]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/resolved-dns-packet.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
sd-event: instrument sd_event_run() for profiling delays
[thirdparty/systemd.git] / src / resolve / resolved-dns-packet.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2014 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include "alloc-util.h"
23 #include "dns-domain.h"
24 #include "resolved-dns-packet.h"
25 #include "string-table.h"
26 #include "strv.h"
27 #include "unaligned.h"
28 #include "utf8.h"
29 #include "util.h"
30
31 #define EDNS0_OPT_DO (1<<15)
32
33 int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
34 DnsPacket *p;
35 size_t a;
36
37 assert(ret);
38
39 if (mtu <= UDP_PACKET_HEADER_SIZE)
40 a = DNS_PACKET_SIZE_START;
41 else
42 a = mtu - UDP_PACKET_HEADER_SIZE;
43
44 if (a < DNS_PACKET_HEADER_SIZE)
45 a = DNS_PACKET_HEADER_SIZE;
46
47 /* round up to next page size */
48 a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));
49
50 /* make sure we never allocate more than useful */
51 if (a > DNS_PACKET_SIZE_MAX)
52 a = DNS_PACKET_SIZE_MAX;
53
54 p = malloc0(ALIGN(sizeof(DnsPacket)) + a);
55 if (!p)
56 return -ENOMEM;
57
58 p->size = p->rindex = DNS_PACKET_HEADER_SIZE;
59 p->allocated = a;
60 p->protocol = protocol;
61 p->opt_start = p->opt_size = (size_t) -1;
62 p->n_ref = 1;
63
64 *ret = p;
65
66 return 0;
67 }
68
69 void dns_packet_set_flags(DnsPacket *p, bool dnssec_checking_disabled, bool truncated) {
70
71 DnsPacketHeader *h;
72
73 assert(p);
74
75 h = DNS_PACKET_HEADER(p);
76
77 switch(p->protocol) {
78 case DNS_PROTOCOL_LLMNR:
79 assert(!truncated);
80
81 h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
82 0 /* opcode */,
83 0 /* c */,
84 0 /* tc */,
85 0 /* t */,
86 0 /* ra */,
87 0 /* ad */,
88 0 /* cd */,
89 0 /* rcode */));
90 break;
91
92 case DNS_PROTOCOL_MDNS:
93 h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
94 0 /* opcode */,
95 0 /* aa */,
96 truncated /* tc */,
97 0 /* rd (ask for recursion) */,
98 0 /* ra */,
99 0 /* ad */,
100 0 /* cd */,
101 0 /* rcode */));
102 break;
103
104 default:
105 assert(!truncated);
106
107 h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
108 0 /* opcode */,
109 0 /* aa */,
110 0 /* tc */,
111 1 /* rd (ask for recursion) */,
112 0 /* ra */,
113 0 /* ad */,
114 dnssec_checking_disabled /* cd */,
115 0 /* rcode */));
116 }
117 }
118
119 int dns_packet_new_query(DnsPacket **ret, DnsProtocol protocol, size_t mtu, bool dnssec_checking_disabled) {
120 DnsPacket *p;
121 int r;
122
123 assert(ret);
124
125 r = dns_packet_new(&p, protocol, mtu);
126 if (r < 0)
127 return r;
128
129 /* Always set the TC bit to 0 initially.
130 * If there are multiple packets later, we'll update the bit shortly before sending.
131 */
132 dns_packet_set_flags(p, dnssec_checking_disabled, false);
133
134 *ret = p;
135 return 0;
136 }
137
138 DnsPacket *dns_packet_ref(DnsPacket *p) {
139
140 if (!p)
141 return NULL;
142
143 assert(!p->on_stack);
144
145 assert(p->n_ref > 0);
146 p->n_ref++;
147 return p;
148 }
149
150 static void dns_packet_free(DnsPacket *p) {
151 char *s;
152
153 assert(p);
154
155 dns_question_unref(p->question);
156 dns_answer_unref(p->answer);
157 dns_resource_record_unref(p->opt);
158
159 while ((s = hashmap_steal_first_key(p->names)))
160 free(s);
161 hashmap_free(p->names);
162
163 free(p->_data);
164
165 if (!p->on_stack)
166 free(p);
167 }
168
169 DnsPacket *dns_packet_unref(DnsPacket *p) {
170 if (!p)
171 return NULL;
172
173 assert(p->n_ref > 0);
174
175 dns_packet_unref(p->more);
176
177 if (p->n_ref == 1)
178 dns_packet_free(p);
179 else
180 p->n_ref--;
181
182 return NULL;
183 }
184
185 int dns_packet_validate(DnsPacket *p) {
186 assert(p);
187
188 if (p->size < DNS_PACKET_HEADER_SIZE)
189 return -EBADMSG;
190
191 if (p->size > DNS_PACKET_SIZE_MAX)
192 return -EBADMSG;
193
194 return 1;
195 }
196
197 int dns_packet_validate_reply(DnsPacket *p) {
198 int r;
199
200 assert(p);
201
202 r = dns_packet_validate(p);
203 if (r < 0)
204 return r;
205
206 if (DNS_PACKET_QR(p) != 1)
207 return 0;
208
209 if (DNS_PACKET_OPCODE(p) != 0)
210 return -EBADMSG;
211
212 switch (p->protocol) {
213
214 case DNS_PROTOCOL_LLMNR:
215 /* RFC 4795, Section 2.1.1. says to discard all replies with QDCOUNT != 1 */
216 if (DNS_PACKET_QDCOUNT(p) != 1)
217 return -EBADMSG;
218
219 break;
220
221 case DNS_PROTOCOL_MDNS:
222 /* RFC 6762, Section 18 */
223 if (DNS_PACKET_RCODE(p) != 0)
224 return -EBADMSG;
225
226 break;
227
228 default:
229 break;
230 }
231
232 return 1;
233 }
234
235 int dns_packet_validate_query(DnsPacket *p) {
236 int r;
237
238 assert(p);
239
240 r = dns_packet_validate(p);
241 if (r < 0)
242 return r;
243
244 if (DNS_PACKET_QR(p) != 0)
245 return 0;
246
247 if (DNS_PACKET_OPCODE(p) != 0)
248 return -EBADMSG;
249
250 if (DNS_PACKET_TC(p))
251 return -EBADMSG;
252
253 switch (p->protocol) {
254
255 case DNS_PROTOCOL_LLMNR:
256 /* RFC 4795, Section 2.1.1. says to discard all queries with QDCOUNT != 1 */
257 if (DNS_PACKET_QDCOUNT(p) != 1)
258 return -EBADMSG;
259
260 /* RFC 4795, Section 2.1.1. says to discard all queries with ANCOUNT != 0 */
261 if (DNS_PACKET_ANCOUNT(p) > 0)
262 return -EBADMSG;
263
264 /* RFC 4795, Section 2.1.1. says to discard all queries with NSCOUNT != 0 */
265 if (DNS_PACKET_NSCOUNT(p) > 0)
266 return -EBADMSG;
267
268 break;
269
270 case DNS_PROTOCOL_MDNS:
271 /* RFC 6762, Section 18 */
272 if (DNS_PACKET_AA(p) != 0 ||
273 DNS_PACKET_RD(p) != 0 ||
274 DNS_PACKET_RA(p) != 0 ||
275 DNS_PACKET_AD(p) != 0 ||
276 DNS_PACKET_CD(p) != 0 ||
277 DNS_PACKET_RCODE(p) != 0)
278 return -EBADMSG;
279
280 break;
281
282 default:
283 break;
284 }
285
286 return 1;
287 }
288
289 static int dns_packet_extend(DnsPacket *p, size_t add, void **ret, size_t *start) {
290 assert(p);
291
292 if (p->size + add > p->allocated) {
293 size_t a;
294
295 a = PAGE_ALIGN((p->size + add) * 2);
296 if (a > DNS_PACKET_SIZE_MAX)
297 a = DNS_PACKET_SIZE_MAX;
298
299 if (p->size + add > a)
300 return -EMSGSIZE;
301
302 if (p->_data) {
303 void *d;
304
305 d = realloc(p->_data, a);
306 if (!d)
307 return -ENOMEM;
308
309 p->_data = d;
310 } else {
311 p->_data = malloc(a);
312 if (!p->_data)
313 return -ENOMEM;
314
315 memcpy(p->_data, (uint8_t*) p + ALIGN(sizeof(DnsPacket)), p->size);
316 memzero((uint8_t*) p->_data + p->size, a - p->size);
317 }
318
319 p->allocated = a;
320 }
321
322 if (start)
323 *start = p->size;
324
325 if (ret)
326 *ret = (uint8_t*) DNS_PACKET_DATA(p) + p->size;
327
328 p->size += add;
329 return 0;
330 }
331
332 void dns_packet_truncate(DnsPacket *p, size_t sz) {
333 Iterator i;
334 char *s;
335 void *n;
336
337 assert(p);
338
339 if (p->size <= sz)
340 return;
341
342 HASHMAP_FOREACH_KEY(n, s, p->names, i) {
343
344 if (PTR_TO_SIZE(n) < sz)
345 continue;
346
347 hashmap_remove(p->names, s);
348 free(s);
349 }
350
351 p->size = sz;
352 }
353
354 int dns_packet_append_blob(DnsPacket *p, const void *d, size_t l, size_t *start) {
355 void *q;
356 int r;
357
358 assert(p);
359
360 r = dns_packet_extend(p, l, &q, start);
361 if (r < 0)
362 return r;
363
364 memcpy(q, d, l);
365 return 0;
366 }
367
368 int dns_packet_append_uint8(DnsPacket *p, uint8_t v, size_t *start) {
369 void *d;
370 int r;
371
372 assert(p);
373
374 r = dns_packet_extend(p, sizeof(uint8_t), &d, start);
375 if (r < 0)
376 return r;
377
378 ((uint8_t*) d)[0] = v;
379
380 return 0;
381 }
382
383 int dns_packet_append_uint16(DnsPacket *p, uint16_t v, size_t *start) {
384 void *d;
385 int r;
386
387 assert(p);
388
389 r = dns_packet_extend(p, sizeof(uint16_t), &d, start);
390 if (r < 0)
391 return r;
392
393 unaligned_write_be16(d, v);
394
395 return 0;
396 }
397
398 int dns_packet_append_uint32(DnsPacket *p, uint32_t v, size_t *start) {
399 void *d;
400 int r;
401
402 assert(p);
403
404 r = dns_packet_extend(p, sizeof(uint32_t), &d, start);
405 if (r < 0)
406 return r;
407
408 unaligned_write_be32(d, v);
409
410 return 0;
411 }
412
413 int dns_packet_append_string(DnsPacket *p, const char *s, size_t *start) {
414 assert(p);
415 assert(s);
416
417 return dns_packet_append_raw_string(p, s, strlen(s), start);
418 }
419
420 int dns_packet_append_raw_string(DnsPacket *p, const void *s, size_t size, size_t *start) {
421 void *d;
422 int r;
423
424 assert(p);
425 assert(s || size == 0);
426
427 if (size > 255)
428 return -E2BIG;
429
430 r = dns_packet_extend(p, 1 + size, &d, start);
431 if (r < 0)
432 return r;
433
434 ((uint8_t*) d)[0] = (uint8_t) size;
435
436 if (size > 0)
437 memcpy(((uint8_t*) d) + 1, s, size);
438
439 return 0;
440 }
441
442 int dns_packet_append_label(DnsPacket *p, const char *d, size_t l, bool canonical_candidate, size_t *start) {
443 uint8_t *w;
444 int r;
445
446 /* Append a label to a packet. Optionally, does this in DNSSEC
447 * canonical form, if this label is marked as a candidate for
448 * it, and the canonical form logic is enabled for the
449 * packet */
450
451 assert(p);
452 assert(d);
453
454 if (l > DNS_LABEL_MAX)
455 return -E2BIG;
456
457 r = dns_packet_extend(p, 1 + l, (void**) &w, start);
458 if (r < 0)
459 return r;
460
461 *(w++) = (uint8_t) l;
462
463 if (p->canonical_form && canonical_candidate) {
464 size_t i;
465
466 /* Generate in canonical form, as defined by DNSSEC
467 * RFC 4034, Section 6.2, i.e. all lower-case. */
468
469 for (i = 0; i < l; i++) {
470 if (d[i] >= 'A' && d[i] <= 'Z')
471 w[i] = (uint8_t) (d[i] - 'A' + 'a');
472 else
473 w[i] = (uint8_t) d[i];
474 }
475 } else
476 /* Otherwise, just copy the string unaltered. This is
477 * essential for DNS-SD, where the casing of labels
478 * matters and needs to be retained. */
479 memcpy(w, d, l);
480
481 return 0;
482 }
483
484 int dns_packet_append_name(
485 DnsPacket *p,
486 const char *name,
487 bool allow_compression,
488 bool canonical_candidate,
489 size_t *start) {
490
491 size_t saved_size;
492 int r;
493
494 assert(p);
495 assert(name);
496
497 if (p->refuse_compression)
498 allow_compression = false;
499
500 saved_size = p->size;
501
502 while (!dns_name_is_root(name)) {
503 const char *z = name;
504 char label[DNS_LABEL_MAX];
505 size_t n = 0;
506 int k;
507
508 if (allow_compression)
509 n = PTR_TO_SIZE(hashmap_get(p->names, name));
510 if (n > 0) {
511 assert(n < p->size);
512
513 if (n < 0x4000) {
514 r = dns_packet_append_uint16(p, 0xC000 | n, NULL);
515 if (r < 0)
516 goto fail;
517
518 goto done;
519 }
520 }
521
522 r = dns_label_unescape(&name, label, sizeof(label));
523 if (r < 0)
524 goto fail;
525
526 if (p->protocol == DNS_PROTOCOL_DNS)
527 k = dns_label_apply_idna(label, r, label, sizeof(label));
528 else
529 k = dns_label_undo_idna(label, r, label, sizeof(label));
530 if (k < 0) {
531 r = k;
532 goto fail;
533 }
534 if (k > 0)
535 r = k;
536
537 r = dns_packet_append_label(p, label, r, canonical_candidate, &n);
538 if (r < 0)
539 goto fail;
540
541 if (allow_compression) {
542 _cleanup_free_ char *s = NULL;
543
544 s = strdup(z);
545 if (!s) {
546 r = -ENOMEM;
547 goto fail;
548 }
549
550 r = hashmap_ensure_allocated(&p->names, &dns_name_hash_ops);
551 if (r < 0)
552 goto fail;
553
554 r = hashmap_put(p->names, s, SIZE_TO_PTR(n));
555 if (r < 0)
556 goto fail;
557
558 s = NULL;
559 }
560 }
561
562 r = dns_packet_append_uint8(p, 0, NULL);
563 if (r < 0)
564 return r;
565
566 done:
567 if (start)
568 *start = saved_size;
569
570 return 0;
571
572 fail:
573 dns_packet_truncate(p, saved_size);
574 return r;
575 }
576
577 int dns_packet_append_key(DnsPacket *p, const DnsResourceKey *k, size_t *start) {
578 size_t saved_size;
579 int r;
580
581 assert(p);
582 assert(k);
583
584 saved_size = p->size;
585
586 r = dns_packet_append_name(p, DNS_RESOURCE_KEY_NAME(k), true, true, NULL);
587 if (r < 0)
588 goto fail;
589
590 r = dns_packet_append_uint16(p, k->type, NULL);
591 if (r < 0)
592 goto fail;
593
594 r = dns_packet_append_uint16(p, k->class, NULL);
595 if (r < 0)
596 goto fail;
597
598 if (start)
599 *start = saved_size;
600
601 return 0;
602
603 fail:
604 dns_packet_truncate(p, saved_size);
605 return r;
606 }
607
608 static int dns_packet_append_type_window(DnsPacket *p, uint8_t window, uint8_t length, const uint8_t *types, size_t *start) {
609 size_t saved_size;
610 int r;
611
612 assert(p);
613 assert(types);
614 assert(length > 0);
615
616 saved_size = p->size;
617
618 r = dns_packet_append_uint8(p, window, NULL);
619 if (r < 0)
620 goto fail;
621
622 r = dns_packet_append_uint8(p, length, NULL);
623 if (r < 0)
624 goto fail;
625
626 r = dns_packet_append_blob(p, types, length, NULL);
627 if (r < 0)
628 goto fail;
629
630 if (start)
631 *start = saved_size;
632
633 return 0;
634 fail:
635 dns_packet_truncate(p, saved_size);
636 return r;
637 }
638
639 static int dns_packet_append_types(DnsPacket *p, Bitmap *types, size_t *start) {
640 Iterator i;
641 uint8_t window = 0;
642 uint8_t entry = 0;
643 uint8_t bitmaps[32] = {};
644 unsigned n;
645 size_t saved_size;
646 int r;
647
648 assert(p);
649
650 saved_size = p->size;
651
652 BITMAP_FOREACH(n, types, i) {
653 assert(n <= 0xffff);
654
655 if ((n >> 8) != window && bitmaps[entry / 8] != 0) {
656 r = dns_packet_append_type_window(p, window, entry / 8 + 1, bitmaps, NULL);
657 if (r < 0)
658 goto fail;
659
660 zero(bitmaps);
661 }
662
663 window = n >> 8;
664 entry = n & 255;
665
666 bitmaps[entry / 8] |= 1 << (7 - (entry % 8));
667 }
668
669 if (bitmaps[entry / 8] != 0) {
670 r = dns_packet_append_type_window(p, window, entry / 8 + 1, bitmaps, NULL);
671 if (r < 0)
672 goto fail;
673 }
674
675 if (start)
676 *start = saved_size;
677
678 return 0;
679 fail:
680 dns_packet_truncate(p, saved_size);
681 return r;
682 }
683
684 /* Append the OPT pseudo-RR described in RFC6891 */
685 int dns_packet_append_opt(DnsPacket *p, uint16_t max_udp_size, bool edns0_do, size_t *start) {
686 size_t saved_size;
687 int r;
688
689 assert(p);
690 /* we must never advertise supported packet size smaller than the legacy max */
691 assert(max_udp_size >= DNS_PACKET_UNICAST_SIZE_MAX);
692
693 if (p->opt_start != (size_t) -1)
694 return -EBUSY;
695
696 assert(p->opt_size == (size_t) -1);
697
698 saved_size = p->size;
699
700 /* empty name */
701 r = dns_packet_append_uint8(p, 0, NULL);
702 if (r < 0)
703 return r;
704
705 /* type */
706 r = dns_packet_append_uint16(p, DNS_TYPE_OPT, NULL);
707 if (r < 0)
708 goto fail;
709
710 /* maximum udp packet that can be received */
711 r = dns_packet_append_uint16(p, max_udp_size, NULL);
712 if (r < 0)
713 goto fail;
714
715 /* extended RCODE and VERSION */
716 r = dns_packet_append_uint16(p, 0, NULL);
717 if (r < 0)
718 goto fail;
719
720 /* flags: DNSSEC OK (DO), see RFC3225 */
721 r = dns_packet_append_uint16(p, edns0_do ? EDNS0_OPT_DO : 0, NULL);
722 if (r < 0)
723 goto fail;
724
725 /* RDLENGTH */
726
727 if (edns0_do) {
728 /* If DO is on, also append RFC6975 Algorithm data */
729
730 static const uint8_t rfc6975[] = {
731
732 0, 5, /* OPTION_CODE: DAU */
733 0, 6, /* LIST_LENGTH */
734 DNSSEC_ALGORITHM_RSASHA1,
735 DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1,
736 DNSSEC_ALGORITHM_RSASHA256,
737 DNSSEC_ALGORITHM_RSASHA512,
738 DNSSEC_ALGORITHM_ECDSAP256SHA256,
739 DNSSEC_ALGORITHM_ECDSAP384SHA384,
740
741 0, 6, /* OPTION_CODE: DHU */
742 0, 3, /* LIST_LENGTH */
743 DNSSEC_DIGEST_SHA1,
744 DNSSEC_DIGEST_SHA256,
745 DNSSEC_DIGEST_SHA384,
746
747 0, 7, /* OPTION_CODE: N3U */
748 0, 1, /* LIST_LENGTH */
749 NSEC3_ALGORITHM_SHA1,
750 };
751
752 r = dns_packet_append_uint16(p, sizeof(rfc6975), NULL);
753 if (r < 0)
754 goto fail;
755
756 r = dns_packet_append_blob(p, rfc6975, sizeof(rfc6975), NULL);
757 } else
758 r = dns_packet_append_uint16(p, 0, NULL);
759
760 if (r < 0)
761 goto fail;
762
763 DNS_PACKET_HEADER(p)->arcount = htobe16(DNS_PACKET_ARCOUNT(p) + 1);
764
765 p->opt_start = saved_size;
766 p->opt_size = p->size - saved_size;
767
768 if (start)
769 *start = saved_size;
770
771 return 0;
772
773 fail:
774 dns_packet_truncate(p, saved_size);
775 return r;
776 }
777
778 int dns_packet_truncate_opt(DnsPacket *p) {
779 assert(p);
780
781 if (p->opt_start == (size_t) -1) {
782 assert(p->opt_size == (size_t) -1);
783 return 0;
784 }
785
786 assert(p->opt_size != (size_t) -1);
787 assert(DNS_PACKET_ARCOUNT(p) > 0);
788
789 if (p->opt_start + p->opt_size != p->size)
790 return -EBUSY;
791
792 dns_packet_truncate(p, p->opt_start);
793 DNS_PACKET_HEADER(p)->arcount = htobe16(DNS_PACKET_ARCOUNT(p) - 1);
794 p->opt_start = p->opt_size = (size_t) -1;
795
796 return 1;
797 }
798
799 int dns_packet_append_rr(DnsPacket *p, const DnsResourceRecord *rr, size_t *start, size_t *rdata_start) {
800 size_t saved_size, rdlength_offset, end, rdlength, rds;
801 int r;
802
803 assert(p);
804 assert(rr);
805
806 saved_size = p->size;
807
808 r = dns_packet_append_key(p, rr->key, NULL);
809 if (r < 0)
810 goto fail;
811
812 r = dns_packet_append_uint32(p, rr->ttl, NULL);
813 if (r < 0)
814 goto fail;
815
816 /* Initially we write 0 here */
817 r = dns_packet_append_uint16(p, 0, &rdlength_offset);
818 if (r < 0)
819 goto fail;
820
821 rds = p->size - saved_size;
822
823 switch (rr->unparseable ? _DNS_TYPE_INVALID : rr->key->type) {
824
825 case DNS_TYPE_SRV:
826 r = dns_packet_append_uint16(p, rr->srv.priority, NULL);
827 if (r < 0)
828 goto fail;
829
830 r = dns_packet_append_uint16(p, rr->srv.weight, NULL);
831 if (r < 0)
832 goto fail;
833
834 r = dns_packet_append_uint16(p, rr->srv.port, NULL);
835 if (r < 0)
836 goto fail;
837
838 r = dns_packet_append_name(p, rr->srv.name, true, false, NULL);
839 break;
840
841 case DNS_TYPE_PTR:
842 case DNS_TYPE_NS:
843 case DNS_TYPE_CNAME:
844 case DNS_TYPE_DNAME:
845 r = dns_packet_append_name(p, rr->ptr.name, true, false, NULL);
846 break;
847
848 case DNS_TYPE_HINFO:
849 r = dns_packet_append_string(p, rr->hinfo.cpu, NULL);
850 if (r < 0)
851 goto fail;
852
853 r = dns_packet_append_string(p, rr->hinfo.os, NULL);
854 break;
855
856 case DNS_TYPE_SPF: /* exactly the same as TXT */
857 case DNS_TYPE_TXT:
858
859 if (!rr->txt.items) {
860 /* RFC 6763, section 6.1 suggests to generate
861 * single empty string for an empty array. */
862
863 r = dns_packet_append_raw_string(p, NULL, 0, NULL);
864 if (r < 0)
865 goto fail;
866 } else {
867 DnsTxtItem *i;
868
869 LIST_FOREACH(items, i, rr->txt.items) {
870 r = dns_packet_append_raw_string(p, i->data, i->length, NULL);
871 if (r < 0)
872 goto fail;
873 }
874 }
875
876 r = 0;
877 break;
878
879 case DNS_TYPE_A:
880 r = dns_packet_append_blob(p, &rr->a.in_addr, sizeof(struct in_addr), NULL);
881 break;
882
883 case DNS_TYPE_AAAA:
884 r = dns_packet_append_blob(p, &rr->aaaa.in6_addr, sizeof(struct in6_addr), NULL);
885 break;
886
887 case DNS_TYPE_SOA:
888 r = dns_packet_append_name(p, rr->soa.mname, true, false, NULL);
889 if (r < 0)
890 goto fail;
891
892 r = dns_packet_append_name(p, rr->soa.rname, true, false, NULL);
893 if (r < 0)
894 goto fail;
895
896 r = dns_packet_append_uint32(p, rr->soa.serial, NULL);
897 if (r < 0)
898 goto fail;
899
900 r = dns_packet_append_uint32(p, rr->soa.refresh, NULL);
901 if (r < 0)
902 goto fail;
903
904 r = dns_packet_append_uint32(p, rr->soa.retry, NULL);
905 if (r < 0)
906 goto fail;
907
908 r = dns_packet_append_uint32(p, rr->soa.expire, NULL);
909 if (r < 0)
910 goto fail;
911
912 r = dns_packet_append_uint32(p, rr->soa.minimum, NULL);
913 break;
914
915 case DNS_TYPE_MX:
916 r = dns_packet_append_uint16(p, rr->mx.priority, NULL);
917 if (r < 0)
918 goto fail;
919
920 r = dns_packet_append_name(p, rr->mx.exchange, true, false, NULL);
921 break;
922
923 case DNS_TYPE_LOC:
924 r = dns_packet_append_uint8(p, rr->loc.version, NULL);
925 if (r < 0)
926 goto fail;
927
928 r = dns_packet_append_uint8(p, rr->loc.size, NULL);
929 if (r < 0)
930 goto fail;
931
932 r = dns_packet_append_uint8(p, rr->loc.horiz_pre, NULL);
933 if (r < 0)
934 goto fail;
935
936 r = dns_packet_append_uint8(p, rr->loc.vert_pre, NULL);
937 if (r < 0)
938 goto fail;
939
940 r = dns_packet_append_uint32(p, rr->loc.latitude, NULL);
941 if (r < 0)
942 goto fail;
943
944 r = dns_packet_append_uint32(p, rr->loc.longitude, NULL);
945 if (r < 0)
946 goto fail;
947
948 r = dns_packet_append_uint32(p, rr->loc.altitude, NULL);
949 break;
950
951 case DNS_TYPE_DS:
952 r = dns_packet_append_uint16(p, rr->ds.key_tag, NULL);
953 if (r < 0)
954 goto fail;
955
956 r = dns_packet_append_uint8(p, rr->ds.algorithm, NULL);
957 if (r < 0)
958 goto fail;
959
960 r = dns_packet_append_uint8(p, rr->ds.digest_type, NULL);
961 if (r < 0)
962 goto fail;
963
964 r = dns_packet_append_blob(p, rr->ds.digest, rr->ds.digest_size, NULL);
965 break;
966
967 case DNS_TYPE_SSHFP:
968 r = dns_packet_append_uint8(p, rr->sshfp.algorithm, NULL);
969 if (r < 0)
970 goto fail;
971
972 r = dns_packet_append_uint8(p, rr->sshfp.fptype, NULL);
973 if (r < 0)
974 goto fail;
975
976 r = dns_packet_append_blob(p, rr->sshfp.fingerprint, rr->sshfp.fingerprint_size, NULL);
977 break;
978
979 case DNS_TYPE_DNSKEY:
980 r = dns_packet_append_uint16(p, rr->dnskey.flags, NULL);
981 if (r < 0)
982 goto fail;
983
984 r = dns_packet_append_uint8(p, rr->dnskey.protocol, NULL);
985 if (r < 0)
986 goto fail;
987
988 r = dns_packet_append_uint8(p, rr->dnskey.algorithm, NULL);
989 if (r < 0)
990 goto fail;
991
992 r = dns_packet_append_blob(p, rr->dnskey.key, rr->dnskey.key_size, NULL);
993 break;
994
995 case DNS_TYPE_RRSIG:
996 r = dns_packet_append_uint16(p, rr->rrsig.type_covered, NULL);
997 if (r < 0)
998 goto fail;
999
1000 r = dns_packet_append_uint8(p, rr->rrsig.algorithm, NULL);
1001 if (r < 0)
1002 goto fail;
1003
1004 r = dns_packet_append_uint8(p, rr->rrsig.labels, NULL);
1005 if (r < 0)
1006 goto fail;
1007
1008 r = dns_packet_append_uint32(p, rr->rrsig.original_ttl, NULL);
1009 if (r < 0)
1010 goto fail;
1011
1012 r = dns_packet_append_uint32(p, rr->rrsig.expiration, NULL);
1013 if (r < 0)
1014 goto fail;
1015
1016 r = dns_packet_append_uint32(p, rr->rrsig.inception, NULL);
1017 if (r < 0)
1018 goto fail;
1019
1020 r = dns_packet_append_uint16(p, rr->rrsig.key_tag, NULL);
1021 if (r < 0)
1022 goto fail;
1023
1024 r = dns_packet_append_name(p, rr->rrsig.signer, false, true, NULL);
1025 if (r < 0)
1026 goto fail;
1027
1028 r = dns_packet_append_blob(p, rr->rrsig.signature, rr->rrsig.signature_size, NULL);
1029 break;
1030
1031 case DNS_TYPE_NSEC:
1032 r = dns_packet_append_name(p, rr->nsec.next_domain_name, false, false, NULL);
1033 if (r < 0)
1034 goto fail;
1035
1036 r = dns_packet_append_types(p, rr->nsec.types, NULL);
1037 if (r < 0)
1038 goto fail;
1039
1040 break;
1041
1042 case DNS_TYPE_NSEC3:
1043 r = dns_packet_append_uint8(p, rr->nsec3.algorithm, NULL);
1044 if (r < 0)
1045 goto fail;
1046
1047 r = dns_packet_append_uint8(p, rr->nsec3.flags, NULL);
1048 if (r < 0)
1049 goto fail;
1050
1051 r = dns_packet_append_uint16(p, rr->nsec3.iterations, NULL);
1052 if (r < 0)
1053 goto fail;
1054
1055 r = dns_packet_append_uint8(p, rr->nsec3.salt_size, NULL);
1056 if (r < 0)
1057 goto fail;
1058
1059 r = dns_packet_append_blob(p, rr->nsec3.salt, rr->nsec3.salt_size, NULL);
1060 if (r < 0)
1061 goto fail;
1062
1063 r = dns_packet_append_uint8(p, rr->nsec3.next_hashed_name_size, NULL);
1064 if (r < 0)
1065 goto fail;
1066
1067 r = dns_packet_append_blob(p, rr->nsec3.next_hashed_name, rr->nsec3.next_hashed_name_size, NULL);
1068 if (r < 0)
1069 goto fail;
1070
1071 r = dns_packet_append_types(p, rr->nsec3.types, NULL);
1072 if (r < 0)
1073 goto fail;
1074
1075 break;
1076
1077 case DNS_TYPE_OPT:
1078 case _DNS_TYPE_INVALID: /* unparseable */
1079 default:
1080
1081 r = dns_packet_append_blob(p, rr->generic.data, rr->generic.size, NULL);
1082 break;
1083 }
1084 if (r < 0)
1085 goto fail;
1086
1087 /* Let's calculate the actual data size and update the field */
1088 rdlength = p->size - rdlength_offset - sizeof(uint16_t);
1089 if (rdlength > 0xFFFF) {
1090 r = ENOSPC;
1091 goto fail;
1092 }
1093
1094 end = p->size;
1095 p->size = rdlength_offset;
1096 r = dns_packet_append_uint16(p, rdlength, NULL);
1097 if (r < 0)
1098 goto fail;
1099 p->size = end;
1100
1101 if (start)
1102 *start = saved_size;
1103
1104 if (rdata_start)
1105 *rdata_start = rds;
1106
1107 return 0;
1108
1109 fail:
1110 dns_packet_truncate(p, saved_size);
1111 return r;
1112 }
1113
1114 int dns_packet_read(DnsPacket *p, size_t sz, const void **ret, size_t *start) {
1115 assert(p);
1116
1117 if (p->rindex + sz > p->size)
1118 return -EMSGSIZE;
1119
1120 if (ret)
1121 *ret = (uint8_t*) DNS_PACKET_DATA(p) + p->rindex;
1122
1123 if (start)
1124 *start = p->rindex;
1125
1126 p->rindex += sz;
1127 return 0;
1128 }
1129
1130 void dns_packet_rewind(DnsPacket *p, size_t idx) {
1131 assert(p);
1132 assert(idx <= p->size);
1133 assert(idx >= DNS_PACKET_HEADER_SIZE);
1134
1135 p->rindex = idx;
1136 }
1137
1138 int dns_packet_read_blob(DnsPacket *p, void *d, size_t sz, size_t *start) {
1139 const void *q;
1140 int r;
1141
1142 assert(p);
1143 assert(d);
1144
1145 r = dns_packet_read(p, sz, &q, start);
1146 if (r < 0)
1147 return r;
1148
1149 memcpy(d, q, sz);
1150 return 0;
1151 }
1152
1153 static int dns_packet_read_memdup(
1154 DnsPacket *p, size_t size,
1155 void **ret, size_t *ret_size,
1156 size_t *ret_start) {
1157
1158 const void *src;
1159 size_t start;
1160 int r;
1161
1162 assert(p);
1163 assert(ret);
1164
1165 r = dns_packet_read(p, size, &src, &start);
1166 if (r < 0)
1167 return r;
1168
1169 if (size <= 0)
1170 *ret = NULL;
1171 else {
1172 void *copy;
1173
1174 copy = memdup(src, size);
1175 if (!copy)
1176 return -ENOMEM;
1177
1178 *ret = copy;
1179 }
1180
1181 if (ret_size)
1182 *ret_size = size;
1183 if (ret_start)
1184 *ret_start = start;
1185
1186 return 0;
1187 }
1188
1189 int dns_packet_read_uint8(DnsPacket *p, uint8_t *ret, size_t *start) {
1190 const void *d;
1191 int r;
1192
1193 assert(p);
1194
1195 r = dns_packet_read(p, sizeof(uint8_t), &d, start);
1196 if (r < 0)
1197 return r;
1198
1199 *ret = ((uint8_t*) d)[0];
1200 return 0;
1201 }
1202
1203 int dns_packet_read_uint16(DnsPacket *p, uint16_t *ret, size_t *start) {
1204 const void *d;
1205 int r;
1206
1207 assert(p);
1208
1209 r = dns_packet_read(p, sizeof(uint16_t), &d, start);
1210 if (r < 0)
1211 return r;
1212
1213 *ret = unaligned_read_be16(d);
1214
1215 return 0;
1216 }
1217
1218 int dns_packet_read_uint32(DnsPacket *p, uint32_t *ret, size_t *start) {
1219 const void *d;
1220 int r;
1221
1222 assert(p);
1223
1224 r = dns_packet_read(p, sizeof(uint32_t), &d, start);
1225 if (r < 0)
1226 return r;
1227
1228 *ret = unaligned_read_be32(d);
1229
1230 return 0;
1231 }
1232
1233 int dns_packet_read_string(DnsPacket *p, char **ret, size_t *start) {
1234 size_t saved_rindex;
1235 const void *d;
1236 char *t;
1237 uint8_t c;
1238 int r;
1239
1240 assert(p);
1241
1242 saved_rindex = p->rindex;
1243
1244 r = dns_packet_read_uint8(p, &c, NULL);
1245 if (r < 0)
1246 goto fail;
1247
1248 r = dns_packet_read(p, c, &d, NULL);
1249 if (r < 0)
1250 goto fail;
1251
1252 if (memchr(d, 0, c)) {
1253 r = -EBADMSG;
1254 goto fail;
1255 }
1256
1257 t = strndup(d, c);
1258 if (!t) {
1259 r = -ENOMEM;
1260 goto fail;
1261 }
1262
1263 if (!utf8_is_valid(t)) {
1264 free(t);
1265 r = -EBADMSG;
1266 goto fail;
1267 }
1268
1269 *ret = t;
1270
1271 if (start)
1272 *start = saved_rindex;
1273
1274 return 0;
1275
1276 fail:
1277 dns_packet_rewind(p, saved_rindex);
1278 return r;
1279 }
1280
1281 int dns_packet_read_raw_string(DnsPacket *p, const void **ret, size_t *size, size_t *start) {
1282 size_t saved_rindex;
1283 uint8_t c;
1284 int r;
1285
1286 assert(p);
1287
1288 saved_rindex = p->rindex;
1289
1290 r = dns_packet_read_uint8(p, &c, NULL);
1291 if (r < 0)
1292 goto fail;
1293
1294 r = dns_packet_read(p, c, ret, NULL);
1295 if (r < 0)
1296 goto fail;
1297
1298 if (size)
1299 *size = c;
1300 if (start)
1301 *start = saved_rindex;
1302
1303 return 0;
1304
1305 fail:
1306 dns_packet_rewind(p, saved_rindex);
1307 return r;
1308 }
1309
1310 int dns_packet_read_name(
1311 DnsPacket *p,
1312 char **_ret,
1313 bool allow_compression,
1314 size_t *start) {
1315
1316 size_t saved_rindex, after_rindex = 0, jump_barrier;
1317 _cleanup_free_ char *ret = NULL;
1318 size_t n = 0, allocated = 0;
1319 bool first = true;
1320 int r;
1321
1322 assert(p);
1323 assert(_ret);
1324
1325 if (p->refuse_compression)
1326 allow_compression = false;
1327
1328 saved_rindex = p->rindex;
1329 jump_barrier = p->rindex;
1330
1331 for (;;) {
1332 uint8_t c, d;
1333
1334 r = dns_packet_read_uint8(p, &c, NULL);
1335 if (r < 0)
1336 goto fail;
1337
1338 if (c == 0)
1339 /* End of name */
1340 break;
1341 else if (c <= 63) {
1342 const char *label;
1343
1344 /* Literal label */
1345 r = dns_packet_read(p, c, (const void**) &label, NULL);
1346 if (r < 0)
1347 goto fail;
1348
1349 if (!GREEDY_REALLOC(ret, allocated, n + !first + DNS_LABEL_ESCAPED_MAX)) {
1350 r = -ENOMEM;
1351 goto fail;
1352 }
1353
1354 if (first)
1355 first = false;
1356 else
1357 ret[n++] = '.';
1358
1359 r = dns_label_escape(label, c, ret + n, DNS_LABEL_ESCAPED_MAX);
1360 if (r < 0)
1361 goto fail;
1362
1363 n += r;
1364 continue;
1365 } else if (allow_compression && (c & 0xc0) == 0xc0) {
1366 uint16_t ptr;
1367
1368 /* Pointer */
1369 r = dns_packet_read_uint8(p, &d, NULL);
1370 if (r < 0)
1371 goto fail;
1372
1373 ptr = (uint16_t) (c & ~0xc0) << 8 | (uint16_t) d;
1374 if (ptr < DNS_PACKET_HEADER_SIZE || ptr >= jump_barrier) {
1375 r = -EBADMSG;
1376 goto fail;
1377 }
1378
1379 if (after_rindex == 0)
1380 after_rindex = p->rindex;
1381
1382 /* Jumps are limited to a "prior occurrence" (RFC-1035 4.1.4) */
1383 jump_barrier = ptr;
1384 p->rindex = ptr;
1385 } else {
1386 r = -EBADMSG;
1387 goto fail;
1388 }
1389 }
1390
1391 if (!GREEDY_REALLOC(ret, allocated, n + 1)) {
1392 r = -ENOMEM;
1393 goto fail;
1394 }
1395
1396 ret[n] = 0;
1397
1398 if (after_rindex != 0)
1399 p->rindex= after_rindex;
1400
1401 *_ret = ret;
1402 ret = NULL;
1403
1404 if (start)
1405 *start = saved_rindex;
1406
1407 return 0;
1408
1409 fail:
1410 dns_packet_rewind(p, saved_rindex);
1411 return r;
1412 }
1413
1414 static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *start) {
1415 uint8_t window;
1416 uint8_t length;
1417 const uint8_t *bitmap;
1418 uint8_t bit = 0;
1419 unsigned i;
1420 bool found = false;
1421 size_t saved_rindex;
1422 int r;
1423
1424 assert(p);
1425 assert(types);
1426
1427 saved_rindex = p->rindex;
1428
1429 r = bitmap_ensure_allocated(types);
1430 if (r < 0)
1431 goto fail;
1432
1433 r = dns_packet_read_uint8(p, &window, NULL);
1434 if (r < 0)
1435 goto fail;
1436
1437 r = dns_packet_read_uint8(p, &length, NULL);
1438 if (r < 0)
1439 goto fail;
1440
1441 if (length == 0 || length > 32)
1442 return -EBADMSG;
1443
1444 r = dns_packet_read(p, length, (const void **)&bitmap, NULL);
1445 if (r < 0)
1446 goto fail;
1447
1448 for (i = 0; i < length; i++) {
1449 uint8_t bitmask = 1 << 7;
1450
1451 if (!bitmap[i]) {
1452 found = false;
1453 bit += 8;
1454 continue;
1455 }
1456
1457 found = true;
1458
1459 while (bitmask) {
1460 if (bitmap[i] & bitmask) {
1461 uint16_t n;
1462
1463 n = (uint16_t) window << 8 | (uint16_t) bit;
1464
1465 /* Ignore pseudo-types. see RFC4034 section 4.1.2 */
1466 if (dns_type_is_pseudo(n))
1467 continue;
1468
1469 r = bitmap_set(*types, n);
1470 if (r < 0)
1471 goto fail;
1472 }
1473
1474 bit ++;
1475 bitmask >>= 1;
1476 }
1477 }
1478
1479 if (!found)
1480 return -EBADMSG;
1481
1482 if (start)
1483 *start = saved_rindex;
1484
1485 return 0;
1486 fail:
1487 dns_packet_rewind(p, saved_rindex);
1488 return r;
1489 }
1490
1491 static int dns_packet_read_type_windows(DnsPacket *p, Bitmap **types, size_t size, size_t *start) {
1492 size_t saved_rindex;
1493 int r;
1494
1495 saved_rindex = p->rindex;
1496
1497 while (p->rindex < saved_rindex + size) {
1498 r = dns_packet_read_type_window(p, types, NULL);
1499 if (r < 0)
1500 goto fail;
1501
1502 /* don't read past end of current RR */
1503 if (p->rindex > saved_rindex + size) {
1504 r = -EBADMSG;
1505 goto fail;
1506 }
1507 }
1508
1509 if (p->rindex != saved_rindex + size) {
1510 r = -EBADMSG;
1511 goto fail;
1512 }
1513
1514 if (start)
1515 *start = saved_rindex;
1516
1517 return 0;
1518 fail:
1519 dns_packet_rewind(p, saved_rindex);
1520 return r;
1521 }
1522
1523 int dns_packet_read_key(DnsPacket *p, DnsResourceKey **ret, bool *ret_cache_flush, size_t *start) {
1524 _cleanup_free_ char *name = NULL;
1525 bool cache_flush = false;
1526 uint16_t class, type;
1527 DnsResourceKey *key;
1528 size_t saved_rindex;
1529 int r;
1530
1531 assert(p);
1532 assert(ret);
1533
1534 saved_rindex = p->rindex;
1535
1536 r = dns_packet_read_name(p, &name, true, NULL);
1537 if (r < 0)
1538 goto fail;
1539
1540 r = dns_packet_read_uint16(p, &type, NULL);
1541 if (r < 0)
1542 goto fail;
1543
1544 r = dns_packet_read_uint16(p, &class, NULL);
1545 if (r < 0)
1546 goto fail;
1547
1548 if (p->protocol == DNS_PROTOCOL_MDNS) {
1549 /* See RFC6762, Section 10.2 */
1550
1551 if (type != DNS_TYPE_OPT && (class & MDNS_RR_CACHE_FLUSH)) {
1552 class &= ~MDNS_RR_CACHE_FLUSH;
1553 cache_flush = true;
1554 }
1555 }
1556
1557 key = dns_resource_key_new_consume(class, type, name);
1558 if (!key) {
1559 r = -ENOMEM;
1560 goto fail;
1561 }
1562
1563 name = NULL;
1564 *ret = key;
1565
1566 if (ret_cache_flush)
1567 *ret_cache_flush = cache_flush;
1568 if (start)
1569 *start = saved_rindex;
1570
1571 return 0;
1572 fail:
1573 dns_packet_rewind(p, saved_rindex);
1574 return r;
1575 }
1576
1577 static bool loc_size_ok(uint8_t size) {
1578 uint8_t m = size >> 4, e = size & 0xF;
1579
1580 return m <= 9 && e <= 9 && (m > 0 || e == 0);
1581 }
1582
1583 int dns_packet_read_rr(DnsPacket *p, DnsResourceRecord **ret, bool *ret_cache_flush, size_t *start) {
1584 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
1585 _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL;
1586 size_t saved_rindex, offset;
1587 uint16_t rdlength;
1588 bool cache_flush;
1589 int r;
1590
1591 assert(p);
1592 assert(ret);
1593
1594 saved_rindex = p->rindex;
1595
1596 r = dns_packet_read_key(p, &key, &cache_flush, NULL);
1597 if (r < 0)
1598 goto fail;
1599
1600 if (!dns_class_is_valid_rr(key->class)||
1601 !dns_type_is_valid_rr(key->type)) {
1602 r = -EBADMSG;
1603 goto fail;
1604 }
1605
1606 rr = dns_resource_record_new(key);
1607 if (!rr) {
1608 r = -ENOMEM;
1609 goto fail;
1610 }
1611
1612 r = dns_packet_read_uint32(p, &rr->ttl, NULL);
1613 if (r < 0)
1614 goto fail;
1615
1616 /* RFC 2181, Section 8, suggests to
1617 * treat a TTL with the MSB set as a zero TTL. */
1618 if (rr->ttl & UINT32_C(0x80000000))
1619 rr->ttl = 0;
1620
1621 r = dns_packet_read_uint16(p, &rdlength, NULL);
1622 if (r < 0)
1623 goto fail;
1624
1625 if (p->rindex + rdlength > p->size) {
1626 r = -EBADMSG;
1627 goto fail;
1628 }
1629
1630 offset = p->rindex;
1631
1632 switch (rr->key->type) {
1633
1634 case DNS_TYPE_SRV:
1635 r = dns_packet_read_uint16(p, &rr->srv.priority, NULL);
1636 if (r < 0)
1637 goto fail;
1638 r = dns_packet_read_uint16(p, &rr->srv.weight, NULL);
1639 if (r < 0)
1640 goto fail;
1641 r = dns_packet_read_uint16(p, &rr->srv.port, NULL);
1642 if (r < 0)
1643 goto fail;
1644 r = dns_packet_read_name(p, &rr->srv.name, true, NULL);
1645 break;
1646
1647 case DNS_TYPE_PTR:
1648 case DNS_TYPE_NS:
1649 case DNS_TYPE_CNAME:
1650 case DNS_TYPE_DNAME:
1651 r = dns_packet_read_name(p, &rr->ptr.name, true, NULL);
1652 break;
1653
1654 case DNS_TYPE_HINFO:
1655 r = dns_packet_read_string(p, &rr->hinfo.cpu, NULL);
1656 if (r < 0)
1657 goto fail;
1658
1659 r = dns_packet_read_string(p, &rr->hinfo.os, NULL);
1660 break;
1661
1662 case DNS_TYPE_SPF: /* exactly the same as TXT */
1663 case DNS_TYPE_TXT:
1664 if (rdlength <= 0) {
1665 DnsTxtItem *i;
1666 /* RFC 6763, section 6.1 suggests to treat
1667 * empty TXT RRs as equivalent to a TXT record
1668 * with a single empty string. */
1669
1670 i = malloc0(offsetof(DnsTxtItem, data) + 1); /* for safety reasons we add an extra NUL byte */
1671 if (!i)
1672 return -ENOMEM;
1673
1674 rr->txt.items = i;
1675 } else {
1676 DnsTxtItem *last = NULL;
1677
1678 while (p->rindex < offset + rdlength) {
1679 DnsTxtItem *i;
1680 const void *data;
1681 size_t sz;
1682
1683 r = dns_packet_read_raw_string(p, &data, &sz, NULL);
1684 if (r < 0)
1685 return r;
1686
1687 i = malloc0(offsetof(DnsTxtItem, data) + sz + 1); /* extra NUL byte at the end */
1688 if (!i)
1689 return -ENOMEM;
1690
1691 memcpy(i->data, data, sz);
1692 i->length = sz;
1693
1694 LIST_INSERT_AFTER(items, rr->txt.items, last, i);
1695 last = i;
1696 }
1697 }
1698
1699 r = 0;
1700 break;
1701
1702 case DNS_TYPE_A:
1703 r = dns_packet_read_blob(p, &rr->a.in_addr, sizeof(struct in_addr), NULL);
1704 break;
1705
1706 case DNS_TYPE_AAAA:
1707 r = dns_packet_read_blob(p, &rr->aaaa.in6_addr, sizeof(struct in6_addr), NULL);
1708 break;
1709
1710 case DNS_TYPE_SOA:
1711 r = dns_packet_read_name(p, &rr->soa.mname, true, NULL);
1712 if (r < 0)
1713 goto fail;
1714
1715 r = dns_packet_read_name(p, &rr->soa.rname, true, NULL);
1716 if (r < 0)
1717 goto fail;
1718
1719 r = dns_packet_read_uint32(p, &rr->soa.serial, NULL);
1720 if (r < 0)
1721 goto fail;
1722
1723 r = dns_packet_read_uint32(p, &rr->soa.refresh, NULL);
1724 if (r < 0)
1725 goto fail;
1726
1727 r = dns_packet_read_uint32(p, &rr->soa.retry, NULL);
1728 if (r < 0)
1729 goto fail;
1730
1731 r = dns_packet_read_uint32(p, &rr->soa.expire, NULL);
1732 if (r < 0)
1733 goto fail;
1734
1735 r = dns_packet_read_uint32(p, &rr->soa.minimum, NULL);
1736 break;
1737
1738 case DNS_TYPE_MX:
1739 r = dns_packet_read_uint16(p, &rr->mx.priority, NULL);
1740 if (r < 0)
1741 goto fail;
1742
1743 r = dns_packet_read_name(p, &rr->mx.exchange, true, NULL);
1744 break;
1745
1746 case DNS_TYPE_LOC: {
1747 uint8_t t;
1748 size_t pos;
1749
1750 r = dns_packet_read_uint8(p, &t, &pos);
1751 if (r < 0)
1752 goto fail;
1753
1754 if (t == 0) {
1755 rr->loc.version = t;
1756
1757 r = dns_packet_read_uint8(p, &rr->loc.size, NULL);
1758 if (r < 0)
1759 goto fail;
1760
1761 if (!loc_size_ok(rr->loc.size)) {
1762 r = -EBADMSG;
1763 goto fail;
1764 }
1765
1766 r = dns_packet_read_uint8(p, &rr->loc.horiz_pre, NULL);
1767 if (r < 0)
1768 goto fail;
1769
1770 if (!loc_size_ok(rr->loc.horiz_pre)) {
1771 r = -EBADMSG;
1772 goto fail;
1773 }
1774
1775 r = dns_packet_read_uint8(p, &rr->loc.vert_pre, NULL);
1776 if (r < 0)
1777 goto fail;
1778
1779 if (!loc_size_ok(rr->loc.vert_pre)) {
1780 r = -EBADMSG;
1781 goto fail;
1782 }
1783
1784 r = dns_packet_read_uint32(p, &rr->loc.latitude, NULL);
1785 if (r < 0)
1786 goto fail;
1787
1788 r = dns_packet_read_uint32(p, &rr->loc.longitude, NULL);
1789 if (r < 0)
1790 goto fail;
1791
1792 r = dns_packet_read_uint32(p, &rr->loc.altitude, NULL);
1793 if (r < 0)
1794 goto fail;
1795
1796 break;
1797 } else {
1798 dns_packet_rewind(p, pos);
1799 rr->unparseable = true;
1800 goto unparseable;
1801 }
1802 }
1803
1804 case DNS_TYPE_DS:
1805 r = dns_packet_read_uint16(p, &rr->ds.key_tag, NULL);
1806 if (r < 0)
1807 goto fail;
1808
1809 r = dns_packet_read_uint8(p, &rr->ds.algorithm, NULL);
1810 if (r < 0)
1811 goto fail;
1812
1813 r = dns_packet_read_uint8(p, &rr->ds.digest_type, NULL);
1814 if (r < 0)
1815 goto fail;
1816
1817 r = dns_packet_read_memdup(p, rdlength - 4,
1818 &rr->ds.digest, &rr->ds.digest_size,
1819 NULL);
1820 if (r < 0)
1821 goto fail;
1822
1823 if (rr->ds.digest_size <= 0) {
1824 /* the accepted size depends on the algorithm, but for now
1825 just ensure that the value is greater than zero */
1826 r = -EBADMSG;
1827 goto fail;
1828 }
1829
1830 break;
1831
1832 case DNS_TYPE_SSHFP:
1833 r = dns_packet_read_uint8(p, &rr->sshfp.algorithm, NULL);
1834 if (r < 0)
1835 goto fail;
1836
1837 r = dns_packet_read_uint8(p, &rr->sshfp.fptype, NULL);
1838 if (r < 0)
1839 goto fail;
1840
1841 r = dns_packet_read_memdup(p, rdlength - 2,
1842 &rr->sshfp.fingerprint, &rr->sshfp.fingerprint_size,
1843 NULL);
1844
1845 if (rr->sshfp.fingerprint_size <= 0) {
1846 /* the accepted size depends on the algorithm, but for now
1847 just ensure that the value is greater than zero */
1848 r = -EBADMSG;
1849 goto fail;
1850 }
1851
1852 break;
1853
1854 case DNS_TYPE_DNSKEY:
1855 r = dns_packet_read_uint16(p, &rr->dnskey.flags, NULL);
1856 if (r < 0)
1857 goto fail;
1858
1859 r = dns_packet_read_uint8(p, &rr->dnskey.protocol, NULL);
1860 if (r < 0)
1861 goto fail;
1862
1863 r = dns_packet_read_uint8(p, &rr->dnskey.algorithm, NULL);
1864 if (r < 0)
1865 goto fail;
1866
1867 r = dns_packet_read_memdup(p, rdlength - 4,
1868 &rr->dnskey.key, &rr->dnskey.key_size,
1869 NULL);
1870
1871 if (rr->dnskey.key_size <= 0) {
1872 /* the accepted size depends on the algorithm, but for now
1873 just ensure that the value is greater than zero */
1874 r = -EBADMSG;
1875 goto fail;
1876 }
1877
1878 break;
1879
1880 case DNS_TYPE_RRSIG:
1881 r = dns_packet_read_uint16(p, &rr->rrsig.type_covered, NULL);
1882 if (r < 0)
1883 goto fail;
1884
1885 r = dns_packet_read_uint8(p, &rr->rrsig.algorithm, NULL);
1886 if (r < 0)
1887 goto fail;
1888
1889 r = dns_packet_read_uint8(p, &rr->rrsig.labels, NULL);
1890 if (r < 0)
1891 goto fail;
1892
1893 r = dns_packet_read_uint32(p, &rr->rrsig.original_ttl, NULL);
1894 if (r < 0)
1895 goto fail;
1896
1897 r = dns_packet_read_uint32(p, &rr->rrsig.expiration, NULL);
1898 if (r < 0)
1899 goto fail;
1900
1901 r = dns_packet_read_uint32(p, &rr->rrsig.inception, NULL);
1902 if (r < 0)
1903 goto fail;
1904
1905 r = dns_packet_read_uint16(p, &rr->rrsig.key_tag, NULL);
1906 if (r < 0)
1907 goto fail;
1908
1909 r = dns_packet_read_name(p, &rr->rrsig.signer, false, NULL);
1910 if (r < 0)
1911 goto fail;
1912
1913 r = dns_packet_read_memdup(p, offset + rdlength - p->rindex,
1914 &rr->rrsig.signature, &rr->rrsig.signature_size,
1915 NULL);
1916
1917 if (rr->rrsig.signature_size <= 0) {
1918 /* the accepted size depends on the algorithm, but for now
1919 just ensure that the value is greater than zero */
1920 r = -EBADMSG;
1921 goto fail;
1922 }
1923
1924 break;
1925
1926 case DNS_TYPE_NSEC: {
1927
1928 /*
1929 * RFC6762, section 18.14 explictly states mDNS should use name compression.
1930 * This contradicts RFC3845, section 2.1.1
1931 */
1932
1933 bool allow_compressed = p->protocol == DNS_PROTOCOL_MDNS;
1934
1935 r = dns_packet_read_name(p, &rr->nsec.next_domain_name, allow_compressed, NULL);
1936 if (r < 0)
1937 goto fail;
1938
1939 r = dns_packet_read_type_windows(p, &rr->nsec.types, offset + rdlength - p->rindex, NULL);
1940 if (r < 0)
1941 goto fail;
1942
1943 /* We accept empty NSEC bitmaps. The bit indicating the presence of the NSEC record itself
1944 * is redundant and in e.g., RFC4956 this fact is used to define a use for NSEC records
1945 * without the NSEC bit set. */
1946
1947 break;
1948 }
1949 case DNS_TYPE_NSEC3: {
1950 uint8_t size;
1951
1952 r = dns_packet_read_uint8(p, &rr->nsec3.algorithm, NULL);
1953 if (r < 0)
1954 goto fail;
1955
1956 r = dns_packet_read_uint8(p, &rr->nsec3.flags, NULL);
1957 if (r < 0)
1958 goto fail;
1959
1960 r = dns_packet_read_uint16(p, &rr->nsec3.iterations, NULL);
1961 if (r < 0)
1962 goto fail;
1963
1964 /* this may be zero */
1965 r = dns_packet_read_uint8(p, &size, NULL);
1966 if (r < 0)
1967 goto fail;
1968
1969 r = dns_packet_read_memdup(p, size, &rr->nsec3.salt, &rr->nsec3.salt_size, NULL);
1970 if (r < 0)
1971 goto fail;
1972
1973 r = dns_packet_read_uint8(p, &size, NULL);
1974 if (r < 0)
1975 goto fail;
1976
1977 if (size <= 0) {
1978 r = -EBADMSG;
1979 goto fail;
1980 }
1981
1982 r = dns_packet_read_memdup(p, size, &rr->nsec3.next_hashed_name, &rr->nsec3.next_hashed_name_size, NULL);
1983 if (r < 0)
1984 goto fail;
1985
1986 r = dns_packet_read_type_windows(p, &rr->nsec3.types, offset + rdlength - p->rindex, NULL);
1987 if (r < 0)
1988 goto fail;
1989
1990 /* empty non-terminals can have NSEC3 records, so empty bitmaps are allowed */
1991
1992 break;
1993 }
1994
1995 case DNS_TYPE_OPT: /* we only care about the header of OPT for now. */
1996 default:
1997 unparseable:
1998 r = dns_packet_read_memdup(p, rdlength, &rr->generic.data, &rr->generic.size, NULL);
1999 if (r < 0)
2000 goto fail;
2001 break;
2002 }
2003 if (r < 0)
2004 goto fail;
2005 if (p->rindex != offset + rdlength) {
2006 r = -EBADMSG;
2007 goto fail;
2008 }
2009
2010 *ret = rr;
2011 rr = NULL;
2012
2013 if (ret_cache_flush)
2014 *ret_cache_flush = cache_flush;
2015 if (start)
2016 *start = saved_rindex;
2017
2018 return 0;
2019 fail:
2020 dns_packet_rewind(p, saved_rindex);
2021 return r;
2022 }
2023
2024 int dns_packet_extract(DnsPacket *p) {
2025 _cleanup_(dns_question_unrefp) DnsQuestion *question = NULL;
2026 _cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL;
2027 size_t saved_rindex;
2028 unsigned n, i;
2029 int r;
2030
2031 if (p->extracted)
2032 return 0;
2033
2034 saved_rindex = p->rindex;
2035 dns_packet_rewind(p, DNS_PACKET_HEADER_SIZE);
2036
2037 n = DNS_PACKET_QDCOUNT(p);
2038 if (n > 0) {
2039 question = dns_question_new(n);
2040 if (!question) {
2041 r = -ENOMEM;
2042 goto finish;
2043 }
2044
2045 for (i = 0; i < n; i++) {
2046 _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL;
2047 bool cache_flush;
2048
2049 r = dns_packet_read_key(p, &key, &cache_flush, NULL);
2050 if (r < 0)
2051 goto finish;
2052
2053 if (cache_flush) {
2054 r = -EBADMSG;
2055 goto finish;
2056 }
2057
2058 if (!dns_type_is_valid_query(key->type)) {
2059 r = -EBADMSG;
2060 goto finish;
2061 }
2062
2063 r = dns_question_add(question, key);
2064 if (r < 0)
2065 goto finish;
2066 }
2067 }
2068
2069 n = DNS_PACKET_RRCOUNT(p);
2070 if (n > 0) {
2071 answer = dns_answer_new(n);
2072 if (!answer) {
2073 r = -ENOMEM;
2074 goto finish;
2075 }
2076
2077 for (i = 0; i < n; i++) {
2078 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
2079 bool cache_flush;
2080
2081 r = dns_packet_read_rr(p, &rr, &cache_flush, NULL);
2082 if (r < 0)
2083 goto finish;
2084
2085 if (rr->key->type == DNS_TYPE_OPT) {
2086
2087 if (!dns_name_is_root(DNS_RESOURCE_KEY_NAME(rr->key))) {
2088 r = -EBADMSG;
2089 goto finish;
2090 }
2091
2092 /* The OPT RR is only valid in the Additional section */
2093 if (i < DNS_PACKET_ANCOUNT(p) + DNS_PACKET_NSCOUNT(p)) {
2094 r = -EBADMSG;
2095 goto finish;
2096 }
2097
2098 /* Two OPT RRs? */
2099 if (p->opt) {
2100 r = -EBADMSG;
2101 goto finish;
2102 }
2103
2104 p->opt = dns_resource_record_ref(rr);
2105 } else {
2106
2107 /* According to RFC 4795, section
2108 * 2.9. only the RRs from the Answer
2109 * section shall be cached. Hence mark
2110 * only those RRs as cacheable by
2111 * default, but not the ones from the
2112 * Additional or Authority
2113 * sections. */
2114
2115 r = dns_answer_add(answer, rr, p->ifindex,
2116 (i < DNS_PACKET_ANCOUNT(p) ? DNS_ANSWER_CACHEABLE : 0) |
2117 (p->protocol == DNS_PROTOCOL_MDNS && !cache_flush ? DNS_ANSWER_SHARED_OWNER : 0));
2118 if (r < 0)
2119 goto finish;
2120 }
2121 }
2122 }
2123
2124 p->question = question;
2125 question = NULL;
2126
2127 p->answer = answer;
2128 answer = NULL;
2129
2130 p->extracted = true;
2131
2132 r = 0;
2133
2134 finish:
2135 p->rindex = saved_rindex;
2136 return r;
2137 }
2138
2139 int dns_packet_is_reply_for(DnsPacket *p, const DnsResourceKey *key) {
2140 int r;
2141
2142 assert(p);
2143 assert(key);
2144
2145 /* Checks if the specified packet is a reply for the specified
2146 * key and the specified key is the only one in the question
2147 * section. */
2148
2149 if (DNS_PACKET_QR(p) != 1)
2150 return 0;
2151
2152 /* Let's unpack the packet, if that hasn't happened yet. */
2153 r = dns_packet_extract(p);
2154 if (r < 0)
2155 return r;
2156
2157 if (p->question->n_keys != 1)
2158 return 0;
2159
2160 return dns_resource_key_equal(p->question->keys[0], key);
2161 }
2162
2163 static const char* const dns_rcode_table[_DNS_RCODE_MAX_DEFINED] = {
2164 [DNS_RCODE_SUCCESS] = "SUCCESS",
2165 [DNS_RCODE_FORMERR] = "FORMERR",
2166 [DNS_RCODE_SERVFAIL] = "SERVFAIL",
2167 [DNS_RCODE_NXDOMAIN] = "NXDOMAIN",
2168 [DNS_RCODE_NOTIMP] = "NOTIMP",
2169 [DNS_RCODE_REFUSED] = "REFUSED",
2170 [DNS_RCODE_YXDOMAIN] = "YXDOMAIN",
2171 [DNS_RCODE_YXRRSET] = "YRRSET",
2172 [DNS_RCODE_NXRRSET] = "NXRRSET",
2173 [DNS_RCODE_NOTAUTH] = "NOTAUTH",
2174 [DNS_RCODE_NOTZONE] = "NOTZONE",
2175 [DNS_RCODE_BADVERS] = "BADVERS",
2176 [DNS_RCODE_BADKEY] = "BADKEY",
2177 [DNS_RCODE_BADTIME] = "BADTIME",
2178 [DNS_RCODE_BADMODE] = "BADMODE",
2179 [DNS_RCODE_BADNAME] = "BADNAME",
2180 [DNS_RCODE_BADALG] = "BADALG",
2181 [DNS_RCODE_BADTRUNC] = "BADTRUNC",
2182 };
2183 DEFINE_STRING_TABLE_LOOKUP(dns_rcode, int);
2184
2185 static const char* const dns_protocol_table[_DNS_PROTOCOL_MAX] = {
2186 [DNS_PROTOCOL_DNS] = "dns",
2187 [DNS_PROTOCOL_MDNS] = "mdns",
2188 [DNS_PROTOCOL_LLMNR] = "llmnr",
2189 };
2190 DEFINE_STRING_TABLE_LOOKUP(dns_protocol, DnsProtocol);
Unnamed repository; edit this file 'description' to name the repository.