From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS31976 209.132.180.0/23 X-Spam-Status: No, score=-4.0 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id C7D4C202BB for ; Tue, 12 Mar 2019 08:04:17 +0000 (UTC) DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:to:subject:mime-version:content-type :content-transfer-encoding:message-id:from; q=dns; s=default; b= veO4iuxzON/Phc/kg1XhtNgWhacMnmi9v3Cw0cfRUdPHiXDwsEqvT1/5mvE5C46U DXxQj0T40l+ukUxpC1LLkspnQy7gKm775h8V6cN63qdSlaRO16VX3pLYkDXeufGm mENdcI+ywkX9ezok9AI19OsAHqdpWp/cmLjaWJymka8= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:to:subject:mime-version:content-type :content-transfer-encoding:message-id:from; s=default; bh=HKRhSe HUOy1Mw+BU7CutF6Hwj84=; b=NMyVrvgawbvvCdd/bmrRxJpJlsUFwyAkOnA3WN Kl+L5I4N8zh7MYMzYN7MKt3I3oGi72JY2ZdMo1/t8P4p+KTSqalQA/fvdYIBzUGq ix6ycKfn/dqknLKLqwVj/DJuBOlaciMzn4LZ6id6YDeYCBYsE0TkZwISPVkRwNlx JKK80= Received: (qmail 6243 invoked by alias); 12 Mar 2019 08:04:14 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Received: (qmail 6229 invoked by uid 89); 12 Mar 2019 08:04:14 -0000 Authentication-Results: sourceware.org; auth=none X-HELO: mx1.redhat.com Date: Tue, 12 Mar 2019 09:04:09 +0100 To: libc-alpha@sourceware.org Subject: [PATCH] resolv: Remove RES_INSECURE1, RES_INSECURE1 User-Agent: Heirloom mailx 12.5 7/5/10 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20190312080409.3E42D890D643@oldenburg2.str.redhat.com> From: Florian Weimer Always perform the associated security checks. 2019-03-12 Florian Weimer * resolv/resolv.h (RES_INSECURE1, RES_INSECURE1): Remove definitions. * resolv/res_send.c (send_dg): Always perform RES_INSECURE1 and RES_INSECURE2 security checks. * resolv/res_debug.c (p_option): Remove RES_INSECURE1 and RES_INSECURE2 handling. diff --git a/NEWS b/NEWS index 0a3b6c7a5a..4111893705 100644 --- a/NEWS +++ b/NEWS @@ -22,6 +22,9 @@ Deprecated and removed features, and other changes affecting compatibility: definitions in libc will be used automatically, which have been available since glibc 2.17. +* The obsolete RES_INSECURE1 and RES_INSECURE2 option flags for the DNS stub + resolver have been removed from . + Changes to build and runtime requirements: * GCC 6.2 or later is required to build the GNU C Library. diff --git a/resolv/res_debug.c b/resolv/res_debug.c index 7681ad4639..f797a33872 100644 --- a/resolv/res_debug.c +++ b/resolv/res_debug.c @@ -604,8 +604,6 @@ p_option(u_long option) { case RES_DEFNAMES: return "defnam"; case RES_STAYOPEN: return "styopn"; case RES_DNSRCH: return "dnsrch"; - case RES_INSECURE1: return "insecure1"; - case RES_INSECURE2: return "insecure2"; case RES_NOALIASES: return "noaliases"; case DEPRECATED_RES_USE_INET6: return "inet6"; case RES_ROTATE: return "rotate"; diff --git a/resolv/res_send.c b/resolv/res_send.c index fa040c1198..59fbe27c26 100644 --- a/resolv/res_send.c +++ b/resolv/res_send.c @@ -1312,31 +1312,25 @@ send_dg(res_state statp, */ goto wait; } - if (!(statp->options & RES_INSECURE1) && - !res_ourserver_p(statp, &from)) { - /* - * response from wrong server? ignore it. - * XXX - potential security hazard could - * be detected here. - */ - goto wait; - } - if (!(statp->options & RES_INSECURE2) - && (recvresp1 || !res_queriesmatch(buf, buf + buflen, + + /* Paranoia check. Due to the connected UDP socket, + the kernel has already filtered invalid addresses + for us. */ + if (!res_ourserver_p(statp, &from)) + goto wait; + + /* Check for the correct header layout and a matching + question. */ + if ((recvresp1 || !res_queriesmatch(buf, buf + buflen, *thisansp, *thisansp + *thisanssizp)) && (recvresp2 || !res_queriesmatch(buf2, buf2 + buflen2, *thisansp, *thisansp - + *thisanssizp))) { - /* - * response contains wrong query? ignore it. - * XXX - potential security hazard could - * be detected here. - */ - goto wait; - } + + *thisanssizp))) + goto wait; + if (anhp->rcode == SERVFAIL || anhp->rcode == NOTIMP || anhp->rcode == REFUSED) { diff --git a/resolv/resolv.h b/resolv/resolv.h index 80a523e5e4..2625c786e9 100644 --- a/resolv/resolv.h +++ b/resolv/resolv.h @@ -115,8 +115,6 @@ struct res_sym { #define RES_DEFNAMES 0x00000080 /* use default domain name */ #define RES_STAYOPEN 0x00000100 /* Keep TCP socket open */ #define RES_DNSRCH 0x00000200 /* search up local domain tree */ -#define RES_INSECURE1 0x00000400 /* type 1 security disabled */ -#define RES_INSECURE2 0x00000800 /* type 2 security disabled */ #define RES_NOALIASES 0x00001000 /* shuts off HOSTALIASES feature */ #define RES_USE_INET6 \ __glibc_macro_warning ("RES_USE_INET6 is deprecated") 0x00002000