]>
git.ipfire.org Git - thirdparty/squid.git/blob - src/dns/rfc1035.cc
2 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
10 * Low level DNS protocol routines
14 * UDP replies with TC set should be retried via TCP
18 #include "dns/rfc1035.h"
19 #include "dns/rfc2671.h"
35 #include <netinet/in.h>
38 #include <arpa/inet.h>
44 #define RFC1035_MAXLABELSZ 63
45 #define rfc1035_unpack_error 15
48 #define RFC1035_UNPACK_DEBUG fprintf(stderr, "unpack error at %s:%d\n", __FILE__,__LINE__)
50 #define RFC1035_UNPACK_DEBUG (void)0
56 * Packs a rfc1035_header structure into a buffer.
57 * Returns number of octets packed (should always be 12)
60 rfc1035HeaderPack(char *buf
, size_t sz
, rfc1035_message
* hdr
)
67 memcpy(buf
+ off
, &s
, sizeof(s
));
71 t
|= (hdr
->opcode
<< 11);
78 memcpy(buf
+ off
, &s
, sizeof(s
));
80 s
= htons(hdr
->qdcount
);
81 memcpy(buf
+ off
, &s
, sizeof(s
));
83 s
= htons(hdr
->ancount
);
84 memcpy(buf
+ off
, &s
, sizeof(s
));
86 s
= htons(hdr
->nscount
);
87 memcpy(buf
+ off
, &s
, sizeof(s
));
89 s
= htons(hdr
->arcount
);
90 memcpy(buf
+ off
, &s
, sizeof(s
));
99 * Packs a label into a buffer. The format of
100 * a label is one octet specifying the number of character
101 * bytes to follow. Labels must be smaller than 64 octets.
102 * Returns number of octets packed.
105 rfc1035LabelPack(char *buf
, size_t sz
, const char *label
)
108 size_t len
= label
? strlen(label
) : 0;
110 assert(!strchr(label
, '.'));
111 if (len
> RFC1035_MAXLABELSZ
)
112 len
= RFC1035_MAXLABELSZ
;
113 assert(sz
>= len
+ 1);
114 *(buf
+ off
) = (char) len
;
116 memcpy(buf
+ off
, label
, len
);
124 * Packs a name into a buffer. Names are packed as a
125 * sequence of labels, terminated with NULL label.
126 * Note message compression is not supported here.
127 * Returns number of octets packed.
130 rfc1035NamePack(char *buf
, size_t sz
, const char *name
)
132 unsigned int off
= 0;
133 char *copy
= xstrdup(name
);
136 * NOTE: use of strtok here makes names like foo....com valid.
138 for (t
= strtok(copy
, "."); t
; t
= strtok(nullptr, "."))
139 off
+= rfc1035LabelPack(buf
+ off
, sz
- off
, t
);
141 off
+= rfc1035LabelPack(buf
+ off
, sz
- off
, nullptr);
147 * rfc1035QuestionPack()
149 * Packs a QUESTION section of a message.
150 * Returns number of octets packed.
153 rfc1035QuestionPack(char *buf
,
156 const unsigned short type
,
157 const unsigned short _class
)
159 unsigned int off
= 0;
161 off
+= rfc1035NamePack(buf
+ off
, sz
- off
, name
);
163 memcpy(buf
+ off
, &s
, sizeof(s
));
166 memcpy(buf
+ off
, &s
, sizeof(s
));
173 * rfc1035HeaderUnpack()
175 * Unpacks a RFC1035 message header buffer into the header fields
176 * of the rfc1035_message structure.
178 * Updates the buffer offset, which is the same as number of
179 * octects unpacked since the header starts at offset 0.
181 * Returns 0 (success) or 1 (error)
184 rfc1035HeaderUnpack(const char *buf
, size_t sz
, unsigned int *off
, rfc1035_message
* h
)
190 * The header is 12 octets. This is a bogus message if the size
195 memcpy(&s
, buf
+ (*off
), sizeof(s
));
198 memcpy(&s
, buf
+ (*off
), sizeof(s
));
201 h
->qr
= (t
>> 15) & 0x01;
202 h
->opcode
= (t
>> 11) & 0x0F;
203 h
->aa
= (t
>> 10) & 0x01;
204 h
->tc
= (t
>> 9) & 0x01;
205 h
->rd
= (t
>> 8) & 0x01;
206 h
->ra
= (t
>> 7) & 0x01;
208 * We might want to check that the reserved 'Z' bits (6-4) are
209 * all zero as per RFC 1035. If not the message should be
211 * NO! RFCs say ignore inbound reserved, they may be used in future.
212 * NEW messages need to be set 0, that's all.
215 memcpy(&s
, buf
+ (*off
), sizeof(s
));
217 h
->qdcount
= ntohs(s
);
218 memcpy(&s
, buf
+ (*off
), sizeof(s
));
220 h
->ancount
= ntohs(s
);
221 memcpy(&s
, buf
+ (*off
), sizeof(s
));
223 h
->nscount
= ntohs(s
);
224 memcpy(&s
, buf
+ (*off
), sizeof(s
));
226 h
->arcount
= ntohs(s
);
227 assert((*off
) == 12);
232 * rfc1035NameUnpack()
234 * Unpacks a Name in a message buffer into a char*.
235 * Note 'buf' points to the beginning of the whole message,
236 * 'off' points to the spot where the Name begins, and 'sz'
237 * is the size of the whole message. 'name' must be allocated
240 * Supports the RFC1035 message compression through recursion.
242 * Updates the new buffer offset.
244 * Returns 0 (success) or 1 (error)
247 rfc1035NameUnpack(const char *buf
, size_t sz
, unsigned int *off
, unsigned short *rdlength
, char *name
, size_t ns
, int rdepth
)
255 RFC1035_UNPACK_DEBUG
;
260 /* blasted compression */
263 if (rdepth
> 64) { /* infinite pointer loop */
264 RFC1035_UNPACK_DEBUG
;
267 memcpy(&s
, buf
+ (*off
), sizeof(s
));
272 RFC1035_UNPACK_DEBUG
;
276 /* Make sure the pointer is inside this message */
278 RFC1035_UNPACK_DEBUG
;
281 return rfc1035NameUnpack(buf
, sz
, &ptr
, rdlength
, name
+ no
, ns
- no
, rdepth
+ 1);
282 } else if (c
> RFC1035_MAXLABELSZ
) {
284 * "(The 10 and 01 combinations are reserved for future use.)"
286 RFC1035_UNPACK_DEBUG
;
293 if (len
> (ns
- no
- 1)) { /* label won't fit */
294 RFC1035_UNPACK_DEBUG
;
297 if ((*off
) + len
>= sz
) { /* message is too short */
298 RFC1035_UNPACK_DEBUG
;
301 memcpy(name
+ no
, buf
+ (*off
), len
);
304 *(name
+ (no
++)) = '.';
306 *rdlength
+= len
+ 1;
308 } while (c
> 0 && no
< ns
);
310 *(name
+ no
- 1) = '\0';
313 /* make sure we didn't allow someone to overflow the name buffer */
321 * Packs a RFC1035 Resource Record into a message buffer from 'RR'.
322 * The caller must allocate and free RR->rdata and RR->name!
324 * Updates the new message buffer.
326 * Returns the number of bytes added to the buffer or 0 for error.
329 rfc1035RRPack(char *buf
, const size_t sz
, const rfc1035_rr
* RR
)
335 off
= rfc1035NamePack(buf
, sz
, RR
->name
);
338 * Make sure the remaining message has enough octets for the
339 * rest of the RR fields.
341 if ((off
+ sizeof(s
)*3 + sizeof(i
) + RR
->rdlength
) > sz
) {
345 memcpy(buf
+ off
, &s
, sizeof(s
));
347 s
= htons(RR
->_class
);
348 memcpy(buf
+ off
, &s
, sizeof(s
));
351 memcpy(buf
+ off
, &i
, sizeof(i
));
353 s
= htons(RR
->rdlength
);
354 memcpy(buf
+ off
, &s
, sizeof(s
));
356 memcpy(buf
+ off
, &(RR
->rdata
), RR
->rdlength
);
365 * Unpacks a RFC1035 Resource Record into 'RR' from a message buffer.
366 * The caller must free RR->rdata!
368 * Updates the new message buffer offset.
370 * Returns 0 (success) or 1 (error)
373 rfc1035RRUnpack(const char *buf
, size_t sz
, unsigned int *off
, rfc1035_rr
* RR
)
377 unsigned short rdlength
;
378 unsigned int rdata_off
;
379 if (rfc1035NameUnpack(buf
, sz
, off
, nullptr, RR
->name
, RFC1035_MAXHOSTNAMESZ
, 0)) {
380 RFC1035_UNPACK_DEBUG
;
381 memset(RR
, '\0', sizeof(*RR
));
385 * Make sure the remaining message has enough octets for the
386 * rest of the RR fields.
388 if ((*off
) + 10 > sz
) {
389 RFC1035_UNPACK_DEBUG
;
390 memset(RR
, '\0', sizeof(*RR
));
393 memcpy(&s
, buf
+ (*off
), sizeof(s
));
396 memcpy(&s
, buf
+ (*off
), sizeof(s
));
398 RR
->_class
= ntohs(s
);
399 memcpy(&i
, buf
+ (*off
), sizeof(i
));
402 memcpy(&s
, buf
+ (*off
), sizeof(s
));
405 if ((*off
) + rdlength
> sz
) {
407 * We got a truncated packet. 'dnscache' truncates UDP
408 * replies at 512 octets, as per RFC 1035.
410 RFC1035_UNPACK_DEBUG
;
411 memset(RR
, '\0', sizeof(*RR
));
414 RR
->rdlength
= rdlength
;
416 case RFC1035_TYPE_PTR
:
417 RR
->rdata
= (char*)xmalloc(RFC1035_MAXHOSTNAMESZ
);
419 RR
->rdlength
= 0; /* Filled in by rfc1035NameUnpack */
420 if (rfc1035NameUnpack(buf
, sz
, &rdata_off
, &RR
->rdlength
, RR
->rdata
, RFC1035_MAXHOSTNAMESZ
, 0)) {
421 RFC1035_UNPACK_DEBUG
;
424 if (rdata_off
> ((*off
) + rdlength
)) {
426 * This probably doesn't happen for valid packets, but
427 * I want to make sure that NameUnpack doesn't go beyond
430 RFC1035_UNPACK_DEBUG
;
432 memset(RR
, '\0', sizeof(*RR
));
438 RR
->rdata
= (char*)xmalloc(rdlength
);
439 memcpy(RR
->rdata
, buf
+ (*off
), rdlength
);
443 assert((*off
) <= sz
);
448 rfc1035ErrorMessage(int n
)
454 return "No error condition";
457 return "Format Error: The name server was "
458 "unable to interpret the query.";
461 return "Server Failure: The name server was "
462 "unable to process this query.";
465 return "Name Error: The domain name does "
469 return "Not Implemented: The name server does "
470 "not support the requested kind of query.";
473 return "Refused: The name server refuses to "
474 "perform the specified operation.";
476 case rfc1035_unpack_error
:
477 return "The DNS reply message is corrupt or could "
478 "not be safely parsed.";
481 return "Unknown Error";
487 rfc1035RRDestroy(rfc1035_rr
** rr
, int n
)
489 if (*rr
== nullptr) {
495 xfree((*rr
)[n
].rdata
);
502 * rfc1035QueryUnpack()
504 * Unpacks a RFC1035 Query Record into 'query' from a message buffer.
506 * Updates the new message buffer offset.
508 * Returns 0 (success) or 1 (error)
511 rfc1035QueryUnpack(const char *buf
, size_t sz
, unsigned int *off
, rfc1035_query
* query
)
514 if (rfc1035NameUnpack(buf
, sz
, off
, nullptr, query
->name
, RFC1035_MAXHOSTNAMESZ
, 0)) {
515 RFC1035_UNPACK_DEBUG
;
516 memset(query
, '\0', sizeof(*query
));
520 RFC1035_UNPACK_DEBUG
;
521 memset(query
, '\0', sizeof(*query
));
524 memcpy(&s
, buf
+ *off
, 2);
526 query
->qtype
= ntohs(s
);
527 memcpy(&s
, buf
+ *off
, 2);
529 query
->qclass
= ntohs(s
);
534 rfc1035MessageDestroy(rfc1035_message
** msg
)
539 xfree((*msg
)->query
);
541 rfc1035RRDestroy(&(*msg
)->answer
, (*msg
)->ancount
);
547 * rfc1035QueryCompare()
549 * Compares two rfc1035_query entries
551 * Returns 0 (equal) or !=0 (different)
554 rfc1035QueryCompare(const rfc1035_query
* a
, const rfc1035_query
* b
)
557 if (a
->qtype
!= b
->qtype
)
559 if (a
->qclass
!= b
->qclass
)
561 la
= strlen(a
->name
);
562 lb
= strlen(b
->name
);
564 /* Trim root label(s) */
565 while (la
> 0 && a
->name
[la
- 1] == '.')
567 while (lb
> 0 && b
->name
[lb
- 1] == '.')
573 return strncasecmp(a
->name
, b
->name
, la
);
577 * rfc1035MessageUnpack()
579 * Takes the contents of a DNS reply and fills in an array
580 * of resource record structures. The records array is allocated
581 * here, and should be freed by calling rfc1035RRDestroy().
583 * Returns number of records unpacked, zero if DNS reply indicates
584 * zero answers, or an error number < 0.
588 rfc1035MessageUnpack(const char *buf
,
590 rfc1035_message
** answer
)
592 unsigned int off
= 0;
595 rfc1035_message
*msg
= nullptr;
596 rfc1035_rr
*recs
= nullptr;
597 rfc1035_query
*querys
= nullptr;
598 msg
= (rfc1035_message
*)xcalloc(1, sizeof(*msg
));
599 if (rfc1035HeaderUnpack(buf
+ off
, sz
- off
, &off
, msg
)) {
600 RFC1035_UNPACK_DEBUG
;
602 return -rfc1035_unpack_error
;
604 i
= (unsigned int) msg
->qdcount
;
606 /* This can not be an answer to our queries.. */
607 RFC1035_UNPACK_DEBUG
;
609 return -rfc1035_unpack_error
;
611 querys
= msg
->query
= (rfc1035_query
*)xcalloc(i
, sizeof(*querys
));
612 for (j
= 0; j
< i
; j
++) {
613 if (rfc1035QueryUnpack(buf
, sz
, &off
, &querys
[j
])) {
614 RFC1035_UNPACK_DEBUG
;
615 rfc1035MessageDestroy(&msg
);
616 return -rfc1035_unpack_error
;
621 RFC1035_UNPACK_DEBUG
;
624 if (msg
->ancount
== 0)
626 i
= (unsigned int) msg
->ancount
;
627 recs
= msg
->answer
= (rfc1035_rr
*)xcalloc(i
, sizeof(*recs
));
628 for (j
= 0; j
< i
; j
++) {
629 if (off
>= sz
) { /* corrupt packet */
630 RFC1035_UNPACK_DEBUG
;
633 if (rfc1035RRUnpack(buf
, sz
, &off
, &recs
[j
])) { /* corrupt RR */
634 RFC1035_UNPACK_DEBUG
;
641 * we expected to unpack some answers (ancount != 0), but
642 * didn't actually get any.
644 rfc1035MessageDestroy(&msg
);
646 return -rfc1035_unpack_error
;
652 * rfc1035BuildAQuery()
654 * Builds a message buffer with a QUESTION to lookup A records
655 * for a hostname. Caller must allocate 'buf' which should
656 * probably be at least 512 octets. The 'szp' initially
657 * specifies the size of the buffer, on return it contains
658 * the size of the message (i.e. how much to write).
659 * Returns the size of the query
662 rfc1035BuildAQuery(const char *hostname
, char *buf
, size_t sz
, unsigned short qid
, rfc1035_query
* query
, ssize_t edns_sz
)
664 static rfc1035_message h
;
666 memset(&h
, '\0', sizeof(h
));
670 h
.opcode
= 0; /* QUERY */
671 h
.qdcount
= (unsigned int) 1;
672 h
.arcount
= (edns_sz
> 0 ? 1 : 0);
673 offset
+= rfc1035HeaderPack(buf
+ offset
, sz
- offset
, &h
);
674 offset
+= rfc1035QuestionPack(buf
+ offset
,
680 offset
+= rfc2671RROptPack(buf
+ offset
, sz
- offset
, edns_sz
);
682 query
->qtype
= RFC1035_TYPE_A
;
683 query
->qclass
= RFC1035_CLASS_IN
;
684 xstrncpy(query
->name
, hostname
, sizeof(query
->name
));
686 assert(offset
<= sz
);
691 * rfc1035BuildPTRQuery()
693 * Builds a message buffer with a QUESTION to lookup PTR records
694 * for an address. Caller must allocate 'buf' which should
695 * probably be at least 512 octets. The 'szp' initially
696 * specifies the size of the buffer, on return it contains
697 * the size of the message (i.e. how much to write).
698 * Returns the size of the query
701 rfc1035BuildPTRQuery(const struct in_addr addr
, char *buf
, size_t sz
, unsigned short qid
, rfc1035_query
* query
, ssize_t edns_sz
)
703 static rfc1035_message h
;
707 memset(&h
, '\0', sizeof(h
));
708 i
= (unsigned int) ntohl(addr
.s_addr
);
709 snprintf(rev
, 32, "%u.%u.%u.%u.in-addr.arpa.",
717 h
.opcode
= 0; /* QUERY */
718 h
.qdcount
= (unsigned int) 1;
719 h
.arcount
= (edns_sz
> 0 ? 1 : 0);
720 offset
+= rfc1035HeaderPack(buf
+ offset
, sz
- offset
, &h
);
721 offset
+= rfc1035QuestionPack(buf
+ offset
,
727 offset
+= rfc2671RROptPack(buf
+ offset
, sz
- offset
, edns_sz
);
729 query
->qtype
= RFC1035_TYPE_PTR
;
730 query
->qclass
= RFC1035_CLASS_IN
;
731 xstrncpy(query
->name
, rev
, sizeof(query
->name
));
733 assert(offset
<= sz
);
738 * We're going to retry a former query, but we
739 * just need a new ID for it. Lucky for us ID
740 * is the first field in the message buffer.
743 rfc1035SetQueryID(char *buf
, unsigned short qid
)
745 unsigned short s
= htons(qid
);
746 memcpy(buf
, &s
, sizeof(s
));