summaryrefslogtreecommitdiff
path: root/libc/inet
AgeCommit message (Collapse)Author
2024-02-22Introduce time64 support.Dmitry Chestnykh
This patch introduces *time64 syscalls support for uClibc-ng. Currently the redirection of syscalls to their *time64 analogs is fully supported for 32bit ARM (ARMv5, ARMv6, ARMv7). The main changes that take effect when time64 feature is enabled are: - sizeof(time_t) is 8. - There is a possibility os setting date beyond year 2038. - some syscalls are redirected: clock_adjtime -> clock_adjtime64 clock_getres -> clock_getres_time64 clock_gettime -> clock_gettime64 clock_nanosleep -> clock_nanosleep_time64 clock_settime -> clock_settime64 futex -> futex_time64 mq_timedreceive -> mq_timedreceive_time64 mq_timedsend -> mq_timedsend_time64 ppoll -> ppoll_time64 pselect6 -> pselect6_time64 recvmmsg -> recvmmsg_time64 rt_sigtimedwait -> rt_sigtimedwait_time64 sched_rr_get_interval -> sched_rr_get_interval_time64 semtimedop -> semtimedop_time64 timer_gettime -> timer_gettime64 timer_settime -> timer_settime64 timerfd_gettime -> timerfd_gettime64 timerfd_settime -> timerfd_settime64 utimensat -> utimensat_time64. - settimeofday uses clock_settime (like in glibc/musl). - gettimeofday uses clock_gettime (like in glibc/musl). - nanosleep uses clock_nanosleep (like in glibc/musl). - There are some fixes in data structures used by libc and kernel for correct data handling both with and without enabled time64 support. Signed-off-by: Dmitry Chestnykh <dm.chestnykh@gmail.com>
2024-02-20libc: Fix some unused parameter warningsSven Linker
2024-02-18Fix broken compilation of uClibc-ng.Dmitry Chestnykh
During buildroot compilation with latest uClibc I've encoutered linking error due to multiple definition of some symbols from DNS code. The error happens because the same file resolv.c is included inside many other .c files: res_comp.c:(.text+0x0): multiple definition of `__GI___dn_expand'; libc/libc_so.a(encodeq.os):encodeq.c:(.text+0x8a0): first defined here res_comp.c:(.text+0x0): multiple definition of `__dn_expand'; libc/libc_so.a(encodeq.os):encodeq.c:(.text+0x8a0): first defined here res_comp.c:(.text+0x34): multiple definition of `__GI___dn_comp'; libc/libc_so.a(encodeq.os):encodeq.c:(.text+0xc68): first defined here res_comp.c:(.text+0x34): multiple definition of `__dn_comp'; libc/libc_so.a(encodeq.os):encodeq.c:(.text+0xc68): first defined here ns_name.c:(.text+0x4c): multiple definition of `__GI___ns_name_ntop'; libc/libc_so.a(encodeq.os):encodeq.c:(.text+0x4c): first defined here ns_name.c:(.text+0x4c): multiple definition of `__ns_name_ntop'; libc/libc_so.a(encodeq.os):encodeq.c:(.text+0x4c): first defined here ns_name.c:(.text+0x1f8): multiple definition of `__GI___ns_name_pton'; libc/libc_so.a(encodeq.os):encodeq.c:(.text+0x1f8): first defined here ns_name.c:(.text+0x1f8): multiple definition of `__ns_name_pton'; libc/libc_so.a(encodeq.os):encodeq.c:(.text+0x1f8): first defined here ns_name.c:(.text+0x624): multiple definition of `__hnbad'; libc/libc_so.a(encodeq.os):encodeq.c:(.text+0x624): first defined here ns_name.c:(.text+0x718): multiple definition of `__GI___ns_name_unpack'; libc/libc_so.a(encodeq.os):encodeq.c:(.text+0x718): first defined here ns_name.c:(.text+0x718): multiple definition of `__ns_name_unpack'; libc/libc_so.a(encodeq.os):encodeq.c:(.text+0x718): first defined here ns_name.c:(.text+0x84c): multiple definition of `__GI___ns_name_uncompress'; libc/libc_so.a(encodeq.os):encodeq.c:(.text+0x84c): first defined here ns_name.c:(.text+0x84c): multiple definition of `__ns_name_uncompress'; libc/libc_so.a(encodeq.os):encodeq.c:(.text+0x84c): first defined here ns_name.c:(.text+0x8a0): multiple definition of `__GI___ns_name_pack'; libc/libc_so.a(encodeq.os):encodeq.c:(.text+0x8d4): first defined here ns_name.c:(.text+0x8a0): multiple definition of `__ns_name_pack'; libc/libc_so.a(encodeq.os):encodeq.c:(.text+0x8d4): first defined here ns_name.c:(.text+0xbe4): multiple definition of `__GI___ns_name_compress'; libc/libc_so.a(encodeq.os):encodeq.c:(.text+0xc18): first defined here ns_name.c:(.text+0xbe4): multiple definition of `__ns_name_compress'; libc/libc_so.a(encodeq.os):encodeq.c:(.text+0xc18): first defined here ns_name.c:(.text+0xc34): multiple definition of `__GI___ns_name_skip'; libc/libc_so.a(encodeq.os):encodeq.c:(.text+0xcdc): first defined here ns_name.c:(.text+0xc34): multiple definition of `__ns_name_skip'; libc/libc_so.a(encodeq.os):encodeq.c:(.text+0xcdc): first defined here ns_name.c:(.text+0xcd4): multiple definition of `__GI___dn_skipname'; libc/libc_so.a(encodeq.os):encodeq.c:(.text+0xd7c): first defined here ns_name.c:(.text+0xcd4): multiple definition of `__dn_skipname'; libc/libc_so.a(encodeq.os):encodeq.c:(.text+0xd7c): first defined here My previous commit that fixes build error of DNS code is okay, but there are some 'bottlenecks' in uClibc-ng code, so if we don't want to completely rewrite resolv.c we need to make some symbols weak to prevent linking errors.
2024-02-10libc: Fix dns-related build issues.Dmitry Chestnykh
- The first observed issue is linking failure: ` /usr/bin/ld: libc/libc_so.a(encodeq.os): in function `__encode_question': encodeq.c:(.text+0x16): undefined reference to `__GI___dn_comp' /usr/bin/ld: libc/libc_so.a(dnslookup.os): in function `__dns_lookup': dnslookup.c:(.text+0x6fb): undefined reference to `__GI___dn_expand' /usr/bin/ld: dnslookup.c:(.text+0x7ab): undefined reference to `__hnbad' collect2: error: ld returned 1 exit status ` The root cause is that the resolv.c file contains some functions (dn_comp, dn_expand, __hnbad) under `#ifdef L_ns_name` and `#ifdef L_ns_comp` which wasn't defined, so we had undefined refs to such functions. - The second issue is misleading indentation inside `ns_name_pack`. ` libc/inet/resolv.c: In function '__ns_name_pack': libc/inet/resolv.c:3519:17: warning: this 'if' clause does not guard... 3519 | if (msg != NULL) ... ./include/errno.h:73:18: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if' 73 | # define errno errno /* For #ifndef errno tests. */ | ^~~~~ libc/inet/resolv.c:3522:25: note: in expansion of macro 'errno' 3522 | errno = EMSGSIZE; ` Signed-off-by: Dmitry Chestnykh <dm.chestnykh@gmail.com>
2023-12-22Fix -Wnon-literal-null-conversion clang warningMarius Melzer
Clang warns that the NULL character literal '\0' is used as a pointer value. Change this to 0 in order to avoid the warning.
2023-11-27getaddrinfo.c: Avoid misleading indentation warningMarcus Haehnel
When compiling getaddrinfo.c with clang the -Wmisleading-indentation option will cause a warning due to the indentation lining up with the previous statement in the if block above. For gcc the warning is blinded by the commented line. See also: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107162 Move the comment behind the function call to make both compilers happy.
2022-06-08inet: gethostid: only accept v4 addressesнаб
getaddrinfo() returns addresses from, at least, ip(7) and ipv6(7), but _addr() always uses sin_addr from struct sockaddr_in; we're saved from wild unsoundness (or incompatibility) by virtue of struct sockaddr_in6 having an always-0 u32 sin6_flowinfo at the same offset, so we end up returning 0 anyway, but in a round-about and definitely unintended way Instead, limit the request to AF_INET, and fall through to the end early, returning the default id=0 Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
2022-05-29DnsLookup: stdint, timeforced reseedinghanishkvc
Explicitly include stdint header as logic uses INT[64]_MAX, just in case for future, even though the chain of headers from existing includes brings in the definition indirectly as of now. Cross check for time gap between prngplus reseeding, periodically, has the internal state is being consumed, so that if there is too much time gap, then prng reseeding can be forced, before the normal reseed window is reached. This is useful for long running programs which trigger dns queries only intermittently. If clock_gettime is not available, then reseed more frequently, by default. A platform developer may change the reseed frequence, to be bit more less often in this case, if needed, by tweaking the defines in the source. Signed-off-by: hanishkvc <hanishkvc@gmail.com>
2022-05-12DnsLookup: Configurable dnsQueryId generation including randomhanishkvc
Dns lookup logic has been updated to provide a configurable compile time selection of dns query id generation logics, including random, where possible, instead of the previous simple counter mode. This should make dns poison attempts more difficult. The uclibc developers wish to thank the white hat teams which alerted the community about the possible weakness in the dns path, given the increased resources with adversaries today. Given that embedded systems may or may not have sources for trying to generate random numbers, and also to try and keep the load on the system low, by default it uses the standard random prng based logic to indirectly generate the ids. However if either urandom or else if realtime clock is available on the target, then the same is used to reseed the prng periodically in a slightly non deterministic manner. Also additional transform (one way where possible) is used to avoid directly exposing the internal random sequence. The dns lookup logic maintains its own state wrt the random prng functions, so that other users of the library's random prng are not affected wrt their operations with the prng. Note to Platform developers: If you want to change from the default prngplus based logic, to one of the other logics provided, then during compile/config time you can switch to one of these additional choices wrt dns query id generation, by using make config and companions. If your platform doesnt support urandom nor a realtime clock backed by a source with sufficient resolution, and or for some reason if you want to revert to previous simple counter, rather than the transformed random prng plus logic, you can force the same at compile time by selecting SimpleCounter mode. If you want to increase the randomness of the generated ids, and dont mind the increased system load and latency then you could select the Urandom mode during config. Do note that it will be dipping into the entropy pool maintained by ur system. If your target has a system realtime clock available and exposed to user space, and inturn if you want to keep the underlying logic simple, you could try using the clock option from the config. However do note that the clock should have nanosecond resolution to help generate ids which are plausibly random. Also improvements to processor and or io performance can affect this. Wrt the URandom and Clock modes, if there is a failure with generation of the next random value, the logic tries to fallback to simple counter mode. If you want to change the underlying logic to make it more random and or more simple, look at dnsrand_setup and dnsrand_next. Signed-off-by: hanishkvc <hanishkvc@gmail.com>
2022-01-21fix compile for Linuxthreads enabledWaldemar Brodkorb
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
2021-11-26libc/inet/resolv: fix per thread res_state accessPeter Seiderer
- use the provided __res_state() method instead of direct access to struct __res_state pointer &_res/*__resp - change the __UCLIBC_HAS_TLS__ protected __res_state() implementation to the one where the comment 'When threaded, _res may be a per-thread variable.' indicates this should be used with threads/TLS enabled Fixes the following segfaults with buildroot raspberrypi3_64_defconfig (uclibc, -Os, Note: runs fine using the raspberrypi3_defconfig): $ /usr/sbin/ntpd -n -d 1970-01-01T00:01:49 ntpd[249]: INIT: ntpd ntpsec-1.2.0 2021-11-03T20:39:50Z: Starting 1970-01-01T00:01:49 ntpd[249]: INIT: Command line: /usr/sbin/ntpd -n -d 1970-01-01T00:01:49 ntpd[249]: INIT: precision = 7.240 usec (-17) 1970-01-01T00:01:49 ntpd[249]: INIT: successfully locked into RAM 1970-01-01T00:01:49 ntpd[249]: CONFIG: readconfig: parsing file: /etc/ntp.conf 1970-01-01T00:01:49 ntpd[249]: CONFIG: restrict nopeer ignored 1970-01-01T00:01:49 ntpd[249]: INIT: Using SO_TIMESTAMPNS 1970-01-01T00:01:49 ntpd[249]: IO: Listen and drop on 0 v6wildcard [::]:123 1970-01-01T00:01:49 ntpd[249]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123 1970-01-01T00:01:49 ntpd[249]: IO: Listen normally on 2 lo 127.0.0.1:123 1970-01-01T00:01:49 ntpd[249]: IO: Listen normally on 3 eth0 172.16.0.30:123 1970-01-01T00:01:49 ntpd[249]: IO: Listen normally on 4 lo [::1]:123 1970-01-01T00:01:49 ntpd[249]: IO: Listen normally on 5 eth0 [fe80::ba27:ebff:fea6:340%2]:123 1970-01-01T00:01:49 ntpd[249]: IO: Listening on routing socket on fd #22 for interface updates 1970-01-01T00:01:50 ntpd[249]: SYNC: Found 10 servers, suggest minsane at least 3 1970-01-01T00:01:50 ntpd[249]: INIT: MRU 10922 entries, 13 hash bits, 65536 bytes 1970-01-01T00:01:50 ntpd[249]: statistics directory /var/NTP/ does not exist or is unwriteable, error No such file or directory 1970-01-01T00:01:51 ntpd[249]: DNS: dns_probe: 0.pool.ntp.org, cast_flags:8, flags:101 Segmentation fault (core dumped) $ ./host/bin/aarch64-buildroot-linux-uclibc-gdb ./build/ntpsec-1_2_0/build/main/ntpd/ntpd core Core was generated by `/usr/sbin/ntpd -n -d'. Program terminated with signal SIGSEGV, Segmentation fault. (gdb) where #0 0x0000007f8ff1f150 in res_sync_func () at libc/inet/resolv.c:3356 #1 0x0000007f8ff1c468 in __open_nameservers () at libc/inet/resolv.c:949 #2 0x0000007f8ff1b498 in __dns_lookup (name=0x55943c67f0 "0.pool.ntp.org", type=1, outpacket=0x7f8fe91c48, a=0x7f8fe91c08) at libc/inet/resolv.c:1134 #3 0x0000007f8ff1d744 in __GI_gethostbyname_r ( name=0x55943c67f0 "0.pool.ntp.org", result_buf=0x7f8fe92628, buf=0x7f8fe91d90 "", buflen=992, result=0x7f8fe92670, h_errnop=0x7f8fe92668) at libc/inet/resolv.c:1966 #4 0x0000007f8ff1d9a0 in __GI_gethostbyname2_r ( name=0x55943c67f0 "0.pool.ntp.org", family=2, result_buf=0x7f8fe92628, buf=0x7f8fe91d70 "0.pool.ntp.org", buflen=1024, result=0x7f8fe92670, h_errnop=0x7f8fe92668) at libc/inet/resolv.c:2065 #5 0x0000007f8ff16924 in gaih_inet (name=0x55943c67f0 "0.pool.ntp.org", service=0x7f8fe92828, req=0x7f8fe92890, pai=0x7f8fe92838) at libc/inet/getaddrinfo.c:596 #6 0x0000007f8ff17624 in __GI_getaddrinfo ( name=0x55943c67f0 "0.pool.ntp.org", service=0x5582eb8acd "\377H\213D$\bL\211\367H\213\260\270", hints=0x7f8fe92890, pai=0x5582ee1bf8) at libc/inet/getaddrinfo.c:957 #7 0x0000005582ea60f4 in _start () (gdb) p _res $1 = {options = 0, nsaddr_list = {{sin_family = 0, sin_port = 0, sin_addr = { s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, { sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}}, dnsrch = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, nscount = 0 '\000', ndots = 0 '\000', retrans = 0 '\000', retry = 0 '\000', defdname = '\000' <repeats 255 times>, nsort = 0 '\000', pfcode = 0, id = 0, res_h_errno = 0, sort_list = {{addr = { s_addr = 0}, mask = 0}, {addr = {s_addr = 0}, mask = 0}, {addr = { s_addr = 0}, mask = 0}, {addr = {s_addr = 0}, mask = 0}, {addr = { s_addr = 0}, mask = 0}, {addr = {s_addr = 0}, mask = 0}, {addr = { s_addr = 0}, mask = 0}, {addr = {s_addr = 0}, mask = 0}, {addr = { s_addr = 0}, mask = 0}, {addr = {s_addr = 0}, mask = 0}}, _u = { _ext = {nsaddrs = {0x0, 0x0, 0x0}, nscount = 0 '\000', nstimes = {0, 0, 0}, nssocks = {0, 0, 0}, nscount6 = 0, nsinit = 0}}} (gdb) p &_res $2 = (struct __res_state *) 0x7f8ff8fd98 <_res> (gdb) p rp $3 = (struct __res_state *) 0x7fffffffff And the following uclibc code at libc/inet/resolv.c:3356: 3345 static void res_sync_func(void) 3346 { 3347 struct __res_state *rp = &(_res); 3348 int n; 3349 3350 /* If we didn't get malloc failure earlier... */ 3351 if (__nameserver != (void*) &__local_nameserver) { 3352 /* TODO: 3353 * if (__nameservers < rp->nscount) - try to grow __nameserver[]? 3354 */ 3355 #ifdef __UCLIBC_HAS_IPV6__ 3356 if (__nameservers > rp->_u._ext.nscount) 3357 __nameservers = rp->_u._ext.nscount; 3358 n = __nameservers; The special thing about ntpsec is the DNS lookup in an extra thread and/or the call to res_init(), see ntpsec-1_2_0/ntpd/ntp_dns.c: 69 msyslog(LOG_INFO, "DNS: dns_probe: %s, cast_flags:%x, flags:%x%s", 70 hostname, pp->cast_flags, pp->cfg.flags, busy); 71 if (NULL != active) /* normally redundant */ 72 return false; 73 74 active = pp; 75 76 sigfillset(&block_mask); 77 pthread_sigmask(SIG_BLOCK, &block_mask, &saved_sig_mask); 78 rc = pthread_create(&worker, NULL, dns_lookup, pp); and 165 static void* dns_lookup(void* arg) 166 { 167 struct peer *pp = (struct peer *) arg; 168 struct addrinfo hints; 169 170 #ifdef HAVE_SECCOMP_H 171 setup_SIGSYS_trap(); /* enable trap for this thread */ 172 #endif 173 174 #ifdef HAVE_RES_INIT 175 /* Reload DNS servers from /etc/resolv.conf in case DHCP has updated it. 176 * We only need to do this occasionally, but it's not expensive 177 * and simpler to do it every time than it is to figure out when 178 * to do it. 179 * This res_init() covers NTS too. 180 */ 181 res_init(); 182 #endif 183 184 if (pp->cfg.flags & FLAG_NTS) { 185 #ifndef DISABLE_NTS 186 nts_probe(pp); 187 #endif 188 } else { 189 ZERO(hints); 190 hints.ai_protocol = IPPROTO_UDP; 191 hints.ai_socktype = SOCK_DGRAM; 192 hints.ai_family = AF(&pp->srcadr); 193 gai_rc = getaddrinfo(pp->hostname, NTP_PORTA, &hints, &answer); 194 } $ /usr/lib/uclibc-ng-test/test/inet/tst-res Segmentation fault (core dumped) $ ./host/bin/aarch64-buildroot-linux-uclibc-gdb ./build/uclibc-ng-test-0844445e7358eb10e716155b55b0fb23e88d644a/test/inet/tst-res core Core was generated by `/usr/lib/uclibc-ng-test/test/inet/tst-res'. Program terminated with signal SIGSEGV, Segmentation fault. (gdb) where #0 __GI___res_init () at libc/inet/resolv.c:3514 #1 0x0000005591e507e4 in main (argc=<optimized out>, argv=<optimized out>) at tst-res.c:20 First reported here: https://lore.kernel.org/buildroot/20211028230131.5f50d6e7@gmx.net/ https://www.mail-archive.com/devel@uclibc-ng.org/msg01085.html Signed-off-by: Peter Seiderer <ps.report@gmx.net>
2021-08-09libc/inet/resolv.c: add __hnbad to check DNS entries for validity…mirabilos
… using the same rules glibc does also call __hnbad in some places to check answers
2021-08-09make __{en,de}code_dotted into macrosmirabilos
they merely call dn_{comp,expand} slightly rearranging the arguments Signed-off-by: mirabilos <mirabilos@evolvis.org>
2021-08-09actually remove the ifdeffed-out code from the previous commitmirabilos
Signed-off-by: mirabilos <mirabilos@evolvis.org>
2021-08-09libc/inet/resolv.c: use dn_{comp,expand} for __{en,de}code_dottedmirabilos
Minimal-invasive change: just ifdeffing away the older code. There is no reason to have two different sets of functions doing the same thing, one used in half the code and another, doing less escaping, in the other half; just use one. Signed-off-by: mirabilos <mirabilos@evolvis.org>
2020-09-21Support b64_ntop(), b64_pton() (bsd-compat)Waldemar Brodkorb
Signed-off-by: akater <nuclearspace@gmail.com>
2020-06-19inet: add sockatmark implementationClement Leger
Import musl C sockatmark implementation into uClibc-ng. Signed-off-by: Clement Leger <cleger@kalray.eu> Acked-by: Yann Sionneau <ysionneau@kalray.eu>
2020-01-30Fix map_newlink abort when interface list changes during getifaddrsVincent Hou
map_newlink() may abort when interface list changed between netlink request for getting interfaces and getting addresses. This commit is ported from the same change from glibc commit. Signed-off-by: Vincent Hou <vincent.houyi@gmail.com>
2018-12-14fix issues in ethers.cWaldemar Brodkorb
Old version manages strings the regular way (i.e. counting on zero-ended sequences). In fact strings captured from the /etc/ethers file are '\n'-ended. So, for example, using strchr function could lead to buffer overflow. Reported-by: "Andrey V. Zhmurin" <zhmurin_a@mcst.ru
2018-10-20do not expose recvmmsg/sendmmsg for unsupported kernelsWaldemar Brodkorb
2017-11-02convert accept4() to use cancel.h macrosWaldemar Brodkorb
2017-10-08socketcall: fix compile issue with older Linux kernelWaldemar Brodkorb
2017-10-01recvmmsg/sendmmsg: add recvmmsg sendmmsg support.Guo Ren
The recvmmsg and sendmmsg is very important for UDP stream application. If we only use recvmsg for UDP stream, it will only copy one mtu size of data in a syscall. And recvmmsg copy as many as you want in a syscall. So recvmmsg is more efficient,and some applications will depends on the recvmmsg and sendmmsg, eg: UDP media stream player. Signed-off-by: Guo Ren <ren_guo@c-sky.com>
2017-06-21remove editor hints for viWaldemar Brodkorb
2017-06-06fix gcc warning with -Wmisleading-indentationWaldemar Brodkorb
2017-03-20remove RPC implementationWaldemar Brodkorb
The included RPC implementation is ipv4 only. Other C library projects have either deprecated the internal RPC implementation (GNU C Library) or never implemented such functionality (musl C Library). The latest rpcbind release (0.2.4) checks for libtirpc and does not allow to be build with uClibc-ng RPC without patching. The common use case for RPC nowadays is to use rpcbind together with nfs-utils to provide NFS server or client support to a system. The included RPC implementation does create issues with duplicate symbol failures when statically compiling with RPC enabled.
2016-12-30inet: fix getnameinfo problem found by new test casesWaldemar Brodkorb
Follow documented behaviour: http://man7.org/linux/man-pages/man3/getnameinfo.3.html Sync with GNU libc behaviour.
2016-12-30remove inline changelog, we have gitWaldemar Brodkorb
2016-12-02remove libintl stub and libintl.h headerWaldemar Brodkorb
As __UCLIBC_HAS_GETTEXT_AWARENESS__ is never defined, this is mostly dead code. It is planned to integrate libiconv-tiny and gettext-tiny into uClibc-ng after the next release, so that more software packages can be used without modification. Remove any _/_N macro usage.
2016-08-05sunrpc: Do not use alloca in clntudp_callWaldemar Brodkorb
CVE-2016-4429: The call is technically in a loop, and under certain circumstances (which are quite difficult to reproduce in a test case), alloca can be invoked repeatedly during a single call to clntudp_call. As a result, the available stack space can be exhausted (even though individual alloca sizes are bounded implicitly by what can fit into a UDP packet, as a side effect of the earlier successful send operation). From GNU libc: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=bc779a1a5b3035133024b21e2f339fe4219fb11c
2016-06-24inet/resolv: Try search domains first for unqualified namesIngo van Lil
When resolving an unqualified host name, the resolver tries the original name first before appending the domains from the search list. If a TLD with the same name exists, the query will succeed (but yield no A record) and the resolver will return HOST_NOT_FOUND without trying the search domains. This patch changes the lookup order for unqualified host names (without dots) to try the search domains first and the original name last. Signed-off-by: Ingo van Lil <inguin@gmx.de>
2016-06-21inet/getaddrinfo: fix AF_V4MAPPED behavior for non IPv6 host resolutionWenzel, Alexander
When trying to resolve a hostname by getaddrinfo() using some specific settings, it will always return -EAI_NONAME (Name or service not known). To reproduce this behavior, you need to request an IPv6 address with the additional AF_V4MAPPED flag set from an non IPv6 capable hostname. If you choose a IPv4/IPv6 capable hostname like google.com, everything works fine. This patch is more or less a port [1][2] from the glibc and their behavior for the AF_V4MAPPED flag. To test the bug you can use the following snippet. ---- 8< ---- int ret; struct addrinfo* result; struct addrinfo hints; memset(&hints, 0, sizeof(struct addrinfo)); hints.ai_family = AF_INET6; hints.ai_flags = AI_V4MAPPED; ret = getaddrinfo("test.com", NULL, &hints, &result); printf("getaddrinfo(): %i", ret); ---- 8< ---- [1] https://sourceware.org/git/?p=glibc.git;a=commit;f=sysdeps/posix/getaddrinfo.c;h=925c3c5c71596c02f7e58a0ffcdcaae44eb065c1 [2] https://sourceware.org/git/?p=glibc.git;a=commit;f=sysdeps/posix/getaddrinfo.c;h=28977c2c1acb789660ad47e0d88e42486059c916 Signed-off-by: Alexander Wenzel <alexander.wenzel@qsc.de>
2016-06-01remove MJN only debug messagesWaldemar Brodkorb
2016-03-10getaddrinfo: correct AI_V4MAPPED handlingPeter Korsgaard
As recently reported on the Buildroot list: http://lists.busybox.net/pipermail/buildroot/2016-March/155325.html DNS lookups with Node.js currently fails on uClibc-ng. The reason for this is the way AI_V4MAPPED is handled. According to POSIX, AI_V4MAPPED should be ignored unless ai_family is AF_INET6: http://pubs.opengroup.org/onlinepubs/9699919799/functions/freeaddrinfo.html If the AI_V4MAPPED flag is specified along with an ai_family of AF_INET6, then getaddrinfo() shall return IPv4-mapped IPv6 addresses on finding no matching IPv6 addresses (ai_addrlen shall be 16). The AI_V4MAPPED flag shall be ignored unless ai_family equals AF_INET6. uClibc-ng was also handling AI_V4MAPPED for AF_UNSPEC, fix that. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-03-10DNS: Don't apply search domains to PTR lookupsTim Hockin
This lessens the load on upstream DNS servers (and it was just nonsensical). Signed-off-by: Tim Hockin <thockin@google.com>
2016-03-10DNS: don't count search-path miss as a retryTim Hockin
Currently a miss on a search-path entry is counted as a retry. This means that users with more than (num_nameservers * retries) entries in their search path list fail before trying all search paths. Concretely, a single nameserver with 4 search paths will never try the 4th search because the default retry is 3. The code doesn't currently retry a given nameserver in case of an error, so retries is sort of meaningless (though there are some comments indicating it might come). This change only treats total failure of a nameserver (try next server) as a retry. Signed-off-by: Tim Hockin <thockin@google.com>
2016-02-24Replace /etc/resolv.conf with _PATH_RESCONF to allow portability of the code ↵Ubaldo Porcheddu
on system where resolv.conf is not in /etc . Signed-off-by: Ubaldo Porcheddu <ubaldo@eja.it>
2016-01-31Make sure to always terminate decoded stringWaldemar Brodkorb
Write a terminating '\0' to dest when the first byte of the encoded data is 0. This corner case was previously missed. Signed-off-by: Daniel Fahlgren <daniel@fahlgren.se> Signed-off-by: Waldemar Brodkorb <wbx@uclibc-ng.org>
2016-01-31Do not follow compressed items forever.Waldemar Brodkorb
It is possible to get stuck in an infinite loop when receiving a specially crafted DNS reply. Exit the loop after a number of iteration and consider the packet invalid. Signed-off-by: Daniel Fahlgren <daniel@fahlgren.se> Signed-off-by: Waldemar Brodkorb <wbx@uclibc-ng.org>
2016-01-02libc/inet: Unbreak gethostent()Waldemar Brodkorb
Although gethostent() is obsoleted, there is no reason to keep it broken. Fix two problems: * commit f65e66078b "resolver: switch to config parser" leave an extra break statement in case of GETHOSTENT in __read_etc_hosts_r. In result, output buffer wasn't initialized at all. * gethostent static buffer has insufficient size to store aliases, so __read_etc_hosts_r always returns ERANGE. Restore ALIAS_DIM define. Add test-case. Signed-off-by: Leonid Lisovskiy <lly.dev@gmail.com>
2016-01-02Use dynamic buffers for gethostent/gethostbyname/gethostbyaddrWaldemar Brodkorb
Save ~1k static space (.bss) text data bss dec hex filename - 68 0 126 194 c2 libc/inet/gethostent.os - 79 0 460 539 21b libc/inet/gethostbyname2.os - 83 0 460 543 21f libc/inet/gethostbyaddr.os + 98 0 24 122 7a libc/inet/gethostent.os + 110 0 24 134 86 libc/inet/gethostbyname2.os + 113 0 24 137 89 libc/inet/gethostbyaddr.os ================================================================== +91 -974 Signed-off-by: Leonid Lisovskiy <lly.dev@gmail.com>
2016-01-02inet/getaddrinfo: simplest /etc/gai.conf to control IPv6/IPv4 addresses sort ↵Leonid Lisovskiy
order Implement simplest variant of /etc/gai.conf to control getaddrinfo IPv6/IPv4 addresses sorting. Keep the default sort order - IPv6 first, IPv4 second. To invert it, create /etc/gai.conf containing single line: precedence ::ffff:0:0/96 100 Example before: $ nslookup security.debian.org 8.8.8.8 Server: 8.8.8.8 Address 1: 8.8.8.8 google-public-dns-a.google.com Name: security.debian.org Address 1: 2001:a78:5:0:216:35ff:fe7f:be4f villa.debian.org Address 2: 2001:a78:5:1:216:35ff:fe7f:6ceb lobos.debian.org Address 3: 195.20.242.89 wieck.debian.org Address 4: 212.211.132.250 lobos.debian.org Address 5: 212.211.132.32 villa.debian.org After patch & precedence set in /etc/gai.conf: $ nslookup security.debian.org 8.8.8.8 Server: 8.8.8.8 Address 1: 8.8.8.8 google-public-dns-a.google.com Name: security.debian.org Address 1: 195.20.242.89 wieck.debian.org Address 2: 212.211.132.250 lobos.debian.org Address 3: 212.211.132.32 villa.debian.org Address 4: 2001:a78:5:0:216:35ff:fe7f:be4f villa.debian.org Address 5: 2001:a78:5:1:216:35ff:fe7f:6ceb lobos.debian.org bloat-o-meter report: function old new delta getaddrinfo 726 1138 +412 gaih_inet 2660 2692 +32 .rodata 16618 16643 +25 __gai_precedence - 1 +1 ------------------------------------------------------------------------------ (add/remove: 1/0 grow/shrink: 4/0 up/down: 882/0) Total: 470 bytes Signed-off-by: Leonid Lisovskiy <lly.dev@gmail.com>
2015-12-22resolv: fix gethostbyname2_r to match gethostbyname_r, fixing bugs with AAAA ↵Waldemar Brodkorb
lookups The latter half of gethostbyname2_r (doing AAAA queries) is rather dramatically different from the corresponding portion of gethostbyname_r (doing A queries). This leads to problems like calls to getaddrinfo only returning one IPv6 address, even when multiple exist. Seems to be entirely a case of divergent evolution -- a half-decade of fixes for the IPv4 code but no love for IPv6. Until now. ;) DNS behaviour for IPv6 is really no different than for IPv4 -- beyond the difference in address sizes, there's no need for the functions to be so different. Consequently, this patch really is almost just a cut-and-paste of gethostbyname_r, with the appropriate substitutions of in6_addr, AF_INET6, etc; while holding on to the few extra bits that actually belong in there (eg #ifdef __UCLIBC_HAS_IPV6__). Signed-off-by: Wes Campaigne <westacular@gmail.com>
2015-12-22inet/resolv: Fix broken h_aliases list terminator after 2dab3f5Waldemar Brodkorb
Commit 2dab3f5a "resolv: tiny shrinkage in /etc/hosts handling" leads to that read_etc_hosts_r() provide garbage pointer at the end of h_aliases list if more than four hostnames follow a dotted quad in /etc/hosts Test-case: Add following line to /etc/hosts 63.63.0.2 host1 alias2 alias3 alias4 alias5 #include <stdio.h> #include <errno.h> #include <netdb.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> int main (void) { int i; char *a; struct hostent *he; struct in_addr ipv4addr; inet_pton(AF_INET, "63.63.0.2", &ipv4addr); he = gethostbyaddr(&ipv4addr, sizeof ipv4addr, AF_INET); if (he == NULL) exit(1); printf("Host name: '%s'\n", he->h_name); i = 0; while ((a = he->h_aliases[i]) != NULL) { printf("Host alias: '%s'\n", a); ++i; } return 0; } Wrong output: Host name: 'host1' Host alias: 'alias2' Host alias: 'alias3' Host alias: 'alias4' Host alias: 'alias5' Host alias: '??' Signed-off-by: Leonid Lisovskiy <lly.dev@gmail.com> Signed-off-by: Waldemar Brodkorb <wbx@uclibc-ng.org>
2015-12-17resolv: __dns_lookup - immediately switch to next server in case of poll() ↵Waldemar Brodkorb
set error events https://bugs.busybox.net/show_bug.cgi?id=3211 Signed-off-by: Leonid Lisovskiy <lly.dev@gmail.com> Signed-off-by: Waldemar Brodkorb <wbx@uclibc-ng.org>
2015-12-17dynamically allocate ahostbuf bufferWaldemar Brodkorb
Free 1k of static data (.bss) Signed-off-by: Leonid Lisovskiy <lly.dev@gmail.com> Signed-off-by: Waldemar Brodkorb <wbx@uclibc-ng.org>
2015-12-17svc.c: svc_getreqset() buffer overflowWaldemar Brodkorb
http://bugs.busybox.net/show_bug.cgi?id=5588 Signed-off-by: Leonid Lisovskiy <lly.dev@gmail.com> Signed-off-by: Waldemar Brodkorb <wbx@uclibc-ng.org>
2015-12-05good bye vaxWaldemar Brodkorb
I mailed with Jan-Benedict Glaw, it seems VAX on Linux is really a lot of work todo and uClibc support didn't work ever.
2015-11-13i386: use socketcall even if newer linux exposes direct syscallsWaldemar Brodkorb
The changeset 9dea5dc921b5f4045a18c63eb92e84dc274d17eb in the Linux kernel expose the direct syscalls for sockets. For example udhcpc then will use sendto syscall directly and get an EINVAL error. Disable direct syscalls as it was done for SPARC in the past. Musl and GNU libc are not affected, as they already disable direct socket syscalls on i386. Reported-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
2015-04-13libc: Fix page-size in getifaddrs()Bernhard Reutner-Fischer
TODO: this could need a cleanup.. Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>