]>
Commit | Line | Data |
---|---|---|
bb330e25 AF |
1 | commit 16b293a7a6f65d8ff348a603d19e8fd4372fa3a9 |
2 | Author: Siddhesh Poyarekar <siddhesh@redhat.com> | |
3 | Date: Wed Apr 30 11:48:43 2014 +0530 | |
4 | ||
5 | Do not fail if one of the two responses to AF_UNSPEC fails (BZ #14308) | |
6 | ||
7 | [Fixes BZ #14308, #12994, #13651] | |
8 | ||
9 | AF_UNSPEC results in sending two queries in parallel, one for the A | |
10 | record and the other for the AAAA record. If one of these is a | |
11 | referral, then the query fails, which is wrong. It should return at | |
12 | least the one successful response. | |
13 | ||
14 | The fix has two parts. The first part makes the referral fall back to | |
15 | the SERVFAIL path, which results in using the successful response. | |
16 | There is a bug in that path however, due to which the second part is | |
17 | necessary. The bug here is that if the first response is a failure | |
18 | and the second succeeds, __libc_res_nsearch does not detect that and | |
19 | assumes a failure. The case where the first response is a success and | |
20 | the second fails, works correctly. | |
21 | ||
22 | This condition is produced by buggy routers, so here's a crude | |
23 | interposable library that can simulate such a condition. The library | |
24 | overrides the recvfrom syscall and modifies the header of the packet | |
25 | received to reproduce this scenario. It has two key variables: | |
26 | mod_packet and first_error. | |
27 | ||
28 | The mod_packet variable when set to 0, results in odd packets being | |
29 | modified to be a referral. When set to 1, even packets are modified | |
30 | to be a referral. | |
31 | ||
32 | The first_error causes the first response to be a failure so that a | |
33 | domain-appended search is performed to test the second part of the | |
34 | __libc_nsearch fix. | |
35 | ||
36 | The driver for this fix is a simple getaddrinfo program that does an | |
37 | AF_UNSPEC query. I have omitted this since it should be easy to | |
38 | implement. | |
39 | ||
40 | I have tested this on x86_64. | |
41 | ||
42 | The interceptor library source: | |
43 | ||
44 | /* Override recvfrom and modify the header of the first DNS response to make it | |
45 | a referral and reproduce bz #845218. We have to resort to this ugly hack | |
46 | because we cannot make bind return the buggy response of a referral for the | |
47 | AAAA record and an authoritative response for the A record. */ | |
48 | #define _GNU_SOURCE | |
49 | #include <sys/types.h> | |
50 | #include <sys/socket.h> | |
51 | #include <netinet/in.h> | |
52 | #include <arpa/inet.h> | |
53 | #include <stdio.h> | |
54 | #include <stdbool.h> | |
55 | #include <endian.h> | |
56 | #include <dlfcn.h> | |
57 | #include <stdlib.h> | |
58 | ||
59 | /* Lifted from resolv/arpa/nameser_compat.h. */ | |
60 | typedef struct { | |
61 | unsigned id :16; /*%< query identification number */ | |
62 | #if BYTE_ORDER == BIG_ENDIAN | |
63 | /* fields in third byte */ | |
64 | unsigned qr: 1; /*%< response flag */ | |
65 | unsigned opcode: 4; /*%< purpose of message */ | |
66 | unsigned aa: 1; /*%< authoritive answer */ | |
67 | unsigned tc: 1; /*%< truncated message */ | |
68 | unsigned rd: 1; /*%< recursion desired */ | |
69 | /* fields | |
70 | * in | |
71 | * fourth | |
72 | * byte | |
73 | * */ | |
74 | unsigned ra: 1; /*%< recursion available */ | |
75 | unsigned unused :1; /*%< unused bits (MBZ as of 4.9.3a3) */ | |
76 | unsigned ad: 1; /*%< authentic data from named */ | |
77 | unsigned cd: 1; /*%< checking disabled by resolver */ | |
78 | unsigned rcode :4; /*%< response code */ | |
79 | #endif | |
80 | #if BYTE_ORDER == LITTLE_ENDIAN || BYTE_ORDER == PDP_ENDIAN | |
81 | /* fields | |
82 | * in | |
83 | * third | |
84 | * byte | |
85 | * */ | |
86 | unsigned rd :1; /*%< recursion desired */ | |
87 | unsigned tc :1; /*%< truncated message */ | |
88 | unsigned aa :1; /*%< authoritive answer */ | |
89 | unsigned opcode :4; /*%< purpose of message */ | |
90 | unsigned qr :1; /*%< response flag */ | |
91 | /* fields | |
92 | * in | |
93 | * fourth | |
94 | * byte | |
95 | * */ | |
96 | unsigned rcode :4; /*%< response code */ | |
97 | unsigned cd: 1; /*%< checking disabled by resolver */ | |
98 | unsigned ad: 1; /*%< authentic data from named */ | |
99 | unsigned unused :1; /*%< unused bits (MBZ as of 4.9.3a3) */ | |
100 | unsigned ra :1; /*%< recursion available */ | |
101 | #endif | |
102 | /* remaining | |
103 | * bytes | |
104 | * */ | |
105 | unsigned qdcount :16; /*%< number of question entries */ | |
106 | unsigned ancount :16; /*%< number of answer entries */ | |
107 | unsigned nscount :16; /*%< number of authority entries */ | |
108 | unsigned arcount :16; /*%< number of resource entries */ | |
109 | } HEADER; | |
110 | ||
111 | static int done = 0; | |
112 | ||
113 | /* Packets to modify. 0 for the odd packets and 1 for even packets. */ | |
114 | static const int mod_packet = 0; | |
115 | ||
116 | /* Set to true if the first request should result in an error, resulting in a | |
117 | search query. */ | |
118 | static bool first_error = true; | |
119 | ||
120 | static ssize_t (*real_recvfrom) (int sockfd, void *buf, size_t len, int flags, | |
121 | struct sockaddr *src_addr, socklen_t *addrlen); | |
122 | ||
123 | void | |
124 | __attribute__ ((constructor)) | |
125 | init (void) | |
126 | { | |
127 | real_recvfrom = dlsym (RTLD_NEXT, "recvfrom"); | |
128 | ||
129 | if (real_recvfrom == NULL) | |
130 | { | |
131 | printf ("Failed to get reference to recvfrom: %s\n", dlerror ()); | |
132 | printf ("Cannot simulate test\n"); | |
133 | abort (); | |
134 | } | |
135 | } | |
136 | ||
137 | /* Modify the second packet that we receive to set the header in a manner as to | |
138 | reproduce BZ #845218. */ | |
139 | static void | |
140 | mod_buf (HEADER *h, int port) | |
141 | { | |
142 | if (done % 2 == mod_packet || (first_error && done == 1)) | |
143 | { | |
144 | printf ("(Modifying header)"); | |
145 | ||
146 | if (first_error && done == 1) | |
147 | h->rcode = 3; | |
148 | else | |
149 | h->rcode = 0; /* NOERROR == 0. */ | |
150 | h->ancount = 0; | |
151 | h->aa = 0; | |
152 | h->ra = 0; | |
153 | h->arcount = 0; | |
154 | } | |
155 | done++; | |
156 | } | |
157 | ||
158 | ssize_t | |
159 | recvfrom (int sockfd, void *buf, size_t len, int flags, | |
160 | struct sockaddr *src_addr, socklen_t *addrlen) | |
161 | { | |
162 | ssize_t ret = real_recvfrom (sockfd, buf, len, flags, src_addr, addrlen); | |
163 | int port = htons (((struct sockaddr_in *) src_addr)->sin_port); | |
164 | struct in_addr addr = ((struct sockaddr_in *) src_addr)->sin_addr; | |
165 | const char *host = inet_ntoa (addr); | |
166 | printf ("\n*** From %s:%d: ", host, port); | |
167 | ||
168 | mod_buf (buf, port); | |
169 | ||
170 | printf ("returned %zd\n", ret); | |
171 | return ret; | |
172 | } | |
173 | ||
174 | diff --git a/resolv/res_query.c b/resolv/res_query.c | |
175 | index a9db837..4e6612c 100644 | |
176 | --- a/resolv/res_query.c | |
177 | +++ b/resolv/res_query.c | |
178 | @@ -382,7 +382,9 @@ __libc_res_nsearch(res_state statp, | |
179 | ret = __libc_res_nquerydomain(statp, name, NULL, class, type, | |
180 | answer, anslen, answerp, | |
181 | answerp2, nanswerp2, resplen2); | |
182 | - if (ret > 0 || trailing_dot) | |
183 | + if (ret > 0 || trailing_dot | |
184 | + /* If the second response is valid then we use that. */ | |
185 | + || (ret == 0 && answerp2 != NULL && resplen2 > 0)) | |
186 | return (ret); | |
187 | saved_herrno = h_errno; | |
188 | tried_as_is++; | |
189 | @@ -422,7 +424,8 @@ __libc_res_nsearch(res_state statp, | |
190 | answer, anslen, answerp, | |
191 | answerp2, nanswerp2, | |
192 | resplen2); | |
193 | - if (ret > 0) | |
194 | + if (ret > 0 || (ret == 0 && answerp2 != NULL | |
195 | + && resplen2 > 0)) | |
196 | return (ret); | |
197 | ||
198 | if (answerp && *answerp != answer) { | |
199 | diff --git a/resolv/res_send.c b/resolv/res_send.c | |
200 | index 60743df..3273d55 100644 | |
201 | --- a/resolv/res_send.c | |
202 | +++ b/resolv/res_send.c | |
203 | @@ -1351,6 +1351,7 @@ send_dg(res_state statp, | |
204 | (*thisresplenp > *thisanssizp) | |
205 | ? *thisanssizp : *thisresplenp); | |
206 | ||
207 | + next_ns: | |
208 | if (recvresp1 || (buf2 != NULL && recvresp2)) { | |
209 | *resplen2 = 0; | |
210 | return resplen; | |
211 | @@ -1368,7 +1369,6 @@ send_dg(res_state statp, | |
212 | goto wait; | |
213 | } | |
214 | ||
215 | - next_ns: | |
216 | __res_iclose(statp, false); | |
217 | /* don't retry if called from dig */ | |
218 | if (!statp->pfcode) |