From patchwork Tue Mar 12 08:04:09 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Weimer X-Patchwork-Id: 31819 Received: (qmail 6243 invoked by alias); 12 Mar 2019 08:04:14 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 6229 invoked by uid 89); 12 Mar 2019 08:04:14 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-18.7 required=5.0 tests=AWL, BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, KAM_NUMSUBJECT, SPF_HELO_PASS autolearn=ham version=3.3.1 spammy=HX-Languages-Length:3235 X-HELO: mx1.redhat.com Date: Tue, 12 Mar 2019 09:04:09 +0100 To: libc-alpha@sourceware.org Subject: [PATCH] resolv: Remove RES_INSECURE1, RES_INSECURE1 User-Agent: Heirloom mailx 12.5 7/5/10 MIME-Version: 1.0 Message-Id: <20190312080409.3E42D890D643@oldenburg2.str.redhat.com> From: Florian Weimer Always perform the associated security checks. 2019-03-12 Florian Weimer * resolv/resolv.h (RES_INSECURE1, RES_INSECURE1): Remove definitions. * resolv/res_send.c (send_dg): Always perform RES_INSECURE1 and RES_INSECURE2 security checks. * resolv/res_debug.c (p_option): Remove RES_INSECURE1 and RES_INSECURE2 handling. diff --git a/NEWS b/NEWS index 0a3b6c7a5a..4111893705 100644 --- a/NEWS +++ b/NEWS @@ -22,6 +22,9 @@ Deprecated and removed features, and other changes affecting compatibility: definitions in libc will be used automatically, which have been available since glibc 2.17. +* The obsolete RES_INSECURE1 and RES_INSECURE2 option flags for the DNS stub + resolver have been removed from . + Changes to build and runtime requirements: * GCC 6.2 or later is required to build the GNU C Library. diff --git a/resolv/res_debug.c b/resolv/res_debug.c index 7681ad4639..f797a33872 100644 --- a/resolv/res_debug.c +++ b/resolv/res_debug.c @@ -604,8 +604,6 @@ p_option(u_long option) { case RES_DEFNAMES: return "defnam"; case RES_STAYOPEN: return "styopn"; case RES_DNSRCH: return "dnsrch"; - case RES_INSECURE1: return "insecure1"; - case RES_INSECURE2: return "insecure2"; case RES_NOALIASES: return "noaliases"; case DEPRECATED_RES_USE_INET6: return "inet6"; case RES_ROTATE: return "rotate"; diff --git a/resolv/res_send.c b/resolv/res_send.c index fa040c1198..59fbe27c26 100644 --- a/resolv/res_send.c +++ b/resolv/res_send.c @@ -1312,31 +1312,25 @@ send_dg(res_state statp, */ goto wait; } - if (!(statp->options & RES_INSECURE1) && - !res_ourserver_p(statp, &from)) { - /* - * response from wrong server? ignore it. - * XXX - potential security hazard could - * be detected here. - */ - goto wait; - } - if (!(statp->options & RES_INSECURE2) - && (recvresp1 || !res_queriesmatch(buf, buf + buflen, + + /* Paranoia check. Due to the connected UDP socket, + the kernel has already filtered invalid addresses + for us. */ + if (!res_ourserver_p(statp, &from)) + goto wait; + + /* Check for the correct header layout and a matching + question. */ + if ((recvresp1 || !res_queriesmatch(buf, buf + buflen, *thisansp, *thisansp + *thisanssizp)) && (recvresp2 || !res_queriesmatch(buf2, buf2 + buflen2, *thisansp, *thisansp - + *thisanssizp))) { - /* - * response contains wrong query? ignore it. - * XXX - potential security hazard could - * be detected here. - */ - goto wait; - } + + *thisanssizp))) + goto wait; + if (anhp->rcode == SERVFAIL || anhp->rcode == NOTIMP || anhp->rcode == REFUSED) { diff --git a/resolv/resolv.h b/resolv/resolv.h index 80a523e5e4..2625c786e9 100644 --- a/resolv/resolv.h +++ b/resolv/resolv.h @@ -115,8 +115,6 @@ struct res_sym { #define RES_DEFNAMES 0x00000080 /* use default domain name */ #define RES_STAYOPEN 0x00000100 /* Keep TCP socket open */ #define RES_DNSRCH 0x00000200 /* search up local domain tree */ -#define RES_INSECURE1 0x00000400 /* type 1 security disabled */ -#define RES_INSECURE2 0x00000800 /* type 2 security disabled */ #define RES_NOALIASES 0x00001000 /* shuts off HOSTALIASES feature */ #define RES_USE_INET6 \ __glibc_macro_warning ("RES_USE_INET6 is deprecated") 0x00002000