e43852d149
* Thu Oct 13 2022 Arjun Shankar <arjun@redhat.com> - 2.34-48 - Handle non-hostname CNAME aliases during name resolution (#2129005) - Sync with upstream branch release/2.34/master, commit e3976287b22422787f3cc6fc9adda58304b55bd9: - nscd: Drop local address tuple variable [BZ #29607] - x86-64: Require BMI1/BMI2 for AVX2 strrchr and wcsrchr implementations - x86-64: Require BMI2 and LZCNT for AVX2 memrchr implementation - x86-64: Require BMI2 for AVX2 (raw|w)memchr implementations - x86-64: Require BMI2 for AVX2 wcs(n)cmp implementations - x86-64: Require BMI2 for AVX2 strncmp implementation - x86-64: Require BMI2 for AVX2 strcmp implementation - x86-64: Require BMI2 for AVX2 str(n)casecmp implementations - x86: include BMI1 and BMI2 in x86-64-v3 level - nptl: Add backoff mechanism to spinlock loop - sysdeps: Add 'get_fast_jitter' interace in fast-jitter.h - nptl: Effectively skip CAS in spinlock loop - Move assignment out of the CAS condition - Add LLL_MUTEX_READ_LOCK [BZ #28537] - Avoid extra load with CAS in __pthread_mutex_clocklock_common [BZ #28537] - Avoid extra load with CAS in __pthread_mutex_lock_full [BZ #28537] - resolv: Fix building tst-resolv-invalid-cname for earlier C standards - nss_dns: Rewrite _nss_dns_gethostbyname4_r using current interfaces - resolv: Add new tst-resolv-invalid-cname - nss_dns: In gaih_getanswer_slice, skip strange aliases (bug 12154) (#2129005) - nss_dns: Rewrite getanswer_r to match getanswer_ptr (bug 12154, bug 29305) - nss_dns: Remove remnants of IPv6 address mapping - nss_dns: Rewrite _nss_dns_gethostbyaddr2_r and getanswer_ptr - nss_dns: Split getanswer_ptr from getanswer_r - resolv: Add DNS packet parsing helpers geared towards wire format - resolv: Add internal __ns_name_length_uncompressed function - resolv: Add the __ns_samebinaryname function - resolv: Add internal __res_binary_hnok function - resolv: Add tst-resolv-aliases - resolv: Add tst-resolv-byaddr for testing reverse lookup - gconv: Use 64-bit interfaces in gconv_parseconfdir (bug 29583) - elf: Fix hwcaps string size overestimation - nscd: Fix netlink cache invalidation if epoll is used [BZ #29415] - Apply asm redirections in wchar.h before first use - Apply asm redirections in stdio.h before first use [BZ #27087] - elf: Call __libc_early_init for reused namespaces (bug 29528) Resolves: #2129005 Resolves: #2116960
290 lines
8.9 KiB
Diff
290 lines
8.9 KiB
Diff
commit 6a833d798e87536587cd4cc14fe8d078f80b14a0
|
|
Author: Florian Weimer <fweimer@redhat.com>
|
|
Date: Tue Aug 30 10:02:49 2022 +0200
|
|
|
|
resolv: Add tst-resolv-aliases
|
|
|
|
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
|
|
(cherry picked from commit 87aa98aa80627553a66bdcad2701fd6307723645)
|
|
|
|
diff --git a/resolv/Makefile b/resolv/Makefile
|
|
index 78165eb99e98b525..567f4c2dcf5749df 100644
|
|
--- a/resolv/Makefile
|
|
+++ b/resolv/Makefile
|
|
@@ -90,6 +90,7 @@ tests += \
|
|
tst-ns_name_pton \
|
|
tst-res_hconf_reorder \
|
|
tst-res_hnok \
|
|
+ tst-resolv-aliases \
|
|
tst-resolv-basic \
|
|
tst-resolv-binary \
|
|
tst-resolv-byaddr \
|
|
@@ -250,6 +251,7 @@ $(objpfx)tst-resolv-ai_idn.out: $(gen-locales)
|
|
$(objpfx)tst-resolv-ai_idn-latin1.out: $(gen-locales)
|
|
$(objpfx)tst-resolv-ai_idn-nolibidn2.out: \
|
|
$(gen-locales) $(objpfx)tst-no-libidn2.so
|
|
+$(objpfx)tst-resolv-aliases: $(objpfx)libresolv.so $(shared-thread-library)
|
|
$(objpfx)tst-resolv-basic: $(objpfx)libresolv.so $(shared-thread-library)
|
|
$(objpfx)tst-resolv-binary: $(objpfx)libresolv.so $(shared-thread-library)
|
|
$(objpfx)tst-resolv-byaddr: $(objpfx)libresolv.so $(shared-thread-library)
|
|
diff --git a/resolv/tst-resolv-aliases.c b/resolv/tst-resolv-aliases.c
|
|
new file mode 100644
|
|
index 0000000000000000..b212823aa07ceb21
|
|
--- /dev/null
|
|
+++ b/resolv/tst-resolv-aliases.c
|
|
@@ -0,0 +1,254 @@
|
|
+/* Test alias handling (mainly for gethostbyname).
|
|
+ Copyright (C) 2022 Free Software Foundation, Inc.
|
|
+ This file is part of the GNU C Library.
|
|
+
|
|
+ The GNU C Library is free software; you can redistribute it and/or
|
|
+ modify it under the terms of the GNU Lesser General Public
|
|
+ License as published by the Free Software Foundation; either
|
|
+ version 2.1 of the License, or (at your option) any later version.
|
|
+
|
|
+ The GNU C Library is distributed in the hope that it will be useful,
|
|
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
+ Lesser General Public License for more details.
|
|
+
|
|
+ You should have received a copy of the GNU Lesser General Public
|
|
+ License along with the GNU C Library; if not, see
|
|
+ <https://www.gnu.org/licenses/>. */
|
|
+
|
|
+#include <array_length.h>
|
|
+#include <arpa/inet.h>
|
|
+#include <netdb.h>
|
|
+#include <stdbool.h>
|
|
+#include <stdio.h>
|
|
+#include <stdlib.h>
|
|
+#include <string.h>
|
|
+#include <support/check.h>
|
|
+#include <support/check_nss.h>
|
|
+#include <support/resolv_test.h>
|
|
+#include <support/support.h>
|
|
+
|
|
+#include "tst-resolv-maybe_insert_sig.h"
|
|
+
|
|
+/* QNAME format:
|
|
+
|
|
+ aADDRESSES-cCNAMES.example.net
|
|
+
|
|
+ CNAMES is the length of the CNAME chain, ADDRESSES is the number of
|
|
+ addresses in the response. The special value 255 means that there
|
|
+ are no addresses, and the RCODE is NXDOMAIN. */
|
|
+static void
|
|
+response (const struct resolv_response_context *ctx,
|
|
+ struct resolv_response_builder *b,
|
|
+ const char *qname, uint16_t qclass, uint16_t qtype)
|
|
+{
|
|
+ TEST_COMPARE (qclass, C_IN);
|
|
+ if (qtype != T_A)
|
|
+ TEST_COMPARE (qtype, T_AAAA);
|
|
+
|
|
+ unsigned int addresses, cnames;
|
|
+ char *tail;
|
|
+ if (sscanf (qname, "a%u-c%u%ms", &addresses, &cnames, &tail) == 3)
|
|
+ {
|
|
+ if (strcmp (tail, ".example.com") == 0
|
|
+ || strcmp (tail, ".example.net.example.net") == 0
|
|
+ || strcmp (tail, ".example.net.example.com") == 0)
|
|
+ /* These only happen after NXDOMAIN. */
|
|
+ TEST_VERIFY (addresses == 255);
|
|
+ else if (strcmp (tail, ".example.net") != 0)
|
|
+ FAIL_EXIT1 ("invalid QNAME: %s", qname);
|
|
+ }
|
|
+ free (tail);
|
|
+
|
|
+ int rcode;
|
|
+ if (addresses == 255)
|
|
+ {
|
|
+ /* Special case: Use no addresses with NXDOMAIN response. */
|
|
+ rcode = ns_r_nxdomain;
|
|
+ addresses = 0;
|
|
+ }
|
|
+ else
|
|
+ rcode = 0;
|
|
+
|
|
+ struct resolv_response_flags flags = { .rcode = rcode };
|
|
+ resolv_response_init (b, flags);
|
|
+ resolv_response_add_question (b, qname, qclass, qtype);
|
|
+ resolv_response_section (b, ns_s_an);
|
|
+ maybe_insert_sig (b, qname);
|
|
+
|
|
+ /* Provide the requested number of CNAME records. */
|
|
+ char *previous_name = (char *) qname;
|
|
+ for (int unique = 0; unique < cnames; ++unique)
|
|
+ {
|
|
+ resolv_response_open_record (b, previous_name, qclass, T_CNAME, 60);
|
|
+ char *new_name = xasprintf ("%d.alias.example", unique);
|
|
+ resolv_response_add_name (b, new_name);
|
|
+ resolv_response_close_record (b);
|
|
+
|
|
+ maybe_insert_sig (b, qname);
|
|
+
|
|
+ if (previous_name != qname)
|
|
+ free (previous_name);
|
|
+ previous_name = new_name;
|
|
+ }
|
|
+
|
|
+ for (int unique = 0; unique < addresses; ++unique)
|
|
+ {
|
|
+ resolv_response_open_record (b, previous_name, qclass, qtype, 60);
|
|
+
|
|
+ if (qtype == T_A)
|
|
+ {
|
|
+ char ipv4[4] = {192, 0, 2, 1 + unique};
|
|
+ resolv_response_add_data (b, &ipv4, sizeof (ipv4));
|
|
+ }
|
|
+ else if (qtype == T_AAAA)
|
|
+ {
|
|
+ char ipv6[16] =
|
|
+ {
|
|
+ 0x20, 0x01, 0xd, 0xb8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
+ 1 + unique
|
|
+ };
|
|
+ resolv_response_add_data (b, &ipv6, sizeof (ipv6));
|
|
+ }
|
|
+ resolv_response_close_record (b);
|
|
+ }
|
|
+
|
|
+ if (previous_name != qname)
|
|
+ free (previous_name);
|
|
+}
|
|
+
|
|
+static char *
|
|
+make_qname (bool do_search, int cnames, int addresses)
|
|
+{
|
|
+ return xasprintf ("a%d-c%d%s",
|
|
+ addresses, cnames, do_search ? "" : ".example.net");
|
|
+}
|
|
+
|
|
+static void
|
|
+check_cnames_failure (int af, bool do_search, int cnames, int addresses)
|
|
+{
|
|
+ char *qname = make_qname (do_search, cnames, addresses);
|
|
+
|
|
+ struct hostent *e;
|
|
+ if (af == AF_UNSPEC)
|
|
+ e = gethostbyname (qname);
|
|
+ else
|
|
+ e = gethostbyname2 (qname, af);
|
|
+
|
|
+ if (addresses == 0)
|
|
+ check_hostent (qname, e, "error: NO_RECOVERY\n");
|
|
+ else
|
|
+ check_hostent (qname, e, "error: HOST_NOT_FOUND\n");
|
|
+
|
|
+ free (qname);
|
|
+}
|
|
+
|
|
+static void
|
|
+check (int af, bool do_search, int cnames, int addresses)
|
|
+{
|
|
+ char *qname = make_qname (do_search, cnames, addresses);
|
|
+ char *fqdn = make_qname (false, cnames, addresses);
|
|
+
|
|
+ struct hostent *e;
|
|
+ if (af == AF_UNSPEC)
|
|
+ e = gethostbyname (qname);
|
|
+ else
|
|
+ e = gethostbyname2 (qname, af);
|
|
+ if (e == NULL)
|
|
+ FAIL_EXIT1 ("unexpected failure for %d, %d, %d", af, cnames, addresses);
|
|
+
|
|
+ if (af == AF_UNSPEC || af == AF_INET)
|
|
+ {
|
|
+ TEST_COMPARE (e->h_addrtype, AF_INET);
|
|
+ TEST_COMPARE (e->h_length, 4);
|
|
+ }
|
|
+ else
|
|
+ {
|
|
+ TEST_COMPARE (e->h_addrtype, AF_INET6);
|
|
+ TEST_COMPARE (e->h_length, 16);
|
|
+ }
|
|
+
|
|
+ for (int i = 0; i < addresses; ++i)
|
|
+ {
|
|
+ char ipv4[4] = {192, 0, 2, 1 + i};
|
|
+ char ipv6[16] =
|
|
+ { 0x20, 0x01, 0xd, 0xb8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1 + i };
|
|
+ char *expected = e->h_addrtype == AF_INET ? ipv4 : ipv6;
|
|
+ TEST_COMPARE_BLOB (e->h_addr_list[i], e->h_length,
|
|
+ expected, e->h_length);
|
|
+ }
|
|
+ TEST_VERIFY (e->h_addr_list[addresses] == NULL);
|
|
+
|
|
+
|
|
+ if (cnames == 0)
|
|
+ {
|
|
+ /* QNAME is fully qualified. */
|
|
+ TEST_COMPARE_STRING (e->h_name, fqdn);
|
|
+ TEST_VERIFY (e->h_aliases[0] == NULL);
|
|
+ }
|
|
+ else
|
|
+ {
|
|
+ /* Fully-qualified QNAME is demoted to an aliases. */
|
|
+ TEST_COMPARE_STRING (e->h_aliases[0], fqdn);
|
|
+
|
|
+ for (int i = 1; i <= cnames; ++i)
|
|
+ {
|
|
+ char *expected = xasprintf ("%d.alias.example", i - 1);
|
|
+ if (i == cnames)
|
|
+ TEST_COMPARE_STRING (e->h_name, expected);
|
|
+ else
|
|
+ TEST_COMPARE_STRING (e->h_aliases[i], expected);
|
|
+ free (expected);
|
|
+ }
|
|
+ TEST_VERIFY (e->h_aliases[cnames] == NULL);
|
|
+ }
|
|
+
|
|
+ free (fqdn);
|
|
+ free (qname);
|
|
+}
|
|
+
|
|
+static int
|
|
+do_test (void)
|
|
+{
|
|
+ struct resolv_test *obj = resolv_test_start
|
|
+ ((struct resolv_redirect_config)
|
|
+ {
|
|
+ .response_callback = response,
|
|
+ .search = { "example.net", "example.com" },
|
|
+ });
|
|
+
|
|
+ static const int families[] = { AF_UNSPEC, AF_INET, AF_INET6 };
|
|
+
|
|
+ for (int do_insert_sig = 0; do_insert_sig < 2; ++do_insert_sig)
|
|
+ {
|
|
+ insert_sig = do_insert_sig;
|
|
+
|
|
+ /* If do_search is true, a bare host name (for example, a1-c1)
|
|
+ is used. This exercises search path processing and FQDN
|
|
+ qualification. */
|
|
+ for (int do_search = 0; do_search < 2; ++do_search)
|
|
+ for (const int *paf = families; paf != array_end (families); ++paf)
|
|
+ {
|
|
+ for (int cnames = 0; cnames <= 100; ++cnames)
|
|
+ {
|
|
+ check_cnames_failure (*paf, do_search, cnames, 0);
|
|
+ /* Now with NXDOMAIN responses. */
|
|
+ check_cnames_failure (*paf, do_search, cnames, 255);
|
|
+ }
|
|
+
|
|
+ for (int cnames = 0; cnames <= 10; ++cnames)
|
|
+ for (int addresses = 1; addresses <= 10; ++addresses)
|
|
+ check (*paf, do_search, cnames, addresses);
|
|
+
|
|
+ /* The current implementation is limited to 47 aliases.
|
|
+ Addresses do not have such a limit. */
|
|
+ check (*paf, do_search, 47, 60);
|
|
+ }
|
|
+ }
|
|
+
|
|
+ resolv_test_end (obj);
|
|
+
|
|
+ return 0;
|
|
+}
|
|
+
|
|
+#include <support/test-driver.c>
|