]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/resolved-dns-packet.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #2222 from snakeroot/eventsplat
[thirdparty/systemd.git] / src / resolve / resolved-dns-packet.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2014 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include "alloc-util.h"
23 #include "dns-domain.h"
24 #include "resolved-dns-packet.h"
25 #include "string-table.h"
26 #include "strv.h"
27 #include "unaligned.h"
28 #include "utf8.h"
29 #include "util.h"
30
31 #define EDNS0_OPT_DO (1<<15)
32
33 int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
34 DnsPacket *p;
35 size_t a;
36
37 assert(ret);
38
39 if (mtu <= UDP_PACKET_HEADER_SIZE)
40 a = DNS_PACKET_SIZE_START;
41 else
42 a = mtu - UDP_PACKET_HEADER_SIZE;
43
44 if (a < DNS_PACKET_HEADER_SIZE)
45 a = DNS_PACKET_HEADER_SIZE;
46
47 /* round up to next page size */
48 a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));
49
50 /* make sure we never allocate more than useful */
51 if (a > DNS_PACKET_SIZE_MAX)
52 a = DNS_PACKET_SIZE_MAX;
53
54 p = malloc0(ALIGN(sizeof(DnsPacket)) + a);
55 if (!p)
56 return -ENOMEM;
57
58 p->size = p->rindex = DNS_PACKET_HEADER_SIZE;
59 p->allocated = a;
60 p->protocol = protocol;
61 p->opt_start = p->opt_size = (size_t) -1;
62 p->n_ref = 1;
63
64 *ret = p;
65
66 return 0;
67 }
68
69 void dns_packet_set_flags(DnsPacket *p, bool dnssec_checking_disabled, bool truncated) {
70
71 DnsPacketHeader *h;
72
73 assert(p);
74
75 h = DNS_PACKET_HEADER(p);
76
77 switch(p->protocol) {
78 case DNS_PROTOCOL_LLMNR:
79 assert(!truncated);
80
81 h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
82 0 /* opcode */,
83 0 /* c */,
84 0 /* tc */,
85 0 /* t */,
86 0 /* ra */,
87 0 /* ad */,
88 0 /* cd */,
89 0 /* rcode */));
90 break;
91
92 case DNS_PROTOCOL_MDNS:
93 h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
94 0 /* opcode */,
95 0 /* aa */,
96 truncated /* tc */,
97 0 /* rd (ask for recursion) */,
98 0 /* ra */,
99 0 /* ad */,
100 0 /* cd */,
101 0 /* rcode */));
102 break;
103
104 default:
105 assert(!truncated);
106
107 h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
108 0 /* opcode */,
109 0 /* aa */,
110 0 /* tc */,
111 1 /* rd (ask for recursion) */,
112 0 /* ra */,
113 0 /* ad */,
114 dnssec_checking_disabled /* cd */,
115 0 /* rcode */));
116 }
117 }
118
119 int dns_packet_new_query(DnsPacket **ret, DnsProtocol protocol, size_t mtu, bool dnssec_checking_disabled) {
120 DnsPacket *p;
121 int r;
122
123 assert(ret);
124
125 r = dns_packet_new(&p, protocol, mtu);
126 if (r < 0)
127 return r;
128
129 /* Always set the TC bit to 0 initially.
130 * If there are multiple packets later, we'll update the bit shortly before sending.
131 */
132 dns_packet_set_flags(p, dnssec_checking_disabled, false);
133
134 *ret = p;
135 return 0;
136 }
137
138 DnsPacket *dns_packet_ref(DnsPacket *p) {
139
140 if (!p)
141 return NULL;
142
143 assert(!p->on_stack);
144
145 assert(p->n_ref > 0);
146 p->n_ref++;
147 return p;
148 }
149
150 static void dns_packet_free(DnsPacket *p) {
151 char *s;
152
153 assert(p);
154
155 dns_question_unref(p->question);
156 dns_answer_unref(p->answer);
157 dns_resource_record_unref(p->opt);
158
159 while ((s = hashmap_steal_first_key(p->names)))
160 free(s);
161 hashmap_free(p->names);
162
163 free(p->_data);
164
165 if (!p->on_stack)
166 free(p);
167 }
168
169 DnsPacket *dns_packet_unref(DnsPacket *p) {
170 if (!p)
171 return NULL;
172
173 assert(p->n_ref > 0);
174
175 dns_packet_unref(p->more);
176
177 if (p->n_ref == 1)
178 dns_packet_free(p);
179 else
180 p->n_ref--;
181
182 return NULL;
183 }
184
185 int dns_packet_validate(DnsPacket *p) {
186 assert(p);
187
188 if (p->size < DNS_PACKET_HEADER_SIZE)
189 return -EBADMSG;
190
191 if (p->size > DNS_PACKET_SIZE_MAX)
192 return -EBADMSG;
193
194 return 1;
195 }
196
197 int dns_packet_validate_reply(DnsPacket *p) {
198 int r;
199
200 assert(p);
201
202 r = dns_packet_validate(p);
203 if (r < 0)
204 return r;
205
206 if (DNS_PACKET_QR(p) != 1)
207 return 0;
208
209 if (DNS_PACKET_OPCODE(p) != 0)
210 return -EBADMSG;
211
212 switch (p->protocol) {
213
214 case DNS_PROTOCOL_LLMNR:
215 /* RFC 4795, Section 2.1.1. says to discard all replies with QDCOUNT != 1 */
216 if (DNS_PACKET_QDCOUNT(p) != 1)
217 return -EBADMSG;
218
219 break;
220
221 case DNS_PROTOCOL_MDNS:
222 /* RFC 6762, Section 18 */
223 if (DNS_PACKET_RCODE(p) != 0)
224 return -EBADMSG;
225
226 break;
227
228 default:
229 break;
230 }
231
232 return 1;
233 }
234
235 int dns_packet_validate_query(DnsPacket *p) {
236 int r;
237
238 assert(p);
239
240 r = dns_packet_validate(p);
241 if (r < 0)
242 return r;
243
244 if (DNS_PACKET_QR(p) != 0)
245 return 0;
246
247 if (DNS_PACKET_OPCODE(p) != 0)
248 return -EBADMSG;
249
250 if (DNS_PACKET_TC(p))
251 return -EBADMSG;
252
253 switch (p->protocol) {
254
255 case DNS_PROTOCOL_LLMNR:
256 /* RFC 4795, Section 2.1.1. says to discard all queries with QDCOUNT != 1 */
257 if (DNS_PACKET_QDCOUNT(p) != 1)
258 return -EBADMSG;
259
260 /* RFC 4795, Section 2.1.1. says to discard all queries with ANCOUNT != 0 */
261 if (DNS_PACKET_ANCOUNT(p) > 0)
262 return -EBADMSG;
263
264 /* RFC 4795, Section 2.1.1. says to discard all queries with NSCOUNT != 0 */
265 if (DNS_PACKET_NSCOUNT(p) > 0)
266 return -EBADMSG;
267
268 break;
269
270 case DNS_PROTOCOL_MDNS:
271 /* RFC 6762, Section 18 */
272 if (DNS_PACKET_AA(p) != 0 ||
273 DNS_PACKET_RD(p) != 0 ||
274 DNS_PACKET_RA(p) != 0 ||
275 DNS_PACKET_AD(p) != 0 ||
276 DNS_PACKET_CD(p) != 0 ||
277 DNS_PACKET_RCODE(p) != 0)
278 return -EBADMSG;
279
280 break;
281
282 default:
283 break;
284 }
285
286 return 1;
287 }
288
289 static int dns_packet_extend(DnsPacket *p, size_t add, void **ret, size_t *start) {
290 assert(p);
291
292 if (p->size + add > p->allocated) {
293 size_t a;
294
295 a = PAGE_ALIGN((p->size + add) * 2);
296 if (a > DNS_PACKET_SIZE_MAX)
297 a = DNS_PACKET_SIZE_MAX;
298
299 if (p->size + add > a)
300 return -EMSGSIZE;
301
302 if (p->_data) {
303 void *d;
304
305 d = realloc(p->_data, a);
306 if (!d)
307 return -ENOMEM;
308
309 p->_data = d;
310 } else {
311 p->_data = malloc(a);
312 if (!p->_data)
313 return -ENOMEM;
314
315 memcpy(p->_data, (uint8_t*) p + ALIGN(sizeof(DnsPacket)), p->size);
316 memzero((uint8_t*) p->_data + p->size, a - p->size);
317 }
318
319 p->allocated = a;
320 }
321
322 if (start)
323 *start = p->size;
324
325 if (ret)
326 *ret = (uint8_t*) DNS_PACKET_DATA(p) + p->size;
327
328 p->size += add;
329 return 0;
330 }
331
332 void dns_packet_truncate(DnsPacket *p, size_t sz) {
333 Iterator i;
334 char *s;
335 void *n;
336
337 assert(p);
338
339 if (p->size <= sz)
340 return;
341
342 HASHMAP_FOREACH_KEY(n, s, p->names, i) {
343
344 if (PTR_TO_SIZE(n) < sz)
345 continue;
346
347 hashmap_remove(p->names, s);
348 free(s);
349 }
350
351 p->size = sz;
352 }
353
354 int dns_packet_append_blob(DnsPacket *p, const void *d, size_t l, size_t *start) {
355 void *q;
356 int r;
357
358 assert(p);
359
360 r = dns_packet_extend(p, l, &q, start);
361 if (r < 0)
362 return r;
363
364 memcpy(q, d, l);
365 return 0;
366 }
367
368 int dns_packet_append_uint8(DnsPacket *p, uint8_t v, size_t *start) {
369 void *d;
370 int r;
371
372 assert(p);
373
374 r = dns_packet_extend(p, sizeof(uint8_t), &d, start);
375 if (r < 0)
376 return r;
377
378 ((uint8_t*) d)[0] = v;
379
380 return 0;
381 }
382
383 int dns_packet_append_uint16(DnsPacket *p, uint16_t v, size_t *start) {
384 void *d;
385 int r;
386
387 assert(p);
388
389 r = dns_packet_extend(p, sizeof(uint16_t), &d, start);
390 if (r < 0)
391 return r;
392
393 unaligned_write_be16(d, v);
394
395 return 0;
396 }
397
398 int dns_packet_append_uint32(DnsPacket *p, uint32_t v, size_t *start) {
399 void *d;
400 int r;
401
402 assert(p);
403
404 r = dns_packet_extend(p, sizeof(uint32_t), &d, start);
405 if (r < 0)
406 return r;
407
408 unaligned_write_be32(d, v);
409
410 return 0;
411 }
412
413 int dns_packet_append_string(DnsPacket *p, const char *s, size_t *start) {
414 assert(p);
415 assert(s);
416
417 return dns_packet_append_raw_string(p, s, strlen(s), start);
418 }
419
420 int dns_packet_append_raw_string(DnsPacket *p, const void *s, size_t size, size_t *start) {
421 void *d;
422 int r;
423
424 assert(p);
425 assert(s || size == 0);
426
427 if (size > 255)
428 return -E2BIG;
429
430 r = dns_packet_extend(p, 1 + size, &d, start);
431 if (r < 0)
432 return r;
433
434 ((uint8_t*) d)[0] = (uint8_t) size;
435
436 if (size > 0)
437 memcpy(((uint8_t*) d) + 1, s, size);
438
439 return 0;
440 }
441
442 int dns_packet_append_label(DnsPacket *p, const char *d, size_t l, bool canonical_candidate, size_t *start) {
443 uint8_t *w;
444 int r;
445
446 /* Append a label to a packet. Optionally, does this in DNSSEC
447 * canonical form, if this label is marked as a candidate for
448 * it, and the canonical form logic is enabled for the
449 * packet */
450
451 assert(p);
452 assert(d);
453
454 if (l > DNS_LABEL_MAX)
455 return -E2BIG;
456
457 r = dns_packet_extend(p, 1 + l, (void**) &w, start);
458 if (r < 0)
459 return r;
460
461 *(w++) = (uint8_t) l;
462
463 if (p->canonical_form && canonical_candidate) {
464 size_t i;
465
466 /* Generate in canonical form, as defined by DNSSEC
467 * RFC 4034, Section 6.2, i.e. all lower-case. */
468
469 for (i = 0; i < l; i++)
470 w[i] = (uint8_t) ascii_tolower(d[i]);
471 } else
472 /* Otherwise, just copy the string unaltered. This is
473 * essential for DNS-SD, where the casing of labels
474 * matters and needs to be retained. */
475 memcpy(w, d, l);
476
477 return 0;
478 }
479
480 int dns_packet_append_name(
481 DnsPacket *p,
482 const char *name,
483 bool allow_compression,
484 bool canonical_candidate,
485 size_t *start) {
486
487 size_t saved_size;
488 int r;
489
490 assert(p);
491 assert(name);
492
493 if (p->refuse_compression)
494 allow_compression = false;
495
496 saved_size = p->size;
497
498 while (!dns_name_is_root(name)) {
499 const char *z = name;
500 char label[DNS_LABEL_MAX];
501 size_t n = 0;
502
503 if (allow_compression)
504 n = PTR_TO_SIZE(hashmap_get(p->names, name));
505 if (n > 0) {
506 assert(n < p->size);
507
508 if (n < 0x4000) {
509 r = dns_packet_append_uint16(p, 0xC000 | n, NULL);
510 if (r < 0)
511 goto fail;
512
513 goto done;
514 }
515 }
516
517 r = dns_label_unescape(&name, label, sizeof(label));
518 if (r < 0)
519 goto fail;
520
521 r = dns_packet_append_label(p, label, r, canonical_candidate, &n);
522 if (r < 0)
523 goto fail;
524
525 if (allow_compression) {
526 _cleanup_free_ char *s = NULL;
527
528 s = strdup(z);
529 if (!s) {
530 r = -ENOMEM;
531 goto fail;
532 }
533
534 r = hashmap_ensure_allocated(&p->names, &dns_name_hash_ops);
535 if (r < 0)
536 goto fail;
537
538 r = hashmap_put(p->names, s, SIZE_TO_PTR(n));
539 if (r < 0)
540 goto fail;
541
542 s = NULL;
543 }
544 }
545
546 r = dns_packet_append_uint8(p, 0, NULL);
547 if (r < 0)
548 return r;
549
550 done:
551 if (start)
552 *start = saved_size;
553
554 return 0;
555
556 fail:
557 dns_packet_truncate(p, saved_size);
558 return r;
559 }
560
561 int dns_packet_append_key(DnsPacket *p, const DnsResourceKey *k, size_t *start) {
562 size_t saved_size;
563 int r;
564
565 assert(p);
566 assert(k);
567
568 saved_size = p->size;
569
570 r = dns_packet_append_name(p, DNS_RESOURCE_KEY_NAME(k), true, true, NULL);
571 if (r < 0)
572 goto fail;
573
574 r = dns_packet_append_uint16(p, k->type, NULL);
575 if (r < 0)
576 goto fail;
577
578 r = dns_packet_append_uint16(p, k->class, NULL);
579 if (r < 0)
580 goto fail;
581
582 if (start)
583 *start = saved_size;
584
585 return 0;
586
587 fail:
588 dns_packet_truncate(p, saved_size);
589 return r;
590 }
591
592 static int dns_packet_append_type_window(DnsPacket *p, uint8_t window, uint8_t length, const uint8_t *types, size_t *start) {
593 size_t saved_size;
594 int r;
595
596 assert(p);
597 assert(types);
598 assert(length > 0);
599
600 saved_size = p->size;
601
602 r = dns_packet_append_uint8(p, window, NULL);
603 if (r < 0)
604 goto fail;
605
606 r = dns_packet_append_uint8(p, length, NULL);
607 if (r < 0)
608 goto fail;
609
610 r = dns_packet_append_blob(p, types, length, NULL);
611 if (r < 0)
612 goto fail;
613
614 if (start)
615 *start = saved_size;
616
617 return 0;
618 fail:
619 dns_packet_truncate(p, saved_size);
620 return r;
621 }
622
623 static int dns_packet_append_types(DnsPacket *p, Bitmap *types, size_t *start) {
624 Iterator i;
625 uint8_t window = 0;
626 uint8_t entry = 0;
627 uint8_t bitmaps[32] = {};
628 unsigned n;
629 size_t saved_size;
630 int r;
631
632 assert(p);
633
634 saved_size = p->size;
635
636 BITMAP_FOREACH(n, types, i) {
637 assert(n <= 0xffff);
638
639 if ((n >> 8) != window && bitmaps[entry / 8] != 0) {
640 r = dns_packet_append_type_window(p, window, entry / 8 + 1, bitmaps, NULL);
641 if (r < 0)
642 goto fail;
643
644 zero(bitmaps);
645 }
646
647 window = n >> 8;
648 entry = n & 255;
649
650 bitmaps[entry / 8] |= 1 << (7 - (entry % 8));
651 }
652
653 if (bitmaps[entry / 8] != 0) {
654 r = dns_packet_append_type_window(p, window, entry / 8 + 1, bitmaps, NULL);
655 if (r < 0)
656 goto fail;
657 }
658
659 if (start)
660 *start = saved_size;
661
662 return 0;
663 fail:
664 dns_packet_truncate(p, saved_size);
665 return r;
666 }
667
668 /* Append the OPT pseudo-RR described in RFC6891 */
669 int dns_packet_append_opt(DnsPacket *p, uint16_t max_udp_size, bool edns0_do, size_t *start) {
670 size_t saved_size;
671 int r;
672
673 assert(p);
674 /* we must never advertise supported packet size smaller than the legacy max */
675 assert(max_udp_size >= DNS_PACKET_UNICAST_SIZE_MAX);
676
677 if (p->opt_start != (size_t) -1)
678 return -EBUSY;
679
680 assert(p->opt_size == (size_t) -1);
681
682 saved_size = p->size;
683
684 /* empty name */
685 r = dns_packet_append_uint8(p, 0, NULL);
686 if (r < 0)
687 return r;
688
689 /* type */
690 r = dns_packet_append_uint16(p, DNS_TYPE_OPT, NULL);
691 if (r < 0)
692 goto fail;
693
694 /* maximum udp packet that can be received */
695 r = dns_packet_append_uint16(p, max_udp_size, NULL);
696 if (r < 0)
697 goto fail;
698
699 /* extended RCODE and VERSION */
700 r = dns_packet_append_uint16(p, 0, NULL);
701 if (r < 0)
702 goto fail;
703
704 /* flags: DNSSEC OK (DO), see RFC3225 */
705 r = dns_packet_append_uint16(p, edns0_do ? EDNS0_OPT_DO : 0, NULL);
706 if (r < 0)
707 goto fail;
708
709 /* RDLENGTH */
710
711 if (edns0_do) {
712 /* If DO is on, also append RFC6975 Algorithm data */
713
714 static const uint8_t rfc6975[] = {
715
716 0, 5, /* OPTION_CODE: DAU */
717 0, 6, /* LIST_LENGTH */
718 DNSSEC_ALGORITHM_RSASHA1,
719 DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1,
720 DNSSEC_ALGORITHM_RSASHA256,
721 DNSSEC_ALGORITHM_RSASHA512,
722 DNSSEC_ALGORITHM_ECDSAP256SHA256,
723 DNSSEC_ALGORITHM_ECDSAP384SHA384,
724
725 0, 6, /* OPTION_CODE: DHU */
726 0, 3, /* LIST_LENGTH */
727 DNSSEC_DIGEST_SHA1,
728 DNSSEC_DIGEST_SHA256,
729 DNSSEC_DIGEST_SHA384,
730
731 0, 7, /* OPTION_CODE: N3U */
732 0, 1, /* LIST_LENGTH */
733 NSEC3_ALGORITHM_SHA1,
734 };
735
736 r = dns_packet_append_uint16(p, sizeof(rfc6975), NULL);
737 if (r < 0)
738 goto fail;
739
740 r = dns_packet_append_blob(p, rfc6975, sizeof(rfc6975), NULL);
741 } else
742 r = dns_packet_append_uint16(p, 0, NULL);
743
744 if (r < 0)
745 goto fail;
746
747 DNS_PACKET_HEADER(p)->arcount = htobe16(DNS_PACKET_ARCOUNT(p) + 1);
748
749 p->opt_start = saved_size;
750 p->opt_size = p->size - saved_size;
751
752 if (start)
753 *start = saved_size;
754
755 return 0;
756
757 fail:
758 dns_packet_truncate(p, saved_size);
759 return r;
760 }
761
762 int dns_packet_truncate_opt(DnsPacket *p) {
763 assert(p);
764
765 if (p->opt_start == (size_t) -1) {
766 assert(p->opt_size == (size_t) -1);
767 return 0;
768 }
769
770 assert(p->opt_size != (size_t) -1);
771 assert(DNS_PACKET_ARCOUNT(p) > 0);
772
773 if (p->opt_start + p->opt_size != p->size)
774 return -EBUSY;
775
776 dns_packet_truncate(p, p->opt_start);
777 DNS_PACKET_HEADER(p)->arcount = htobe16(DNS_PACKET_ARCOUNT(p) - 1);
778 p->opt_start = p->opt_size = (size_t) -1;
779
780 return 1;
781 }
782
783 int dns_packet_append_rr(DnsPacket *p, const DnsResourceRecord *rr, size_t *start, size_t *rdata_start) {
784 size_t saved_size, rdlength_offset, end, rdlength, rds;
785 int r;
786
787 assert(p);
788 assert(rr);
789
790 saved_size = p->size;
791
792 r = dns_packet_append_key(p, rr->key, NULL);
793 if (r < 0)
794 goto fail;
795
796 r = dns_packet_append_uint32(p, rr->ttl, NULL);
797 if (r < 0)
798 goto fail;
799
800 /* Initially we write 0 here */
801 r = dns_packet_append_uint16(p, 0, &rdlength_offset);
802 if (r < 0)
803 goto fail;
804
805 rds = p->size - saved_size;
806
807 switch (rr->unparseable ? _DNS_TYPE_INVALID : rr->key->type) {
808
809 case DNS_TYPE_SRV:
810 r = dns_packet_append_uint16(p, rr->srv.priority, NULL);
811 if (r < 0)
812 goto fail;
813
814 r = dns_packet_append_uint16(p, rr->srv.weight, NULL);
815 if (r < 0)
816 goto fail;
817
818 r = dns_packet_append_uint16(p, rr->srv.port, NULL);
819 if (r < 0)
820 goto fail;
821
822 r = dns_packet_append_name(p, rr->srv.name, true, false, NULL);
823 break;
824
825 case DNS_TYPE_PTR:
826 case DNS_TYPE_NS:
827 case DNS_TYPE_CNAME:
828 case DNS_TYPE_DNAME:
829 r = dns_packet_append_name(p, rr->ptr.name, true, false, NULL);
830 break;
831
832 case DNS_TYPE_HINFO:
833 r = dns_packet_append_string(p, rr->hinfo.cpu, NULL);
834 if (r < 0)
835 goto fail;
836
837 r = dns_packet_append_string(p, rr->hinfo.os, NULL);
838 break;
839
840 case DNS_TYPE_SPF: /* exactly the same as TXT */
841 case DNS_TYPE_TXT:
842
843 if (!rr->txt.items) {
844 /* RFC 6763, section 6.1 suggests to generate
845 * single empty string for an empty array. */
846
847 r = dns_packet_append_raw_string(p, NULL, 0, NULL);
848 if (r < 0)
849 goto fail;
850 } else {
851 DnsTxtItem *i;
852
853 LIST_FOREACH(items, i, rr->txt.items) {
854 r = dns_packet_append_raw_string(p, i->data, i->length, NULL);
855 if (r < 0)
856 goto fail;
857 }
858 }
859
860 r = 0;
861 break;
862
863 case DNS_TYPE_A:
864 r = dns_packet_append_blob(p, &rr->a.in_addr, sizeof(struct in_addr), NULL);
865 break;
866
867 case DNS_TYPE_AAAA:
868 r = dns_packet_append_blob(p, &rr->aaaa.in6_addr, sizeof(struct in6_addr), NULL);
869 break;
870
871 case DNS_TYPE_SOA:
872 r = dns_packet_append_name(p, rr->soa.mname, true, false, NULL);
873 if (r < 0)
874 goto fail;
875
876 r = dns_packet_append_name(p, rr->soa.rname, true, false, NULL);
877 if (r < 0)
878 goto fail;
879
880 r = dns_packet_append_uint32(p, rr->soa.serial, NULL);
881 if (r < 0)
882 goto fail;
883
884 r = dns_packet_append_uint32(p, rr->soa.refresh, NULL);
885 if (r < 0)
886 goto fail;
887
888 r = dns_packet_append_uint32(p, rr->soa.retry, NULL);
889 if (r < 0)
890 goto fail;
891
892 r = dns_packet_append_uint32(p, rr->soa.expire, NULL);
893 if (r < 0)
894 goto fail;
895
896 r = dns_packet_append_uint32(p, rr->soa.minimum, NULL);
897 break;
898
899 case DNS_TYPE_MX:
900 r = dns_packet_append_uint16(p, rr->mx.priority, NULL);
901 if (r < 0)
902 goto fail;
903
904 r = dns_packet_append_name(p, rr->mx.exchange, true, false, NULL);
905 break;
906
907 case DNS_TYPE_LOC:
908 r = dns_packet_append_uint8(p, rr->loc.version, NULL);
909 if (r < 0)
910 goto fail;
911
912 r = dns_packet_append_uint8(p, rr->loc.size, NULL);
913 if (r < 0)
914 goto fail;
915
916 r = dns_packet_append_uint8(p, rr->loc.horiz_pre, NULL);
917 if (r < 0)
918 goto fail;
919
920 r = dns_packet_append_uint8(p, rr->loc.vert_pre, NULL);
921 if (r < 0)
922 goto fail;
923
924 r = dns_packet_append_uint32(p, rr->loc.latitude, NULL);
925 if (r < 0)
926 goto fail;
927
928 r = dns_packet_append_uint32(p, rr->loc.longitude, NULL);
929 if (r < 0)
930 goto fail;
931
932 r = dns_packet_append_uint32(p, rr->loc.altitude, NULL);
933 break;
934
935 case DNS_TYPE_DS:
936 r = dns_packet_append_uint16(p, rr->ds.key_tag, NULL);
937 if (r < 0)
938 goto fail;
939
940 r = dns_packet_append_uint8(p, rr->ds.algorithm, NULL);
941 if (r < 0)
942 goto fail;
943
944 r = dns_packet_append_uint8(p, rr->ds.digest_type, NULL);
945 if (r < 0)
946 goto fail;
947
948 r = dns_packet_append_blob(p, rr->ds.digest, rr->ds.digest_size, NULL);
949 break;
950
951 case DNS_TYPE_SSHFP:
952 r = dns_packet_append_uint8(p, rr->sshfp.algorithm, NULL);
953 if (r < 0)
954 goto fail;
955
956 r = dns_packet_append_uint8(p, rr->sshfp.fptype, NULL);
957 if (r < 0)
958 goto fail;
959
960 r = dns_packet_append_blob(p, rr->sshfp.fingerprint, rr->sshfp.fingerprint_size, NULL);
961 break;
962
963 case DNS_TYPE_DNSKEY:
964 r = dns_packet_append_uint16(p, rr->dnskey.flags, NULL);
965 if (r < 0)
966 goto fail;
967
968 r = dns_packet_append_uint8(p, rr->dnskey.protocol, NULL);
969 if (r < 0)
970 goto fail;
971
972 r = dns_packet_append_uint8(p, rr->dnskey.algorithm, NULL);
973 if (r < 0)
974 goto fail;
975
976 r = dns_packet_append_blob(p, rr->dnskey.key, rr->dnskey.key_size, NULL);
977 break;
978
979 case DNS_TYPE_RRSIG:
980 r = dns_packet_append_uint16(p, rr->rrsig.type_covered, NULL);
981 if (r < 0)
982 goto fail;
983
984 r = dns_packet_append_uint8(p, rr->rrsig.algorithm, NULL);
985 if (r < 0)
986 goto fail;
987
988 r = dns_packet_append_uint8(p, rr->rrsig.labels, NULL);
989 if (r < 0)
990 goto fail;
991
992 r = dns_packet_append_uint32(p, rr->rrsig.original_ttl, NULL);
993 if (r < 0)
994 goto fail;
995
996 r = dns_packet_append_uint32(p, rr->rrsig.expiration, NULL);
997 if (r < 0)
998 goto fail;
999
1000 r = dns_packet_append_uint32(p, rr->rrsig.inception, NULL);
1001 if (r < 0)
1002 goto fail;
1003
1004 r = dns_packet_append_uint16(p, rr->rrsig.key_tag, NULL);
1005 if (r < 0)
1006 goto fail;
1007
1008 r = dns_packet_append_name(p, rr->rrsig.signer, false, true, NULL);
1009 if (r < 0)
1010 goto fail;
1011
1012 r = dns_packet_append_blob(p, rr->rrsig.signature, rr->rrsig.signature_size, NULL);
1013 break;
1014
1015 case DNS_TYPE_NSEC:
1016 r = dns_packet_append_name(p, rr->nsec.next_domain_name, false, false, NULL);
1017 if (r < 0)
1018 goto fail;
1019
1020 r = dns_packet_append_types(p, rr->nsec.types, NULL);
1021 if (r < 0)
1022 goto fail;
1023
1024 break;
1025
1026 case DNS_TYPE_NSEC3:
1027 r = dns_packet_append_uint8(p, rr->nsec3.algorithm, NULL);
1028 if (r < 0)
1029 goto fail;
1030
1031 r = dns_packet_append_uint8(p, rr->nsec3.flags, NULL);
1032 if (r < 0)
1033 goto fail;
1034
1035 r = dns_packet_append_uint16(p, rr->nsec3.iterations, NULL);
1036 if (r < 0)
1037 goto fail;
1038
1039 r = dns_packet_append_uint8(p, rr->nsec3.salt_size, NULL);
1040 if (r < 0)
1041 goto fail;
1042
1043 r = dns_packet_append_blob(p, rr->nsec3.salt, rr->nsec3.salt_size, NULL);
1044 if (r < 0)
1045 goto fail;
1046
1047 r = dns_packet_append_uint8(p, rr->nsec3.next_hashed_name_size, NULL);
1048 if (r < 0)
1049 goto fail;
1050
1051 r = dns_packet_append_blob(p, rr->nsec3.next_hashed_name, rr->nsec3.next_hashed_name_size, NULL);
1052 if (r < 0)
1053 goto fail;
1054
1055 r = dns_packet_append_types(p, rr->nsec3.types, NULL);
1056 if (r < 0)
1057 goto fail;
1058
1059 break;
1060
1061 case DNS_TYPE_OPT:
1062 case _DNS_TYPE_INVALID: /* unparseable */
1063 default:
1064
1065 r = dns_packet_append_blob(p, rr->generic.data, rr->generic.size, NULL);
1066 break;
1067 }
1068 if (r < 0)
1069 goto fail;
1070
1071 /* Let's calculate the actual data size and update the field */
1072 rdlength = p->size - rdlength_offset - sizeof(uint16_t);
1073 if (rdlength > 0xFFFF) {
1074 r = -ENOSPC;
1075 goto fail;
1076 }
1077
1078 end = p->size;
1079 p->size = rdlength_offset;
1080 r = dns_packet_append_uint16(p, rdlength, NULL);
1081 if (r < 0)
1082 goto fail;
1083 p->size = end;
1084
1085 if (start)
1086 *start = saved_size;
1087
1088 if (rdata_start)
1089 *rdata_start = rds;
1090
1091 return 0;
1092
1093 fail:
1094 dns_packet_truncate(p, saved_size);
1095 return r;
1096 }
1097
1098 int dns_packet_read(DnsPacket *p, size_t sz, const void **ret, size_t *start) {
1099 assert(p);
1100
1101 if (p->rindex + sz > p->size)
1102 return -EMSGSIZE;
1103
1104 if (ret)
1105 *ret = (uint8_t*) DNS_PACKET_DATA(p) + p->rindex;
1106
1107 if (start)
1108 *start = p->rindex;
1109
1110 p->rindex += sz;
1111 return 0;
1112 }
1113
1114 void dns_packet_rewind(DnsPacket *p, size_t idx) {
1115 assert(p);
1116 assert(idx <= p->size);
1117 assert(idx >= DNS_PACKET_HEADER_SIZE);
1118
1119 p->rindex = idx;
1120 }
1121
1122 int dns_packet_read_blob(DnsPacket *p, void *d, size_t sz, size_t *start) {
1123 const void *q;
1124 int r;
1125
1126 assert(p);
1127 assert(d);
1128
1129 r = dns_packet_read(p, sz, &q, start);
1130 if (r < 0)
1131 return r;
1132
1133 memcpy(d, q, sz);
1134 return 0;
1135 }
1136
1137 static int dns_packet_read_memdup(
1138 DnsPacket *p, size_t size,
1139 void **ret, size_t *ret_size,
1140 size_t *ret_start) {
1141
1142 const void *src;
1143 size_t start;
1144 int r;
1145
1146 assert(p);
1147 assert(ret);
1148
1149 r = dns_packet_read(p, size, &src, &start);
1150 if (r < 0)
1151 return r;
1152
1153 if (size <= 0)
1154 *ret = NULL;
1155 else {
1156 void *copy;
1157
1158 copy = memdup(src, size);
1159 if (!copy)
1160 return -ENOMEM;
1161
1162 *ret = copy;
1163 }
1164
1165 if (ret_size)
1166 *ret_size = size;
1167 if (ret_start)
1168 *ret_start = start;
1169
1170 return 0;
1171 }
1172
1173 int dns_packet_read_uint8(DnsPacket *p, uint8_t *ret, size_t *start) {
1174 const void *d;
1175 int r;
1176
1177 assert(p);
1178
1179 r = dns_packet_read(p, sizeof(uint8_t), &d, start);
1180 if (r < 0)
1181 return r;
1182
1183 *ret = ((uint8_t*) d)[0];
1184 return 0;
1185 }
1186
1187 int dns_packet_read_uint16(DnsPacket *p, uint16_t *ret, size_t *start) {
1188 const void *d;
1189 int r;
1190
1191 assert(p);
1192
1193 r = dns_packet_read(p, sizeof(uint16_t), &d, start);
1194 if (r < 0)
1195 return r;
1196
1197 *ret = unaligned_read_be16(d);
1198
1199 return 0;
1200 }
1201
1202 int dns_packet_read_uint32(DnsPacket *p, uint32_t *ret, size_t *start) {
1203 const void *d;
1204 int r;
1205
1206 assert(p);
1207
1208 r = dns_packet_read(p, sizeof(uint32_t), &d, start);
1209 if (r < 0)
1210 return r;
1211
1212 *ret = unaligned_read_be32(d);
1213
1214 return 0;
1215 }
1216
1217 int dns_packet_read_string(DnsPacket *p, char **ret, size_t *start) {
1218 size_t saved_rindex;
1219 const void *d;
1220 char *t;
1221 uint8_t c;
1222 int r;
1223
1224 assert(p);
1225
1226 saved_rindex = p->rindex;
1227
1228 r = dns_packet_read_uint8(p, &c, NULL);
1229 if (r < 0)
1230 goto fail;
1231
1232 r = dns_packet_read(p, c, &d, NULL);
1233 if (r < 0)
1234 goto fail;
1235
1236 if (memchr(d, 0, c)) {
1237 r = -EBADMSG;
1238 goto fail;
1239 }
1240
1241 t = strndup(d, c);
1242 if (!t) {
1243 r = -ENOMEM;
1244 goto fail;
1245 }
1246
1247 if (!utf8_is_valid(t)) {
1248 free(t);
1249 r = -EBADMSG;
1250 goto fail;
1251 }
1252
1253 *ret = t;
1254
1255 if (start)
1256 *start = saved_rindex;
1257
1258 return 0;
1259
1260 fail:
1261 dns_packet_rewind(p, saved_rindex);
1262 return r;
1263 }
1264
1265 int dns_packet_read_raw_string(DnsPacket *p, const void **ret, size_t *size, size_t *start) {
1266 size_t saved_rindex;
1267 uint8_t c;
1268 int r;
1269
1270 assert(p);
1271
1272 saved_rindex = p->rindex;
1273
1274 r = dns_packet_read_uint8(p, &c, NULL);
1275 if (r < 0)
1276 goto fail;
1277
1278 r = dns_packet_read(p, c, ret, NULL);
1279 if (r < 0)
1280 goto fail;
1281
1282 if (size)
1283 *size = c;
1284 if (start)
1285 *start = saved_rindex;
1286
1287 return 0;
1288
1289 fail:
1290 dns_packet_rewind(p, saved_rindex);
1291 return r;
1292 }
1293
1294 int dns_packet_read_name(
1295 DnsPacket *p,
1296 char **_ret,
1297 bool allow_compression,
1298 size_t *start) {
1299
1300 size_t saved_rindex, after_rindex = 0, jump_barrier;
1301 _cleanup_free_ char *ret = NULL;
1302 size_t n = 0, allocated = 0;
1303 bool first = true;
1304 int r;
1305
1306 assert(p);
1307 assert(_ret);
1308
1309 if (p->refuse_compression)
1310 allow_compression = false;
1311
1312 saved_rindex = p->rindex;
1313 jump_barrier = p->rindex;
1314
1315 for (;;) {
1316 uint8_t c, d;
1317
1318 r = dns_packet_read_uint8(p, &c, NULL);
1319 if (r < 0)
1320 goto fail;
1321
1322 if (c == 0)
1323 /* End of name */
1324 break;
1325 else if (c <= 63) {
1326 const char *label;
1327
1328 /* Literal label */
1329 r = dns_packet_read(p, c, (const void**) &label, NULL);
1330 if (r < 0)
1331 goto fail;
1332
1333 if (!GREEDY_REALLOC(ret, allocated, n + !first + DNS_LABEL_ESCAPED_MAX)) {
1334 r = -ENOMEM;
1335 goto fail;
1336 }
1337
1338 if (first)
1339 first = false;
1340 else
1341 ret[n++] = '.';
1342
1343 r = dns_label_escape(label, c, ret + n, DNS_LABEL_ESCAPED_MAX);
1344 if (r < 0)
1345 goto fail;
1346
1347 n += r;
1348 continue;
1349 } else if (allow_compression && (c & 0xc0) == 0xc0) {
1350 uint16_t ptr;
1351
1352 /* Pointer */
1353 r = dns_packet_read_uint8(p, &d, NULL);
1354 if (r < 0)
1355 goto fail;
1356
1357 ptr = (uint16_t) (c & ~0xc0) << 8 | (uint16_t) d;
1358 if (ptr < DNS_PACKET_HEADER_SIZE || ptr >= jump_barrier) {
1359 r = -EBADMSG;
1360 goto fail;
1361 }
1362
1363 if (after_rindex == 0)
1364 after_rindex = p->rindex;
1365
1366 /* Jumps are limited to a "prior occurrence" (RFC-1035 4.1.4) */
1367 jump_barrier = ptr;
1368 p->rindex = ptr;
1369 } else {
1370 r = -EBADMSG;
1371 goto fail;
1372 }
1373 }
1374
1375 if (!GREEDY_REALLOC(ret, allocated, n + 1)) {
1376 r = -ENOMEM;
1377 goto fail;
1378 }
1379
1380 ret[n] = 0;
1381
1382 if (after_rindex != 0)
1383 p->rindex= after_rindex;
1384
1385 *_ret = ret;
1386 ret = NULL;
1387
1388 if (start)
1389 *start = saved_rindex;
1390
1391 return 0;
1392
1393 fail:
1394 dns_packet_rewind(p, saved_rindex);
1395 return r;
1396 }
1397
1398 static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *start) {
1399 uint8_t window;
1400 uint8_t length;
1401 const uint8_t *bitmap;
1402 uint8_t bit = 0;
1403 unsigned i;
1404 bool found = false;
1405 size_t saved_rindex;
1406 int r;
1407
1408 assert(p);
1409 assert(types);
1410
1411 saved_rindex = p->rindex;
1412
1413 r = bitmap_ensure_allocated(types);
1414 if (r < 0)
1415 goto fail;
1416
1417 r = dns_packet_read_uint8(p, &window, NULL);
1418 if (r < 0)
1419 goto fail;
1420
1421 r = dns_packet_read_uint8(p, &length, NULL);
1422 if (r < 0)
1423 goto fail;
1424
1425 if (length == 0 || length > 32)
1426 return -EBADMSG;
1427
1428 r = dns_packet_read(p, length, (const void **)&bitmap, NULL);
1429 if (r < 0)
1430 goto fail;
1431
1432 for (i = 0; i < length; i++) {
1433 uint8_t bitmask = 1 << 7;
1434
1435 if (!bitmap[i]) {
1436 found = false;
1437 bit += 8;
1438 continue;
1439 }
1440
1441 found = true;
1442
1443 while (bitmask) {
1444 if (bitmap[i] & bitmask) {
1445 uint16_t n;
1446
1447 n = (uint16_t) window << 8 | (uint16_t) bit;
1448
1449 /* Ignore pseudo-types. see RFC4034 section 4.1.2 */
1450 if (dns_type_is_pseudo(n))
1451 continue;
1452
1453 r = bitmap_set(*types, n);
1454 if (r < 0)
1455 goto fail;
1456 }
1457
1458 bit ++;
1459 bitmask >>= 1;
1460 }
1461 }
1462
1463 if (!found)
1464 return -EBADMSG;
1465
1466 if (start)
1467 *start = saved_rindex;
1468
1469 return 0;
1470 fail:
1471 dns_packet_rewind(p, saved_rindex);
1472 return r;
1473 }
1474
1475 static int dns_packet_read_type_windows(DnsPacket *p, Bitmap **types, size_t size, size_t *start) {
1476 size_t saved_rindex;
1477 int r;
1478
1479 saved_rindex = p->rindex;
1480
1481 while (p->rindex < saved_rindex + size) {
1482 r = dns_packet_read_type_window(p, types, NULL);
1483 if (r < 0)
1484 goto fail;
1485
1486 /* don't read past end of current RR */
1487 if (p->rindex > saved_rindex + size) {
1488 r = -EBADMSG;
1489 goto fail;
1490 }
1491 }
1492
1493 if (p->rindex != saved_rindex + size) {
1494 r = -EBADMSG;
1495 goto fail;
1496 }
1497
1498 if (start)
1499 *start = saved_rindex;
1500
1501 return 0;
1502 fail:
1503 dns_packet_rewind(p, saved_rindex);
1504 return r;
1505 }
1506
1507 int dns_packet_read_key(DnsPacket *p, DnsResourceKey **ret, bool *ret_cache_flush, size_t *start) {
1508 _cleanup_free_ char *name = NULL;
1509 bool cache_flush = false;
1510 uint16_t class, type;
1511 DnsResourceKey *key;
1512 size_t saved_rindex;
1513 int r;
1514
1515 assert(p);
1516 assert(ret);
1517
1518 saved_rindex = p->rindex;
1519
1520 r = dns_packet_read_name(p, &name, true, NULL);
1521 if (r < 0)
1522 goto fail;
1523
1524 r = dns_packet_read_uint16(p, &type, NULL);
1525 if (r < 0)
1526 goto fail;
1527
1528 r = dns_packet_read_uint16(p, &class, NULL);
1529 if (r < 0)
1530 goto fail;
1531
1532 if (p->protocol == DNS_PROTOCOL_MDNS) {
1533 /* See RFC6762, Section 10.2 */
1534
1535 if (type != DNS_TYPE_OPT && (class & MDNS_RR_CACHE_FLUSH)) {
1536 class &= ~MDNS_RR_CACHE_FLUSH;
1537 cache_flush = true;
1538 }
1539 }
1540
1541 key = dns_resource_key_new_consume(class, type, name);
1542 if (!key) {
1543 r = -ENOMEM;
1544 goto fail;
1545 }
1546
1547 name = NULL;
1548 *ret = key;
1549
1550 if (ret_cache_flush)
1551 *ret_cache_flush = cache_flush;
1552 if (start)
1553 *start = saved_rindex;
1554
1555 return 0;
1556 fail:
1557 dns_packet_rewind(p, saved_rindex);
1558 return r;
1559 }
1560
1561 static bool loc_size_ok(uint8_t size) {
1562 uint8_t m = size >> 4, e = size & 0xF;
1563
1564 return m <= 9 && e <= 9 && (m > 0 || e == 0);
1565 }
1566
1567 int dns_packet_read_rr(DnsPacket *p, DnsResourceRecord **ret, bool *ret_cache_flush, size_t *start) {
1568 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
1569 _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL;
1570 size_t saved_rindex, offset;
1571 uint16_t rdlength;
1572 bool cache_flush;
1573 int r;
1574
1575 assert(p);
1576 assert(ret);
1577
1578 saved_rindex = p->rindex;
1579
1580 r = dns_packet_read_key(p, &key, &cache_flush, NULL);
1581 if (r < 0)
1582 goto fail;
1583
1584 if (!dns_class_is_valid_rr(key->class)||
1585 !dns_type_is_valid_rr(key->type)) {
1586 r = -EBADMSG;
1587 goto fail;
1588 }
1589
1590 rr = dns_resource_record_new(key);
1591 if (!rr) {
1592 r = -ENOMEM;
1593 goto fail;
1594 }
1595
1596 r = dns_packet_read_uint32(p, &rr->ttl, NULL);
1597 if (r < 0)
1598 goto fail;
1599
1600 /* RFC 2181, Section 8, suggests to
1601 * treat a TTL with the MSB set as a zero TTL. */
1602 if (rr->ttl & UINT32_C(0x80000000))
1603 rr->ttl = 0;
1604
1605 r = dns_packet_read_uint16(p, &rdlength, NULL);
1606 if (r < 0)
1607 goto fail;
1608
1609 if (p->rindex + rdlength > p->size) {
1610 r = -EBADMSG;
1611 goto fail;
1612 }
1613
1614 offset = p->rindex;
1615
1616 switch (rr->key->type) {
1617
1618 case DNS_TYPE_SRV:
1619 r = dns_packet_read_uint16(p, &rr->srv.priority, NULL);
1620 if (r < 0)
1621 goto fail;
1622 r = dns_packet_read_uint16(p, &rr->srv.weight, NULL);
1623 if (r < 0)
1624 goto fail;
1625 r = dns_packet_read_uint16(p, &rr->srv.port, NULL);
1626 if (r < 0)
1627 goto fail;
1628 r = dns_packet_read_name(p, &rr->srv.name, true, NULL);
1629 break;
1630
1631 case DNS_TYPE_PTR:
1632 case DNS_TYPE_NS:
1633 case DNS_TYPE_CNAME:
1634 case DNS_TYPE_DNAME:
1635 r = dns_packet_read_name(p, &rr->ptr.name, true, NULL);
1636 break;
1637
1638 case DNS_TYPE_HINFO:
1639 r = dns_packet_read_string(p, &rr->hinfo.cpu, NULL);
1640 if (r < 0)
1641 goto fail;
1642
1643 r = dns_packet_read_string(p, &rr->hinfo.os, NULL);
1644 break;
1645
1646 case DNS_TYPE_SPF: /* exactly the same as TXT */
1647 case DNS_TYPE_TXT:
1648 if (rdlength <= 0) {
1649 DnsTxtItem *i;
1650 /* RFC 6763, section 6.1 suggests to treat
1651 * empty TXT RRs as equivalent to a TXT record
1652 * with a single empty string. */
1653
1654 i = malloc0(offsetof(DnsTxtItem, data) + 1); /* for safety reasons we add an extra NUL byte */
1655 if (!i)
1656 return -ENOMEM;
1657
1658 rr->txt.items = i;
1659 } else {
1660 DnsTxtItem *last = NULL;
1661
1662 while (p->rindex < offset + rdlength) {
1663 DnsTxtItem *i;
1664 const void *data;
1665 size_t sz;
1666
1667 r = dns_packet_read_raw_string(p, &data, &sz, NULL);
1668 if (r < 0)
1669 return r;
1670
1671 i = malloc0(offsetof(DnsTxtItem, data) + sz + 1); /* extra NUL byte at the end */
1672 if (!i)
1673 return -ENOMEM;
1674
1675 memcpy(i->data, data, sz);
1676 i->length = sz;
1677
1678 LIST_INSERT_AFTER(items, rr->txt.items, last, i);
1679 last = i;
1680 }
1681 }
1682
1683 r = 0;
1684 break;
1685
1686 case DNS_TYPE_A:
1687 r = dns_packet_read_blob(p, &rr->a.in_addr, sizeof(struct in_addr), NULL);
1688 break;
1689
1690 case DNS_TYPE_AAAA:
1691 r = dns_packet_read_blob(p, &rr->aaaa.in6_addr, sizeof(struct in6_addr), NULL);
1692 break;
1693
1694 case DNS_TYPE_SOA:
1695 r = dns_packet_read_name(p, &rr->soa.mname, true, NULL);
1696 if (r < 0)
1697 goto fail;
1698
1699 r = dns_packet_read_name(p, &rr->soa.rname, true, NULL);
1700 if (r < 0)
1701 goto fail;
1702
1703 r = dns_packet_read_uint32(p, &rr->soa.serial, NULL);
1704 if (r < 0)
1705 goto fail;
1706
1707 r = dns_packet_read_uint32(p, &rr->soa.refresh, NULL);
1708 if (r < 0)
1709 goto fail;
1710
1711 r = dns_packet_read_uint32(p, &rr->soa.retry, NULL);
1712 if (r < 0)
1713 goto fail;
1714
1715 r = dns_packet_read_uint32(p, &rr->soa.expire, NULL);
1716 if (r < 0)
1717 goto fail;
1718
1719 r = dns_packet_read_uint32(p, &rr->soa.minimum, NULL);
1720 break;
1721
1722 case DNS_TYPE_MX:
1723 r = dns_packet_read_uint16(p, &rr->mx.priority, NULL);
1724 if (r < 0)
1725 goto fail;
1726
1727 r = dns_packet_read_name(p, &rr->mx.exchange, true, NULL);
1728 break;
1729
1730 case DNS_TYPE_LOC: {
1731 uint8_t t;
1732 size_t pos;
1733
1734 r = dns_packet_read_uint8(p, &t, &pos);
1735 if (r < 0)
1736 goto fail;
1737
1738 if (t == 0) {
1739 rr->loc.version = t;
1740
1741 r = dns_packet_read_uint8(p, &rr->loc.size, NULL);
1742 if (r < 0)
1743 goto fail;
1744
1745 if (!loc_size_ok(rr->loc.size)) {
1746 r = -EBADMSG;
1747 goto fail;
1748 }
1749
1750 r = dns_packet_read_uint8(p, &rr->loc.horiz_pre, NULL);
1751 if (r < 0)
1752 goto fail;
1753
1754 if (!loc_size_ok(rr->loc.horiz_pre)) {
1755 r = -EBADMSG;
1756 goto fail;
1757 }
1758
1759 r = dns_packet_read_uint8(p, &rr->loc.vert_pre, NULL);
1760 if (r < 0)
1761 goto fail;
1762
1763 if (!loc_size_ok(rr->loc.vert_pre)) {
1764 r = -EBADMSG;
1765 goto fail;
1766 }
1767
1768 r = dns_packet_read_uint32(p, &rr->loc.latitude, NULL);
1769 if (r < 0)
1770 goto fail;
1771
1772 r = dns_packet_read_uint32(p, &rr->loc.longitude, NULL);
1773 if (r < 0)
1774 goto fail;
1775
1776 r = dns_packet_read_uint32(p, &rr->loc.altitude, NULL);
1777 if (r < 0)
1778 goto fail;
1779
1780 break;
1781 } else {
1782 dns_packet_rewind(p, pos);
1783 rr->unparseable = true;
1784 goto unparseable;
1785 }
1786 }
1787
1788 case DNS_TYPE_DS:
1789 r = dns_packet_read_uint16(p, &rr->ds.key_tag, NULL);
1790 if (r < 0)
1791 goto fail;
1792
1793 r = dns_packet_read_uint8(p, &rr->ds.algorithm, NULL);
1794 if (r < 0)
1795 goto fail;
1796
1797 r = dns_packet_read_uint8(p, &rr->ds.digest_type, NULL);
1798 if (r < 0)
1799 goto fail;
1800
1801 r = dns_packet_read_memdup(p, rdlength - 4,
1802 &rr->ds.digest, &rr->ds.digest_size,
1803 NULL);
1804 if (r < 0)
1805 goto fail;
1806
1807 if (rr->ds.digest_size <= 0) {
1808 /* the accepted size depends on the algorithm, but for now
1809 just ensure that the value is greater than zero */
1810 r = -EBADMSG;
1811 goto fail;
1812 }
1813
1814 break;
1815
1816 case DNS_TYPE_SSHFP:
1817 r = dns_packet_read_uint8(p, &rr->sshfp.algorithm, NULL);
1818 if (r < 0)
1819 goto fail;
1820
1821 r = dns_packet_read_uint8(p, &rr->sshfp.fptype, NULL);
1822 if (r < 0)
1823 goto fail;
1824
1825 r = dns_packet_read_memdup(p, rdlength - 2,
1826 &rr->sshfp.fingerprint, &rr->sshfp.fingerprint_size,
1827 NULL);
1828
1829 if (rr->sshfp.fingerprint_size <= 0) {
1830 /* the accepted size depends on the algorithm, but for now
1831 just ensure that the value is greater than zero */
1832 r = -EBADMSG;
1833 goto fail;
1834 }
1835
1836 break;
1837
1838 case DNS_TYPE_DNSKEY:
1839 r = dns_packet_read_uint16(p, &rr->dnskey.flags, NULL);
1840 if (r < 0)
1841 goto fail;
1842
1843 r = dns_packet_read_uint8(p, &rr->dnskey.protocol, NULL);
1844 if (r < 0)
1845 goto fail;
1846
1847 r = dns_packet_read_uint8(p, &rr->dnskey.algorithm, NULL);
1848 if (r < 0)
1849 goto fail;
1850
1851 r = dns_packet_read_memdup(p, rdlength - 4,
1852 &rr->dnskey.key, &rr->dnskey.key_size,
1853 NULL);
1854
1855 if (rr->dnskey.key_size <= 0) {
1856 /* the accepted size depends on the algorithm, but for now
1857 just ensure that the value is greater than zero */
1858 r = -EBADMSG;
1859 goto fail;
1860 }
1861
1862 break;
1863
1864 case DNS_TYPE_RRSIG:
1865 r = dns_packet_read_uint16(p, &rr->rrsig.type_covered, NULL);
1866 if (r < 0)
1867 goto fail;
1868
1869 r = dns_packet_read_uint8(p, &rr->rrsig.algorithm, NULL);
1870 if (r < 0)
1871 goto fail;
1872
1873 r = dns_packet_read_uint8(p, &rr->rrsig.labels, NULL);
1874 if (r < 0)
1875 goto fail;
1876
1877 r = dns_packet_read_uint32(p, &rr->rrsig.original_ttl, NULL);
1878 if (r < 0)
1879 goto fail;
1880
1881 r = dns_packet_read_uint32(p, &rr->rrsig.expiration, NULL);
1882 if (r < 0)
1883 goto fail;
1884
1885 r = dns_packet_read_uint32(p, &rr->rrsig.inception, NULL);
1886 if (r < 0)
1887 goto fail;
1888
1889 r = dns_packet_read_uint16(p, &rr->rrsig.key_tag, NULL);
1890 if (r < 0)
1891 goto fail;
1892
1893 r = dns_packet_read_name(p, &rr->rrsig.signer, false, NULL);
1894 if (r < 0)
1895 goto fail;
1896
1897 r = dns_packet_read_memdup(p, offset + rdlength - p->rindex,
1898 &rr->rrsig.signature, &rr->rrsig.signature_size,
1899 NULL);
1900
1901 if (rr->rrsig.signature_size <= 0) {
1902 /* the accepted size depends on the algorithm, but for now
1903 just ensure that the value is greater than zero */
1904 r = -EBADMSG;
1905 goto fail;
1906 }
1907
1908 break;
1909
1910 case DNS_TYPE_NSEC: {
1911
1912 /*
1913 * RFC6762, section 18.14 explictly states mDNS should use name compression.
1914 * This contradicts RFC3845, section 2.1.1
1915 */
1916
1917 bool allow_compressed = p->protocol == DNS_PROTOCOL_MDNS;
1918
1919 r = dns_packet_read_name(p, &rr->nsec.next_domain_name, allow_compressed, NULL);
1920 if (r < 0)
1921 goto fail;
1922
1923 r = dns_packet_read_type_windows(p, &rr->nsec.types, offset + rdlength - p->rindex, NULL);
1924 if (r < 0)
1925 goto fail;
1926
1927 /* We accept empty NSEC bitmaps. The bit indicating the presence of the NSEC record itself
1928 * is redundant and in e.g., RFC4956 this fact is used to define a use for NSEC records
1929 * without the NSEC bit set. */
1930
1931 break;
1932 }
1933 case DNS_TYPE_NSEC3: {
1934 uint8_t size;
1935
1936 r = dns_packet_read_uint8(p, &rr->nsec3.algorithm, NULL);
1937 if (r < 0)
1938 goto fail;
1939
1940 r = dns_packet_read_uint8(p, &rr->nsec3.flags, NULL);
1941 if (r < 0)
1942 goto fail;
1943
1944 r = dns_packet_read_uint16(p, &rr->nsec3.iterations, NULL);
1945 if (r < 0)
1946 goto fail;
1947
1948 /* this may be zero */
1949 r = dns_packet_read_uint8(p, &size, NULL);
1950 if (r < 0)
1951 goto fail;
1952
1953 r = dns_packet_read_memdup(p, size, &rr->nsec3.salt, &rr->nsec3.salt_size, NULL);
1954 if (r < 0)
1955 goto fail;
1956
1957 r = dns_packet_read_uint8(p, &size, NULL);
1958 if (r < 0)
1959 goto fail;
1960
1961 if (size <= 0) {
1962 r = -EBADMSG;
1963 goto fail;
1964 }
1965
1966 r = dns_packet_read_memdup(p, size, &rr->nsec3.next_hashed_name, &rr->nsec3.next_hashed_name_size, NULL);
1967 if (r < 0)
1968 goto fail;
1969
1970 r = dns_packet_read_type_windows(p, &rr->nsec3.types, offset + rdlength - p->rindex, NULL);
1971 if (r < 0)
1972 goto fail;
1973
1974 /* empty non-terminals can have NSEC3 records, so empty bitmaps are allowed */
1975
1976 break;
1977 }
1978
1979 case DNS_TYPE_OPT: /* we only care about the header of OPT for now. */
1980 default:
1981 unparseable:
1982 r = dns_packet_read_memdup(p, rdlength, &rr->generic.data, &rr->generic.size, NULL);
1983 if (r < 0)
1984 goto fail;
1985 break;
1986 }
1987 if (r < 0)
1988 goto fail;
1989 if (p->rindex != offset + rdlength) {
1990 r = -EBADMSG;
1991 goto fail;
1992 }
1993
1994 *ret = rr;
1995 rr = NULL;
1996
1997 if (ret_cache_flush)
1998 *ret_cache_flush = cache_flush;
1999 if (start)
2000 *start = saved_rindex;
2001
2002 return 0;
2003 fail:
2004 dns_packet_rewind(p, saved_rindex);
2005 return r;
2006 }
2007
2008 static bool opt_is_good(DnsResourceRecord *rr, bool *rfc6975) {
2009 const uint8_t* p;
2010 bool found_dau_dhu_n3u = false;
2011 size_t l;
2012
2013 /* Checks whether the specified OPT RR is well-formed and whether it contains RFC6975 data (which is not OK in
2014 * a reply). */
2015
2016 assert(rr);
2017 assert(rr->key->type == DNS_TYPE_OPT);
2018
2019 /* Check that the version is 0 */
2020 if (((rr->ttl >> 16) & UINT32_C(0xFF)) != 0)
2021 return false;
2022
2023 p = rr->opt.data;
2024 l = rr->opt.size;
2025 while (l > 0) {
2026 uint16_t option_code, option_length;
2027
2028 /* At least four bytes for OPTION-CODE and OPTION-LENGTH are required */
2029 if (l < 4U)
2030 return false;
2031
2032 option_code = unaligned_read_be16(p);
2033 option_length = unaligned_read_be16(p + 2);
2034
2035 if (l < option_length + 4U)
2036 return false;
2037
2038 /* RFC 6975 DAU, DHU or N3U fields found. */
2039 if (IN_SET(option_code, 5, 6, 7))
2040 found_dau_dhu_n3u = true;
2041
2042 p += option_length + 4U;
2043 l -= option_length + 4U;
2044 }
2045
2046 *rfc6975 = found_dau_dhu_n3u;
2047 return true;
2048 }
2049
2050 int dns_packet_extract(DnsPacket *p) {
2051 _cleanup_(dns_question_unrefp) DnsQuestion *question = NULL;
2052 _cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL;
2053 size_t saved_rindex;
2054 unsigned n, i;
2055 int r;
2056
2057 if (p->extracted)
2058 return 0;
2059
2060 saved_rindex = p->rindex;
2061 dns_packet_rewind(p, DNS_PACKET_HEADER_SIZE);
2062
2063 n = DNS_PACKET_QDCOUNT(p);
2064 if (n > 0) {
2065 question = dns_question_new(n);
2066 if (!question) {
2067 r = -ENOMEM;
2068 goto finish;
2069 }
2070
2071 for (i = 0; i < n; i++) {
2072 _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL;
2073 bool cache_flush;
2074
2075 r = dns_packet_read_key(p, &key, &cache_flush, NULL);
2076 if (r < 0)
2077 goto finish;
2078
2079 if (cache_flush) {
2080 r = -EBADMSG;
2081 goto finish;
2082 }
2083
2084 if (!dns_type_is_valid_query(key->type)) {
2085 r = -EBADMSG;
2086 goto finish;
2087 }
2088
2089 r = dns_question_add(question, key);
2090 if (r < 0)
2091 goto finish;
2092 }
2093 }
2094
2095 n = DNS_PACKET_RRCOUNT(p);
2096 if (n > 0) {
2097 DnsResourceRecord *previous = NULL;
2098 bool bad_opt = false;
2099
2100 answer = dns_answer_new(n);
2101 if (!answer) {
2102 r = -ENOMEM;
2103 goto finish;
2104 }
2105
2106 for (i = 0; i < n; i++) {
2107 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
2108 bool cache_flush;
2109
2110 r = dns_packet_read_rr(p, &rr, &cache_flush, NULL);
2111 if (r < 0)
2112 goto finish;
2113
2114 /* Try to reduce memory usage a bit */
2115 if (previous)
2116 dns_resource_key_reduce(&rr->key, &previous->key);
2117
2118 if (rr->key->type == DNS_TYPE_OPT) {
2119 bool has_rfc6975;
2120
2121 if (p->opt || bad_opt) {
2122 /* Multiple OPT RRs? if so, let's ignore all, because there's something wrong
2123 * with the server, and if one is valid we wouldn't know which one. */
2124 log_debug("Multiple OPT RRs detected, ignoring all.");
2125 bad_opt = true;
2126 continue;
2127 }
2128
2129 if (!dns_name_is_root(DNS_RESOURCE_KEY_NAME(rr->key))) {
2130 /* If the OPT RR qis not owned by the root domain, then it is bad, let's ignore
2131 * it. */
2132 log_debug("OPT RR is not owned by root domain, ignoring.");
2133 bad_opt = true;
2134 continue;
2135 }
2136
2137 if (i < DNS_PACKET_ANCOUNT(p) + DNS_PACKET_NSCOUNT(p)) {
2138 /* OPT RR is in the wrong section? Some Belkin routers do this. This is a hint
2139 * the EDNS implementation is borked, like the Belkin one is, hence ignore
2140 * it. */
2141 log_debug("OPT RR in wrong section, ignoring.");
2142 bad_opt = true;
2143 continue;
2144 }
2145
2146 if (!opt_is_good(rr, &has_rfc6975)) {
2147 log_debug("Malformed OPT RR, ignoring.");
2148 bad_opt = true;
2149 continue;
2150 }
2151
2152 if (has_rfc6975) {
2153 /* OPT RR contains RFC6975 algorithm data, then this is indication that the
2154 * server just copied the OPT it got from us (which contained that data) back
2155 * into the reply. If so, then it doesn't properly support EDNS, as RFC6975
2156 * makes it very clear that the algorithm data should only be contained in
2157 * questions, never in replies. Crappy Belkin copy the OPT data for example,
2158 * hence let's detect this so that we downgrade early. */
2159 log_debug("OPT RR contained RFC6975 data, ignoring.");
2160 bad_opt = true;
2161 continue;
2162 }
2163
2164 p->opt = dns_resource_record_ref(rr);
2165 } else {
2166
2167 /* According to RFC 4795, section 2.9. only the RRs from the Answer section shall be
2168 * cached. Hence mark only those RRs as cacheable by default, but not the ones from the
2169 * Additional or Authority sections. */
2170
2171 r = dns_answer_add(answer, rr, p->ifindex,
2172 (i < DNS_PACKET_ANCOUNT(p) ? DNS_ANSWER_CACHEABLE : 0) |
2173 (p->protocol == DNS_PROTOCOL_MDNS && !cache_flush ? DNS_ANSWER_SHARED_OWNER : 0));
2174 if (r < 0)
2175 goto finish;
2176 }
2177 }
2178
2179 if (bad_opt)
2180 p->opt = dns_resource_record_unref(p->opt);
2181 }
2182
2183 p->question = question;
2184 question = NULL;
2185
2186 p->answer = answer;
2187 answer = NULL;
2188
2189 p->extracted = true;
2190
2191 r = 0;
2192
2193 finish:
2194 p->rindex = saved_rindex;
2195 return r;
2196 }
2197
2198 int dns_packet_is_reply_for(DnsPacket *p, const DnsResourceKey *key) {
2199 int r;
2200
2201 assert(p);
2202 assert(key);
2203
2204 /* Checks if the specified packet is a reply for the specified
2205 * key and the specified key is the only one in the question
2206 * section. */
2207
2208 if (DNS_PACKET_QR(p) != 1)
2209 return 0;
2210
2211 /* Let's unpack the packet, if that hasn't happened yet. */
2212 r = dns_packet_extract(p);
2213 if (r < 0)
2214 return r;
2215
2216 if (p->question->n_keys != 1)
2217 return 0;
2218
2219 return dns_resource_key_equal(p->question->keys[0], key);
2220 }
2221
2222 static const char* const dns_rcode_table[_DNS_RCODE_MAX_DEFINED] = {
2223 [DNS_RCODE_SUCCESS] = "SUCCESS",
2224 [DNS_RCODE_FORMERR] = "FORMERR",
2225 [DNS_RCODE_SERVFAIL] = "SERVFAIL",
2226 [DNS_RCODE_NXDOMAIN] = "NXDOMAIN",
2227 [DNS_RCODE_NOTIMP] = "NOTIMP",
2228 [DNS_RCODE_REFUSED] = "REFUSED",
2229 [DNS_RCODE_YXDOMAIN] = "YXDOMAIN",
2230 [DNS_RCODE_YXRRSET] = "YRRSET",
2231 [DNS_RCODE_NXRRSET] = "NXRRSET",
2232 [DNS_RCODE_NOTAUTH] = "NOTAUTH",
2233 [DNS_RCODE_NOTZONE] = "NOTZONE",
2234 [DNS_RCODE_BADVERS] = "BADVERS",
2235 [DNS_RCODE_BADKEY] = "BADKEY",
2236 [DNS_RCODE_BADTIME] = "BADTIME",
2237 [DNS_RCODE_BADMODE] = "BADMODE",
2238 [DNS_RCODE_BADNAME] = "BADNAME",
2239 [DNS_RCODE_BADALG] = "BADALG",
2240 [DNS_RCODE_BADTRUNC] = "BADTRUNC",
2241 };
2242 DEFINE_STRING_TABLE_LOOKUP(dns_rcode, int);
2243
2244 static const char* const dns_protocol_table[_DNS_PROTOCOL_MAX] = {
2245 [DNS_PROTOCOL_DNS] = "dns",
2246 [DNS_PROTOCOL_MDNS] = "mdns",
2247 [DNS_PROTOCOL_LLMNR] = "llmnr",
2248 };
2249 DEFINE_STRING_TABLE_LOOKUP(dns_protocol, DnsProtocol);
Unnamed repository; edit this file 'description' to name the repository.