contrib/bind/lib/irs/gethostent.c index 586fa49..8e7e717 100644 --- a/contrib/bind/lib/irs/gethostent.c +++ b/contrib/bind/lib/irs/gethostent.c @@ -16,7 +16,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: gethostent.c,v 1.29 2001/05/29 05:48:44 marka Exp $"; +static const char rcsid[] = "$Id: gethostent.c,v 1.32 2002/05/27 06:50:55 marka Exp $"; #endif /* Imports */ @@ -458,34 +458,34 @@ freehostent(struct hostent *he) { * -1 on failure. */ -static int -scan_interfaces(int *have_v4, int *have_v6) { -#ifndef SIOCGLIFCONF -/* map new to old */ -#define SIOCGLIFCONF SIOCGIFCONF -#define lifc_len ifc_len -#define lifc_buf ifc_buf - struct ifconf lifc; +#if defined(SIOCGLIFCONF) && defined(SIOCGLIFADDR) && \ + !defined(IRIX_EMUL_IOCTL_SIOCGIFCONF) + +#ifdef __hpux +#define lifc_len iflc_len +#define lifc_buf iflc_buf +#define lifc_req iflc_req +#define LIFCONF if_laddrconf #else #define SETFAMILYFLAGS - struct lifconf lifc; -#endif - -#ifndef SIOCGLIFADDR -/* map new to old */ -#define SIOCGLIFADDR SIOCGIFADDR +#define LIFCONF lifconf #endif - -#ifndef SIOCGLIFFLAGS -#define SIOCGLIFFLAGS SIOCGIFFLAGS -#define lifr_addr ifr_addr -#define lifr_name ifr_name -#define lifr_flags ifr_flags + +#ifdef __hpux +#define lifr_addr iflr_addr +#define lifr_name iflr_name +#define lifr_dstaddr iflr_dstaddr +#define lifr_flags iflr_flags #define ss_family sa_family - struct ifreq lifreq; +#define LIFREQ if_laddrreq #else - struct lifreq lifreq; +#define LIFREQ lifreq #endif + +static int +scan_interfaces6(int *have_v4, int *have_v6) { + struct LIFCONF lifc; + struct LIFREQ lifreq; struct in_addr in4; struct in6_addr in6; char *buf = NULL, *cp, *cplim; @@ -496,7 +496,7 @@ scan_interfaces(int *have_v4, int *have_v6) { *have_v4 = *have_v6 = 0; /* Get interface list from system. */ - if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1) + if ((s = socket(AF_INET6, SOCK_DGRAM, 0)) == -1) goto err_ret; /* @@ -508,20 +508,11 @@ scan_interfaces(int *have_v4, int *have_v6) { if (buf == NULL) goto err_ret; #ifdef SETFAMILYFLAGS - lifc.lifc_family = AF_UNSPEC; + lifc.lifc_family = AF_UNSPEC; /* request all families */ lifc.lifc_flags = 0; #endif lifc.lifc_len = bufsiz; lifc.lifc_buf = buf; -#ifdef IRIX_EMUL_IOCTL_SIOCGIFCONF - /* - * This is a fix for IRIX OS in which the call to ioctl with - * the flag SIOCGIFCONF may not return an entry for all the - * interfaces like most flavors of Unix. - */ - if (emul_ioctl(&lifc) >= 0) - break; -#else if ((n = ioctl(s, SIOCGLIFCONF, (char *)&lifc)) != -1) { /* * Some OS's just return what will fit rather @@ -534,7 +525,6 @@ scan_interfaces(int *have_v4, int *have_v6) { if (lifc.lifc_len + 2 * sizeof(lifreq) < bufsiz) break; } -#endif if ((n == -1) && errno != EINVAL) goto err_ret; @@ -620,6 +610,158 @@ scan_interfaces(int *have_v4, int *have_v6) { return (-1); } +#endif + +static int +scan_interfaces(int *have_v4, int *have_v6) { + struct ifconf ifc; + union { + char _pad[256]; /* leave space for IPv6 addresses */ + struct ifreq ifreq; + } u; + struct in_addr in4; + struct in6_addr in6; + char *buf = NULL, *cp, *cplim; + static unsigned int bufsiz = 4095; + int s, n; + size_t cpsize; + +#if defined(SIOCGLIFCONF) && defined(SIOCGLIFADDR) && \ + !defined(IRIX_EMUL_IOCTL_SIOCGIFCONF) + /* + * Try to scan the interfaces using IPv6 ioctls(). + */ + if (!scan_interfaces6(have_v4, have_v6)) + return (0); +#endif + + /* Set to zero. Used as loop terminators below. */ + *have_v4 = *have_v6 = 0; + + /* Get interface list from system. */ + if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1) + goto err_ret; + + /* + * Grow buffer until large enough to contain all interface + * descriptions. + */ + for (;;) { + buf = memget(bufsiz); + if (buf == NULL) + goto err_ret; + ifc.ifc_len = bufsiz; + ifc.ifc_buf = buf; +#ifdef IRIX_EMUL_IOCTL_SIOCGIFCONF + /* + * This is a fix for IRIX OS in which the call to ioctl with + * the flag SIOCGIFCONF may not return an entry for all the + * interfaces like most flavors of Unix. + */ + if (emul_ioctl(&ifc) >= 0) + break; +#else + if ((n = ioctl(s, SIOCGIFCONF, (char *)&ifc)) != -1) { + /* + * Some OS's just return what will fit rather + * than set EINVAL if the buffer is too small + * to fit all the interfaces in. If + * ifc.ifc_len is too near to the end of the + * buffer we will grow it just in case and + * retry. + */ + if (ifc.ifc_len + 2 * sizeof(u.ifreq) < bufsiz) + break; + } +#endif + if ((n == -1) && errno != EINVAL) + goto err_ret; + + if (bufsiz > 1000000) + goto err_ret; + + memput(buf, bufsiz); + bufsiz += 4096; + } + + /* Parse system's interface list. */ + cplim = buf + ifc.ifc_len; /* skip over if's with big ifr_addr's */ + for (cp = buf; + (*have_v4 == 0 || *have_v6 == 0) && cp < cplim; + cp += cpsize) { + memcpy(&u.ifreq, cp, sizeof u.ifreq); +#ifdef HAVE_SA_LEN +#ifdef FIX_ZERO_SA_LEN + if (u.ifreq.ifr_addr.sa_len == 0) + u.ifreq.ifr_addr.sa_len = 16; +#endif +#ifdef HAVE_MINIMUM_IFREQ + cpsize = sizeof u.ifreq; + if (u.ifreq.ifr_addr.sa_len > sizeof (struct sockaddr)) + cpsize += (int)u.ifreq.ifr_addr.sa_len - + (int)(sizeof (struct sockaddr)); +#else + cpsize = sizeof u.ifreq.ifr_name + u.ifreq.ifr_addr.sa_len; +#endif /* HAVE_MINIMUM_IFREQ */ + if (cpsize > sizeof u.ifreq && cpsize <= sizeof u) + memcpy(&u.ifreq, cp, cpsize); +#elif defined SIOCGIFCONF_ADDR + cpsize = sizeof u.ifreq; +#else + cpsize = sizeof u.ifreq.ifr_name; + /* XXX maybe this should be a hard error? */ + if (ioctl(s, SIOCGIFADDR, (char *)&u.ifreq) < 0) + continue; +#endif + switch (u.ifreq.ifr_addr.sa_family) { + case AF_INET: + if (*have_v4 == 0) { + memcpy(&in4, + &((struct sockaddr_in *) + &u.ifreq.ifr_addr)->sin_addr, + sizeof in4); + if (in4.s_addr == INADDR_ANY) + break; + n = ioctl(s, SIOCGIFFLAGS, (char *)&u.ifreq); + if (n < 0) + break; + if ((u.ifreq.ifr_flags & IFF_UP) == 0) + break; + *have_v4 = 1; + } + break; + case AF_INET6: + if (*have_v6 == 0) { + memcpy(&in6, + &((struct sockaddr_in6 *) + &u.ifreq.ifr_addr)->sin6_addr, + sizeof in6); + if (memcmp(&in6, &in6addr_any, sizeof in6) == 0) + break; + n = ioctl(s, SIOCGIFFLAGS, (char *)&u.ifreq); + if (n < 0) + break; + if ((u.ifreq.ifr_flags & IFF_UP) == 0) + break; + *have_v6 = 1; + } + break; + } + } + if (buf != NULL) + memput(buf, bufsiz); + close(s); + /* printf("scan interface -> 4=%d 6=%d\n", *have_v4, *have_v6); */ + return (0); + err_ret: + if (buf != NULL) + memput(buf, bufsiz); + if (s != -1) + close(s); + /* printf("scan interface -> 4=%d 6=%d\n", *have_v4, *have_v6); */ + return (-1); +} + static struct hostent * copyandmerge(struct hostent *he1, struct hostent *he2, int af, int *error_num) { struct hostent *he = NULL; diff --git a/contrib/bind/lib/nameser/ns_name.c b/contrib/bind/lib/nameser/ns_name.c index cf371b6..96c41e8 100644 --- a/contrib/bind/lib/nameser/ns_name.c +++ b/contrib/bind/lib/nameser/ns_name.c @@ -16,7 +16,7 @@ */ #ifndef lint -static const char rcsid[] = "$Id: ns_name.c,v 8.17 2001/10/03 14:34:32 marka Exp $"; +static const char rcsid[] = "$Id: ns_name.c,v 8.18 2002/05/24 05:10:40 marka Exp $"; #endif #include "port_before.h" @@ -681,6 +681,8 @@ special(int ch) { case 0x2E: /* '.' */ case 0x3B: /* ';' */ case 0x5C: /* '\\' */ + case 0x28: /* '(' */ + case 0x29: /* ')' */ /* Special modifiers in zone files. */ case 0x40: /* '@' */ case 0x24: /* '$' */ diff --git a/contrib/bind/lib/resolv/res_debug.c b/contrib/bind/lib/resolv/res_debug.c index 9b61e11..f2c0689 100644 --- a/contrib/bind/lib/resolv/res_debug.c +++ b/contrib/bind/lib/resolv/res_debug.c @@ -95,7 +95,7 @@ #if defined(LIBC_SCCS) && !defined(lint) static const char sccsid[] = "@(#)res_debug.c 8.1 (Berkeley) 6/4/93"; -static const char rcsid[] = "$Id: res_debug.c,v 8.45 2001/12/19 12:05:56 marka Exp $"; +static const char rcsid[] = "$Id: res_debug.c,v 8.46 2002/05/21 01:57:45 marka Exp $"; #endif /* LIBC_SCCS and not lint */ #include "port_before.h" @@ -683,12 +683,10 @@ precsize_ntoa(prec) /* converts ascii size/precision X * 10**Y(cm) to 0xXY. moves pointer. */ static u_int8_t -precsize_aton(strptr) - char **strptr; -{ +precsize_aton(const char **strptr) { unsigned int mval = 0, cmval = 0; u_int8_t retval = 0; - char *cp; + const char *cp; int exponent; int mantissa; @@ -725,11 +723,8 @@ precsize_aton(strptr) /* converts ascii lat/lon to unsigned encoded 32-bit number. moves pointer. */ static u_int32_t -latlon2ul(latlonstrptr,which) - char **latlonstrptr; - int *which; -{ - char *cp; +latlon2ul(const char **latlonstrptr, int *which) { + const char *cp; u_int32_t retval; int deg = 0, min = 0, secs = 0, secsfrac = 0; diff --git a/contrib/bind/lib/resolv/res_init.c b/contrib/bind/lib/resolv/res_init.c index 8dc72f4..9f99d14 100644 --- a/contrib/bind/lib/resolv/res_init.c +++ b/contrib/bind/lib/resolv/res_init.c @@ -70,7 +70,7 @@ #if defined(LIBC_SCCS) && !defined(lint) static const char sccsid[] = "@(#)res_init.c 8.1 (Berkeley) 6/7/93"; -static const char rcsid[] = "$Id: res_init.c,v 8.28 2002/01/30 01:07:35 marka Exp $"; +static const char rcsid[] = "$Id: res_init.c,v 8.29 2002/05/31 06:05:31 marka Exp $"; #endif /* LIBC_SCCS and not lint */ #include "port_before.h" @@ -194,7 +194,8 @@ __res_vinit(res_state statp, int preinit) { if (statp->_u._ext.ext != NULL) { memset(statp->_u._ext.ext, 0, sizeof(*statp->_u._ext.ext)); statp->_u._ext.ext->nsaddrs[0].sin = statp->nsaddr; - strcpy(statp->_u._ext.ext->nsuffix, "ip6.int"); + strcpy(statp->_u._ext.ext->nsuffix, "ip6.arpa"); + strcpy(statp->_u._ext.ext->nsuffix2, "ip6.int"); strcpy(statp->_u._ext.ext->bsuffix, "ip6.arpa"); } #ifdef RESOLVSORT @@ -520,6 +521,14 @@ res_setoptions(res_state statp, const char *options, const char *source) strncpy(ext->nsuffix, cp, i); ext->nsuffix[i] = '\0'; } + else if (!strncmp(cp, "nibble2:", sizeof("nibble2:") - 1)) { + if (ext == NULL) + goto skip; + cp += sizeof("nibble2:") - 1; + i = MIN(strcspn(cp, " \t"), sizeof(ext->nsuffix2) - 1); + strncpy(ext->nsuffix2, cp, i); + ext->nsuffix2[i] = '\0'; + } else if (!strncmp(cp, "bitstring:", sizeof("bitstring:") - 1)) { if (ext == NULL) goto skip; @@ -530,16 +539,12 @@ res_setoptions(res_state statp, const char *options, const char *source) } else if (!strncmp(cp, "v6revmode:", sizeof("v6revmode:") - 1)) { cp += sizeof("v6revmode:") - 1; - if (!strncmp(cp, "nibble", sizeof("nibble") - 1)) { - statp->options &= ~RES_NO_NIBBLE; - statp->options |= RES_NO_BITSTRING; - } else if (!strncmp(cp, "bitstring", - sizeof("bitstring") - 1)) { - statp->options |= RES_NO_NIBBLE; - statp->options &= ~RES_NO_BITSTRING; + /* "nibble" and "bitstring" used to be valid */ + if (!strncmp(cp, "single", sizeof("single") - 1)) { + statp->options |= RES_NO_NIBBLE2; } else if (!strncmp(cp, "both", sizeof("both") - 1)) { statp->options &= - ~(RES_NO_NIBBLE|RES_NO_BITSTRING); + ~RES_NO_NIBBLE2; } } else { @@ -613,6 +618,13 @@ const char * res_get_nibblesuffix(res_state statp) { if (statp->_u._ext.ext) return (statp->_u._ext.ext->nsuffix); + return ("ip6.arpa"); +} + +const char * +res_get_nibblesuffix2(res_state statp) { + if (statp->_u._ext.ext) + return (statp->_u._ext.ext->nsuffix2); return ("ip6.int"); } diff --git a/contrib/bind/lib/resolv/res_private.h b/contrib/bind/lib/resolv/res_private.h index 2c7fa5e..ec9b384 100644 --- a/contrib/bind/lib/resolv/res_private.h +++ b/contrib/bind/lib/resolv/res_private.h @@ -12,6 +12,7 @@ struct __res_state_ext { } sort_list[MAXRESOLVSORT]; char nsuffix[64]; char bsuffix[64]; + char nsuffix2[64]; }; extern int diff --git a/contrib/bind/port/freebsd/Makefile.set b/contrib/bind/port/freebsd/Makefile.set index acf7a56..0cf3c39 100644 --- a/contrib/bind/port/freebsd/Makefile.set +++ b/contrib/bind/port/freebsd/Makefile.set @@ -1,5 +1,5 @@ 'CC=cc' -'CDEBUG=-O2 -g -W -Wall -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wformat -DMEMCLUSTER_RECORD=1' +'CDEBUG=-O2 -g -W -Wall -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wformat' 'DESTBIN=/usr/bin' 'DESTSBIN=/usr/sbin' 'DESTEXEC=/usr/libexec' @@ -9,7 +9,8 @@ 'DESTRUN=/var/run' 'LEX=lex -I' 'YACC=yacc -d' -'SYSLIBS=-ll -lutil' +'SYSLIBS=-lutil' +'LIBL=-ll' 'INSTALL=install' 'MANDIR=cat' 'MANROFF=(tbl|nroff -man)' |
