]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/resolved-dns-packet.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #2509 from bengal/dhcp-nak-delay-v4
[thirdparty/systemd.git] / src / resolve / resolved-dns-packet.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2014 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include "alloc-util.h"
23 #include "dns-domain.h"
24 #include "resolved-dns-packet.h"
25 #include "string-table.h"
26 #include "strv.h"
27 #include "unaligned.h"
28 #include "utf8.h"
29 #include "util.h"
30
31 #define EDNS0_OPT_DO (1<<15)
32
33 int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
34 DnsPacket *p;
35 size_t a;
36
37 assert(ret);
38
39 if (mtu <= UDP_PACKET_HEADER_SIZE)
40 a = DNS_PACKET_SIZE_START;
41 else
42 a = mtu - UDP_PACKET_HEADER_SIZE;
43
44 if (a < DNS_PACKET_HEADER_SIZE)
45 a = DNS_PACKET_HEADER_SIZE;
46
47 /* round up to next page size */
48 a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));
49
50 /* make sure we never allocate more than useful */
51 if (a > DNS_PACKET_SIZE_MAX)
52 a = DNS_PACKET_SIZE_MAX;
53
54 p = malloc0(ALIGN(sizeof(DnsPacket)) + a);
55 if (!p)
56 return -ENOMEM;
57
58 p->size = p->rindex = DNS_PACKET_HEADER_SIZE;
59 p->allocated = a;
60 p->protocol = protocol;
61 p->opt_start = p->opt_size = (size_t) -1;
62 p->n_ref = 1;
63
64 *ret = p;
65
66 return 0;
67 }
68
69 void dns_packet_set_flags(DnsPacket *p, bool dnssec_checking_disabled, bool truncated) {
70
71 DnsPacketHeader *h;
72
73 assert(p);
74
75 h = DNS_PACKET_HEADER(p);
76
77 switch(p->protocol) {
78 case DNS_PROTOCOL_LLMNR:
79 assert(!truncated);
80
81 h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
82 0 /* opcode */,
83 0 /* c */,
84 0 /* tc */,
85 0 /* t */,
86 0 /* ra */,
87 0 /* ad */,
88 0 /* cd */,
89 0 /* rcode */));
90 break;
91
92 case DNS_PROTOCOL_MDNS:
93 h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
94 0 /* opcode */,
95 0 /* aa */,
96 truncated /* tc */,
97 0 /* rd (ask for recursion) */,
98 0 /* ra */,
99 0 /* ad */,
100 0 /* cd */,
101 0 /* rcode */));
102 break;
103
104 default:
105 assert(!truncated);
106
107 h->flags = htobe16(DNS_PACKET_MAKE_FLAGS(0 /* qr */,
108 0 /* opcode */,
109 0 /* aa */,
110 0 /* tc */,
111 1 /* rd (ask for recursion) */,
112 0 /* ra */,
113 0 /* ad */,
114 dnssec_checking_disabled /* cd */,
115 0 /* rcode */));
116 }
117 }
118
119 int dns_packet_new_query(DnsPacket **ret, DnsProtocol protocol, size_t mtu, bool dnssec_checking_disabled) {
120 DnsPacket *p;
121 int r;
122
123 assert(ret);
124
125 r = dns_packet_new(&p, protocol, mtu);
126 if (r < 0)
127 return r;
128
129 /* Always set the TC bit to 0 initially.
130 * If there are multiple packets later, we'll update the bit shortly before sending.
131 */
132 dns_packet_set_flags(p, dnssec_checking_disabled, false);
133
134 *ret = p;
135 return 0;
136 }
137
138 DnsPacket *dns_packet_ref(DnsPacket *p) {
139
140 if (!p)
141 return NULL;
142
143 assert(!p->on_stack);
144
145 assert(p->n_ref > 0);
146 p->n_ref++;
147 return p;
148 }
149
150 static void dns_packet_free(DnsPacket *p) {
151 char *s;
152
153 assert(p);
154
155 dns_question_unref(p->question);
156 dns_answer_unref(p->answer);
157 dns_resource_record_unref(p->opt);
158
159 while ((s = hashmap_steal_first_key(p->names)))
160 free(s);
161 hashmap_free(p->names);
162
163 free(p->_data);
164
165 if (!p->on_stack)
166 free(p);
167 }
168
169 DnsPacket *dns_packet_unref(DnsPacket *p) {
170 if (!p)
171 return NULL;
172
173 assert(p->n_ref > 0);
174
175 dns_packet_unref(p->more);
176
177 if (p->n_ref == 1)
178 dns_packet_free(p);
179 else
180 p->n_ref--;
181
182 return NULL;
183 }
184
185 int dns_packet_validate(DnsPacket *p) {
186 assert(p);
187
188 if (p->size < DNS_PACKET_HEADER_SIZE)
189 return -EBADMSG;
190
191 if (p->size > DNS_PACKET_SIZE_MAX)
192 return -EBADMSG;
193
194 return 1;
195 }
196
197 int dns_packet_validate_reply(DnsPacket *p) {
198 int r;
199
200 assert(p);
201
202 r = dns_packet_validate(p);
203 if (r < 0)
204 return r;
205
206 if (DNS_PACKET_QR(p) != 1)
207 return 0;
208
209 if (DNS_PACKET_OPCODE(p) != 0)
210 return -EBADMSG;
211
212 switch (p->protocol) {
213
214 case DNS_PROTOCOL_LLMNR:
215 /* RFC 4795, Section 2.1.1. says to discard all replies with QDCOUNT != 1 */
216 if (DNS_PACKET_QDCOUNT(p) != 1)
217 return -EBADMSG;
218
219 break;
220
221 case DNS_PROTOCOL_MDNS:
222 /* RFC 6762, Section 18 */
223 if (DNS_PACKET_RCODE(p) != 0)
224 return -EBADMSG;
225
226 break;
227
228 default:
229 break;
230 }
231
232 return 1;
233 }
234
235 int dns_packet_validate_query(DnsPacket *p) {
236 int r;
237
238 assert(p);
239
240 r = dns_packet_validate(p);
241 if (r < 0)
242 return r;
243
244 if (DNS_PACKET_QR(p) != 0)
245 return 0;
246
247 if (DNS_PACKET_OPCODE(p) != 0)
248 return -EBADMSG;
249
250 if (DNS_PACKET_TC(p))
251 return -EBADMSG;
252
253 switch (p->protocol) {
254
255 case DNS_PROTOCOL_LLMNR:
256 /* RFC 4795, Section 2.1.1. says to discard all queries with QDCOUNT != 1 */
257 if (DNS_PACKET_QDCOUNT(p) != 1)
258 return -EBADMSG;
259
260 /* RFC 4795, Section 2.1.1. says to discard all queries with ANCOUNT != 0 */
261 if (DNS_PACKET_ANCOUNT(p) > 0)
262 return -EBADMSG;
263
264 /* RFC 4795, Section 2.1.1. says to discard all queries with NSCOUNT != 0 */
265 if (DNS_PACKET_NSCOUNT(p) > 0)
266 return -EBADMSG;
267
268 break;
269
270 case DNS_PROTOCOL_MDNS:
271 /* RFC 6762, Section 18 */
272 if (DNS_PACKET_AA(p) != 0 ||
273 DNS_PACKET_RD(p) != 0 ||
274 DNS_PACKET_RA(p) != 0 ||
275 DNS_PACKET_AD(p) != 0 ||
276 DNS_PACKET_CD(p) != 0 ||
277 DNS_PACKET_RCODE(p) != 0)
278 return -EBADMSG;
279
280 break;
281
282 default:
283 break;
284 }
285
286 return 1;
287 }
288
289 static int dns_packet_extend(DnsPacket *p, size_t add, void **ret, size_t *start) {
290 assert(p);
291
292 if (p->size + add > p->allocated) {
293 size_t a;
294
295 a = PAGE_ALIGN((p->size + add) * 2);
296 if (a > DNS_PACKET_SIZE_MAX)
297 a = DNS_PACKET_SIZE_MAX;
298
299 if (p->size + add > a)
300 return -EMSGSIZE;
301
302 if (p->_data) {
303 void *d;
304
305 d = realloc(p->_data, a);
306 if (!d)
307 return -ENOMEM;
308
309 p->_data = d;
310 } else {
311 p->_data = malloc(a);
312 if (!p->_data)
313 return -ENOMEM;
314
315 memcpy(p->_data, (uint8_t*) p + ALIGN(sizeof(DnsPacket)), p->size);
316 memzero((uint8_t*) p->_data + p->size, a - p->size);
317 }
318
319 p->allocated = a;
320 }
321
322 if (start)
323 *start = p->size;
324
325 if (ret)
326 *ret = (uint8_t*) DNS_PACKET_DATA(p) + p->size;
327
328 p->size += add;
329 return 0;
330 }
331
332 void dns_packet_truncate(DnsPacket *p, size_t sz) {
333 Iterator i;
334 char *s;
335 void *n;
336
337 assert(p);
338
339 if (p->size <= sz)
340 return;
341
342 HASHMAP_FOREACH_KEY(n, s, p->names, i) {
343
344 if (PTR_TO_SIZE(n) < sz)
345 continue;
346
347 hashmap_remove(p->names, s);
348 free(s);
349 }
350
351 p->size = sz;
352 }
353
354 int dns_packet_append_blob(DnsPacket *p, const void *d, size_t l, size_t *start) {
355 void *q;
356 int r;
357
358 assert(p);
359
360 r = dns_packet_extend(p, l, &q, start);
361 if (r < 0)
362 return r;
363
364 memcpy(q, d, l);
365 return 0;
366 }
367
368 int dns_packet_append_uint8(DnsPacket *p, uint8_t v, size_t *start) {
369 void *d;
370 int r;
371
372 assert(p);
373
374 r = dns_packet_extend(p, sizeof(uint8_t), &d, start);
375 if (r < 0)
376 return r;
377
378 ((uint8_t*) d)[0] = v;
379
380 return 0;
381 }
382
383 int dns_packet_append_uint16(DnsPacket *p, uint16_t v, size_t *start) {
384 void *d;
385 int r;
386
387 assert(p);
388
389 r = dns_packet_extend(p, sizeof(uint16_t), &d, start);
390 if (r < 0)
391 return r;
392
393 unaligned_write_be16(d, v);
394
395 return 0;
396 }
397
398 int dns_packet_append_uint32(DnsPacket *p, uint32_t v, size_t *start) {
399 void *d;
400 int r;
401
402 assert(p);
403
404 r = dns_packet_extend(p, sizeof(uint32_t), &d, start);
405 if (r < 0)
406 return r;
407
408 unaligned_write_be32(d, v);
409
410 return 0;
411 }
412
413 int dns_packet_append_string(DnsPacket *p, const char *s, size_t *start) {
414 assert(p);
415 assert(s);
416
417 return dns_packet_append_raw_string(p, s, strlen(s), start);
418 }
419
420 int dns_packet_append_raw_string(DnsPacket *p, const void *s, size_t size, size_t *start) {
421 void *d;
422 int r;
423
424 assert(p);
425 assert(s || size == 0);
426
427 if (size > 255)
428 return -E2BIG;
429
430 r = dns_packet_extend(p, 1 + size, &d, start);
431 if (r < 0)
432 return r;
433
434 ((uint8_t*) d)[0] = (uint8_t) size;
435
436 if (size > 0)
437 memcpy(((uint8_t*) d) + 1, s, size);
438
439 return 0;
440 }
441
442 int dns_packet_append_label(DnsPacket *p, const char *d, size_t l, bool canonical_candidate, size_t *start) {
443 uint8_t *w;
444 int r;
445
446 /* Append a label to a packet. Optionally, does this in DNSSEC
447 * canonical form, if this label is marked as a candidate for
448 * it, and the canonical form logic is enabled for the
449 * packet */
450
451 assert(p);
452 assert(d);
453
454 if (l > DNS_LABEL_MAX)
455 return -E2BIG;
456
457 r = dns_packet_extend(p, 1 + l, (void**) &w, start);
458 if (r < 0)
459 return r;
460
461 *(w++) = (uint8_t) l;
462
463 if (p->canonical_form && canonical_candidate) {
464 size_t i;
465
466 /* Generate in canonical form, as defined by DNSSEC
467 * RFC 4034, Section 6.2, i.e. all lower-case. */
468
469 for (i = 0; i < l; i++)
470 w[i] = (uint8_t) ascii_tolower(d[i]);
471 } else
472 /* Otherwise, just copy the string unaltered. This is
473 * essential for DNS-SD, where the casing of labels
474 * matters and needs to be retained. */
475 memcpy(w, d, l);
476
477 return 0;
478 }
479
480 int dns_packet_append_name(
481 DnsPacket *p,
482 const char *name,
483 bool allow_compression,
484 bool canonical_candidate,
485 size_t *start) {
486
487 size_t saved_size;
488 int r;
489
490 assert(p);
491 assert(name);
492
493 if (p->refuse_compression)
494 allow_compression = false;
495
496 saved_size = p->size;
497
498 while (!dns_name_is_root(name)) {
499 const char *z = name;
500 char label[DNS_LABEL_MAX];
501 size_t n = 0;
502
503 if (allow_compression)
504 n = PTR_TO_SIZE(hashmap_get(p->names, name));
505 if (n > 0) {
506 assert(n < p->size);
507
508 if (n < 0x4000) {
509 r = dns_packet_append_uint16(p, 0xC000 | n, NULL);
510 if (r < 0)
511 goto fail;
512
513 goto done;
514 }
515 }
516
517 r = dns_label_unescape(&name, label, sizeof(label));
518 if (r < 0)
519 goto fail;
520
521 r = dns_packet_append_label(p, label, r, canonical_candidate, &n);
522 if (r < 0)
523 goto fail;
524
525 if (allow_compression) {
526 _cleanup_free_ char *s = NULL;
527
528 s = strdup(z);
529 if (!s) {
530 r = -ENOMEM;
531 goto fail;
532 }
533
534 r = hashmap_ensure_allocated(&p->names, &dns_name_hash_ops);
535 if (r < 0)
536 goto fail;
537
538 r = hashmap_put(p->names, s, SIZE_TO_PTR(n));
539 if (r < 0)
540 goto fail;
541
542 s = NULL;
543 }
544 }
545
546 r = dns_packet_append_uint8(p, 0, NULL);
547 if (r < 0)
548 return r;
549
550 done:
551 if (start)
552 *start = saved_size;
553
554 return 0;
555
556 fail:
557 dns_packet_truncate(p, saved_size);
558 return r;
559 }
560
561 int dns_packet_append_key(DnsPacket *p, const DnsResourceKey *k, size_t *start) {
562 size_t saved_size;
563 int r;
564
565 assert(p);
566 assert(k);
567
568 saved_size = p->size;
569
570 r = dns_packet_append_name(p, DNS_RESOURCE_KEY_NAME(k), true, true, NULL);
571 if (r < 0)
572 goto fail;
573
574 r = dns_packet_append_uint16(p, k->type, NULL);
575 if (r < 0)
576 goto fail;
577
578 r = dns_packet_append_uint16(p, k->class, NULL);
579 if (r < 0)
580 goto fail;
581
582 if (start)
583 *start = saved_size;
584
585 return 0;
586
587 fail:
588 dns_packet_truncate(p, saved_size);
589 return r;
590 }
591
592 static int dns_packet_append_type_window(DnsPacket *p, uint8_t window, uint8_t length, const uint8_t *types, size_t *start) {
593 size_t saved_size;
594 int r;
595
596 assert(p);
597 assert(types);
598 assert(length > 0);
599
600 saved_size = p->size;
601
602 r = dns_packet_append_uint8(p, window, NULL);
603 if (r < 0)
604 goto fail;
605
606 r = dns_packet_append_uint8(p, length, NULL);
607 if (r < 0)
608 goto fail;
609
610 r = dns_packet_append_blob(p, types, length, NULL);
611 if (r < 0)
612 goto fail;
613
614 if (start)
615 *start = saved_size;
616
617 return 0;
618 fail:
619 dns_packet_truncate(p, saved_size);
620 return r;
621 }
622
623 static int dns_packet_append_types(DnsPacket *p, Bitmap *types, size_t *start) {
624 Iterator i;
625 uint8_t window = 0;
626 uint8_t entry = 0;
627 uint8_t bitmaps[32] = {};
628 unsigned n;
629 size_t saved_size;
630 int r;
631
632 assert(p);
633
634 saved_size = p->size;
635
636 BITMAP_FOREACH(n, types, i) {
637 assert(n <= 0xffff);
638
639 if ((n >> 8) != window && bitmaps[entry / 8] != 0) {
640 r = dns_packet_append_type_window(p, window, entry / 8 + 1, bitmaps, NULL);
641 if (r < 0)
642 goto fail;
643
644 zero(bitmaps);
645 }
646
647 window = n >> 8;
648 entry = n & 255;
649
650 bitmaps[entry / 8] |= 1 << (7 - (entry % 8));
651 }
652
653 if (bitmaps[entry / 8] != 0) {
654 r = dns_packet_append_type_window(p, window, entry / 8 + 1, bitmaps, NULL);
655 if (r < 0)
656 goto fail;
657 }
658
659 if (start)
660 *start = saved_size;
661
662 return 0;
663 fail:
664 dns_packet_truncate(p, saved_size);
665 return r;
666 }
667
668 /* Append the OPT pseudo-RR described in RFC6891 */
669 int dns_packet_append_opt(DnsPacket *p, uint16_t max_udp_size, bool edns0_do, size_t *start) {
670 size_t saved_size;
671 int r;
672
673 assert(p);
674 /* we must never advertise supported packet size smaller than the legacy max */
675 assert(max_udp_size >= DNS_PACKET_UNICAST_SIZE_MAX);
676
677 if (p->opt_start != (size_t) -1)
678 return -EBUSY;
679
680 assert(p->opt_size == (size_t) -1);
681
682 saved_size = p->size;
683
684 /* empty name */
685 r = dns_packet_append_uint8(p, 0, NULL);
686 if (r < 0)
687 return r;
688
689 /* type */
690 r = dns_packet_append_uint16(p, DNS_TYPE_OPT, NULL);
691 if (r < 0)
692 goto fail;
693
694 /* maximum udp packet that can be received */
695 r = dns_packet_append_uint16(p, max_udp_size, NULL);
696 if (r < 0)
697 goto fail;
698
699 /* extended RCODE and VERSION */
700 r = dns_packet_append_uint16(p, 0, NULL);
701 if (r < 0)
702 goto fail;
703
704 /* flags: DNSSEC OK (DO), see RFC3225 */
705 r = dns_packet_append_uint16(p, edns0_do ? EDNS0_OPT_DO : 0, NULL);
706 if (r < 0)
707 goto fail;
708
709 /* RDLENGTH */
710
711 if (edns0_do) {
712 /* If DO is on, also append RFC6975 Algorithm data */
713
714 static const uint8_t rfc6975[] = {
715
716 0, 5, /* OPTION_CODE: DAU */
717 0, 6, /* LIST_LENGTH */
718 DNSSEC_ALGORITHM_RSASHA1,
719 DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1,
720 DNSSEC_ALGORITHM_RSASHA256,
721 DNSSEC_ALGORITHM_RSASHA512,
722 DNSSEC_ALGORITHM_ECDSAP256SHA256,
723 DNSSEC_ALGORITHM_ECDSAP384SHA384,
724
725 0, 6, /* OPTION_CODE: DHU */
726 0, 3, /* LIST_LENGTH */
727 DNSSEC_DIGEST_SHA1,
728 DNSSEC_DIGEST_SHA256,
729 DNSSEC_DIGEST_SHA384,
730
731 0, 7, /* OPTION_CODE: N3U */
732 0, 1, /* LIST_LENGTH */
733 NSEC3_ALGORITHM_SHA1,
734 };
735
736 r = dns_packet_append_uint16(p, sizeof(rfc6975), NULL);
737 if (r < 0)
738 goto fail;
739
740 r = dns_packet_append_blob(p, rfc6975, sizeof(rfc6975), NULL);
741 } else
742 r = dns_packet_append_uint16(p, 0, NULL);
743
744 if (r < 0)
745 goto fail;
746
747 DNS_PACKET_HEADER(p)->arcount = htobe16(DNS_PACKET_ARCOUNT(p) + 1);
748
749 p->opt_start = saved_size;
750 p->opt_size = p->size - saved_size;
751
752 if (start)
753 *start = saved_size;
754
755 return 0;
756
757 fail:
758 dns_packet_truncate(p, saved_size);
759 return r;
760 }
761
762 int dns_packet_truncate_opt(DnsPacket *p) {
763 assert(p);
764
765 if (p->opt_start == (size_t) -1) {
766 assert(p->opt_size == (size_t) -1);
767 return 0;
768 }
769
770 assert(p->opt_size != (size_t) -1);
771 assert(DNS_PACKET_ARCOUNT(p) > 0);
772
773 if (p->opt_start + p->opt_size != p->size)
774 return -EBUSY;
775
776 dns_packet_truncate(p, p->opt_start);
777 DNS_PACKET_HEADER(p)->arcount = htobe16(DNS_PACKET_ARCOUNT(p) - 1);
778 p->opt_start = p->opt_size = (size_t) -1;
779
780 return 1;
781 }
782
783 int dns_packet_append_rr(DnsPacket *p, const DnsResourceRecord *rr, size_t *start, size_t *rdata_start) {
784 size_t saved_size, rdlength_offset, end, rdlength, rds;
785 int r;
786
787 assert(p);
788 assert(rr);
789
790 saved_size = p->size;
791
792 r = dns_packet_append_key(p, rr->key, NULL);
793 if (r < 0)
794 goto fail;
795
796 r = dns_packet_append_uint32(p, rr->ttl, NULL);
797 if (r < 0)
798 goto fail;
799
800 /* Initially we write 0 here */
801 r = dns_packet_append_uint16(p, 0, &rdlength_offset);
802 if (r < 0)
803 goto fail;
804
805 rds = p->size - saved_size;
806
807 switch (rr->unparseable ? _DNS_TYPE_INVALID : rr->key->type) {
808
809 case DNS_TYPE_SRV:
810 r = dns_packet_append_uint16(p, rr->srv.priority, NULL);
811 if (r < 0)
812 goto fail;
813
814 r = dns_packet_append_uint16(p, rr->srv.weight, NULL);
815 if (r < 0)
816 goto fail;
817
818 r = dns_packet_append_uint16(p, rr->srv.port, NULL);
819 if (r < 0)
820 goto fail;
821
822 r = dns_packet_append_name(p, rr->srv.name, true, false, NULL);
823 break;
824
825 case DNS_TYPE_PTR:
826 case DNS_TYPE_NS:
827 case DNS_TYPE_CNAME:
828 case DNS_TYPE_DNAME:
829 r = dns_packet_append_name(p, rr->ptr.name, true, false, NULL);
830 break;
831
832 case DNS_TYPE_HINFO:
833 r = dns_packet_append_string(p, rr->hinfo.cpu, NULL);
834 if (r < 0)
835 goto fail;
836
837 r = dns_packet_append_string(p, rr->hinfo.os, NULL);
838 break;
839
840 case DNS_TYPE_SPF: /* exactly the same as TXT */
841 case DNS_TYPE_TXT:
842
843 if (!rr->txt.items) {
844 /* RFC 6763, section 6.1 suggests to generate
845 * single empty string for an empty array. */
846
847 r = dns_packet_append_raw_string(p, NULL, 0, NULL);
848 if (r < 0)
849 goto fail;
850 } else {
851 DnsTxtItem *i;
852
853 LIST_FOREACH(items, i, rr->txt.items) {
854 r = dns_packet_append_raw_string(p, i->data, i->length, NULL);
855 if (r < 0)
856 goto fail;
857 }
858 }
859
860 r = 0;
861 break;
862
863 case DNS_TYPE_A:
864 r = dns_packet_append_blob(p, &rr->a.in_addr, sizeof(struct in_addr), NULL);
865 break;
866
867 case DNS_TYPE_AAAA:
868 r = dns_packet_append_blob(p, &rr->aaaa.in6_addr, sizeof(struct in6_addr), NULL);
869 break;
870
871 case DNS_TYPE_SOA:
872 r = dns_packet_append_name(p, rr->soa.mname, true, false, NULL);
873 if (r < 0)
874 goto fail;
875
876 r = dns_packet_append_name(p, rr->soa.rname, true, false, NULL);
877 if (r < 0)
878 goto fail;
879
880 r = dns_packet_append_uint32(p, rr->soa.serial, NULL);
881 if (r < 0)
882 goto fail;
883
884 r = dns_packet_append_uint32(p, rr->soa.refresh, NULL);
885 if (r < 0)
886 goto fail;
887
888 r = dns_packet_append_uint32(p, rr->soa.retry, NULL);
889 if (r < 0)
890 goto fail;
891
892 r = dns_packet_append_uint32(p, rr->soa.expire, NULL);
893 if (r < 0)
894 goto fail;
895
896 r = dns_packet_append_uint32(p, rr->soa.minimum, NULL);
897 break;
898
899 case DNS_TYPE_MX:
900 r = dns_packet_append_uint16(p, rr->mx.priority, NULL);
901 if (r < 0)
902 goto fail;
903
904 r = dns_packet_append_name(p, rr->mx.exchange, true, false, NULL);
905 break;
906
907 case DNS_TYPE_LOC:
908 r = dns_packet_append_uint8(p, rr->loc.version, NULL);
909 if (r < 0)
910 goto fail;
911
912 r = dns_packet_append_uint8(p, rr->loc.size, NULL);
913 if (r < 0)
914 goto fail;
915
916 r = dns_packet_append_uint8(p, rr->loc.horiz_pre, NULL);
917 if (r < 0)
918 goto fail;
919
920 r = dns_packet_append_uint8(p, rr->loc.vert_pre, NULL);
921 if (r < 0)
922 goto fail;
923
924 r = dns_packet_append_uint32(p, rr->loc.latitude, NULL);
925 if (r < 0)
926 goto fail;
927
928 r = dns_packet_append_uint32(p, rr->loc.longitude, NULL);
929 if (r < 0)
930 goto fail;
931
932 r = dns_packet_append_uint32(p, rr->loc.altitude, NULL);
933 break;
934
935 case DNS_TYPE_DS:
936 r = dns_packet_append_uint16(p, rr->ds.key_tag, NULL);
937 if (r < 0)
938 goto fail;
939
940 r = dns_packet_append_uint8(p, rr->ds.algorithm, NULL);
941 if (r < 0)
942 goto fail;
943
944 r = dns_packet_append_uint8(p, rr->ds.digest_type, NULL);
945 if (r < 0)
946 goto fail;
947
948 r = dns_packet_append_blob(p, rr->ds.digest, rr->ds.digest_size, NULL);
949 break;
950
951 case DNS_TYPE_SSHFP:
952 r = dns_packet_append_uint8(p, rr->sshfp.algorithm, NULL);
953 if (r < 0)
954 goto fail;
955
956 r = dns_packet_append_uint8(p, rr->sshfp.fptype, NULL);
957 if (r < 0)
958 goto fail;
959
960 r = dns_packet_append_blob(p, rr->sshfp.fingerprint, rr->sshfp.fingerprint_size, NULL);
961 break;
962
963 case DNS_TYPE_DNSKEY:
964 r = dns_packet_append_uint16(p, rr->dnskey.flags, NULL);
965 if (r < 0)
966 goto fail;
967
968 r = dns_packet_append_uint8(p, rr->dnskey.protocol, NULL);
969 if (r < 0)
970 goto fail;
971
972 r = dns_packet_append_uint8(p, rr->dnskey.algorithm, NULL);
973 if (r < 0)
974 goto fail;
975
976 r = dns_packet_append_blob(p, rr->dnskey.key, rr->dnskey.key_size, NULL);
977 break;
978
979 case DNS_TYPE_RRSIG:
980 r = dns_packet_append_uint16(p, rr->rrsig.type_covered, NULL);
981 if (r < 0)
982 goto fail;
983
984 r = dns_packet_append_uint8(p, rr->rrsig.algorithm, NULL);
985 if (r < 0)
986 goto fail;
987
988 r = dns_packet_append_uint8(p, rr->rrsig.labels, NULL);
989 if (r < 0)
990 goto fail;
991
992 r = dns_packet_append_uint32(p, rr->rrsig.original_ttl, NULL);
993 if (r < 0)
994 goto fail;
995
996 r = dns_packet_append_uint32(p, rr->rrsig.expiration, NULL);
997 if (r < 0)
998 goto fail;
999
1000 r = dns_packet_append_uint32(p, rr->rrsig.inception, NULL);
1001 if (r < 0)
1002 goto fail;
1003
1004 r = dns_packet_append_uint16(p, rr->rrsig.key_tag, NULL);
1005 if (r < 0)
1006 goto fail;
1007
1008 r = dns_packet_append_name(p, rr->rrsig.signer, false, true, NULL);
1009 if (r < 0)
1010 goto fail;
1011
1012 r = dns_packet_append_blob(p, rr->rrsig.signature, rr->rrsig.signature_size, NULL);
1013 break;
1014
1015 case DNS_TYPE_NSEC:
1016 r = dns_packet_append_name(p, rr->nsec.next_domain_name, false, false, NULL);
1017 if (r < 0)
1018 goto fail;
1019
1020 r = dns_packet_append_types(p, rr->nsec.types, NULL);
1021 if (r < 0)
1022 goto fail;
1023
1024 break;
1025
1026 case DNS_TYPE_NSEC3:
1027 r = dns_packet_append_uint8(p, rr->nsec3.algorithm, NULL);
1028 if (r < 0)
1029 goto fail;
1030
1031 r = dns_packet_append_uint8(p, rr->nsec3.flags, NULL);
1032 if (r < 0)
1033 goto fail;
1034
1035 r = dns_packet_append_uint16(p, rr->nsec3.iterations, NULL);
1036 if (r < 0)
1037 goto fail;
1038
1039 r = dns_packet_append_uint8(p, rr->nsec3.salt_size, NULL);
1040 if (r < 0)
1041 goto fail;
1042
1043 r = dns_packet_append_blob(p, rr->nsec3.salt, rr->nsec3.salt_size, NULL);
1044 if (r < 0)
1045 goto fail;
1046
1047 r = dns_packet_append_uint8(p, rr->nsec3.next_hashed_name_size, NULL);
1048 if (r < 0)
1049 goto fail;
1050
1051 r = dns_packet_append_blob(p, rr->nsec3.next_hashed_name, rr->nsec3.next_hashed_name_size, NULL);
1052 if (r < 0)
1053 goto fail;
1054
1055 r = dns_packet_append_types(p, rr->nsec3.types, NULL);
1056 if (r < 0)
1057 goto fail;
1058
1059 break;
1060
1061 case DNS_TYPE_TLSA:
1062 r = dns_packet_append_uint8(p, rr->tlsa.cert_usage, NULL);
1063 if (r < 0)
1064 goto fail;
1065
1066 r = dns_packet_append_uint8(p, rr->tlsa.selector, NULL);
1067 if (r < 0)
1068 goto fail;
1069
1070 r = dns_packet_append_uint8(p, rr->tlsa.matching_type, NULL);
1071 if (r < 0)
1072 goto fail;
1073
1074 r = dns_packet_append_blob(p, rr->tlsa.data, rr->tlsa.data_size, NULL);
1075 break;
1076
1077 case DNS_TYPE_OPT:
1078 case DNS_TYPE_OPENPGPKEY:
1079 case _DNS_TYPE_INVALID: /* unparseable */
1080 default:
1081
1082 r = dns_packet_append_blob(p, rr->generic.data, rr->generic.data_size, NULL);
1083 break;
1084 }
1085 if (r < 0)
1086 goto fail;
1087
1088 /* Let's calculate the actual data size and update the field */
1089 rdlength = p->size - rdlength_offset - sizeof(uint16_t);
1090 if (rdlength > 0xFFFF) {
1091 r = -ENOSPC;
1092 goto fail;
1093 }
1094
1095 end = p->size;
1096 p->size = rdlength_offset;
1097 r = dns_packet_append_uint16(p, rdlength, NULL);
1098 if (r < 0)
1099 goto fail;
1100 p->size = end;
1101
1102 if (start)
1103 *start = saved_size;
1104
1105 if (rdata_start)
1106 *rdata_start = rds;
1107
1108 return 0;
1109
1110 fail:
1111 dns_packet_truncate(p, saved_size);
1112 return r;
1113 }
1114
1115 int dns_packet_read(DnsPacket *p, size_t sz, const void **ret, size_t *start) {
1116 assert(p);
1117
1118 if (p->rindex + sz > p->size)
1119 return -EMSGSIZE;
1120
1121 if (ret)
1122 *ret = (uint8_t*) DNS_PACKET_DATA(p) + p->rindex;
1123
1124 if (start)
1125 *start = p->rindex;
1126
1127 p->rindex += sz;
1128 return 0;
1129 }
1130
1131 void dns_packet_rewind(DnsPacket *p, size_t idx) {
1132 assert(p);
1133 assert(idx <= p->size);
1134 assert(idx >= DNS_PACKET_HEADER_SIZE);
1135
1136 p->rindex = idx;
1137 }
1138
1139 int dns_packet_read_blob(DnsPacket *p, void *d, size_t sz, size_t *start) {
1140 const void *q;
1141 int r;
1142
1143 assert(p);
1144 assert(d);
1145
1146 r = dns_packet_read(p, sz, &q, start);
1147 if (r < 0)
1148 return r;
1149
1150 memcpy(d, q, sz);
1151 return 0;
1152 }
1153
1154 static int dns_packet_read_memdup(
1155 DnsPacket *p, size_t size,
1156 void **ret, size_t *ret_size,
1157 size_t *ret_start) {
1158
1159 const void *src;
1160 size_t start;
1161 int r;
1162
1163 assert(p);
1164 assert(ret);
1165
1166 r = dns_packet_read(p, size, &src, &start);
1167 if (r < 0)
1168 return r;
1169
1170 if (size <= 0)
1171 *ret = NULL;
1172 else {
1173 void *copy;
1174
1175 copy = memdup(src, size);
1176 if (!copy)
1177 return -ENOMEM;
1178
1179 *ret = copy;
1180 }
1181
1182 if (ret_size)
1183 *ret_size = size;
1184 if (ret_start)
1185 *ret_start = start;
1186
1187 return 0;
1188 }
1189
1190 int dns_packet_read_uint8(DnsPacket *p, uint8_t *ret, size_t *start) {
1191 const void *d;
1192 int r;
1193
1194 assert(p);
1195
1196 r = dns_packet_read(p, sizeof(uint8_t), &d, start);
1197 if (r < 0)
1198 return r;
1199
1200 *ret = ((uint8_t*) d)[0];
1201 return 0;
1202 }
1203
1204 int dns_packet_read_uint16(DnsPacket *p, uint16_t *ret, size_t *start) {
1205 const void *d;
1206 int r;
1207
1208 assert(p);
1209
1210 r = dns_packet_read(p, sizeof(uint16_t), &d, start);
1211 if (r < 0)
1212 return r;
1213
1214 *ret = unaligned_read_be16(d);
1215
1216 return 0;
1217 }
1218
1219 int dns_packet_read_uint32(DnsPacket *p, uint32_t *ret, size_t *start) {
1220 const void *d;
1221 int r;
1222
1223 assert(p);
1224
1225 r = dns_packet_read(p, sizeof(uint32_t), &d, start);
1226 if (r < 0)
1227 return r;
1228
1229 *ret = unaligned_read_be32(d);
1230
1231 return 0;
1232 }
1233
1234 int dns_packet_read_string(DnsPacket *p, char **ret, size_t *start) {
1235 size_t saved_rindex;
1236 const void *d;
1237 char *t;
1238 uint8_t c;
1239 int r;
1240
1241 assert(p);
1242
1243 saved_rindex = p->rindex;
1244
1245 r = dns_packet_read_uint8(p, &c, NULL);
1246 if (r < 0)
1247 goto fail;
1248
1249 r = dns_packet_read(p, c, &d, NULL);
1250 if (r < 0)
1251 goto fail;
1252
1253 if (memchr(d, 0, c)) {
1254 r = -EBADMSG;
1255 goto fail;
1256 }
1257
1258 t = strndup(d, c);
1259 if (!t) {
1260 r = -ENOMEM;
1261 goto fail;
1262 }
1263
1264 if (!utf8_is_valid(t)) {
1265 free(t);
1266 r = -EBADMSG;
1267 goto fail;
1268 }
1269
1270 *ret = t;
1271
1272 if (start)
1273 *start = saved_rindex;
1274
1275 return 0;
1276
1277 fail:
1278 dns_packet_rewind(p, saved_rindex);
1279 return r;
1280 }
1281
1282 int dns_packet_read_raw_string(DnsPacket *p, const void **ret, size_t *size, size_t *start) {
1283 size_t saved_rindex;
1284 uint8_t c;
1285 int r;
1286
1287 assert(p);
1288
1289 saved_rindex = p->rindex;
1290
1291 r = dns_packet_read_uint8(p, &c, NULL);
1292 if (r < 0)
1293 goto fail;
1294
1295 r = dns_packet_read(p, c, ret, NULL);
1296 if (r < 0)
1297 goto fail;
1298
1299 if (size)
1300 *size = c;
1301 if (start)
1302 *start = saved_rindex;
1303
1304 return 0;
1305
1306 fail:
1307 dns_packet_rewind(p, saved_rindex);
1308 return r;
1309 }
1310
1311 int dns_packet_read_name(
1312 DnsPacket *p,
1313 char **_ret,
1314 bool allow_compression,
1315 size_t *start) {
1316
1317 size_t saved_rindex, after_rindex = 0, jump_barrier;
1318 _cleanup_free_ char *ret = NULL;
1319 size_t n = 0, allocated = 0;
1320 bool first = true;
1321 int r;
1322
1323 assert(p);
1324 assert(_ret);
1325
1326 if (p->refuse_compression)
1327 allow_compression = false;
1328
1329 saved_rindex = p->rindex;
1330 jump_barrier = p->rindex;
1331
1332 for (;;) {
1333 uint8_t c, d;
1334
1335 r = dns_packet_read_uint8(p, &c, NULL);
1336 if (r < 0)
1337 goto fail;
1338
1339 if (c == 0)
1340 /* End of name */
1341 break;
1342 else if (c <= 63) {
1343 const char *label;
1344
1345 /* Literal label */
1346 r = dns_packet_read(p, c, (const void**) &label, NULL);
1347 if (r < 0)
1348 goto fail;
1349
1350 if (!GREEDY_REALLOC(ret, allocated, n + !first + DNS_LABEL_ESCAPED_MAX)) {
1351 r = -ENOMEM;
1352 goto fail;
1353 }
1354
1355 if (first)
1356 first = false;
1357 else
1358 ret[n++] = '.';
1359
1360 r = dns_label_escape(label, c, ret + n, DNS_LABEL_ESCAPED_MAX);
1361 if (r < 0)
1362 goto fail;
1363
1364 n += r;
1365 continue;
1366 } else if (allow_compression && (c & 0xc0) == 0xc0) {
1367 uint16_t ptr;
1368
1369 /* Pointer */
1370 r = dns_packet_read_uint8(p, &d, NULL);
1371 if (r < 0)
1372 goto fail;
1373
1374 ptr = (uint16_t) (c & ~0xc0) << 8 | (uint16_t) d;
1375 if (ptr < DNS_PACKET_HEADER_SIZE || ptr >= jump_barrier) {
1376 r = -EBADMSG;
1377 goto fail;
1378 }
1379
1380 if (after_rindex == 0)
1381 after_rindex = p->rindex;
1382
1383 /* Jumps are limited to a "prior occurrence" (RFC-1035 4.1.4) */
1384 jump_barrier = ptr;
1385 p->rindex = ptr;
1386 } else {
1387 r = -EBADMSG;
1388 goto fail;
1389 }
1390 }
1391
1392 if (!GREEDY_REALLOC(ret, allocated, n + 1)) {
1393 r = -ENOMEM;
1394 goto fail;
1395 }
1396
1397 ret[n] = 0;
1398
1399 if (after_rindex != 0)
1400 p->rindex= after_rindex;
1401
1402 *_ret = ret;
1403 ret = NULL;
1404
1405 if (start)
1406 *start = saved_rindex;
1407
1408 return 0;
1409
1410 fail:
1411 dns_packet_rewind(p, saved_rindex);
1412 return r;
1413 }
1414
1415 static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *start) {
1416 uint8_t window;
1417 uint8_t length;
1418 const uint8_t *bitmap;
1419 uint8_t bit = 0;
1420 unsigned i;
1421 bool found = false;
1422 size_t saved_rindex;
1423 int r;
1424
1425 assert(p);
1426 assert(types);
1427
1428 saved_rindex = p->rindex;
1429
1430 r = bitmap_ensure_allocated(types);
1431 if (r < 0)
1432 goto fail;
1433
1434 r = dns_packet_read_uint8(p, &window, NULL);
1435 if (r < 0)
1436 goto fail;
1437
1438 r = dns_packet_read_uint8(p, &length, NULL);
1439 if (r < 0)
1440 goto fail;
1441
1442 if (length == 0 || length > 32)
1443 return -EBADMSG;
1444
1445 r = dns_packet_read(p, length, (const void **)&bitmap, NULL);
1446 if (r < 0)
1447 goto fail;
1448
1449 for (i = 0; i < length; i++) {
1450 uint8_t bitmask = 1 << 7;
1451
1452 if (!bitmap[i]) {
1453 found = false;
1454 bit += 8;
1455 continue;
1456 }
1457
1458 found = true;
1459
1460 while (bitmask) {
1461 if (bitmap[i] & bitmask) {
1462 uint16_t n;
1463
1464 n = (uint16_t) window << 8 | (uint16_t) bit;
1465
1466 /* Ignore pseudo-types. see RFC4034 section 4.1.2 */
1467 if (dns_type_is_pseudo(n))
1468 continue;
1469
1470 r = bitmap_set(*types, n);
1471 if (r < 0)
1472 goto fail;
1473 }
1474
1475 bit ++;
1476 bitmask >>= 1;
1477 }
1478 }
1479
1480 if (!found)
1481 return -EBADMSG;
1482
1483 if (start)
1484 *start = saved_rindex;
1485
1486 return 0;
1487 fail:
1488 dns_packet_rewind(p, saved_rindex);
1489 return r;
1490 }
1491
1492 static int dns_packet_read_type_windows(DnsPacket *p, Bitmap **types, size_t size, size_t *start) {
1493 size_t saved_rindex;
1494 int r;
1495
1496 saved_rindex = p->rindex;
1497
1498 while (p->rindex < saved_rindex + size) {
1499 r = dns_packet_read_type_window(p, types, NULL);
1500 if (r < 0)
1501 goto fail;
1502
1503 /* don't read past end of current RR */
1504 if (p->rindex > saved_rindex + size) {
1505 r = -EBADMSG;
1506 goto fail;
1507 }
1508 }
1509
1510 if (p->rindex != saved_rindex + size) {
1511 r = -EBADMSG;
1512 goto fail;
1513 }
1514
1515 if (start)
1516 *start = saved_rindex;
1517
1518 return 0;
1519 fail:
1520 dns_packet_rewind(p, saved_rindex);
1521 return r;
1522 }
1523
1524 int dns_packet_read_key(DnsPacket *p, DnsResourceKey **ret, bool *ret_cache_flush, size_t *start) {
1525 _cleanup_free_ char *name = NULL;
1526 bool cache_flush = false;
1527 uint16_t class, type;
1528 DnsResourceKey *key;
1529 size_t saved_rindex;
1530 int r;
1531
1532 assert(p);
1533 assert(ret);
1534
1535 saved_rindex = p->rindex;
1536
1537 r = dns_packet_read_name(p, &name, true, NULL);
1538 if (r < 0)
1539 goto fail;
1540
1541 r = dns_packet_read_uint16(p, &type, NULL);
1542 if (r < 0)
1543 goto fail;
1544
1545 r = dns_packet_read_uint16(p, &class, NULL);
1546 if (r < 0)
1547 goto fail;
1548
1549 if (p->protocol == DNS_PROTOCOL_MDNS) {
1550 /* See RFC6762, Section 10.2 */
1551
1552 if (type != DNS_TYPE_OPT && (class & MDNS_RR_CACHE_FLUSH)) {
1553 class &= ~MDNS_RR_CACHE_FLUSH;
1554 cache_flush = true;
1555 }
1556 }
1557
1558 key = dns_resource_key_new_consume(class, type, name);
1559 if (!key) {
1560 r = -ENOMEM;
1561 goto fail;
1562 }
1563
1564 name = NULL;
1565 *ret = key;
1566
1567 if (ret_cache_flush)
1568 *ret_cache_flush = cache_flush;
1569 if (start)
1570 *start = saved_rindex;
1571
1572 return 0;
1573 fail:
1574 dns_packet_rewind(p, saved_rindex);
1575 return r;
1576 }
1577
1578 static bool loc_size_ok(uint8_t size) {
1579 uint8_t m = size >> 4, e = size & 0xF;
1580
1581 return m <= 9 && e <= 9 && (m > 0 || e == 0);
1582 }
1583
1584 int dns_packet_read_rr(DnsPacket *p, DnsResourceRecord **ret, bool *ret_cache_flush, size_t *start) {
1585 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
1586 _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL;
1587 size_t saved_rindex, offset;
1588 uint16_t rdlength;
1589 bool cache_flush;
1590 int r;
1591
1592 assert(p);
1593 assert(ret);
1594
1595 saved_rindex = p->rindex;
1596
1597 r = dns_packet_read_key(p, &key, &cache_flush, NULL);
1598 if (r < 0)
1599 goto fail;
1600
1601 if (!dns_class_is_valid_rr(key->class)||
1602 !dns_type_is_valid_rr(key->type)) {
1603 r = -EBADMSG;
1604 goto fail;
1605 }
1606
1607 rr = dns_resource_record_new(key);
1608 if (!rr) {
1609 r = -ENOMEM;
1610 goto fail;
1611 }
1612
1613 r = dns_packet_read_uint32(p, &rr->ttl, NULL);
1614 if (r < 0)
1615 goto fail;
1616
1617 /* RFC 2181, Section 8, suggests to
1618 * treat a TTL with the MSB set as a zero TTL. */
1619 if (rr->ttl & UINT32_C(0x80000000))
1620 rr->ttl = 0;
1621
1622 r = dns_packet_read_uint16(p, &rdlength, NULL);
1623 if (r < 0)
1624 goto fail;
1625
1626 if (p->rindex + rdlength > p->size) {
1627 r = -EBADMSG;
1628 goto fail;
1629 }
1630
1631 offset = p->rindex;
1632
1633 switch (rr->key->type) {
1634
1635 case DNS_TYPE_SRV:
1636 r = dns_packet_read_uint16(p, &rr->srv.priority, NULL);
1637 if (r < 0)
1638 goto fail;
1639 r = dns_packet_read_uint16(p, &rr->srv.weight, NULL);
1640 if (r < 0)
1641 goto fail;
1642 r = dns_packet_read_uint16(p, &rr->srv.port, NULL);
1643 if (r < 0)
1644 goto fail;
1645 r = dns_packet_read_name(p, &rr->srv.name, true, NULL);
1646 break;
1647
1648 case DNS_TYPE_PTR:
1649 case DNS_TYPE_NS:
1650 case DNS_TYPE_CNAME:
1651 case DNS_TYPE_DNAME:
1652 r = dns_packet_read_name(p, &rr->ptr.name, true, NULL);
1653 break;
1654
1655 case DNS_TYPE_HINFO:
1656 r = dns_packet_read_string(p, &rr->hinfo.cpu, NULL);
1657 if (r < 0)
1658 goto fail;
1659
1660 r = dns_packet_read_string(p, &rr->hinfo.os, NULL);
1661 break;
1662
1663 case DNS_TYPE_SPF: /* exactly the same as TXT */
1664 case DNS_TYPE_TXT:
1665 if (rdlength <= 0) {
1666 DnsTxtItem *i;
1667 /* RFC 6763, section 6.1 suggests to treat
1668 * empty TXT RRs as equivalent to a TXT record
1669 * with a single empty string. */
1670
1671 i = malloc0(offsetof(DnsTxtItem, data) + 1); /* for safety reasons we add an extra NUL byte */
1672 if (!i)
1673 return -ENOMEM;
1674
1675 rr->txt.items = i;
1676 } else {
1677 DnsTxtItem *last = NULL;
1678
1679 while (p->rindex < offset + rdlength) {
1680 DnsTxtItem *i;
1681 const void *data;
1682 size_t sz;
1683
1684 r = dns_packet_read_raw_string(p, &data, &sz, NULL);
1685 if (r < 0)
1686 return r;
1687
1688 i = malloc0(offsetof(DnsTxtItem, data) + sz + 1); /* extra NUL byte at the end */
1689 if (!i)
1690 return -ENOMEM;
1691
1692 memcpy(i->data, data, sz);
1693 i->length = sz;
1694
1695 LIST_INSERT_AFTER(items, rr->txt.items, last, i);
1696 last = i;
1697 }
1698 }
1699
1700 r = 0;
1701 break;
1702
1703 case DNS_TYPE_A:
1704 r = dns_packet_read_blob(p, &rr->a.in_addr, sizeof(struct in_addr), NULL);
1705 break;
1706
1707 case DNS_TYPE_AAAA:
1708 r = dns_packet_read_blob(p, &rr->aaaa.in6_addr, sizeof(struct in6_addr), NULL);
1709 break;
1710
1711 case DNS_TYPE_SOA:
1712 r = dns_packet_read_name(p, &rr->soa.mname, true, NULL);
1713 if (r < 0)
1714 goto fail;
1715
1716 r = dns_packet_read_name(p, &rr->soa.rname, true, NULL);
1717 if (r < 0)
1718 goto fail;
1719
1720 r = dns_packet_read_uint32(p, &rr->soa.serial, NULL);
1721 if (r < 0)
1722 goto fail;
1723
1724 r = dns_packet_read_uint32(p, &rr->soa.refresh, NULL);
1725 if (r < 0)
1726 goto fail;
1727
1728 r = dns_packet_read_uint32(p, &rr->soa.retry, NULL);
1729 if (r < 0)
1730 goto fail;
1731
1732 r = dns_packet_read_uint32(p, &rr->soa.expire, NULL);
1733 if (r < 0)
1734 goto fail;
1735
1736 r = dns_packet_read_uint32(p, &rr->soa.minimum, NULL);
1737 break;
1738
1739 case DNS_TYPE_MX:
1740 r = dns_packet_read_uint16(p, &rr->mx.priority, NULL);
1741 if (r < 0)
1742 goto fail;
1743
1744 r = dns_packet_read_name(p, &rr->mx.exchange, true, NULL);
1745 break;
1746
1747 case DNS_TYPE_LOC: {
1748 uint8_t t;
1749 size_t pos;
1750
1751 r = dns_packet_read_uint8(p, &t, &pos);
1752 if (r < 0)
1753 goto fail;
1754
1755 if (t == 0) {
1756 rr->loc.version = t;
1757
1758 r = dns_packet_read_uint8(p, &rr->loc.size, NULL);
1759 if (r < 0)
1760 goto fail;
1761
1762 if (!loc_size_ok(rr->loc.size)) {
1763 r = -EBADMSG;
1764 goto fail;
1765 }
1766
1767 r = dns_packet_read_uint8(p, &rr->loc.horiz_pre, NULL);
1768 if (r < 0)
1769 goto fail;
1770
1771 if (!loc_size_ok(rr->loc.horiz_pre)) {
1772 r = -EBADMSG;
1773 goto fail;
1774 }
1775
1776 r = dns_packet_read_uint8(p, &rr->loc.vert_pre, NULL);
1777 if (r < 0)
1778 goto fail;
1779
1780 if (!loc_size_ok(rr->loc.vert_pre)) {
1781 r = -EBADMSG;
1782 goto fail;
1783 }
1784
1785 r = dns_packet_read_uint32(p, &rr->loc.latitude, NULL);
1786 if (r < 0)
1787 goto fail;
1788
1789 r = dns_packet_read_uint32(p, &rr->loc.longitude, NULL);
1790 if (r < 0)
1791 goto fail;
1792
1793 r = dns_packet_read_uint32(p, &rr->loc.altitude, NULL);
1794 if (r < 0)
1795 goto fail;
1796
1797 break;
1798 } else {
1799 dns_packet_rewind(p, pos);
1800 rr->unparseable = true;
1801 goto unparseable;
1802 }
1803 }
1804
1805 case DNS_TYPE_DS:
1806 r = dns_packet_read_uint16(p, &rr->ds.key_tag, NULL);
1807 if (r < 0)
1808 goto fail;
1809
1810 r = dns_packet_read_uint8(p, &rr->ds.algorithm, NULL);
1811 if (r < 0)
1812 goto fail;
1813
1814 r = dns_packet_read_uint8(p, &rr->ds.digest_type, NULL);
1815 if (r < 0)
1816 goto fail;
1817
1818 r = dns_packet_read_memdup(p, rdlength - 4,
1819 &rr->ds.digest, &rr->ds.digest_size,
1820 NULL);
1821 if (r < 0)
1822 goto fail;
1823
1824 if (rr->ds.digest_size <= 0) {
1825 /* the accepted size depends on the algorithm, but for now
1826 just ensure that the value is greater than zero */
1827 r = -EBADMSG;
1828 goto fail;
1829 }
1830
1831 break;
1832
1833 case DNS_TYPE_SSHFP:
1834 r = dns_packet_read_uint8(p, &rr->sshfp.algorithm, NULL);
1835 if (r < 0)
1836 goto fail;
1837
1838 r = dns_packet_read_uint8(p, &rr->sshfp.fptype, NULL);
1839 if (r < 0)
1840 goto fail;
1841
1842 r = dns_packet_read_memdup(p, rdlength - 2,
1843 &rr->sshfp.fingerprint, &rr->sshfp.fingerprint_size,
1844 NULL);
1845
1846 if (rr->sshfp.fingerprint_size <= 0) {
1847 /* the accepted size depends on the algorithm, but for now
1848 just ensure that the value is greater than zero */
1849 r = -EBADMSG;
1850 goto fail;
1851 }
1852
1853 break;
1854
1855 case DNS_TYPE_DNSKEY:
1856 r = dns_packet_read_uint16(p, &rr->dnskey.flags, NULL);
1857 if (r < 0)
1858 goto fail;
1859
1860 r = dns_packet_read_uint8(p, &rr->dnskey.protocol, NULL);
1861 if (r < 0)
1862 goto fail;
1863
1864 r = dns_packet_read_uint8(p, &rr->dnskey.algorithm, NULL);
1865 if (r < 0)
1866 goto fail;
1867
1868 r = dns_packet_read_memdup(p, rdlength - 4,
1869 &rr->dnskey.key, &rr->dnskey.key_size,
1870 NULL);
1871
1872 if (rr->dnskey.key_size <= 0) {
1873 /* the accepted size depends on the algorithm, but for now
1874 just ensure that the value is greater than zero */
1875 r = -EBADMSG;
1876 goto fail;
1877 }
1878
1879 break;
1880
1881 case DNS_TYPE_RRSIG:
1882 r = dns_packet_read_uint16(p, &rr->rrsig.type_covered, NULL);
1883 if (r < 0)
1884 goto fail;
1885
1886 r = dns_packet_read_uint8(p, &rr->rrsig.algorithm, NULL);
1887 if (r < 0)
1888 goto fail;
1889
1890 r = dns_packet_read_uint8(p, &rr->rrsig.labels, NULL);
1891 if (r < 0)
1892 goto fail;
1893
1894 r = dns_packet_read_uint32(p, &rr->rrsig.original_ttl, NULL);
1895 if (r < 0)
1896 goto fail;
1897
1898 r = dns_packet_read_uint32(p, &rr->rrsig.expiration, NULL);
1899 if (r < 0)
1900 goto fail;
1901
1902 r = dns_packet_read_uint32(p, &rr->rrsig.inception, NULL);
1903 if (r < 0)
1904 goto fail;
1905
1906 r = dns_packet_read_uint16(p, &rr->rrsig.key_tag, NULL);
1907 if (r < 0)
1908 goto fail;
1909
1910 r = dns_packet_read_name(p, &rr->rrsig.signer, false, NULL);
1911 if (r < 0)
1912 goto fail;
1913
1914 r = dns_packet_read_memdup(p, offset + rdlength - p->rindex,
1915 &rr->rrsig.signature, &rr->rrsig.signature_size,
1916 NULL);
1917
1918 if (rr->rrsig.signature_size <= 0) {
1919 /* the accepted size depends on the algorithm, but for now
1920 just ensure that the value is greater than zero */
1921 r = -EBADMSG;
1922 goto fail;
1923 }
1924
1925 break;
1926
1927 case DNS_TYPE_NSEC: {
1928
1929 /*
1930 * RFC6762, section 18.14 explictly states mDNS should use name compression.
1931 * This contradicts RFC3845, section 2.1.1
1932 */
1933
1934 bool allow_compressed = p->protocol == DNS_PROTOCOL_MDNS;
1935
1936 r = dns_packet_read_name(p, &rr->nsec.next_domain_name, allow_compressed, NULL);
1937 if (r < 0)
1938 goto fail;
1939
1940 r = dns_packet_read_type_windows(p, &rr->nsec.types, offset + rdlength - p->rindex, NULL);
1941 if (r < 0)
1942 goto fail;
1943
1944 /* We accept empty NSEC bitmaps. The bit indicating the presence of the NSEC record itself
1945 * is redundant and in e.g., RFC4956 this fact is used to define a use for NSEC records
1946 * without the NSEC bit set. */
1947
1948 break;
1949 }
1950 case DNS_TYPE_NSEC3: {
1951 uint8_t size;
1952
1953 r = dns_packet_read_uint8(p, &rr->nsec3.algorithm, NULL);
1954 if (r < 0)
1955 goto fail;
1956
1957 r = dns_packet_read_uint8(p, &rr->nsec3.flags, NULL);
1958 if (r < 0)
1959 goto fail;
1960
1961 r = dns_packet_read_uint16(p, &rr->nsec3.iterations, NULL);
1962 if (r < 0)
1963 goto fail;
1964
1965 /* this may be zero */
1966 r = dns_packet_read_uint8(p, &size, NULL);
1967 if (r < 0)
1968 goto fail;
1969
1970 r = dns_packet_read_memdup(p, size, &rr->nsec3.salt, &rr->nsec3.salt_size, NULL);
1971 if (r < 0)
1972 goto fail;
1973
1974 r = dns_packet_read_uint8(p, &size, NULL);
1975 if (r < 0)
1976 goto fail;
1977
1978 if (size <= 0) {
1979 r = -EBADMSG;
1980 goto fail;
1981 }
1982
1983 r = dns_packet_read_memdup(p, size, &rr->nsec3.next_hashed_name, &rr->nsec3.next_hashed_name_size, NULL);
1984 if (r < 0)
1985 goto fail;
1986
1987 r = dns_packet_read_type_windows(p, &rr->nsec3.types, offset + rdlength - p->rindex, NULL);
1988 if (r < 0)
1989 goto fail;
1990
1991 /* empty non-terminals can have NSEC3 records, so empty bitmaps are allowed */
1992
1993 break;
1994 }
1995
1996 case DNS_TYPE_TLSA:
1997 r = dns_packet_read_uint8(p, &rr->tlsa.cert_usage, NULL);
1998 if (r < 0)
1999 goto fail;
2000
2001 r = dns_packet_read_uint8(p, &rr->tlsa.selector, NULL);
2002 if (r < 0)
2003 goto fail;
2004
2005 r = dns_packet_read_uint8(p, &rr->tlsa.matching_type, NULL);
2006 if (r < 0)
2007 goto fail;
2008
2009 r = dns_packet_read_memdup(p, rdlength - 3,
2010 &rr->tlsa.data, &rr->tlsa.data_size,
2011 NULL);
2012 if (rr->tlsa.data_size <= 0) {
2013 /* the accepted size depends on the algorithm, but for now
2014 just ensure that the value is greater than zero */
2015 r = -EBADMSG;
2016 goto fail;
2017 }
2018
2019 break;
2020
2021 case DNS_TYPE_OPT: /* we only care about the header of OPT for now. */
2022 case DNS_TYPE_OPENPGPKEY:
2023 default:
2024 unparseable:
2025 r = dns_packet_read_memdup(p, rdlength, &rr->generic.data, &rr->generic.data_size, NULL);
2026 if (r < 0)
2027 goto fail;
2028 break;
2029 }
2030 if (r < 0)
2031 goto fail;
2032 if (p->rindex != offset + rdlength) {
2033 r = -EBADMSG;
2034 goto fail;
2035 }
2036
2037 *ret = rr;
2038 rr = NULL;
2039
2040 if (ret_cache_flush)
2041 *ret_cache_flush = cache_flush;
2042 if (start)
2043 *start = saved_rindex;
2044
2045 return 0;
2046 fail:
2047 dns_packet_rewind(p, saved_rindex);
2048 return r;
2049 }
2050
2051 static bool opt_is_good(DnsResourceRecord *rr, bool *rfc6975) {
2052 const uint8_t* p;
2053 bool found_dau_dhu_n3u = false;
2054 size_t l;
2055
2056 /* Checks whether the specified OPT RR is well-formed and whether it contains RFC6975 data (which is not OK in
2057 * a reply). */
2058
2059 assert(rr);
2060 assert(rr->key->type == DNS_TYPE_OPT);
2061
2062 /* Check that the version is 0 */
2063 if (((rr->ttl >> 16) & UINT32_C(0xFF)) != 0)
2064 return false;
2065
2066 p = rr->opt.data;
2067 l = rr->opt.data_size;
2068 while (l > 0) {
2069 uint16_t option_code, option_length;
2070
2071 /* At least four bytes for OPTION-CODE and OPTION-LENGTH are required */
2072 if (l < 4U)
2073 return false;
2074
2075 option_code = unaligned_read_be16(p);
2076 option_length = unaligned_read_be16(p + 2);
2077
2078 if (l < option_length + 4U)
2079 return false;
2080
2081 /* RFC 6975 DAU, DHU or N3U fields found. */
2082 if (IN_SET(option_code, 5, 6, 7))
2083 found_dau_dhu_n3u = true;
2084
2085 p += option_length + 4U;
2086 l -= option_length + 4U;
2087 }
2088
2089 *rfc6975 = found_dau_dhu_n3u;
2090 return true;
2091 }
2092
2093 int dns_packet_extract(DnsPacket *p) {
2094 _cleanup_(dns_question_unrefp) DnsQuestion *question = NULL;
2095 _cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL;
2096 size_t saved_rindex;
2097 unsigned n, i;
2098 int r;
2099
2100 if (p->extracted)
2101 return 0;
2102
2103 saved_rindex = p->rindex;
2104 dns_packet_rewind(p, DNS_PACKET_HEADER_SIZE);
2105
2106 n = DNS_PACKET_QDCOUNT(p);
2107 if (n > 0) {
2108 question = dns_question_new(n);
2109 if (!question) {
2110 r = -ENOMEM;
2111 goto finish;
2112 }
2113
2114 for (i = 0; i < n; i++) {
2115 _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL;
2116 bool cache_flush;
2117
2118 r = dns_packet_read_key(p, &key, &cache_flush, NULL);
2119 if (r < 0)
2120 goto finish;
2121
2122 if (cache_flush) {
2123 r = -EBADMSG;
2124 goto finish;
2125 }
2126
2127 if (!dns_type_is_valid_query(key->type)) {
2128 r = -EBADMSG;
2129 goto finish;
2130 }
2131
2132 r = dns_question_add(question, key);
2133 if (r < 0)
2134 goto finish;
2135 }
2136 }
2137
2138 n = DNS_PACKET_RRCOUNT(p);
2139 if (n > 0) {
2140 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *previous = NULL;
2141 bool bad_opt = false;
2142
2143 answer = dns_answer_new(n);
2144 if (!answer) {
2145 r = -ENOMEM;
2146 goto finish;
2147 }
2148
2149 for (i = 0; i < n; i++) {
2150 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
2151 bool cache_flush;
2152
2153 r = dns_packet_read_rr(p, &rr, &cache_flush, NULL);
2154 if (r < 0)
2155 goto finish;
2156
2157 /* Try to reduce memory usage a bit */
2158 if (previous)
2159 dns_resource_key_reduce(&rr->key, &previous->key);
2160
2161 if (rr->key->type == DNS_TYPE_OPT) {
2162 bool has_rfc6975;
2163
2164 if (p->opt || bad_opt) {
2165 /* Multiple OPT RRs? if so, let's ignore all, because there's something wrong
2166 * with the server, and if one is valid we wouldn't know which one. */
2167 log_debug("Multiple OPT RRs detected, ignoring all.");
2168 bad_opt = true;
2169 continue;
2170 }
2171
2172 if (!dns_name_is_root(DNS_RESOURCE_KEY_NAME(rr->key))) {
2173 /* If the OPT RR qis not owned by the root domain, then it is bad, let's ignore
2174 * it. */
2175 log_debug("OPT RR is not owned by root domain, ignoring.");
2176 bad_opt = true;
2177 continue;
2178 }
2179
2180 if (i < DNS_PACKET_ANCOUNT(p) + DNS_PACKET_NSCOUNT(p)) {
2181 /* OPT RR is in the wrong section? Some Belkin routers do this. This is a hint
2182 * the EDNS implementation is borked, like the Belkin one is, hence ignore
2183 * it. */
2184 log_debug("OPT RR in wrong section, ignoring.");
2185 bad_opt = true;
2186 continue;
2187 }
2188
2189 if (!opt_is_good(rr, &has_rfc6975)) {
2190 log_debug("Malformed OPT RR, ignoring.");
2191 bad_opt = true;
2192 continue;
2193 }
2194
2195 if (has_rfc6975) {
2196 /* If the OPT RR contains RFC6975 algorithm data, then this is indication that
2197 * the server just copied the OPT it got from us (which contained that data)
2198 * back into the reply. If so, then it doesn't properly support EDNS, as
2199 * RFC6975 makes it very clear that the algorithm data should only be contained
2200 * in questions, never in replies. Crappy Belkin routers copy the OPT data for
2201 * example, hence let's detect this so that we downgrade early. */
2202 log_debug("OPT RR contained RFC6975 data, ignoring.");
2203 bad_opt = true;
2204 continue;
2205 }
2206
2207 p->opt = dns_resource_record_ref(rr);
2208 } else {
2209
2210 /* According to RFC 4795, section 2.9. only the RRs from the Answer section shall be
2211 * cached. Hence mark only those RRs as cacheable by default, but not the ones from the
2212 * Additional or Authority sections. */
2213
2214 r = dns_answer_add(answer, rr, p->ifindex,
2215 (i < DNS_PACKET_ANCOUNT(p) ? DNS_ANSWER_CACHEABLE : 0) |
2216 (p->protocol == DNS_PROTOCOL_MDNS && !cache_flush ? DNS_ANSWER_SHARED_OWNER : 0));
2217 if (r < 0)
2218 goto finish;
2219 }
2220
2221 /* Remember this RR, so that we potentically can merge it's ->key object with the next RR. Note
2222 * that we only do this if we actually decided to keep the RR around. */
2223 dns_resource_record_unref(previous);
2224 previous = dns_resource_record_ref(rr);
2225 }
2226
2227 if (bad_opt)
2228 p->opt = dns_resource_record_unref(p->opt);
2229 }
2230
2231 p->question = question;
2232 question = NULL;
2233
2234 p->answer = answer;
2235 answer = NULL;
2236
2237 p->extracted = true;
2238
2239 r = 0;
2240
2241 finish:
2242 p->rindex = saved_rindex;
2243 return r;
2244 }
2245
2246 int dns_packet_is_reply_for(DnsPacket *p, const DnsResourceKey *key) {
2247 int r;
2248
2249 assert(p);
2250 assert(key);
2251
2252 /* Checks if the specified packet is a reply for the specified
2253 * key and the specified key is the only one in the question
2254 * section. */
2255
2256 if (DNS_PACKET_QR(p) != 1)
2257 return 0;
2258
2259 /* Let's unpack the packet, if that hasn't happened yet. */
2260 r = dns_packet_extract(p);
2261 if (r < 0)
2262 return r;
2263
2264 if (p->question->n_keys != 1)
2265 return 0;
2266
2267 return dns_resource_key_equal(p->question->keys[0], key);
2268 }
2269
2270 static const char* const dns_rcode_table[_DNS_RCODE_MAX_DEFINED] = {
2271 [DNS_RCODE_SUCCESS] = "SUCCESS",
2272 [DNS_RCODE_FORMERR] = "FORMERR",
2273 [DNS_RCODE_SERVFAIL] = "SERVFAIL",
2274 [DNS_RCODE_NXDOMAIN] = "NXDOMAIN",
2275 [DNS_RCODE_NOTIMP] = "NOTIMP",
2276 [DNS_RCODE_REFUSED] = "REFUSED",
2277 [DNS_RCODE_YXDOMAIN] = "YXDOMAIN",
2278 [DNS_RCODE_YXRRSET] = "YRRSET",
2279 [DNS_RCODE_NXRRSET] = "NXRRSET",
2280 [DNS_RCODE_NOTAUTH] = "NOTAUTH",
2281 [DNS_RCODE_NOTZONE] = "NOTZONE",
2282 [DNS_RCODE_BADVERS] = "BADVERS",
2283 [DNS_RCODE_BADKEY] = "BADKEY",
2284 [DNS_RCODE_BADTIME] = "BADTIME",
2285 [DNS_RCODE_BADMODE] = "BADMODE",
2286 [DNS_RCODE_BADNAME] = "BADNAME",
2287 [DNS_RCODE_BADALG] = "BADALG",
2288 [DNS_RCODE_BADTRUNC] = "BADTRUNC",
2289 };
2290 DEFINE_STRING_TABLE_LOOKUP(dns_rcode, int);
2291
2292 static const char* const dns_protocol_table[_DNS_PROTOCOL_MAX] = {
2293 [DNS_PROTOCOL_DNS] = "dns",
2294 [DNS_PROTOCOL_MDNS] = "mdns",
2295 [DNS_PROTOCOL_LLMNR] = "llmnr",
2296 };
2297 DEFINE_STRING_TABLE_LOOKUP(dns_protocol, DnsProtocol);
Unnamed repository; edit this file 'description' to name the repository.