From: Florian Weimer <fweimer@redhat.com>
To: libc-alpha@sourceware.org
Subject: [PATCH] resolv: Remove RES_INSECURE1, RES_INSECURE1
Date: Tue, 12 Mar 2019 09:04:09 +0100 [thread overview]
Message-ID: <20190312080409.3E42D890D643@oldenburg2.str.redhat.com> (raw)
Always perform the associated security checks.
2019-03-12 Florian Weimer <fweimer@redhat.com>
* resolv/resolv.h (RES_INSECURE1, RES_INSECURE1): Remove
definitions.
* resolv/res_send.c (send_dg): Always perform RES_INSECURE1 and
RES_INSECURE2 security checks.
* resolv/res_debug.c (p_option): Remove RES_INSECURE1 and
RES_INSECURE2 handling.
diff --git a/NEWS b/NEWS
index 0a3b6c7a5a..4111893705 100644
--- a/NEWS
+++ b/NEWS
@@ -22,6 +22,9 @@ Deprecated and removed features, and other changes affecting compatibility:
definitions in libc will be used automatically, which have been available
since glibc 2.17.
+* The obsolete RES_INSECURE1 and RES_INSECURE2 option flags for the DNS stub
+ resolver have been removed from <resolv.h>.
+
Changes to build and runtime requirements:
* GCC 6.2 or later is required to build the GNU C Library.
diff --git a/resolv/res_debug.c b/resolv/res_debug.c
index 7681ad4639..f797a33872 100644
--- a/resolv/res_debug.c
+++ b/resolv/res_debug.c
@@ -604,8 +604,6 @@ p_option(u_long option) {
case RES_DEFNAMES: return "defnam";
case RES_STAYOPEN: return "styopn";
case RES_DNSRCH: return "dnsrch";
- case RES_INSECURE1: return "insecure1";
- case RES_INSECURE2: return "insecure2";
case RES_NOALIASES: return "noaliases";
case DEPRECATED_RES_USE_INET6: return "inet6";
case RES_ROTATE: return "rotate";
diff --git a/resolv/res_send.c b/resolv/res_send.c
index fa040c1198..59fbe27c26 100644
--- a/resolv/res_send.c
+++ b/resolv/res_send.c
@@ -1312,31 +1312,25 @@ send_dg(res_state statp,
*/
goto wait;
}
- if (!(statp->options & RES_INSECURE1) &&
- !res_ourserver_p(statp, &from)) {
- /*
- * response from wrong server? ignore it.
- * XXX - potential security hazard could
- * be detected here.
- */
- goto wait;
- }
- if (!(statp->options & RES_INSECURE2)
- && (recvresp1 || !res_queriesmatch(buf, buf + buflen,
+
+ /* Paranoia check. Due to the connected UDP socket,
+ the kernel has already filtered invalid addresses
+ for us. */
+ if (!res_ourserver_p(statp, &from))
+ goto wait;
+
+ /* Check for the correct header layout and a matching
+ question. */
+ if ((recvresp1 || !res_queriesmatch(buf, buf + buflen,
*thisansp,
*thisansp
+ *thisanssizp))
&& (recvresp2 || !res_queriesmatch(buf2, buf2 + buflen2,
*thisansp,
*thisansp
- + *thisanssizp))) {
- /*
- * response contains wrong query? ignore it.
- * XXX - potential security hazard could
- * be detected here.
- */
- goto wait;
- }
+ + *thisanssizp)))
+ goto wait;
+
if (anhp->rcode == SERVFAIL ||
anhp->rcode == NOTIMP ||
anhp->rcode == REFUSED) {
diff --git a/resolv/resolv.h b/resolv/resolv.h
index 80a523e5e4..2625c786e9 100644
--- a/resolv/resolv.h
+++ b/resolv/resolv.h
@@ -115,8 +115,6 @@ struct res_sym {
#define RES_DEFNAMES 0x00000080 /* use default domain name */
#define RES_STAYOPEN 0x00000100 /* Keep TCP socket open */
#define RES_DNSRCH 0x00000200 /* search up local domain tree */
-#define RES_INSECURE1 0x00000400 /* type 1 security disabled */
-#define RES_INSECURE2 0x00000800 /* type 2 security disabled */
#define RES_NOALIASES 0x00001000 /* shuts off HOSTALIASES feature */
#define RES_USE_INET6 \
__glibc_macro_warning ("RES_USE_INET6 is deprecated") 0x00002000
next reply other threads:[~2019-03-12 8:04 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-12 8:04 Florian Weimer [this message]
2019-04-08 10:07 ` [PATCH] resolv: Remove RES_INSECURE1, RES_INSECURE1 Florian Weimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/libc/involved.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190312080409.3E42D890D643@oldenburg2.str.redhat.com \
--to=fweimer@redhat.com \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).