Simon Kelley
c6d4c33d61
Bump copyright to 2022.
2022-01-24 15:19:00 +00:00
Petr Menšík
e52b4b1466
Fix bunch of warnings in auth.c
...
Error: CLANG_WARNING: [#def7]
dnsmasq-2.86test7/src/auth.c:420:5: warning[deadcode.DeadStores]: Value stored to 'found' is never read
# 418| if (!found && is_name_synthetic(flag, name, &addr) )
# 419| {
# 420|-> found = 1;
# 421| nxdomain = 0;
# 422|
Error: CLANG_WARNING: [#def8]
dnsmasq-2.86test7/src/auth.c:436:8: warning[deadcode.DeadStores]: Value stored to 'found' is never read
# 434| {
# 435| auth = soa = 1; /* inhibits auth section */
# 436|-> found = 1;
# 437| log_query(F_RRNAME | F_AUTH, zone->domain, NULL, "<SOA>");
# 438| }
Error: CLANG_WARNING: [#def9]
dnsmasq-2.86test7/src/auth.c:472:8: warning[deadcode.DeadStores]: Value stored to 'found' is never read
# 470| ns = 1; /* ensure we include NS records! */
# 471| axfr = 1;
# 472|-> found = 1;
# 473| axfroffset = nameoffset;
# 474| log_query(F_RRNAME | F_AUTH, zone->domain, NULL, "<AXFR>");
Error: CLANG_WARNING: [#def10]
dnsmasq-2.86test7/src/auth.c:480:8: warning[deadcode.DeadStores]: Value stored to 'found' is never read
# 478| auth = 1;
# 479| ns = 1; /* inhibits auth section */
# 480|-> found = 1;
# 481| log_query(F_RRNAME | F_AUTH, zone->domain, NULL, "<NS>");
# 482| }
Error: CLANG_WARNING: [#def11]
dnsmasq-2.86test7/src/auth.c:501:4: warning[deadcode.DeadStores]: Value stored to 'found' is never read
# 499| log_query(crecp->flags, name, &crecp->addr, record_source(crecp->uid));
# 500| *cut = 0; /* remove domain part */
# 501|-> found = 1;
# 502| if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
# 503| daemon->auth_ttl, NULL, qtype, C_IN,
Error: CLANG_WARNING: [#def12]
dnsmasq-2.86test7/src/auth.c:522:8: warning[deadcode.DeadStores]: Value stored to 'found' is never read
# 520| {
# 521| log_query(crecp->flags, name, &crecp->addr, record_source(crecp->uid));
# 522|-> found = 1;
# 523| if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
# 524| daemon->auth_ttl, NULL, qtype, C_IN,
Error: CLANG_WARNING: [#def13]
dnsmasq-2.86test7/src/auth.c:617:8: warning[deadcode.DeadStores]: Value stored to 'p' is never read
# 615| p += sprintf(p, "%u.", a & 0xff);
# 616| a = a >> 8;
# 617|-> p += sprintf(p, "%u.in-addr.arpa", a & 0xff);
# 618|
# 619| }
Error: CPPCHECK_WARNING (CWE-758): [#def14]
dnsmasq-2.86test7/src/auth.c:627: warning[objectIndex]: The address of local variable 'addr6' might be accessed at non-zero index.
# 625| for (i = subnet->prefixlen-1; i >= 0; i -= 4)
# 626| {
# 627|-> int dig = ((unsigned char *)&subnet->addr.addr6)[i>>3];
# 628| p += sprintf(p, "%.1x.", (i>>2) & 1 ? dig & 15 : dig >> 4);
# 629| }
Error: CLANG_WARNING: [#def15]
dnsmasq-2.86test7/src/auth.c:630:8: warning[deadcode.DeadStores]: Value stored to 'p' is never read
# 628| p += sprintf(p, "%.1x.", (i>>2) & 1 ? dig & 15 : dig >> 4);
# 629| }
# 630|-> p += sprintf(p, "ip6.arpa");
# 631|
# 632| }
2021-09-11 17:56:01 +01:00
Dominik DL6ER
e0ce3c12f2
Add all current RR types to the table of type names used for query logging.
...
This patch also changes the method of calling querystr() such that
it is only called when logging is enabled, to eliminate any
possible performance problems from searching the larger table.
2021-09-10 23:13:53 +01:00
Simon Kelley
f83c6cf51a
Return REFUSED in auth mode when we are not authoritative for the query.
2021-07-20 17:15:36 +01:00
Simon Kelley
c068b3ae2f
--synth-domain now works in auth mode.
2021-07-19 09:38:48 +01:00
Geert Stappers
3573ca0eec
Chomp file ends
...
Removed empty lines from end of src/*.[ch] files.
If the new last line became '#endif'
was the condition of the '#if' added.
2021-04-09 17:27:36 +01:00
Simon Kelley
c8e8f5c204
Bump copyright notices for 2021. Happy New Year!
2021-01-24 21:59:37 +00:00
Simon Kelley
b43585c34b
Fix nameserver list in auth mode.
...
If dnsmasq is not acting as an authoritative nameserver (no second
argument to --auth-server) then it should not appear in the NS RRset.
This leaves simply the list of servers specified in --auth-sec-servers.
2020-03-28 17:41:06 +00:00
Simon Kelley
2a8710ac2f
Update copyrights to 2020.
2020-01-05 16:40:06 +00:00
Simon Kelley
dc6a57ffb8
Always force AD bit to zero in authoritative DNS answers.
2019-08-20 23:17:27 +01:00
Simon Kelley
5b99eae59d
Cache SRV records.
...
Inpsired by a patch from Jeremy Allison, but completely re-rolled
by srk. All bugs are mine.
2019-01-06 23:09:50 +00:00
Simon Kelley
cc921df9ce
Remove nested struct/union in cache records and all_addr.
2019-01-02 22:48:59 +00:00
Simon Kelley
ee8750451b
Remove ability to compile without IPv6 support.
...
This was the source of a large number of #ifdefs, originally
included for use with old embedded libc versions. I'm
sure no-one wants or needs IPv6-free code these days, so this
is a move towards more maintainable code.
2018-10-23 22:10:17 +01:00
Simon Kelley
b758b67c37
Improve logging of RRs from --dns-rr.
2018-08-23 21:41:23 +01:00
Simon Kelley
b6f926fbef
Don't return NXDOMAIN to empty non-terminals.
...
When a record is defined locally, eg an A record for one.two.example then
we already know that if we forward, eg an AAAA query for one.two.example,
and get back NXDOMAIN, then we need to alter that to NODATA. This is handled
by check_for_local_domain(). But, if we forward two.example, because
one.two.example exists, then the answer to two.example should also be
a NODATA.
For most local records this is easy, just to substring matching.
for A, AAAA and CNAME records that are in the cache, it's more difficult.
The cache has no efficient way to find such records. The fix is to
insert empty (none of F_IPV4, F_IPV6 F_CNAME set) records for each
non-terminal.
The same considerations apply in auth mode, and the same basic mechanism
is used there too.
2018-08-21 17:46:52 +01:00
Simon Kelley
090856c7e6
Allow zone transfer in authoritative mode whenever auth-peer is specified.
2018-06-02 18:37:07 +01:00
Simon Kelley
d1ced3ae38
Update copyrights to 2018.
2018-01-01 22:18:03 +00:00
Simon Kelley
63437ffbb5
Fix CVE-2017-13704, which resulted in a crash on a large DNS query.
...
A DNS query recieved by UDP which exceeds 512 bytes (or the EDNS0 packet size,
if different.) is enough to cause SIGSEGV.
2017-09-06 22:34:21 +01:00
Rosen Penev
cbd29e5da8
Printf related fixes.
2017-06-27 22:29:51 +01:00
Simon Kelley
50ca85504c
Bump year in copyrights.
2017-06-24 22:43:18 +01:00
Simon Kelley
62f9c0d470
Fix CNAME wildcard in auth-mode.
...
A domain can only have a CNAME if it has not other records.
Don't return a CNAME when there are records of other types on the name.
2017-02-19 23:07:01 +00:00
Josh Soref
730c6745f0
Comprehensive spelling/typo fixes.
...
Thanks to Josh Soref for generating these fixes.
2017-02-06 16:14:04 +00:00
Simon Kelley
b637d7815d
Allow wildcard CNAME records in authoritative zones.
2016-12-13 16:44:11 +00:00
Mathias Kresin
094bfaeb4f
auth-zone: allow to exclude ip addresses from answer.
2016-07-24 14:15:22 +01:00
Simon Kelley
fa78573778
Zero packet buffers before building output, to reduce risk of information leakage.
2016-07-22 20:56:01 +01:00
Simon Kelley
c7f3bd2ac8
Replace incoming EDNS0_OPTION_NOMDEVICEID and EDNS0_OPTION_NOMCPEID options.
2016-02-28 21:48:34 +00:00
Simon Kelley
c49778df4a
Update copyright notices. Happy new year!
2016-01-06 18:52:33 +00:00
Simon Kelley
fa14bec83b
Major tidy up of EDNS0 handling and computation/use of udp packet size.
2015-12-20 17:12:16 +00:00
Simon Kelley
78c6184752
Auth: correct replies to NS and SOA in .arpa zones.
2015-04-16 15:05:30 +01:00
Simon Kelley
38440b204d
Fix crash in auth code with odd configuration.
2015-04-12 21:52:47 +01:00
Simon Kelley
aff3396280
Update copyrights for dawn of 2015.
2015-01-31 20:13:40 +00:00
Simon Kelley
393415597c
Cope with multiple interfaces with the same LL address.
2015-01-18 22:11:10 +00:00
Simon Kelley
476693678e
Eliminate IPv6 privacy addresses from --interface-name answers.
2014-12-17 12:41:56 +00:00
Richard Genoud
10cfc0ddb3
Fix length->netmask conversions to avoid undefined behaviour.
2014-09-17 21:17:39 +01:00
Simon Kelley
10068600f8
Fix NXDOMAIN RCODE in auth PTR replies.
2014-04-03 21:16:40 +01:00
Simon Kelley
c47e3ba446
Update copyright for 2014.
2014-01-08 17:07:54 +00:00
Simon Kelley
c50f25a3ea
Allow empty subnet list in --auth-zone
2013-11-21 11:29:27 +00:00
Simon Kelley
587ad4f271
Fix crash introduced in 376d48c7f1
2013-11-15 15:47:51 +00:00
Simon Kelley
376d48c7f1
Allow interface name to specify subnets in --auth-zone.
2013-11-13 13:04:30 +00:00
Simon Kelley
6008bdbbc1
Fix botch in determining if auth query is local.
2013-10-21 21:47:03 +01:00
Simon Kelley
93bafe619d
Fix CNAME botch in auth code, also set RA flag for local queries.
2013-10-21 21:19:34 +01:00
Simon Kelley
8ab91e9f7f
Get NXDOMAIN right on non-A/AAAA query for name known via interface-name.
2013-10-21 20:50:04 +01:00
Simon Kelley
5731050062
Get NXDOMAIN right for local queries to auth zones.
2013-10-21 18:26:20 +01:00
Simon Kelley
fb63dd1345
Handle two interface-names, different interface, same name.
2013-10-21 18:19:35 +01:00
Simon Kelley
5f8002fcd7
Restore NS and SOA records to local auth queries.
2013-10-21 17:40:18 +01:00
Simon Kelley
19b1689161
Don't filter by subnet when handling local queries for auth-zones.
2013-10-20 10:19:39 +01:00
Simon Kelley
b485ed97aa
Always answer queries for authoritative zones locally, never forward.
2013-10-18 22:00:39 +01:00
Simon Kelley
921360ce62
Add constructor-noauth: keyword
2013-05-31 14:07:22 +01:00
Simon Kelley
baa80ae512
Remove limit in prefix length in --auth-zone.
2013-05-29 16:32:07 +01:00
Simon Kelley
115ac3e4d7
Generalise --interface-name to cope with IPv6 addresses.
2013-05-20 11:28:32 +01:00
