aboutsummaryrefslogtreecommitdiff
path: root/contrib/unbound/iterator/iter_scrub.c
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/unbound/iterator/iter_scrub.c')
-rw-r--r--contrib/unbound/iterator/iter_scrub.c75
1 files changed, 39 insertions, 36 deletions
diff --git a/contrib/unbound/iterator/iter_scrub.c b/contrib/unbound/iterator/iter_scrub.c
index 6147c96a9e37..b2248bc0cbc5 100644
--- a/contrib/unbound/iterator/iter_scrub.c
+++ b/contrib/unbound/iterator/iter_scrub.c
@@ -21,16 +21,16 @@
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
@@ -53,16 +53,17 @@
#include "util/data/dname.h"
#include "util/data/msgreply.h"
#include "util/alloc.h"
+#include "ldns/sbuffer.h"
/** RRset flag used during scrubbing. The RRset is OK. */
#define RRSET_SCRUB_OK 0x80
/** remove rrset, update loop variables */
static void
-remove_rrset(const char* str, ldns_buffer* pkt, struct msg_parse* msg,
+remove_rrset(const char* str, sldns_buffer* pkt, struct msg_parse* msg,
struct rrset_parse* prev, struct rrset_parse** rrset)
{
- if(verbosity >= VERB_QUERY
+ if(verbosity >= VERB_QUERY && str
&& (*rrset)->dname_len <= LDNS_MAX_DOMAINLEN) {
uint8_t buf[LDNS_MAX_DOMAINLEN+1];
dname_pkt_copy(pkt, buf, (*rrset)->dname);
@@ -108,7 +109,7 @@ has_additional(uint16_t t)
/** get additional name from rrset RR, return false if no name present */
static int
get_additional_name(struct rrset_parse* rrset, struct rr_parse* rr,
- uint8_t** nm, size_t* nmlen, ldns_buffer* pkt)
+ uint8_t** nm, size_t* nmlen, sldns_buffer* pkt)
{
size_t offset = 0;
size_t len, oldpos;
@@ -132,14 +133,14 @@ get_additional_name(struct rrset_parse* rrset, struct rr_parse* rr,
default:
return 0;
}
- len = ldns_read_uint16(rr->ttl_data+sizeof(uint32_t));
+ len = sldns_read_uint16(rr->ttl_data+sizeof(uint32_t));
if(len < offset+1)
return 0; /* rdata field too small */
*nm = rr->ttl_data+sizeof(uint32_t)+sizeof(uint16_t)+offset;
- oldpos = ldns_buffer_position(pkt);
- ldns_buffer_set_position(pkt, (size_t)(*nm - ldns_buffer_begin(pkt)));
+ oldpos = sldns_buffer_position(pkt);
+ sldns_buffer_set_position(pkt, (size_t)(*nm - sldns_buffer_begin(pkt)));
*nmlen = pkt_dname_len(pkt);
- ldns_buffer_set_position(pkt, oldpos);
+ sldns_buffer_set_position(pkt, oldpos);
if(*nmlen == 0)
return 0;
return 1;
@@ -147,7 +148,7 @@ get_additional_name(struct rrset_parse* rrset, struct rr_parse* rr,
/** Place mark on rrsets in additional section they are OK */
static void
-mark_additional_rrset(ldns_buffer* pkt, struct msg_parse* msg,
+mark_additional_rrset(sldns_buffer* pkt, struct msg_parse* msg,
struct rrset_parse* rrset)
{
/* Mark A and AAAA for NS as appropriate additional section info. */
@@ -209,7 +210,7 @@ parse_get_cname_target(struct rrset_parse* rrset, uint8_t** sname,
/** Synthesize CNAME from DNAME, false if too long */
static int
synth_cname(uint8_t* qname, size_t qnamelen, struct rrset_parse* dname_rrset,
- uint8_t* alias, size_t* aliaslen, ldns_buffer* pkt)
+ uint8_t* alias, size_t* aliaslen, sldns_buffer* pkt)
{
/* we already know that sname is a strict subdomain of DNAME owner */
uint8_t* dtarg = NULL;
@@ -233,7 +234,7 @@ static struct rrset_parse*
synth_cname_rrset(uint8_t** sname, size_t* snamelen, uint8_t* alias,
size_t aliaslen, struct regional* region, struct msg_parse* msg,
struct rrset_parse* rrset, struct rrset_parse* prev,
- struct rrset_parse* nx, ldns_buffer* pkt)
+ struct rrset_parse* nx, sldns_buffer* pkt)
{
struct rrset_parse* cn = (struct rrset_parse*)regional_alloc(region,
sizeof(struct rrset_parse));
@@ -264,8 +265,8 @@ synth_cname_rrset(uint8_t** sname, size_t* snamelen, uint8_t* alias,
sizeof(uint32_t)+sizeof(uint16_t)+aliaslen);
if(!cn->rr_first->ttl_data)
return NULL;
- ldns_write_uint32(cn->rr_first->ttl_data, 0); /* TTL = 0 */
- ldns_write_uint16(cn->rr_first->ttl_data+4, aliaslen);
+ sldns_write_uint32(cn->rr_first->ttl_data, 0); /* TTL = 0 */
+ sldns_write_uint16(cn->rr_first->ttl_data+4, aliaslen);
memmove(cn->rr_first->ttl_data+6, alias, aliaslen);
cn->rr_first->size = sizeof(uint16_t)+aliaslen;
@@ -287,7 +288,7 @@ synth_cname_rrset(uint8_t** sname, size_t* snamelen, uint8_t* alias,
/** check if DNAME applies to a name */
static int
-pkt_strict_sub(ldns_buffer* pkt, uint8_t* sname, uint8_t* dr)
+pkt_strict_sub(sldns_buffer* pkt, uint8_t* sname, uint8_t* dr)
{
uint8_t buf1[LDNS_MAX_DOMAINLEN+1];
uint8_t buf2[LDNS_MAX_DOMAINLEN+1];
@@ -299,7 +300,7 @@ pkt_strict_sub(ldns_buffer* pkt, uint8_t* sname, uint8_t* dr)
/** check subdomain with decompression */
static int
-pkt_sub(ldns_buffer* pkt, uint8_t* comprname, uint8_t* zone)
+pkt_sub(sldns_buffer* pkt, uint8_t* comprname, uint8_t* zone)
{
uint8_t buf[LDNS_MAX_DOMAINLEN+1];
dname_pkt_copy(pkt, buf, comprname);
@@ -308,7 +309,7 @@ pkt_sub(ldns_buffer* pkt, uint8_t* comprname, uint8_t* zone)
/** check subdomain with decompression, compressed is parent */
static int
-sub_of_pkt(ldns_buffer* pkt, uint8_t* zone, uint8_t* comprname)
+sub_of_pkt(sldns_buffer* pkt, uint8_t* zone, uint8_t* comprname)
{
uint8_t buf[LDNS_MAX_DOMAINLEN+1];
dname_pkt_copy(pkt, buf, comprname);
@@ -327,7 +328,7 @@ sub_of_pkt(ldns_buffer* pkt, uint8_t* zone, uint8_t* comprname)
* @return 0 on error.
*/
static int
-scrub_normalize(ldns_buffer* pkt, struct msg_parse* msg,
+scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg,
struct query_info* qinfo, struct regional* region)
{
uint8_t* sname = qinfo->qname;
@@ -514,13 +515,13 @@ scrub_normalize(ldns_buffer* pkt, struct msg_parse* msg,
* @param rrset: to store.
*/
static void
-store_rrset(ldns_buffer* pkt, struct msg_parse* msg, struct module_env* env,
+store_rrset(sldns_buffer* pkt, struct msg_parse* msg, struct module_env* env,
struct rrset_parse* rrset)
{
struct ub_packed_rrset_key* k;
struct packed_rrset_data* d;
struct rrset_ref ref;
- uint32_t now = *env->now;
+ time_t now = *env->now;
k = alloc_special_obtain(env->alloc);
if(!k)
@@ -565,7 +566,7 @@ static int sanitize_nsec_is_overreach(struct rrset_parse* rrset,
log_assert(rrset->type == LDNS_RR_TYPE_NSEC);
for(rr = rrset->rr_first; rr; rr = rr->next) {
rhs = rr->ttl_data+4+2;
- len = ldns_read_uint16(rr->ttl_data+4);
+ len = sldns_read_uint16(rr->ttl_data+4);
if(!dname_valid(rhs, len)) {
/* malformed domain name in rdata */
return 1;
@@ -594,7 +595,7 @@ static int sanitize_nsec_is_overreach(struct rrset_parse* rrset,
* @return 0 on error.
*/
static int
-scrub_sanitize(ldns_buffer* pkt, struct msg_parse* msg,
+scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg,
struct query_info* qinfo, uint8_t* zonename, struct module_env* env,
struct iter_env* ie)
{
@@ -646,14 +647,16 @@ scrub_sanitize(ldns_buffer* pkt, struct msg_parse* msg,
/* remove private addresses */
if( (rrset->type == LDNS_RR_TYPE_A ||
- rrset->type == LDNS_RR_TYPE_AAAA) &&
- priv_rrset_bad(ie->priv, pkt, rrset)) {
+ rrset->type == LDNS_RR_TYPE_AAAA)) {
/* do not set servfail since this leads to too
* many drops of other people using rfc1918 space */
- remove_rrset("sanitize: removing public name with "
- "private address", pkt, msg, prev, &rrset);
- continue;
+ /* also do not remove entire rrset, unless all records
+ * in it are bad */
+ if(priv_rrset_bad(ie->priv, pkt, rrset)) {
+ remove_rrset(NULL, pkt, msg, prev, &rrset);
+ continue;
+ }
}
/* skip DNAME records -- they will always be followed by a
@@ -711,7 +714,7 @@ scrub_sanitize(ldns_buffer* pkt, struct msg_parse* msg,
}
int
-scrub_message(ldns_buffer* pkt, struct msg_parse* msg,
+scrub_message(sldns_buffer* pkt, struct msg_parse* msg,
struct query_info* qinfo, uint8_t* zonename, struct regional* region,
struct module_env* env, struct iter_env* ie)
{
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-05 14:42:34 +0000