From patchwork Tue Mar 12 08:04:09 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Weimer X-Patchwork-Id: 1055121 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=sourceware.org (client-ip=209.132.180.131; helo=sourceware.org; envelope-from=libc-alpha-return-100579-incoming=patchwork.ozlabs.org@sourceware.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.b="Sjqr88Pz"; dkim-atps=neutral Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44JSDP4LFhz9s47 for ; Tue, 12 Mar 2019 19:04:20 +1100 (AEDT) DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:to:subject:mime-version:content-type :content-transfer-encoding:message-id:from; q=dns; s=default; b= mdum+5pxIIKMk2uQgtmCA8AdPyohYVgX3ZqCC5wbVWAe8HQj+WT2LGy5/Tsz4IPK g4ugpxkmCmedGGLO4SN684/rJCkw06NMFynLYSsN1ejnQlJUzbp4xNX+SCnqWhSV w5nmNHlKw6TZqjDT8FDvH8rHygzPASsaNhyjX6FriaI= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:to:subject:mime-version:content-type :content-transfer-encoding:message-id:from; s=default; bh=HKRhSe HUOy1Mw+BU7CutF6Hwj84=; b=Sjqr88PzSJ2g1w82a9OhsULISTks4Q5g5tTE1S Q403/JN6/mU+XLFnEeAjp9G5SQwYl/+i8gGShAugw8QV7tMqxDuCRk9kXOK9/qkA 33PO2fMDem530pHrz7NxJlzB9hPjQRUctdg7f0q7oWdCYaZWOmhQdyqLrdrprQfm yPnes= Received: (qmail 6243 invoked by alias); 12 Mar 2019 08:04:14 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 6229 invoked by uid 89); 12 Mar 2019 08:04:14 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-18.7 required=5.0 tests=AWL, BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, KAM_NUMSUBJECT, SPF_HELO_PASS autolearn=ham version=3.3.1 spammy=HX-Languages-Length:3235 X-HELO: mx1.redhat.com Date: Tue, 12 Mar 2019 09:04:09 +0100 To: libc-alpha@sourceware.org Subject: [PATCH] resolv: Remove RES_INSECURE1, RES_INSECURE1 User-Agent: Heirloom mailx 12.5 7/5/10 MIME-Version: 1.0 Message-Id: <20190312080409.3E42D890D643@oldenburg2.str.redhat.com> From: Florian Weimer Always perform the associated security checks. 2019-03-12 Florian Weimer * resolv/resolv.h (RES_INSECURE1, RES_INSECURE1): Remove definitions. * resolv/res_send.c (send_dg): Always perform RES_INSECURE1 and RES_INSECURE2 security checks. * resolv/res_debug.c (p_option): Remove RES_INSECURE1 and RES_INSECURE2 handling. diff --git a/NEWS b/NEWS index 0a3b6c7a5a..4111893705 100644 --- a/NEWS +++ b/NEWS @@ -22,6 +22,9 @@ Deprecated and removed features, and other changes affecting compatibility: definitions in libc will be used automatically, which have been available since glibc 2.17. +* The obsolete RES_INSECURE1 and RES_INSECURE2 option flags for the DNS stub + resolver have been removed from . + Changes to build and runtime requirements: * GCC 6.2 or later is required to build the GNU C Library. diff --git a/resolv/res_debug.c b/resolv/res_debug.c index 7681ad4639..f797a33872 100644 --- a/resolv/res_debug.c +++ b/resolv/res_debug.c @@ -604,8 +604,6 @@ p_option(u_long option) { case RES_DEFNAMES: return "defnam"; case RES_STAYOPEN: return "styopn"; case RES_DNSRCH: return "dnsrch"; - case RES_INSECURE1: return "insecure1"; - case RES_INSECURE2: return "insecure2"; case RES_NOALIASES: return "noaliases"; case DEPRECATED_RES_USE_INET6: return "inet6"; case RES_ROTATE: return "rotate"; diff --git a/resolv/res_send.c b/resolv/res_send.c index fa040c1198..59fbe27c26 100644 --- a/resolv/res_send.c +++ b/resolv/res_send.c @@ -1312,31 +1312,25 @@ send_dg(res_state statp, */ goto wait; } - if (!(statp->options & RES_INSECURE1) && - !res_ourserver_p(statp, &from)) { - /* - * response from wrong server? ignore it. - * XXX - potential security hazard could - * be detected here. - */ - goto wait; - } - if (!(statp->options & RES_INSECURE2) - && (recvresp1 || !res_queriesmatch(buf, buf + buflen, + + /* Paranoia check. Due to the connected UDP socket, + the kernel has already filtered invalid addresses + for us. */ + if (!res_ourserver_p(statp, &from)) + goto wait; + + /* Check for the correct header layout and a matching + question. */ + if ((recvresp1 || !res_queriesmatch(buf, buf + buflen, *thisansp, *thisansp + *thisanssizp)) && (recvresp2 || !res_queriesmatch(buf2, buf2 + buflen2, *thisansp, *thisansp - + *thisanssizp))) { - /* - * response contains wrong query? ignore it. - * XXX - potential security hazard could - * be detected here. - */ - goto wait; - } + + *thisanssizp))) + goto wait; + if (anhp->rcode == SERVFAIL || anhp->rcode == NOTIMP || anhp->rcode == REFUSED) { diff --git a/resolv/resolv.h b/resolv/resolv.h index 80a523e5e4..2625c786e9 100644 --- a/resolv/resolv.h +++ b/resolv/resolv.h @@ -115,8 +115,6 @@ struct res_sym { #define RES_DEFNAMES 0x00000080 /* use default domain name */ #define RES_STAYOPEN 0x00000100 /* Keep TCP socket open */ #define RES_DNSRCH 0x00000200 /* search up local domain tree */ -#define RES_INSECURE1 0x00000400 /* type 1 security disabled */ -#define RES_INSECURE2 0x00000800 /* type 2 security disabled */ #define RES_NOALIASES 0x00001000 /* shuts off HOSTALIASES feature */ #define RES_USE_INET6 \ __glibc_macro_warning ("RES_USE_INET6 is deprecated") 0x00002000