guix-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/01: gnu: glibc: Add fix for CVE-2015-7547.


From: Mark H. Weaver
Subject: 01/01: gnu: glibc: Add fix for CVE-2015-7547.
Date: Tue, 16 Feb 2016 17:29:57 +0000

mhw pushed a commit to branch security-updates
in repository guix.

commit 1d220ea8304ccdbc7b653ab0b81e3cec5420fcc6
Author: Mark H Weaver <address@hidden>
Date:   Tue Feb 16 12:13:08 2016 -0500

    gnu: glibc: Add fix for CVE-2015-7547.
    
    * gnu/packages/patches/glibc-CVE-2015-7547.patch: New file.
    * gnu-system.am (dist_patch_DATA): Add it.
    * gnu/packages/base.scm (glibc)[source]: Add patch.
---
 gnu-system.am                                  |    1 +
 gnu/packages/base.scm                          |    5 +-
 gnu/packages/patches/glibc-CVE-2015-7547.patch |  559 ++++++++++++++++++++++++
 3 files changed, 563 insertions(+), 2 deletions(-)

diff --git a/gnu-system.am b/gnu-system.am
index 6c6aa6b..432589e 100644
--- a/gnu-system.am
+++ b/gnu-system.am
@@ -490,6 +490,7 @@ dist_patch_DATA =                                           
\
   gnu/packages/patches/glib-tests-prlimit.patch                        \
   gnu/packages/patches/glib-tests-timer.patch                  \
   gnu/packages/patches/glib-tests-gapplication.patch           \
+  gnu/packages/patches/glibc-CVE-2015-7547.patch               \
   gnu/packages/patches/glibc-bootstrap-system.patch            \
   gnu/packages/patches/glibc-hurd-extern-inline.patch          \
   gnu/packages/patches/glibc-ldd-x86_64.patch                  \
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index f8ea80b..7cef8bf 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <address@hidden>
 ;;; Copyright © 2014 Andreas Enge <address@hidden>
 ;;; Copyright © 2012 Nikita Karetnikov <address@hidden>
-;;; Copyright © 2014, 2015 Mark H Weaver <address@hidden>
+;;; Copyright © 2014, 2015, 2016 Mark H Weaver <address@hidden>
 ;;; Copyright © 2014 Alex Kost <address@hidden>
 ;;; Copyright © 2014, 2015 Manolis Fragkiskos Ragkousis <address@hidden>
 ;;; Copyright © 2016 Efraim Flashner <address@hidden>
@@ -488,7 +488,8 @@ store.")
                           '("glibc-ldd-x86_64.patch"
                             "glibc-locale-incompatibility.patch"
                             "glibc-versioned-locpath.patch"
-                            "glibc-o-largefile.patch")))))
+                            "glibc-o-largefile.patch"
+                            "glibc-CVE-2015-7547.patch")))))
    (build-system gnu-build-system)
 
    ;; Glibc's <limits.h> refers to <linux/limit.h>, for instance, so glibc
diff --git a/gnu/packages/patches/glibc-CVE-2015-7547.patch 
b/gnu/packages/patches/glibc-CVE-2015-7547.patch
new file mode 100644
index 0000000..9a0909a
--- /dev/null
+++ b/gnu/packages/patches/glibc-CVE-2015-7547.patch
@@ -0,0 +1,559 @@
+Copied from Fedora:
+http://pkgs.fedoraproject.org/cgit/rpms/glibc.git/tree/glibc-CVE-2015-7547.patch?h=f23&id=9f1734eb6ce3257b788d6e9203572e8204c6c584
+
+Adapted to apply cleanly to glibc-2.22.
+
+Index: b/resolv/nss_dns/dns-host.c
+===================================================================
+--- a/resolv/nss_dns/dns-host.c
++++ b/resolv/nss_dns/dns-host.c
+@@ -1031,7 +1031,10 @@ gaih_getanswer_slice (const querybuf *an
+   int h_namelen = 0;
+ 
+   if (ancount == 0)
+-    return NSS_STATUS_NOTFOUND;
++    {
++      *h_errnop = HOST_NOT_FOUND;
++      return NSS_STATUS_NOTFOUND;
++    }
+ 
+   while (ancount-- > 0 && cp < end_of_message && had_error == 0)
+     {
+@@ -1208,7 +1211,14 @@ gaih_getanswer_slice (const querybuf *an
+   /* Special case here: if the resolver sent a result but it only
+      contains a CNAME while we are looking for a T_A or T_AAAA record,
+      we fail with NOTFOUND instead of TRYAGAIN.  */
+-  return canon == NULL ? NSS_STATUS_TRYAGAIN : NSS_STATUS_NOTFOUND;
++  if (canon != NULL)
++    {
++      *h_errnop = HOST_NOT_FOUND;
++      return NSS_STATUS_NOTFOUND;
++    }
++
++  *h_errnop = NETDB_INTERNAL;
++  return NSS_STATUS_TRYAGAIN;
+ }
+ 
+ 
+@@ -1222,11 +1232,101 @@ gaih_getanswer (const querybuf *answer1,
+ 
+   enum nss_status status = NSS_STATUS_NOTFOUND;
+ 
++  /* Combining the NSS status of two distinct queries requires some
++     compromise and attention to symmetry (A or AAAA queries can be
++     returned in any order).  What follows is a breakdown of how this
++     code is expected to work and why. We discuss only SUCCESS,
++     TRYAGAIN, NOTFOUND and UNAVAIL, since they are the only returns
++     that apply (though RETURN and MERGE exist).  We make a distinction
++     between TRYAGAIN (recoverable) and TRYAGAIN' (not-recoverable).
++     A recoverable TRYAGAIN is almost always due to buffer size issues
++     and returns ERANGE in errno and the caller is expected to retry
++     with a larger buffer.
++
++     Lastly, you may be tempted to make significant changes to the
++     conditions in this code to bring about symmetry between responses.
++     Please don't change anything without due consideration for
++     expected application behaviour.  Some of the synthesized responses
++     aren't very well thought out and sometimes appear to imply that
++     IPv4 responses are always answer 1, and IPv6 responses are always
++     answer 2, but that's not true (see the implemetnation of send_dg
++     and send_vc to see response can arrive in any order, particlarly
++     for UDP). However, we expect it holds roughly enough of the time
++     that this code works, but certainly needs to be fixed to make this
++     a more robust implementation.
++
++     ----------------------------------------------
++     | Answer 1 Status /   | Synthesized | Reason |
++     | Answer 2 Status     | Status      |        |
++     |--------------------------------------------|
++     | SUCCESS/SUCCESS     | SUCCESS     | [1]    |
++     | SUCCESS/TRYAGAIN    | TRYAGAIN    | [5]    |
++     | SUCCESS/TRYAGAIN'   | SUCCESS     | [1]    |
++     | SUCCESS/NOTFOUND    | SUCCESS     | [1]    |
++     | SUCCESS/UNAVAIL     | SUCCESS     | [1]    |
++     | TRYAGAIN/SUCCESS    | TRYAGAIN    | [2]    |
++     | TRYAGAIN/TRYAGAIN   | TRYAGAIN    | [2]    |
++     | TRYAGAIN/TRYAGAIN'  | TRYAGAIN    | [2]    |
++     | TRYAGAIN/NOTFOUND   | TRYAGAIN    | [2]    |
++     | TRYAGAIN/UNAVAIL    | TRYAGAIN    | [2]    |
++     | TRYAGAIN'/SUCCESS   | SUCCESS     | [3]    |
++     | TRYAGAIN'/TRYAGAIN  | TRYAGAIN    | [3]    |
++     | TRYAGAIN'/TRYAGAIN' | TRYAGAIN'   | [3]    |
++     | TRYAGAIN'/NOTFOUND  | TRYAGAIN'   | [3]    |
++     | TRYAGAIN'/UNAVAIL   | UNAVAIL     | [3]    |
++     | NOTFOUND/SUCCESS    | SUCCESS     | [3]    |
++     | NOTFOUND/TRYAGAIN   | TRYAGAIN    | [3]    |
++     | NOTFOUND/TRYAGAIN'  | TRYAGAIN'   | [3]    |
++     | NOTFOUND/NOTFOUND   | NOTFOUND    | [3]    |
++     | NOTFOUND/UNAVAIL    | UNAVAIL     | [3]    |
++     | UNAVAIL/SUCCESS     | UNAVAIL     | [4]    |
++     | UNAVAIL/TRYAGAIN    | UNAVAIL     | [4]    |
++     | UNAVAIL/TRYAGAIN'   | UNAVAIL     | [4]    |
++     | UNAVAIL/NOTFOUND    | UNAVAIL     | [4]    |
++     | UNAVAIL/UNAVAIL     | UNAVAIL     | [4]    |
++     ----------------------------------------------
++
++     [1] If the first response is a success we return success.
++         This ignores the state of the second answer and in fact
++         incorrectly sets errno and h_errno to that of the second
++       answer.  However because the response is a success we ignore
++       *errnop and *h_errnop (though that means you touched errno on
++         success).  We are being conservative here and returning the
++         likely IPv4 response in the first answer as a success.
++
++     [2] If the first response is a recoverable TRYAGAIN we return
++       that instead of looking at the second response.  The
++       expectation here is that we have failed to get an IPv4 response
++       and should retry both queries.
++
++     [3] If the first response was not a SUCCESS and the second
++       response is not NOTFOUND (had a SUCCESS, need to TRYAGAIN,
++       or failed entirely e.g. TRYAGAIN' and UNAVAIL) then use the
++       result from the second response, otherwise the first responses
++       status is used.  Again we have some odd side-effects when the
++       second response is NOTFOUND because we overwrite *errnop and
++       *h_errnop that means that a first answer of NOTFOUND might see
++       its *errnop and *h_errnop values altered.  Whether it matters
++       in practice that a first response NOTFOUND has the wrong
++       *errnop and *h_errnop is undecided.
++
++     [4] If the first response is UNAVAIL we return that instead of
++       looking at the second response.  The expectation here is that
++       it will have failed similarly e.g. configuration failure.
++
++     [5] Testing this code is complicated by the fact that truncated
++       second response buffers might be returned as SUCCESS if the
++       first answer is a SUCCESS.  To fix this we add symmetry to
++       TRYAGAIN with the second response.  If the second response
++       is a recoverable error we now return TRYAGIN even if the first
++       response was SUCCESS.  */
++
+   if (anslen1 > 0)
+     status = gaih_getanswer_slice(answer1, anslen1, qname,
+                                 &pat, &buffer, &buflen,
+                                 errnop, h_errnop, ttlp,
+                                 &first);
++
+   if ((status == NSS_STATUS_SUCCESS || status == NSS_STATUS_NOTFOUND
+        || (status == NSS_STATUS_TRYAGAIN
+          /* We want to look at the second answer in case of an
+@@ -1242,8 +1342,15 @@ gaih_getanswer (const querybuf *answer1,
+                                                    &pat, &buffer, &buflen,
+                                                    errnop, h_errnop, ttlp,
+                                                    &first);
++      /* Use the second response status in some cases.  */
+       if (status != NSS_STATUS_SUCCESS && status2 != NSS_STATUS_NOTFOUND)
+       status = status2;
++      /* Do not return a truncated second response (unless it was
++         unavoidable e.g. unrecoverable TRYAGAIN).  */
++      if (status == NSS_STATUS_SUCCESS
++        && (status2 == NSS_STATUS_TRYAGAIN
++            && *errnop == ERANGE && *h_errnop != NO_RECOVERY))
++      status = NSS_STATUS_TRYAGAIN;
+     }
+ 
+   return status;
+Index: b/resolv/res_query.c
+===================================================================
+--- a/resolv/res_query.c
++++ b/resolv/res_query.c
+@@ -396,6 +396,7 @@ __libc_res_nsearch(res_state statp,
+                 {
+                   free (*answerp2);
+                   *answerp2 = NULL;
++                  *nanswerp2 = 0;
+                   *answerp2_malloced = 0;
+                 }
+       }
+@@ -447,6 +448,7 @@ __libc_res_nsearch(res_state statp,
+                         {
+                           free (*answerp2);
+                           *answerp2 = NULL;
++                          *nanswerp2 = 0;
+                           *answerp2_malloced = 0;
+                         }
+ 
+@@ -521,6 +523,7 @@ __libc_res_nsearch(res_state statp,
+         {
+           free (*answerp2);
+           *answerp2 = NULL;
++          *nanswerp2 = 0;
+           *answerp2_malloced = 0;
+         }
+       if (saved_herrno != -1)
+Index: b/resolv/res_send.c
+===================================================================
+--- a/resolv/res_send.c
++++ b/resolv/res_send.c
+@@ -1,3 +1,20 @@
++/* Copyright (C) 2016 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   <http://www.gnu.org/licenses/>.  */
++
+ /*
+  * Copyright (c) 1985, 1989, 1993
+  *    The Regents of the University of California.  All rights reserved.
+@@ -361,6 +378,8 @@ __libc_res_nsend(res_state statp, const
+ #ifdef USE_HOOKS
+       if (__glibc_unlikely (statp->qhook || statp->rhook))       {
+               if (anssiz < MAXPACKET && ansp) {
++                      /* Always allocate MAXPACKET, callers expect
++                         this specific size.  */
+                       u_char *buf = malloc (MAXPACKET);
+                       if (buf == NULL)
+                               return (-1);
+@@ -660,6 +679,77 @@ libresolv_hidden_def (res_nsend)
+ 
+ /* Private */
+ 
++/* The send_vc function is responsible for sending a DNS query over TCP
++   to the nameserver numbered NS from the res_state STATP i.e.
++   EXT(statp).nssocks[ns].  The function supports sending both IPv4 and
++   IPv6 queries at the same serially on the same socket.
++
++   Please note that for TCP there is no way to disable sending both
++   queries, unlike UDP, which honours RES_SNGLKUP and RES_SNGLKUPREOP
++   and sends the queries serially and waits for the result after each
++   sent query.  This implemetnation should be corrected to honour these
++   options.
++
++   Please also note that for TCP we send both queries over the same
++   socket one after another.  This technically violates best practice
++   since the server is allowed to read the first query, respond, and
++   then close the socket (to service another client).  If the server
++   does this, then the remaining second query in the socket data buffer
++   will cause the server to send the client an RST which will arrive
++   asynchronously and the client's OS will likely tear down the socket
++   receive buffer resulting in a potentially short read and lost
++   response data.  This will force the client to retry the query again,
++   and this process may repeat until all servers and connection resets
++   are exhausted and then the query will fail.  It's not known if this
++   happens with any frequency in real DNS server implementations.  This
++   implementation should be corrected to use two sockets by default for
++   parallel queries.
++
++   The query stored in BUF of BUFLEN length is sent first followed by
++   the query stored in BUF2 of BUFLEN2 length.  Queries are sent
++   serially on the same socket.
++
++   Answers to the query are stored firstly in *ANSP up to a max of
++   *ANSSIZP bytes.  If more than *ANSSIZP bytes are needed and ANSCP
++   is non-NULL (to indicate that modifying the answer buffer is allowed)
++   then malloc is used to allocate a new response buffer and ANSCP and
++   ANSP will both point to the new buffer.  If more than *ANSSIZP bytes
++   are needed but ANSCP is NULL, then as much of the response as
++   possible is read into the buffer, but the results will be truncated.
++   When truncation happens because of a small answer buffer the DNS
++   packets header feild TC will bet set to 1, indicating a truncated
++   message and the rest of the socket data will be read and discarded.
++
++   Answers to the query are stored secondly in *ANSP2 up to a max of
++   *ANSSIZP2 bytes, with the actual response length stored in
++   *RESPLEN2.  If more than *ANSSIZP bytes are needed and ANSP2
++   is non-NULL (required for a second query) then malloc is used to
++   allocate a new response buffer, *ANSSIZP2 is set to the new buffer
++   size and *ANSP2_MALLOCED is set to 1.
++
++   The ANSP2_MALLOCED argument will eventually be removed as the
++   change in buffer pointer can be used to detect the buffer has
++   changed and that the caller should use free on the new buffer.
++
++   Note that the answers may arrive in any order from the server and
++   therefore the first and second answer buffers may not correspond to
++   the first and second queries.
++
++   It is not supported to call this function with a non-NULL ANSP2
++   but a NULL ANSCP.  Put another way, you can call send_vc with a
++   single unmodifiable buffer or two modifiable buffers, but no other
++   combination is supported.
++
++   It is the caller's responsibility to free the malloc allocated
++   buffers by detecting that the pointers have changed from their
++   original values i.e. *ANSCP or *ANSP2 has changed.
++
++   If errors are encountered then *TERRNO is set to an appropriate
++   errno value and a zero result is returned for a recoverable error,
++   and a less-than zero result is returned for a non-recoverable error.
++
++   If no errors are encountered then *TERRNO is left unmodified and
++   a the length of the first response in bytes is returned.  */
+ static int
+ send_vc(res_state statp,
+       const u_char *buf, int buflen, const u_char *buf2, int buflen2,
+@@ -669,11 +759,7 @@ send_vc(res_state statp,
+ {
+       const HEADER *hp = (HEADER *) buf;
+       const HEADER *hp2 = (HEADER *) buf2;
+-      u_char *ans = *ansp;
+-      int orig_anssizp = *anssizp;
+-      // XXX REMOVE
+-      // int anssiz = *anssizp;
+-      HEADER *anhp = (HEADER *) ans;
++      HEADER *anhp = (HEADER *) *ansp;
+       struct sockaddr *nsap = get_nsaddr (statp, ns);
+       int truncating, connreset, n;
+       /* On some architectures compiler might emit a warning indicating
+@@ -766,6 +852,8 @@ send_vc(res_state statp,
+        * Receive length & response
+        */
+       int recvresp1 = 0;
++      /* Skip the second response if there is no second query.
++           To do that we mark the second response as received.  */
+       int recvresp2 = buf2 == NULL;
+       uint16_t rlen16;
+  read_len:
+@@ -802,40 +890,14 @@ send_vc(res_state statp,
+       u_char **thisansp;
+       int *thisresplenp;
+       if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) {
++              /* We have not received any responses
++                 yet or we only have one response to
++                 receive.  */
+               thisanssizp = anssizp;
+               thisansp = anscp ?: ansp;
+               assert (anscp != NULL || ansp2 == NULL);
+               thisresplenp = &resplen;
+       } else {
+-              if (*anssizp != MAXPACKET) {
+-                      /* No buffer allocated for the first
+-                         reply.  We can try to use the rest
+-                         of the user-provided buffer.  */
+-#if __GNUC_PREREQ (4, 7)
+-                      DIAG_PUSH_NEEDS_COMMENT;
+-                      DIAG_IGNORE_NEEDS_COMMENT (5, "-Wmaybe-uninitialized");
+-#endif
+-#if _STRING_ARCH_unaligned
+-                      *anssizp2 = orig_anssizp - resplen;
+-                      *ansp2 = *ansp + resplen;
+-#else
+-                      int aligned_resplen
+-                        = ((resplen + __alignof__ (HEADER) - 1)
+-                           & ~(__alignof__ (HEADER) - 1));
+-                      *anssizp2 = orig_anssizp - aligned_resplen;
+-                      *ansp2 = *ansp + aligned_resplen;
+-#endif
+-#if __GNUC_PREREQ (4, 7)
+-                      DIAG_POP_NEEDS_COMMENT;
+-#endif
+-              } else {
+-                      /* The first reply did not fit into the
+-                         user-provided buffer.  Maybe the second
+-                         answer will.  */
+-                      *anssizp2 = orig_anssizp;
+-                      *ansp2 = *ansp;
+-              }
+-
+               thisanssizp = anssizp2;
+               thisansp = ansp2;
+               thisresplenp = resplen2;
+@@ -843,10 +905,14 @@ send_vc(res_state statp,
+       anhp = (HEADER *) *thisansp;
+ 
+       *thisresplenp = rlen;
+-      if (rlen > *thisanssizp) {
+-              /* Yes, we test ANSCP here.  If we have two buffers
+-                 both will be allocatable.  */
+-              if (__glibc_likely (anscp != NULL))       {
++      /* Is the answer buffer too small?  */
++      if (*thisanssizp < rlen) {
++              /* If the current buffer is non-NULL and it's not
++                 pointing at the static user-supplied buffer then
++                 we can reallocate it.  */
++              if (thisansp != NULL && thisansp != ansp) {
++                      /* Always allocate MAXPACKET, callers expect
++                         this specific size.  */
+                       u_char *newp = malloc (MAXPACKET);
+                       if (newp == NULL) {
+                               *terrno = ENOMEM;
+@@ -858,6 +924,9 @@ send_vc(res_state statp,
+                       if (thisansp == ansp2)
+                         *ansp2_malloced = 1;
+                       anhp = (HEADER *) newp;
++                      /* A uint16_t can't be larger than MAXPACKET
++                         thus it's safe to allocate MAXPACKET but
++                         read RLEN bytes instead.  */
+                       len = rlen;
+               } else {
+                       Dprint(statp->options & RES_DEBUG,
+@@ -1021,6 +1090,66 @@ reopen (res_state statp, int *terrno, in
+       return 1;
+ }
+ 
++/* The send_dg function is responsible for sending a DNS query over UDP
++   to the nameserver numbered NS from the res_state STATP i.e.
++   EXT(statp).nssocks[ns].  The function supports IPv4 and IPv6 queries
++   along with the ability to send the query in parallel for both stacks
++   (default) or serially (RES_SINGLKUP).  It also supports serial lookup
++   with a close and reopen of the socket used to talk to the server
++   (RES_SNGLKUPREOP) to work around broken name servers.
++
++   The query stored in BUF of BUFLEN length is sent first followed by
++   the query stored in BUF2 of BUFLEN2 length.  Queries are sent
++   in parallel (default) or serially (RES_SINGLKUP or RES_SNGLKUPREOP).
++
++   Answers to the query are stored firstly in *ANSP up to a max of
++   *ANSSIZP bytes.  If more than *ANSSIZP bytes are needed and ANSCP
++   is non-NULL (to indicate that modifying the answer buffer is allowed)
++   then malloc is used to allocate a new response buffer and ANSCP and
++   ANSP will both point to the new buffer.  If more than *ANSSIZP bytes
++   are needed but ANSCP is NULL, then as much of the response as
++   possible is read into the buffer, but the results will be truncated.
++   When truncation happens because of a small answer buffer the DNS
++   packets header feild TC will bet set to 1, indicating a truncated
++   message, while the rest of the UDP packet is discarded.
++
++   Answers to the query are stored secondly in *ANSP2 up to a max of
++   *ANSSIZP2 bytes, with the actual response length stored in
++   *RESPLEN2.  If more than *ANSSIZP bytes are needed and ANSP2
++   is non-NULL (required for a second query) then malloc is used to
++   allocate a new response buffer, *ANSSIZP2 is set to the new buffer
++   size and *ANSP2_MALLOCED is set to 1.
++
++   The ANSP2_MALLOCED argument will eventually be removed as the
++   change in buffer pointer can be used to detect the buffer has
++   changed and that the caller should use free on the new buffer.
++
++   Note that the answers may arrive in any order from the server and
++   therefore the first and second answer buffers may not correspond to
++   the first and second queries.
++
++   It is not supported to call this function with a non-NULL ANSP2
++   but a NULL ANSCP.  Put another way, you can call send_vc with a
++   single unmodifiable buffer or two modifiable buffers, but no other
++   combination is supported.
++
++   It is the caller's responsibility to free the malloc allocated
++   buffers by detecting that the pointers have changed from their
++   original values i.e. *ANSCP or *ANSP2 has changed.
++
++   If an answer is truncated because of UDP datagram DNS limits then
++   *V_CIRCUIT is set to 1 and the return value non-zero to indicate to
++   the caller to retry with TCP.  The value *GOTSOMEWHERE is set to 1
++   if any progress was made reading a response from the nameserver and
++   is used by the caller to distinguish between ECONNREFUSED and
++   ETIMEDOUT (the latter if *GOTSOMEWHERE is 1).
++
++   If errors are encountered then *TERRNO is set to an appropriate
++   errno value and a zero result is returned for a recoverable error,
++   and a less-than zero result is returned for a non-recoverable error.
++
++   If no errors are encountered then *TERRNO is left unmodified and
++   a the length of the first response in bytes is returned.  */
+ static int
+ send_dg(res_state statp,
+       const u_char *buf, int buflen, const u_char *buf2, int buflen2,
+@@ -1030,8 +1159,6 @@ send_dg(res_state statp,
+ {
+       const HEADER *hp = (HEADER *) buf;
+       const HEADER *hp2 = (HEADER *) buf2;
+-      u_char *ans = *ansp;
+-      int orig_anssizp = *anssizp;
+       struct timespec now, timeout, finish;
+       struct pollfd pfd[1];
+       int ptimeout;
+@@ -1064,6 +1191,8 @@ send_dg(res_state statp,
+       int need_recompute = 0;
+       int nwritten = 0;
+       int recvresp1 = 0;
++      /* Skip the second response if there is no second query.
++           To do that we mark the second response as received.  */
+       int recvresp2 = buf2 == NULL;
+       pfd[0].fd = EXT(statp).nssocks[ns];
+       pfd[0].events = POLLOUT;
+@@ -1227,55 +1356,56 @@ send_dg(res_state statp,
+               int *thisresplenp;
+ 
+               if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) {
++                      /* We have not received any responses
++                         yet or we only have one response to
++                         receive.  */
+                       thisanssizp = anssizp;
+                       thisansp = anscp ?: ansp;
+                       assert (anscp != NULL || ansp2 == NULL);
+                       thisresplenp = &resplen;
+               } else {
+-                      if (*anssizp != MAXPACKET) {
+-                              /* No buffer allocated for the first
+-                                 reply.  We can try to use the rest
+-                                 of the user-provided buffer.  */
+-#if _STRING_ARCH_unaligned
+-                              *anssizp2 = orig_anssizp - resplen;
+-                              *ansp2 = *ansp + resplen;
+-#else
+-                              int aligned_resplen
+-                                = ((resplen + __alignof__ (HEADER) - 1)
+-                                   & ~(__alignof__ (HEADER) - 1));
+-                              *anssizp2 = orig_anssizp - aligned_resplen;
+-                              *ansp2 = *ansp + aligned_resplen;
+-#endif
+-                      } else {
+-                              /* The first reply did not fit into the
+-                                 user-provided buffer.  Maybe the second
+-                                 answer will.  */
+-                              *anssizp2 = orig_anssizp;
+-                              *ansp2 = *ansp;
+-                      }
+-
+                       thisanssizp = anssizp2;
+                       thisansp = ansp2;
+                       thisresplenp = resplen2;
+               }
+ 
+               if (*thisanssizp < MAXPACKET
+-                  /* Yes, we test ANSCP here.  If we have two buffers
+-                     both will be allocatable.  */
+-                  && anscp
++                  /* If the current buffer is non-NULL and it's not
++                     pointing at the static user-supplied buffer then
++                     we can reallocate it.  */
++                  && (thisansp != NULL && thisansp != ansp)
+ #ifdef FIONREAD
++                  /* Is the size too small?  */
+                   && (ioctl (pfd[0].fd, FIONREAD, thisresplenp) < 0
+                       || *thisanssizp < *thisresplenp)
+ #endif
+                     ) {
++                      /* Always allocate MAXPACKET, callers expect
++                         this specific size.  */
+                       u_char *newp = malloc (MAXPACKET);
+                       if (newp != NULL) {
+-                              *anssizp = MAXPACKET;
+-                              *thisansp = ans = newp;
++                              *thisanssizp = MAXPACKET;
++                              *thisansp = newp;
+                               if (thisansp == ansp2)
+                                 *ansp2_malloced = 1;
+                       }
+               }
++              /* We could end up with truncation if anscp was NULL
++                 (not allowed to change caller's buffer) and the
++                 response buffer size is too small.  This isn't a
++                 reliable way to detect truncation because the ioctl
++                 may be an inaccurate report of the UDP message size.
++                 Therefore we use this only to issue debug output.
++                 To do truncation accurately with UDP we need
++                 MSG_TRUNC which is only available on Linux.  We
++                 can abstract out the Linux-specific feature in the
++                 future to detect truncation.  */
++              if (__glibc_unlikely (*thisanssizp < *thisresplenp)) {
++                      Dprint(statp->options & RES_DEBUG,
++                             (stdout, ";; response may be truncated (UDP)\n")
++                      );
++              }
++
+               HEADER *anhp = (HEADER *) *thisansp;
+               socklen_t fromlen = sizeof(struct sockaddr_in6);
+               assert (sizeof(from) <= fromlen);



reply via email to

[Prev in Thread] Current Thread [Next in Thread]