ares_strerror() segfaulted if the input error number was out of the currently

[platform/upstream/c-ares.git] / CHANGES

  Changelog for the c-ares project

* October 2 2007 (Daniel Stenberg)
- ares_strerror() segfaulted if the input error number was out of the currently
  supported range.

* September 28 2007 (Daniel Stenberg)

- Bumped version to 1.5.0 for next release and soname bumped to 2 due to ABI
  and API changes in the progress callback (and possibly more coming up from
  Steinar)

* September 28 2007 (Steinar H. Gunderson)

- Don't skip a server if it's the only one. (Bugfix from the Google tree.)

- Made the query callbacks receive the number of timeouts that happened during
  the execution of a query, and updated documentation accordingly. (Patch from
  the Google tree.)

- Support a few more socket options: ARES_OPT_SOCK_SNDBUF and
  ARES_OPT_SOCK_RCVBUF

- Always register for TCP events even if there are no outstanding queries, as
  the other side could always close the connection, which is a valid event
  which should be responded to.

* September 22 2007 (Daniel Stenberg)

- Steinar H. Gunderson fixed: Correctly clear sockets from the fd_set on in
  several functions (write_tcp_data, read_tcp_data, read_udp_packets) so that
  if it fails and the socket is closed the following code doesn't try to use
  the file descriptor.

- Steinar H. Gunderson modified c-ares to now also do to DNS retries even when
  TCP is used since there are several edge cases where it still makes sense.

- Brad House provided a fix for ares_save_options():

  Apparently I overlooked something with the ares_save_options() where it
  would try to do a malloc(0) when no options of that type needed to be saved.
  On most platforms, this was fine because malloc(0) doesn't actually return
  NULL, but on AIX it does, so ares_save_options would return ARES_ENOMEM.

* July 14 2007 (Daniel Stenberg)

- Vlad Dinulescu fixed two outstanding valgrind reports:
 
  1. In ares_query.c , in find_query_by_id we compare q->qid (which is a short
  int variable) with qid, which is declared as an int variable.  Moreover,
  DNS_HEADER_SET_QID is used to set the value of qid, but DNS_HEADER_SET_QID
  sets only the first two bytes of qid. I think that qid should be declared as
  "unsigned short" in this function.

  2. The same problem occurs in ares_process.c, process_answer() .  query->qid
  (an unsigned short integer variable) is compared with id, which is an
  integer variable. Moreover, id is initialized from DNS_HEADER_QID which sets
  only the first two bytes of id. I think that the id variable should be
  declared as "unsigned short" in this function.

  Even after declaring these variables as "unsigned short", the valgrind
  errors are still there. Which brings us to the third problem.

  3. The third problem is that Valgrind assumes that query->qid is not
  initialised correctly. And it does that because query->qid is set from
  DNS_HEADER_QID(qbuf); Valgrind says that qbuf has unitialised bytes. And
  qbuf has uninitialised bytes because of channel->next_id . And next_id is
  set by ares_init.c:ares__generate_new_id() . I found that putting short r=0
  in this function (instead of short r) makes all Valgrind warnings go away.
  I have studied ares__rc4() too, and this is the offending line:

        buffer_ptr[counter] ^= state[xorIndex];   (ares_query.c:62)

  This is what triggers Valgrind.. buffer_ptr is unitialised in this function,
  and by applying ^= on it, it remains unitialised.

Version 1.4.0 (June 8, 2007)

* June 4 2007 (Daniel Stenberg)

- James Bursa reported a major memory problem when resolving multi-IP names
  and I found and fixed the problem. It was added by Ashish Sharma's patch
  two days ago.

  When I then tried to verify multiple entries in /etc/hosts after my fix, I
  got another segfault and decided this code was not ripe for inclusion and I
  reverted the patch.

* June 2 2007

- Brad Spencer found and fixed three flaws in the code, found with the new
  gcc 4.2.0 warning: -Waddress

- Brad House fixed VS2005 compiler warnings due to time_t being 64bit.
  He also made recent Microsoft compilers use _strdup() instead of strdup().

- Brad House's man pages for ares_save_options() and ares_destroy_options()
  were added.

- Ashish Sharma provided a patch for supporting multiple entries in the
  /etc/hosts file. Patch edited for coding style and functionality by me
  (Daniel).

* May 30 2007

- Shmulik Regev brought cryptographically secure transaction IDs:

  The c-ares library implementation uses a DNS "Transaction ID" field that is
  seeded with a pseudo random number (based on gettimeofday) which is
  incremented (++) between consecutive calls and is therefore rather
  predictable. In general, predictability of DNS Transaction ID is a well
  known security problem (e.g.
  http://bak.spc.org/dms/archive/dns_id_attack.txt) and makes a c-ares based
  implementation vulnerable to DNS poisoning. Credit goes to Amit Klein
  (Trusteer) for identifying this problem.

  The patch I wrote changes the implementation to use a more secure way of
  generating unique IDs. It starts by obtaining a key with reasonable entropy
  which is used with an RC4 stream to generate the cryptographically secure
  transaction IDs.

  Note that the key generation code (in ares_init:randomize_key) has two
  versions, the Windows specific one uses a cryptographically safe function
  provided (but undocumented :) by the operating system (described at
  http://blogs.msdn.com/michael_howard/archive/2005/01/14/353379.aspx).  The
  default implementation is a bit naive and uses the standard 'rand'
  function. Surely a better way to generate random keys exists for other
  platforms.

  The patch can be tested by using the adig utility and using the '-s' option.

- Brad House added ares_save_options() and ares_destroy_options() that can be
  used to keep options for later re-usal when ares_init_options() is used.
  
  Problem: Calling ares_init() for each lookup can be unnecessarily resource
         intensive.  On windows, it must LoadLibrary() or search the registry
         on each call to ares_init().  On unix, it must read and parse
         multiple files to obtain the necessary configuration information.  In
         a single-threaded environment, it would make sense to only
         ares_init() once, but in a heavily multi-threaded environment, it is
         undesirable to ares_init() and ares_destroy() for each thread created
         and track that.

  Solution: Create ares_save_options() and ares_destroy_options() functions to
         retrieve and free options obtained from an initialized channel.  The
         options populated can be used to pass back into ares_init_options(),
         it should populate all needed fields and not retrieve any information
         from the system.  Probably wise to destroy the cache every minute or
         so to prevent the data from becoming stale.

- Daniel S added ares_process_fd() to allow applications to ask for processing
  on specific sockets and thus avoiding select() and associated
  functions/macros.  This function will be used by upcoming libcurl releases
  for this very reason. It also made me export the ares_socket_t type in the
  public ares.h header file, since ares_process_fd() uses that type for two of
  the arguments.

* May 25 2007

- Ravi Pratap fixed a flaw in the init_by_resolv_conf() function for windows
  that could cause it to return a bad return code.

* April 16 2007

- Yang Tse: Provide ares_getopt() command-line parser function as a source
  code helper function, not belonging to the actual c-ares library.

* February 19 2007

- Vlad Dinulescu added ares_parse_ns_reply().

* February 13 2007

- Yang Tse: Fix failure to get the search sequence of /etc/hosts and
  DNS from /etc/nsswitch.conf, /etc/host.conf or /etc/svc.conf when
  /etc/resolv.conf did not exist or was unable to read it.

* November 22 2006

- Install ares_dns.h too

- Michael Wallner fixed this problem: When I set domains in the options
  struct, and there are domain/search entries in /etc/resolv.conf, the domains
  of the options struct will be overridden.

* November 6 2006

- Yang Tse removed a couple of potential zero size memory allocations.

- Andreas Rieke fixed the line endings in the areslib.dsp file that I (Daniel)
  broke in the 1.3.2 release. We should switch to a system where that file is
  auto-generated. We could rip some code for that from curl...

Version 1.3.2 (November 3, 2006)

* October 12 2006

- Prevent ares_getsock() to overflow if more than 16 sockets are used.

* September 11 2006

- Guilherme Balena Versiani: I noted a strange BUG in Win32 port
  (ares_init.c/get_iphlpapi_dns_info() function): when I disable the network
  by hand or disconnect the network cable in Windows 2000 or Windows XP, my
  application gets 127.0.0.1 as the only name server. The problem comes from
  'GetNetworkParams' function, that returns the empty string "" as the only
  name server in that case. Moreover, the Windows implementation of
  inet_addr() returns INADDR_LOOPBACK instead of INADDR_NONE.

* August 29 2006

- Brad Spencer did

  o made ares_version.h use extern "C" for c++ compilers
  o fixed compiler warnings in ares_getnameinfo.c
  o fixed a buffer position init for TCP reads

* August 3 2006

- Ravi Pratap fixed ares_getsock() to actually return the proper bitmap and
  not always zero!

Version 1.3.1 (June 24, 2006)

* July 23, 2006

- Gisle Vanem added getopt() to the ahost program. Currently accepts
  only [-t {a|aaaa}] to specify address family in ares_gethostbyname().

* June 19, 2006

- (wahern) Removed "big endian" DNS section and RR data integer parser
  macros from ares_dns.h, which break c-ares on my Sparc64. Bit-wise
  operations in C operate on logical values. And in any event the octets are
  already in big-endian (aka network) byte order so they're being reversed
  (thus the source of the breakage).

* June 18, 2006

- William Ahern handles EAGAIN/EWOULDBLOCK errors in most of the I/O calls
  from area_process.c.

  TODO: Handle one last EAGAIN for a UDP socket send(2) in
  ares__send_query().

* May 10, 2006

- Bram Matthys brought my attention to a libtool peculiarity where detecting
  things such as C++ compiler actually is a bad thing and since we don't need
  that detection I added a work-around, much inspired by a previous patch by
  Paolo Bonzini. This also shortens the configure script quite a lot.

* May 3, 2006

- Nick Mathewson added the ARES_OPT_SOCK_STATE_CB option that when set makes
  c-ares call a callback on socket state changes. A better way than the
  ares_getsock() to get full control over the socket state.

* January 9, 2006

- Alexander Lazic improved the getservbyport_r() configure check.

* January 6, 2006

- Alexander Lazic pointed out that the buildconf should use the ACLOCAL_FLAGS
  variable for easier controlling what it does and how it runs.

* January 5, 2006

- James Bursa fixed c-ares to find the hosts file on RISC OS, and made it
  build with newer gcc versions that no longer defines "riscos".

* December 22

- Daniel Stenberg added ares_getsock() that extracts the set of sockets to
  wait for action on. Similar to ares_fds() but not restricted to using
  select() for the waiting.

* November 25

- Yang Tse fixed some send() / recv() compiler warnings

* September 18

- Added constants that will be used by ares_getaddrinfo

- Made ares_getnameinfo use the reentrant getservbyport (getservbyport_r) if it
  is available to ensure it works properly in a threaded environment.

* September 10

- configure fix for detecting a member in the sockaddr_in6 struct which failed
  on ipv6-enabled HP-UX 11.00

Version 1.3.0 (August 29, 2005)

* August 21

- Alfredo Tupone provided a fix for the Windows code in get_iphlpapi_dns_info()
  when getting the DNS server etc.

* June 19

- Added some checks for the addrinfo structure.

* June 2

- William Ahern:

  Make UDP sockets non-blocking. I've confirmed that at least on Linux 2.4 a
  read event can come back from poll() on a valid SOCK_DGRAM socket but
  recv(2) will still block. This patch doesn't ignore EAGAIN in
  read_udp_packets(), though maybe it should. (This patch was edited by Daniel
  Stenberg and a new configure test was added (imported from curl's configure)
  to properly detect what non-blocking socket approach to use.)

  I'm not quite sure how this was happening, but I've been seeing PTR queries
  which seem to return empty responses. At least, they were empty when calling
  ares_expand_name() on the record. Here's a patch which guarantees to
  NUL-terminate the expanded name. The old behavior failed to NUL-terminate if
  len was 0, and this was causing strlen() to run past the end of the buffer
  after calling ares_expand_name() and getting ARES_SUCCESS as the return
  value. If q is not greater than *s then it's equal and *s is always
  allocated with at least one byte.

* May 16

- Added ares_getnameinfo which mimics the getnameinfo API (another feature
  that could use testing).

* May 14

- Added an inet_ntop function from BIND for systems that do not have it.

* April 9

- Made sortlist support IPv6 (this can probably use some testing).

- Made sortlist support CIDR matching for IPv4.

* April 8

- Added preliminary IPv6 support to ares_gethostbyname. Currently, sortlist
  does not work with IPv6. Also provided an implementation of bitncmp from
  BIND for systems that do not supply this function. This will be used to add
  IPv6 support to sortlist.

- Made ares_gethostbyaddr support IPv6 by specifying AF_INET6 as the family.
  The function can lookup IPv6 addresses both from files (/etc/hosts) and
  DNS lookups.

* April 7

- Tupone Alfredo fixed includes of arpa/nameser_compat.h to build fine on Mac
  OS X.

* April 5

- Dominick Meglio: Provided implementations of inet_net_pton and inet_pton
  from BIND for systems that do not include these functions.

* March 11, 2005

- Dominick Meglio added ares_parse_aaaa_reply.c and did various
  adjustments. The first little steps towards IPv6 support!

* November 7

- Fixed the VC project and makefile to use ares_cancel and ares_version

* October 24

- The released ares_version.h from 1.2.1 says 1.2.0 due to a maketgz flaw.
  This is now fixed.

Version 1.2.1 (October 20, 2004)

* September 29

- Henrik Stoerner fix: got a report that Tru64 Unix (the unix from Digital
  when they made Alpha's) uses /etc/svc.conf for the purpose fixed below for
  other OSes. He made c-ares check for and understand it if present.

- Now c-ares will use local host name lookup _before_ DNS resolving by default
  if nothing else is told.

* September 26

- Henrik Stoerner: found out that c-ares does not look at the /etc/host.conf
  file to determine the sequence in which to search /etc/hosts and DNS.  So on
  systems where this order is defined by /etc/host.conf instead of a "lookup"
  entry in /etc/resolv.conf, c-ares will always default to looking in DNS
  first, and /etc/hosts second.

  c-ares now looks at

  1) resolv.conf (for the "lookup" line);
  2) nsswitch.fon (for the "hosts:" line);
  3) host.conf (for the "order" line).

  First match wins.

- Dominick Meglio patched: C-ares on Windows assumed that the HOSTS file is
  located in a static location. It assumed
  C:\Windows\System32\Drivers\Etc. This is a poor assumption to make. In fact,
  the location of the HOSTS file can be changed via a registry setting.

  There is a key called DatabasePath which specifies the path to the HOSTS
  file:
  http://www.microsoft.com/technet/itsolutions/network/deploy/depovg/tcpip2k.mspx

  The patch will make c-ares correctly consult the registry for the location
  of this file.

* August 29

- Gisle Vanem fixed the MSVC build files.

* August 20

- Gisle Vanem made c-ares build and work with his Watt-32 TCP/IP stack.

* August 13

- Harshal Pradhan made a minor syntax change in ares_init.c to make it build
  fine with MSVC 7.1

* July 24

- Made the lib get built static only if --enable-debug is used.

- Gisle Vanem fixed:

  Basically in loops like handle_errors(), 'query->next' was assigned a local
  variable and then query was referenced after the memory was freed by
  next_server(). I've changed that so next_server() and end_query() returns
  the next query. So callers should use this ret-value.

  The next problem was that 'server->tcp_buffer_pos' had a random value at
  entry to 1st recv() (luckily causing Winsock to return ENOBUFS).

  I've also added a ares_writev() for Windows to streamline the code a bit
  more.

* July 20
- Fixed a few variable return types for some system calls. Made configure
  check for ssize_t to make it possible to use that when receiving the send()
  error code. This is necessary to prevent compiler warnings on some systems.

- Made configure create config.h, and all source files now include setup.h that
  might include the proper config.h (or a handicrafted alternative).

- Switched to 'ares_socket_t' type for sockets in ares, since Windows don't
  use 'int' for that.

- automake-ified and libool-ified c-ares. Now it builds libcares as a shared
  lib on most platforms if wanted. (This bloated the size of the release
  archive with another 200K!)

- Makefile.am now uses Makefile.inc for the c sources, h headers and man
  pages, to make it easier for other makefiles to use the exact same set of
  files.

- Adjusted 'maketgz' to use the new automake magic when building distribution
  archives.

- Anyone desires HTML and/or PDF versions of the man pages in the release
  archives?

* July 3
- Günter Knauf made c-ares build and run on Novell Netware.

* July 1
- Gisle Vanem provided Makefile.dj to build with djgpp, added a few more djgpp
  fixes and made ares not use 'errno' to provide further info on Windows.

* June 30
- Gisle Vanem made it build with djgpp and run fine with the Watt-32 stack.

* June 10
- Gisle Vanem's init patch for Windows:

  The init_by_resolv_conf() function fetches the DNS-server(s)
  from a series of registry branches.

  This can be wrong in the case where DHCP has assigned nameservers, but the
  user has overridden these servers with other prefered settings. Then it's
  wrong to use the DHCPNAMESERVER setting in registry.

  In the case of no global DHCP-assigned or fixed servers, but DNS server(s)
  per adapter, one has to query the adapter branches.  But how can c-ares know
  which adapter is valid for use? AFAICS it can't. There could be one adapter
  that is down (e.g. a VPN adapter).

  So it's better to leave this to the IP Helper API (iphlapi) available in
  Win-98/2000 and later. My patch falls-back to the old way if not available.

* June 8
- James Bursa fixed an init issue for RISC OS.

* May 11
- Nico Stappenbelt reported that when processing domain and search lines in
  the resolv.conf file, the first entry encountered is processed and used as
  the search list. According to the manual pages for both Linux, Solaris and
  Tru64, the last entry of either a domain or a search field is used.

  This is now adjusted in the code

Version 1.2.0 (April 13, 2004)

* April 2, 2004
- Updated various man pages to look nicer when converted to HTML on the web
  site.

* April 1, 2004
- Dirk Manske provided a new function that is now named ares_cancel(). It is
  used to cancel/cleanup a resolve/request made using ares functions on the
  given ares channel. It does not destroy/kill the ares channel itself.

- Dominick Meglio cleaned up the formatting in several man pages.

* March 30, 2004
- Dominick Meglio's new ares_expand_string. A helper function when decoding
  incoming DNS packages.

- Daniel Stenberg modified the Makefile.in to use a for loop for the man page
  installation to improve overview and make it easier to add man pages.

Version 1.1.0 (March 11, 2004)

* March 9, 2004
- Gisle Vanem improved build on Windows.

* February 25, 2004
- Dan Fandrich found a flaw in the Feb 22 fix.

- Added better configure --enable-debug logic (taken from the curl configure
  script). Added acinclude.m4 to the tarball.

* February 23, 2004
- Removed ares_free_errmem(), the function, the file and the man page. It was
  not used and it did nothing.

- Fixed a lot of code that wasn't "64bit clean" and thus caused a lot of
  compiler warnings on picky compilers.

* February 22, 2004
- Dominick Meglio made ares init support multiple name servers in the
  NameServer key on Windows.

* February 16, 2004
- Modified ares_private.h to include libcurl's memory debug header if
  CURLDEBUG is set. This makes all the ares-functions supervised properly by
  the curl test suite. This also forced me to add inclusion of the
  ares_private.h header in a few more files that are using some kind of
  memory-related resources.

- Made the makefile only build ahost and adig if 'make demos' is used.

* February 10, 2004
- Dirk Manske made ares_version.h installed with 'make install'

* February 4, 2004
- ares_free_errmem() is subject for removal, it is simply present for future
  purposes, and since we removed the extra parameter in strerror() it won't
  be used by c-ares!
- configure --enable-debug now enables picky compiler options if gcc is used
- fixed several compiler warnings --enable-debug showed and Joerg Mueller-Tolk
  reported

Version 1.0.0 (February 3, 2004)

* February 3, 2004
- now we produce the libcares.a library instead of the previous libares.a
  since we are no longer compatible

* February 2, 2004

- ares_strerror() has one argument less. This is the first official
  modification of the existing provided ares API.

* January 29, 2004

- Dirk Manske fixed how the socket is set non-blocking.

* January 4, 2004

- Dominick Meglio made the private gettimeofday() become ares_gettimeofday()
  instead in order to not pollute the name space and risk colliding with
  other libraries' versions of this function.

* October 24, 2003. Daniel Stenberg

  Added ares_version().

Version 1.0-pre1 (8 October 2003)

- James Bursa made it run on RISC OS

- Dominick Meglio made it run fine on NT4

- Duncan Wilcox made it work fine on Mac OS X

- Daniel Stenberg adjusted the windows port

- liren at vivisimo.com made the initial windows port

* Imported the sources from ares 1.1.1