From cb4652e91d53a71d77f111bfecb929c1a7955997 Mon Sep 17 00:00:00 2001 From: Danny Sonnenschein Date: Sat, 21 Nov 2020 09:56:22 +0100 Subject: [PATCH] deps: update to c-ares 1.17.1 PR-URL: https://github.com/nodejs/node/pull/36207 Reviewed-By: Matteo Collina Reviewed-By: Shelley Vohr Reviewed-By: Rich Trott --- deps/cares/include/ares_version.h | 4 +- deps/cares/include/nameser.h | 7 ++- deps/cares/src/ares__readaddrinfo.c | 8 ++- deps/cares/src/ares__sortaddrinfo.c | 21 ++++--- deps/cares/src/ares_getaddrinfo.c | 11 ++++ deps/cares/src/ares_gethostbyaddr.c | 1 - deps/cares/src/ares_gethostbyname.c | 15 +++-- deps/cares/src/ares_init.c | 20 ++---- deps/cares/src/ares_parse_caa_reply.c | 2 +- deps/cares/src/ares_parse_soa_reply.c | 9 ++- deps/cares/src/ares_private.h | 10 +-- deps/cares/src/ares_process.c | 88 +++++++++++++++++++++++++-- deps/cares/src/ares_query.c | 2 +- deps/cares/src/ares_strsplit.h | 1 + 14 files changed, 143 insertions(+), 56 deletions(-) diff --git a/deps/cares/include/ares_version.h b/deps/cares/include/ares_version.h index c041d574dee09e..0bee17dfe646b4 100644 --- a/deps/cares/include/ares_version.h +++ b/deps/cares/include/ares_version.h @@ -6,12 +6,12 @@ #define ARES_COPYRIGHT "2004 - 2020 Daniel Stenberg, ." #define ARES_VERSION_MAJOR 1 -#define ARES_VERSION_MINOR 16 +#define ARES_VERSION_MINOR 17 #define ARES_VERSION_PATCH 1 #define ARES_VERSION ((ARES_VERSION_MAJOR<<16)|\ (ARES_VERSION_MINOR<<8)|\ (ARES_VERSION_PATCH)) -#define ARES_VERSION_STR "1.16.1" +#define ARES_VERSION_STR "1.17.1" #if (ARES_VERSION >= 0x010700) # define CARES_HAVE_ARES_LIBRARY_INIT 1 diff --git a/deps/cares/include/nameser.h b/deps/cares/include/nameser.h index 5de783b47171be..5c1acce215573c 100644 --- a/deps/cares/include/nameser.h +++ b/deps/cares/include/nameser.h @@ -88,7 +88,7 @@ typedef enum __ns_type { ns_t_maila = 254, /* Transfer mail agent records. */ ns_t_any = 255, /* Wildcard match. */ ns_t_zxfr = 256, /* BIND-specific, nonstandard. */ - ns_t_caa = 257, /* CA Authorization (RFC8659) */ + ns_t_caa = 257, /* Certification Authority Authorization. */ ns_t_max = 65536 } ns_type; @@ -210,4 +210,9 @@ typedef enum __ns_rcode { #endif /* HAVE_ARPA_NAMESER_COMPAT_H */ +/* Android's bionic arpa/nameser_compat.h, nor glibc versions prior to 2.25 have T_OPT defined */ +#ifndef T_OPT +# define T_OPT ns_t_opt +#endif + #endif /* ARES_NAMESER_H */ diff --git a/deps/cares/src/ares__readaddrinfo.c b/deps/cares/src/ares__readaddrinfo.c index dd3abe2e9f8778..2b5bb40c3dd017 100644 --- a/deps/cares/src/ares__readaddrinfo.c +++ b/deps/cares/src/ares__readaddrinfo.c @@ -163,6 +163,10 @@ int ares__readaddrinfo(FILE *fp, continue; } + /* Zero-out 'addr' struct, as there are members that we may not set, especially + * for ipv6. We don't want garbage data */ + memset(&addr, 0, sizeof(addr)); + /* * Convert address string to network address for the requested families. * Actual address family possible values are AF_INET and AF_INET6 only. @@ -179,7 +183,7 @@ int ares__readaddrinfo(FILE *fp, } node->ai_family = addr.sa.sa_family = AF_INET; - node->ai_addrlen = sizeof(sizeof(addr.sa4)); + node->ai_addrlen = sizeof(addr.sa4); node->ai_addr = ares_malloc(sizeof(addr.sa4)); if (!node->ai_addr) { @@ -200,7 +204,7 @@ int ares__readaddrinfo(FILE *fp, } node->ai_family = addr.sa.sa_family = AF_INET6; - node->ai_addrlen = sizeof(sizeof(addr.sa6)); + node->ai_addrlen = sizeof(addr.sa6); node->ai_addr = ares_malloc(sizeof(addr.sa6)); if (!node->ai_addr) { diff --git a/deps/cares/src/ares__sortaddrinfo.c b/deps/cares/src/ares__sortaddrinfo.c index 7a90270a2a6b92..0ad3a5bd98b9ae 100644 --- a/deps/cares/src/ares__sortaddrinfo.c +++ b/deps/cares/src/ares__sortaddrinfo.c @@ -85,11 +85,12 @@ struct addrinfo_sort_elem #define ARES_IN6_IS_ADDR_6BONE(a) \ (((a)->s6_addr[0] == 0x3f) && ((a)->s6_addr[1] == 0xfe)) + static int get_scope(const struct sockaddr *addr) { if (addr->sa_family == AF_INET6) { - const struct sockaddr_in6 *addr6 = (const struct sockaddr_in6 *)addr; + const struct sockaddr_in6 *addr6 = CARES_INADDR_CAST(const struct sockaddr_in6 *, addr); if (IN6_IS_ADDR_MULTICAST(&addr6->sin6_addr)) { return ARES_IPV6_ADDR_MC_SCOPE(&addr6->sin6_addr); @@ -114,7 +115,7 @@ static int get_scope(const struct sockaddr *addr) } else if (addr->sa_family == AF_INET) { - const struct sockaddr_in *addr4 = (const struct sockaddr_in *)addr; + const struct sockaddr_in *addr4 = CARES_INADDR_CAST(const struct sockaddr_in *, addr); unsigned long int na = ntohl(addr4->sin_addr.s_addr); if (ARES_IN_LOOPBACK(na) || /* 127.0.0.0/8 */ (na & 0xffff0000) == 0xa9fe0000) /* 169.254.0.0/16 */ @@ -149,7 +150,7 @@ static int get_label(const struct sockaddr *addr) } else if (addr->sa_family == AF_INET6) { - const struct sockaddr_in6 *addr6 = (const struct sockaddr_in6 *)addr; + const struct sockaddr_in6 *addr6 = CARES_INADDR_CAST(const struct sockaddr_in6 *, addr); if (IN6_IS_ADDR_LOOPBACK(&addr6->sin6_addr)) { return 0; @@ -210,7 +211,7 @@ static int get_precedence(const struct sockaddr *addr) } else if (addr->sa_family == AF_INET6) { - const struct sockaddr_in6 *addr6 = (const struct sockaddr_in6 *)addr; + const struct sockaddr_in6 *addr6 = CARES_INADDR_CAST(const struct sockaddr_in6 *, addr); if (IN6_IS_ADDR_LOOPBACK(&addr6->sin6_addr)) { return 50; @@ -353,10 +354,10 @@ static int rfc6724_compare(const void *ptr1, const void *ptr2) { const struct sockaddr_in6 *a1_src = &a1->src_addr.sa6; const struct sockaddr_in6 *a1_dst = - (const struct sockaddr_in6 *)a1->ai->ai_addr; + CARES_INADDR_CAST(const struct sockaddr_in6 *, a1->ai->ai_addr); const struct sockaddr_in6 *a2_src = &a2->src_addr.sa6; const struct sockaddr_in6 *a2_dst = - (const struct sockaddr_in6 *)a2->ai->ai_addr; + CARES_INADDR_CAST(const struct sockaddr_in6 *, a2->ai->ai_addr); prefixlen1 = common_prefix_len(&a1_src->sin6_addr, &a1_dst->sin6_addr); prefixlen2 = common_prefix_len(&a2_src->sin6_addr, &a2_dst->sin6_addr); if (prefixlen1 != prefixlen2) @@ -384,7 +385,7 @@ static int find_src_addr(ares_channel channel, const struct sockaddr *addr, struct sockaddr *src_addr) { - int sock; + ares_socket_t sock; int ret; ares_socklen_t len; @@ -402,7 +403,7 @@ static int find_src_addr(ares_channel channel, } sock = ares__open_socket(channel, addr->sa_family, SOCK_DGRAM, IPPROTO_UDP); - if (sock == -1) + if (sock == ARES_SOCKET_BAD) { if (errno == EAFNOSUPPORT) { @@ -426,7 +427,7 @@ static int find_src_addr(ares_channel channel, return 0; } - if (getsockname(sock, src_addr, &len) == -1) + if (getsockname(sock, src_addr, &len) != 0) { ares__close_socket(channel, sock); return -1; @@ -491,4 +492,4 @@ int ares__sortaddrinfo(ares_channel channel, struct ares_addrinfo_node *list_sen ares_free(elems); return ARES_SUCCESS; -} \ No newline at end of file +} diff --git a/deps/cares/src/ares_getaddrinfo.c b/deps/cares/src/ares_getaddrinfo.c index be168068b1d424..ecd5dd5112cb51 100644 --- a/deps/cares/src/ares_getaddrinfo.c +++ b/deps/cares/src/ares_getaddrinfo.c @@ -386,6 +386,9 @@ static int fake_addrinfo(const char *name, } } + node->ai_socktype = hints->ai_socktype; + node->ai_protocol = hints->ai_protocol; + callback(arg, ARES_SUCCESS, 0, ai); return 1; } @@ -406,6 +409,8 @@ static void end_hquery(struct host_query *hquery, int status) /* Set port into each address (resolved separately). */ while (next) { + next->ai_socktype = hquery->hints.ai_socktype; + next->ai_protocol = hquery->hints.ai_protocol; if (next->ai_family == AF_INET) { (CARES_INADDR_CAST(struct sockaddr_in *, next->ai_addr))->sin_port = htons(hquery->port); @@ -754,6 +759,7 @@ static int as_is_first(const struct host_query* hquery) { char* p; int ndots = 0; + size_t nname = strlen(hquery->name); for (p = hquery->name; *p; p++) { if (*p == '.') @@ -761,5 +767,10 @@ static int as_is_first(const struct host_query* hquery) ndots++; } } + if (nname && hquery->name[nname-1] == '.') + { + /* prevent ARES_EBADNAME for valid FQDN, where ndots < channel->ndots */ + return 1; + } return ndots >= hquery->channel->ndots; } diff --git a/deps/cares/src/ares_gethostbyaddr.c b/deps/cares/src/ares_gethostbyaddr.c index a8ca0f5744d376..54eb5997392764 100644 --- a/deps/cares/src/ares_gethostbyaddr.c +++ b/deps/cares/src/ares_gethostbyaddr.c @@ -208,7 +208,6 @@ static int file_lookup(struct ares_addr *addr, struct hostent **host) strcat(PATH_HOSTS, WIN_PATH_HOSTS); #elif defined(WATT32) - extern const char *_w32_GetHostsFile (void); const char *PATH_HOSTS = _w32_GetHostsFile(); if (!PATH_HOSTS) diff --git a/deps/cares/src/ares_gethostbyname.c b/deps/cares/src/ares_gethostbyname.c index ecd03e79310c63..4e41898496fbf9 100644 --- a/deps/cares/src/ares_gethostbyname.c +++ b/deps/cares/src/ares_gethostbyname.c @@ -258,7 +258,7 @@ static int fake_hostent(const char *name, int family, struct in_addr in; struct ares_in6_addr in6; - if (family == AF_INET || family == AF_INET6) + if (family == AF_INET || family == AF_UNSPEC) { /* It only looks like an IP address if it's all numbers and dots. */ int numdots = 0, valid = 1; @@ -276,13 +276,17 @@ static int fake_hostent(const char *name, int family, /* if we don't have 3 dots, it is illegal * (although inet_pton doesn't think so). */ - if (numdots != 3 || !valid) + if (numdots != 3 || !valid) { result = 0; - else + } else { result = (ares_inet_pton(AF_INET, name, &in) < 1 ? 0 : 1); + } - if (result) - family = AF_INET; + /* + * Set address family in case of failure, + * as we will try to convert it later afterwards + */ + family = result ? AF_INET : AF_INET6; } if (family == AF_INET6) result = (ares_inet_pton(AF_INET6, name, &in6) < 1 ? 0 : 1); @@ -383,7 +387,6 @@ static int file_lookup(const char *name, int family, struct hostent **host) strcat(PATH_HOSTS, WIN_PATH_HOSTS); #elif defined(WATT32) - extern const char *_w32_GetHostsFile (void); const char *PATH_HOSTS = _w32_GetHostsFile(); if (!PATH_HOSTS) diff --git a/deps/cares/src/ares_init.c b/deps/cares/src/ares_init.c index dffa518171b29c..92187e463e69c9 100644 --- a/deps/cares/src/ares_init.c +++ b/deps/cares/src/ares_init.c @@ -115,20 +115,6 @@ int ares_init_options(ares_channel *channelptr, struct ares_options *options, int status = ARES_SUCCESS; struct timeval now; -#ifdef CURLDEBUG - const char *env = getenv("CARES_MEMDEBUG"); - - if (env) - curl_memdebug(env); - env = getenv("CARES_MEMLIMIT"); - if (env) { - char *endptr; - long num = strtol(env, &endptr, 10); - if((endptr != env) && (endptr == env + strlen(env)) && (num > 0)) - curl_memlimit(num); - } -#endif - if (ares_library_initialized() != ARES_SUCCESS) return ARES_ENOTINITIALIZED; /* LCOV_EXCL_LINE: n/a on non-WinSock */ @@ -1611,7 +1597,8 @@ static int init_by_resolv_conf(ares_channel channel) if (channel->nservers == -1) { union res_sockaddr_union addr[MAXNS]; int nscount = res_getservers(&res, addr, MAXNS); - for (int i = 0; i < nscount; ++i) { + int i; + for (i = 0; i < nscount; ++i) { char str[INET6_ADDRSTRLEN]; int config_status; sa_family_t family = addr[i].sin.sin_family; @@ -1639,8 +1626,9 @@ static int init_by_resolv_conf(ares_channel channel) if (!channel->domains) { status = ARES_ENOMEM; } else { + int i; channel->ndomains = entries; - for (int i = 0; i < channel->ndomains; ++i) { + for (i = 0; i < channel->ndomains; ++i) { channel->domains[i] = ares_strdup(res.dnsrch[i]); if (!channel->domains[i]) status = ARES_ENOMEM; diff --git a/deps/cares/src/ares_parse_caa_reply.c b/deps/cares/src/ares_parse_caa_reply.c index 759ab8f7d123e6..620f444e007900 100644 --- a/deps/cares/src/ares_parse_caa_reply.c +++ b/deps/cares/src/ares_parse_caa_reply.c @@ -140,7 +140,7 @@ ares_parse_caa_reply (const unsigned char *abuf, int alen, status = ARES_EBADRESP; break; } - caa_curr->critical = (int)*strptr++; + caa_curr->critical = (int)*strptr++; caa_curr->plength = (int)*strptr++; if (caa_curr->plength <= 0 || (int)caa_curr->plength >= rr_len - 2) { diff --git a/deps/cares/src/ares_parse_soa_reply.c b/deps/cares/src/ares_parse_soa_reply.c index d72eeb94148e27..7cfaed2b33372a 100644 --- a/deps/cares/src/ares_parse_soa_reply.c +++ b/deps/cares/src/ares_parse_soa_reply.c @@ -62,13 +62,16 @@ ares_parse_soa_reply(const unsigned char *abuf, int alen, return ARES_EBADRESP; if (ancount == 0) return ARES_EBADRESP; - + aptr = abuf + HFIXEDSZ; /* query name */ status = ares__expand_name_for_response(aptr, abuf, alen, &qname, &len); if (status != ARES_SUCCESS) goto failed_stat; + + if (alen <= len + HFIXEDSZ + 1) + goto failed; aptr += len; qclass = DNS_QUESTION_TYPE(aptr); @@ -161,9 +164,9 @@ ares_parse_soa_reply(const unsigned char *abuf, int alen, return ARES_SUCCESS; } aptr += rr_len; - + ares_free(rr_name); - + if (aptr > abuf + alen) goto failed_stat; } diff --git a/deps/cares/src/ares_private.h b/deps/cares/src/ares_private.h index 1884c1659681c1..50b2ba06e15b38 100644 --- a/deps/cares/src/ares_private.h +++ b/deps/cares/src/ares_private.h @@ -74,6 +74,7 @@ #elif defined(WATT32) #define PATH_RESOLV_CONF "/dev/ENV/etc/resolv.conf" +W32_FUNC const char *_w32_GetHostsFile (void); #elif defined(NETWARE) @@ -415,13 +416,4 @@ int ares__connect_socket(ares_channel channel, (c)->sock_state_cb((c)->sock_state_cb_data, (s), (r), (w)); \ } WHILE_FALSE -#ifdef CURLDEBUG -/* This is low-level hard-hacking memory leak tracking and similar. Using the - libcurl lowlevel code from within library is ugly and only works when - c-ares is built and linked with a similarly curldebug-enabled libcurl, - but we do this anyway for convenience. */ -#define HEADER_CURL_SETUP_ONCE_H -#include "../lib/memdebug.h" -#endif - #endif /* __ARES_PRIVATE_H */ diff --git a/deps/cares/src/ares_process.c b/deps/cares/src/ares_process.c index ff71f66a1ecce0..65c1b7ff1a856c 100644 --- a/deps/cares/src/ares_process.c +++ b/deps/cares/src/ares_process.c @@ -34,13 +34,13 @@ #endif #ifdef HAVE_ARPA_NAMESER_H # include -#else -# include "nameser.h" #endif #ifdef HAVE_ARPA_NAMESER_COMPAT_H # include #endif +#include "nameser.h" + #ifdef HAVE_STRINGS_H # include #endif @@ -87,6 +87,7 @@ static int open_udp_socket(ares_channel channel, struct server_state *server); static int same_questions(const unsigned char *qbuf, int qlen, const unsigned char *abuf, int alen); static int same_address(struct sockaddr *sa, struct ares_addr *aa); +static int has_opt_rr(const unsigned char *abuf, int alen); static void end_query(ares_channel channel, struct query *query, int status, unsigned char *abuf, int alen); @@ -608,14 +609,14 @@ static void process_answer(ares_channel channel, unsigned char *abuf, return; packetsz = PACKETSZ; - /* If we use EDNS and server answers with one of these RCODES, the protocol + /* If we use EDNS and server answers with FORMERR without an OPT RR, the protocol * extension is not understood by the responder. We must retry the query * without EDNS enabled. */ if (channel->flags & ARES_FLAG_EDNS) { packetsz = channel->ednspsz; - if (rcode == NOTIMP || rcode == FORMERR || rcode == SERVFAIL) + if (rcode == FORMERR && has_opt_rr(abuf, alen) != 1) { int qlen = (query->tcplen - 2) - EDNSFIXEDSZ; channel->flags ^= ARES_FLAG_EDNS; @@ -1354,6 +1355,85 @@ static int same_address(struct sockaddr *sa, struct ares_addr *aa) return 0; /* different */ } +/* search for an OPT RR in the response */ +static int has_opt_rr(const unsigned char *abuf, int alen) +{ + unsigned int qdcount, ancount, nscount, arcount, i; + const unsigned char *aptr; + int status; + + if (alen < HFIXEDSZ) + return -1; + + /* Parse the answer header. */ + qdcount = DNS_HEADER_QDCOUNT(abuf); + ancount = DNS_HEADER_ANCOUNT(abuf); + nscount = DNS_HEADER_NSCOUNT(abuf); + arcount = DNS_HEADER_ARCOUNT(abuf); + + aptr = abuf + HFIXEDSZ; + + /* skip the questions */ + for (i = 0; i < qdcount; i++) + { + char* name; + long len; + status = ares_expand_name(aptr, abuf, alen, &name, &len); + if (status != ARES_SUCCESS) + return -1; + ares_free_string(name); + if (aptr + len + QFIXEDSZ > abuf + alen) + return -1; + aptr += len + QFIXEDSZ; + } + + /* skip the ancount and nscount */ + for (i = 0; i < ancount + nscount; i++) + { + char* name; + long len; + int dlen; + status = ares_expand_name(aptr, abuf, alen, &name, &len); + if (status != ARES_SUCCESS) + return -1; + ares_free_string(name); + if (aptr + len + RRFIXEDSZ > abuf + alen) + return -1; + aptr += len; + dlen = DNS_RR_LEN(aptr); + aptr += RRFIXEDSZ; + if (aptr + dlen > abuf + alen) + return -1; + aptr += dlen; + } + + /* search for rr type (41) - opt */ + for (i = 0; i < arcount; i++) + { + char* name; + long len; + int dlen; + status = ares_expand_name(aptr, abuf, alen, &name, &len); + if (status != ARES_SUCCESS) + return -1; + ares_free_string(name); + if (aptr + len + RRFIXEDSZ > abuf + alen) + return -1; + aptr += len; + + if (DNS_RR_TYPE(aptr) == T_OPT) + return 1; + + dlen = DNS_RR_LEN(aptr); + aptr += RRFIXEDSZ; + if (aptr + dlen > abuf + alen) + return -1; + aptr += dlen; + } + + return 0; +} + static void end_query (ares_channel channel, struct query *query, int status, unsigned char *abuf, int alen) { diff --git a/deps/cares/src/ares_query.c b/deps/cares/src/ares_query.c index b38b8a6c22c4db..5bbb2f5c326bdb 100644 --- a/deps/cares/src/ares_query.c +++ b/deps/cares/src/ares_query.c @@ -45,7 +45,7 @@ static void rc4(rc4_key* key, unsigned char *buffer_ptr, int buffer_len) unsigned char y; unsigned char* state; unsigned char xorIndex; - short counter; + int counter; x = key->x; y = key->y; diff --git a/deps/cares/src/ares_strsplit.h b/deps/cares/src/ares_strsplit.h index da286a9aef6b51..e00fd14dd5a131 100644 --- a/deps/cares/src/ares_strsplit.h +++ b/deps/cares/src/ares_strsplit.h @@ -40,3 +40,4 @@ void ares_strsplit_free(char **elms, size_t num_elm); #endif /* HEADER_CARES_STRSPLIT_H */ +