gkdbus: Fix underflow and unreachable code bug

[platform/upstream/glib.git] / gio / gresolver.c

diff --git a/gio/gresolver.c b/gio/gresolver.c
index 7f06432..4c29d58 100644 (file)
--- a/gio/gresolver.c
+++ b/gio/gresolver.c
@@ -5,6 +5,8 @@
  * Copyright (C) 2008 Red Hat, Inc.
  * Copyright (C) 2018 Igalia S.L.
  *
+ * SPDX-License-Identifier: LGPL-2.1-or-later
+ *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
@@ -53,8 +55,18 @@
  * #GNetworkAddress and #GNetworkService provide wrappers around
  * #GResolver functionality that also implement #GSocketConnectable,
  * making it easy to connect to a remote host/service.
+ *
+ * The default resolver (see g_resolver_get_default()) has a timeout of 30s set
+ * on it since GLib 2.78. Earlier versions of GLib did not support resolver
+ * timeouts.
  */
 
+typedef enum {
+  PROP_TIMEOUT = 1,
+} GResolverProperty;
+
+static GParamSpec *props[PROP_TIMEOUT + 1] = { NULL, };
+
 enum {
   RELOAD,
   LAST_SIGNAL
@@ -63,10 +75,11 @@ enum {
 static guint signals[LAST_SIGNAL] = { 0 };
 
 struct _GResolverPrivate {
+  unsigned timeout_ms;
+
 #ifdef G_OS_UNIX
-  time_t resolv_conf_timestamp;
-#else
-  int dummy;
+  GMutex mutex;
+  time_t resolv_conf_timestamp;  /* protected by @mutex */
 #endif
 };
 
@@ -149,14 +162,93 @@ g_resolver_real_lookup_service_finish (GResolver            *resolver,
 }
 
 static void
+g_resolver_get_property (GObject    *object,
+                         guint       prop_id,
+                         GValue     *value,
+                         GParamSpec *pspec)
+{
+  GResolver *self = G_RESOLVER (object);
+
+  switch ((GResolverProperty) prop_id)
+    {
+    case PROP_TIMEOUT:
+      g_value_set_uint (value, g_resolver_get_timeout (self));
+      break;
+    default:
+      G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+    }
+}
+
+static void
+g_resolver_set_property (GObject      *object,
+                         guint         prop_id,
+                         const GValue *value,
+                         GParamSpec   *pspec)
+{
+  GResolver *self = G_RESOLVER (object);
+
+  switch ((GResolverProperty) prop_id)
+    {
+    case PROP_TIMEOUT:
+      g_resolver_set_timeout (self, g_value_get_uint (value));
+      break;
+    default:
+      G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+    }
+}
+
+static void
+g_resolver_finalize (GObject *object)
+{
+#ifdef G_OS_UNIX
+  GResolver *resolver = G_RESOLVER (object);
+
+  g_mutex_clear (&resolver->priv->mutex);
+#endif
+
+  G_OBJECT_CLASS (g_resolver_parent_class)->finalize (object);
+}
+
+static void
 g_resolver_class_init (GResolverClass *resolver_class)
 {
+  GObjectClass *object_class = G_OBJECT_CLASS (resolver_class);
+
+  object_class->get_property = g_resolver_get_property;
+  object_class->set_property = g_resolver_set_property;
+  object_class->finalize = g_resolver_finalize;
+
   /* Automatically pass these over to the lookup_records methods */
   resolver_class->lookup_service = g_resolver_real_lookup_service;
   resolver_class->lookup_service_async = g_resolver_real_lookup_service_async;
   resolver_class->lookup_service_finish = g_resolver_real_lookup_service_finish;
 
   /**
+   * GResolver:timeout:
+   *
+   * The timeout applied to all resolver lookups, in milliseconds.
+   *
+   * This may be changed through the lifetime of the #GResolver. The new value
+   * will apply to any lookups started after the change, but not to any
+   * already-ongoing lookups.
+   *
+   * If this is `0`, no timeout is applied to lookups.
+   *
+   * No timeout was applied to lookups before this property was added in
+   * GLib 2.78.
+   *
+   * Since: 2.78
+   */
+  props[PROP_TIMEOUT] =
+    g_param_spec_uint ("timeout",
+                       P_("Timeout"),
+                       P_("Timeout (ms) applied to all resolver lookups"),
+                       0, G_MAXUINT, 0,
+                       G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS | G_PARAM_EXPLICIT_NOTIFY);
+
+  g_object_class_install_properties (object_class, G_N_ELEMENTS (props), props);
+
+  /**
    * GResolver::reload:
    * @resolver: a #GResolver
    *
@@ -169,7 +261,7 @@ g_resolver_class_init (GResolverClass *resolver_class)
                  G_SIGNAL_RUN_LAST,
                  G_STRUCT_OFFSET (GResolverClass, reload),
                  NULL, NULL,
-                 g_cclosure_marshal_VOID__VOID,
+                 NULL,
                  G_TYPE_NONE, 0);
 }
 
@@ -185,6 +277,8 @@ g_resolver_init (GResolver *resolver)
 #ifdef G_OS_UNIX
   if (stat (_PATH_RESCONF, &st) == 0)
     resolver->priv->resolv_conf_timestamp = st.st_mtime;
+
+  g_mutex_init (&resolver->priv->mutex);
 #endif
 }
 
@@ -209,7 +303,9 @@ g_resolver_get_default (void)
 
   G_LOCK (default_resolver);
   if (!default_resolver)
-    default_resolver = g_object_new (G_TYPE_THREADED_RESOLVER, NULL);
+    default_resolver = g_object_new (G_TYPE_THREADED_RESOLVER,
+                                     "timeout", 30000,
+                                     NULL);
   ret = g_object_ref (default_resolver);
   G_UNLOCK (default_resolver);
 
@@ -242,27 +338,23 @@ g_resolver_set_default (GResolver *resolver)
   G_UNLOCK (default_resolver);
 }
 
-/* Bionic has res_init() but it's not in any header */
-#ifdef __BIONIC__
-int res_init (void);
-#endif
-
 static void
-g_resolver_maybe_reload (GResolver *resolver)
+maybe_emit_reload (GResolver *resolver)
 {
 #ifdef G_OS_UNIX
   struct stat st;
 
   if (stat (_PATH_RESCONF, &st) == 0)
     {
+      g_mutex_lock (&resolver->priv->mutex);
       if (st.st_mtime != resolver->priv->resolv_conf_timestamp)
         {
           resolver->priv->resolv_conf_timestamp = st.st_mtime;
-#ifdef HAVE_RES_INIT
-          res_init ();
-#endif
+          g_mutex_unlock (&resolver->priv->mutex);
           g_signal_emit (resolver, signals[RELOAD], 0);
         }
+      else
+        g_mutex_unlock (&resolver->priv->mutex);
     }
 #endif
 }
@@ -296,15 +388,50 @@ remove_duplicates (GList *addrs)
     }
 }
 
+static gboolean
+hostname_is_localhost (const char *hostname)
+{
+  size_t len = strlen (hostname);
+  const char *p;
+
+  /* Match "localhost", "localhost.", "*.localhost" and "*.localhost." */
+  if (len < strlen ("localhost"))
+    return FALSE;
+
+  if (hostname[len - 1] == '.')
+      len--;
+
+  /* Scan backwards in @hostname to find the right-most dot (excluding the final dot, if it exists, as it was chopped off above).
+   * We can’t use strrchr() because because we need to operate with string lengths.
+   * End with @p pointing to the character after the right-most dot. */
+  p = hostname + len - 1;
+  while (p >= hostname)
+    {
+      if (*p == '.')
+       {
+         p++;
+         break;
+       }
+      else if (p == hostname)
+        break;
+      p--;
+    }
+
+  len -= p - hostname;
+
+  return g_ascii_strncasecmp (p, "localhost", MAX (len, strlen ("localhost"))) == 0;
+}
+
 /* Note that this does not follow the "FALSE means @error is set"
  * convention. The return value tells the caller whether it should
  * return @addrs and @error to the caller right away, or if it should
  * continue and trying to resolve the name as a hostname.
  */
 static gboolean
-handle_ip_address (const char  *hostname,
-                   GList      **addrs,
-                   GError     **error)
+handle_ip_address_or_localhost (const char                *hostname,
+                                GList                    **addrs,
+                                GResolverNameLookupFlags   flags,
+                                GError                   **error)
 {
   GInetAddress *addr;
 
@@ -355,6 +482,28 @@ handle_ip_address (const char  *hostname,
       return TRUE;
     }
 
+  /* Always resolve localhost to a loopback address so it can be reliably considered secure.
+     This behavior is being adopted by browsers:
+     - https://w3c.github.io/webappsec-secure-contexts/
+     - https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/RC9dSw-O3fE/E3_0XaT0BAAJ
+     - https://chromium.googlesource.com/chromium/src.git/+/8da2a80724a9b896890602ff77ef2216cb951399
+     - https://bugs.webkit.org/show_bug.cgi?id=171934
+     - https://tools.ietf.org/html/draft-west-let-localhost-be-localhost-06
+  */
+  if (hostname_is_localhost (hostname))
+    {
+      if (flags & G_RESOLVER_NAME_LOOKUP_FLAGS_IPV6_ONLY)
+        *addrs = g_list_append (*addrs, g_inet_address_new_loopback (G_SOCKET_FAMILY_IPV6)); 
+      if (flags & G_RESOLVER_NAME_LOOKUP_FLAGS_IPV4_ONLY)
+        *addrs = g_list_append (*addrs, g_inet_address_new_loopback (G_SOCKET_FAMILY_IPV4));
+      if (*addrs == NULL)
+        {
+          *addrs = g_list_append (*addrs, g_inet_address_new_loopback (G_SOCKET_FAMILY_IPV6));
+          *addrs = g_list_append (*addrs, g_inet_address_new_loopback (G_SOCKET_FAMILY_IPV4));
+        }
+      return TRUE;
+    }
+
   return FALSE;
 }
 
@@ -374,7 +523,7 @@ lookup_by_name_real (GResolver                 *resolver,
   g_return_val_if_fail (error == NULL || *error == NULL, NULL);
 
   /* Check if @hostname is just an IP address */
-  if (handle_ip_address (hostname, &addrs, error))
+  if (handle_ip_address_or_localhost (hostname, &addrs, flags, error))
     return addrs;
 
   if (g_hostname_is_non_ascii (hostname))
@@ -387,7 +536,7 @@ lookup_by_name_real (GResolver                 *resolver,
       return NULL;
     }
 
-  g_resolver_maybe_reload (resolver);
+  maybe_emit_reload (resolver);
 
   if (flags != G_RESOLVER_NAME_LOOKUP_FLAGS_DEFAULT)
     {
@@ -473,7 +622,7 @@ g_resolver_lookup_by_name (GResolver     *resolver,
  *
  * This differs from g_resolver_lookup_by_name() in that you can modify
  * the lookup behavior with @flags. For example this can be used to limit
- * results with #G_RESOLVER_NAME_LOOKUP_FLAGS_IPV4_ONLY.
+ * results with %G_RESOLVER_NAME_LOOKUP_FLAGS_IPV4_ONLY.
  *
  * Returns: (element-type GInetAddress) (transfer full): a non-empty #GList
  * of #GInetAddress, or %NULL on error. You
@@ -513,12 +662,13 @@ lookup_by_name_async_real (GResolver                *resolver,
   g_return_if_fail (!(flags & G_RESOLVER_NAME_LOOKUP_FLAGS_IPV4_ONLY && flags & G_RESOLVER_NAME_LOOKUP_FLAGS_IPV6_ONLY));
 
   /* Check if @hostname is just an IP address */
-  if (handle_ip_address (hostname, &addrs, &error))
+  if (handle_ip_address_or_localhost (hostname, &addrs, flags, &error))
     {
       GTask *task;
 
       task = g_task_new (resolver, cancellable, callback, user_data);
       g_task_set_source_tag (task, lookup_by_name_async_real);
+      g_task_set_name (task, "[gio] resolver lookup");
       if (addrs)
         g_task_return_pointer (task, addrs, (GDestroyNotify) g_resolver_free_addresses);
       else
@@ -538,12 +688,13 @@ lookup_by_name_async_real (GResolver                *resolver,
                            _("Invalid hostname"));
       task = g_task_new (resolver, cancellable, callback, user_data);
       g_task_set_source_tag (task, lookup_by_name_async_real);
+      g_task_set_name (task, "[gio] resolver lookup");
       g_task_return_error (task, error);
       g_object_unref (task);
       return;
     }
 
-  g_resolver_maybe_reload (resolver);
+  maybe_emit_reload (resolver);
 
   if (flags != G_RESOLVER_NAME_LOOKUP_FLAGS_DEFAULT)
     {
@@ -556,6 +707,7 @@ lookup_by_name_async_real (GResolver                *resolver,
                        _("%s not implemented"), "lookup_by_name_with_flags_async");
           task = g_task_new (resolver, cancellable, callback, user_data);
           g_task_set_source_tag (task, lookup_by_name_async_real);
+          g_task_set_name (task, "[gio] resolver lookup");
           g_task_return_error (task, error);
           g_object_unref (task);
         }
@@ -611,8 +763,8 @@ lookup_by_name_finish_real (GResolver     *resolver,
  * @hostname: the hostname to look up the address of
  * @flags: extra #GResolverNameLookupFlags for the lookup
  * @cancellable: (nullable): a #GCancellable, or %NULL
- * @callback: (scope async): callback to call after resolution completes
- * @user_data: (closure): data for @callback
+ * @callback: (scope async) (closure user_data): callback to call after resolution completes
+ * @user_data: data for @callback
  *
  * Begins asynchronously resolving @hostname to determine its
  * associated IP address(es), and eventually calls @callback, which
@@ -642,8 +794,8 @@ g_resolver_lookup_by_name_with_flags_async (GResolver                *resolver,
  * @resolver: a #GResolver
  * @hostname: the hostname to look up the address of
  * @cancellable: (nullable): a #GCancellable, or %NULL
- * @callback: (scope async): callback to call after resolution completes
- * @user_data: (closure): data for @callback
+ * @callback: (scope async) (closure user_data): callback to call after resolution completes
+ * @user_data: data for @callback
  *
  * Begins asynchronously resolving @hostname to determine its
  * associated IP address(es), and eventually calls @callback, which
@@ -779,7 +931,7 @@ g_resolver_lookup_by_address (GResolver     *resolver,
   g_return_val_if_fail (G_IS_RESOLVER (resolver), NULL);
   g_return_val_if_fail (G_IS_INET_ADDRESS (address), NULL);
 
-  g_resolver_maybe_reload (resolver);
+  maybe_emit_reload (resolver);
   return G_RESOLVER_GET_CLASS (resolver)->
     lookup_by_address (resolver, address, cancellable, error);
 }
@@ -789,8 +941,8 @@ g_resolver_lookup_by_address (GResolver     *resolver,
  * @resolver: a #GResolver
  * @address: the address to reverse-resolve
  * @cancellable: (nullable): a #GCancellable, or %NULL
- * @callback: (scope async): callback to call after resolution completes
- * @user_data: (closure): data for @callback
+ * @callback: (scope async) (closure user_data): callback to call after resolution completes
+ * @user_data: data for @callback
  *
  * Begins asynchronously reverse-resolving @address to determine its
  * associated hostname, and eventually calls @callback, which must
@@ -808,7 +960,7 @@ g_resolver_lookup_by_address_async (GResolver           *resolver,
   g_return_if_fail (G_IS_RESOLVER (resolver));
   g_return_if_fail (G_IS_INET_ADDRESS (address));
 
-  g_resolver_maybe_reload (resolver);
+  maybe_emit_reload (resolver);
   G_RESOLVER_GET_CLASS (resolver)->
     lookup_by_address_async (resolver, address, cancellable, callback, user_data);
 }
@@ -925,7 +1077,7 @@ g_resolver_lookup_service (GResolver     *resolver,
       return NULL;
     }
 
-  g_resolver_maybe_reload (resolver);
+  maybe_emit_reload (resolver);
   targets = G_RESOLVER_GET_CLASS (resolver)->
     lookup_service (resolver, rrname, cancellable, error);
 
@@ -940,8 +1092,8 @@ g_resolver_lookup_service (GResolver     *resolver,
  * @protocol: the networking protocol to use for @service (eg, "tcp")
  * @domain: the DNS domain to look up the service in
  * @cancellable: (nullable): a #GCancellable, or %NULL
- * @callback: (scope async): callback to call after resolution completes
- * @user_data: (closure): data for @callback
+ * @callback: (scope async) (closure user_data): callback to call after resolution completes
+ * @user_data: data for @callback
  *
  * Begins asynchronously performing a DNS SRV lookup for the given
  * @service and @protocol in the given @domain, and eventually calls
@@ -977,7 +1129,7 @@ g_resolver_lookup_service_async (GResolver           *resolver,
       return;
     }
 
-  g_resolver_maybe_reload (resolver);
+  maybe_emit_reload (resolver);
   G_RESOLVER_GET_CLASS (resolver)->
     lookup_service_async (resolver, rrname, cancellable, callback, user_data);
 
@@ -1041,8 +1193,8 @@ g_resolver_free_targets (GList *targets)
 /**
  * g_resolver_lookup_records:
  * @resolver: a #GResolver
- * @rrname: the DNS name to lookup the record for
- * @record_type: the type of DNS record to lookup
+ * @rrname: the DNS name to look up the record for
+ * @record_type: the type of DNS record to look up
  * @cancellable: (nullable): a #GCancellable, or %NULL
  * @error: return location for a #GError, or %NULL
  *
@@ -1076,7 +1228,7 @@ g_resolver_lookup_records (GResolver            *resolver,
   g_return_val_if_fail (G_IS_RESOLVER (resolver), NULL);
   g_return_val_if_fail (rrname != NULL, NULL);
 
-  g_resolver_maybe_reload (resolver);
+  maybe_emit_reload (resolver);
   records = G_RESOLVER_GET_CLASS (resolver)->
     lookup_records (resolver, rrname, record_type, cancellable, error);
 
@@ -1086,11 +1238,11 @@ g_resolver_lookup_records (GResolver            *resolver,
 /**
  * g_resolver_lookup_records_async:
  * @resolver: a #GResolver
- * @rrname: the DNS name to lookup the record for
- * @record_type: the type of DNS record to lookup
+ * @rrname: the DNS name to look up the record for
+ * @record_type: the type of DNS record to look up
  * @cancellable: (nullable): a #GCancellable, or %NULL
- * @callback: (scope async): callback to call after resolution completes
- * @user_data: (closure): data for @callback
+ * @callback: (scope async) (closure user_data): callback to call after resolution completes
+ * @user_data: data for @callback
  *
  * Begins asynchronously performing a DNS lookup for the given
  * @rrname, and eventually calls @callback, which must call
@@ -1110,7 +1262,7 @@ g_resolver_lookup_records_async (GResolver           *resolver,
   g_return_if_fail (G_IS_RESOLVER (resolver));
   g_return_if_fail (rrname != NULL);
 
-  g_resolver_maybe_reload (resolver);
+  maybe_emit_reload (resolver);
   G_RESOLVER_GET_CLASS (resolver)->
     lookup_records_async (resolver, rrname, record_type, cancellable, callback, user_data);
 }
@@ -1150,15 +1302,65 @@ g_resolver_lookup_records_finish (GResolver     *resolver,
 guint64
 g_resolver_get_serial (GResolver *resolver)
 {
+  guint64 result;
+
   g_return_val_if_fail (G_IS_RESOLVER (resolver), 0);
 
-  g_resolver_maybe_reload (resolver);
+  maybe_emit_reload (resolver);
 
 #ifdef G_OS_UNIX
-  return (guint64) resolver->priv->resolv_conf_timestamp;
+  g_mutex_lock (&resolver->priv->mutex);
+  result = resolver->priv->resolv_conf_timestamp;
+  g_mutex_unlock (&resolver->priv->mutex);
 #else
-  return 1;
+  result = 1;
 #endif
+
+  return result;
+}
+
+/**
+ * g_resolver_get_timeout:
+ * @resolver: a #GResolver
+ *
+ * Get the timeout applied to all resolver lookups. See #GResolver:timeout.
+ *
+ * Returns: the resolver timeout, in milliseconds, or `0` for no timeout
+ *
+ * Since: 2.78
+ */
+unsigned
+g_resolver_get_timeout (GResolver *resolver)
+{
+  GResolverPrivate *priv = g_resolver_get_instance_private (resolver);
+
+  g_return_val_if_fail (G_IS_RESOLVER (resolver), 0);
+
+  return priv->timeout_ms;
+}
+
+/**
+ * g_resolver_set_timeout:
+ * @resolver: a #GResolver
+ * @timeout_ms: timeout in milliseconds, or `0` for no timeouts
+ *
+ * Set the timeout applied to all resolver lookups. See #GResolver:timeout.
+ *
+ * Since: 2.78
+ */
+void
+g_resolver_set_timeout (GResolver *resolver,
+                        unsigned   timeout_ms)
+{
+  GResolverPrivate *priv = g_resolver_get_instance_private (resolver);
+
+  g_return_if_fail (G_IS_RESOLVER (resolver));
+
+  if (priv->timeout_ms == timeout_ms)
+    return;
+
+  priv->timeout_ms = timeout_ms;
+  g_object_notify_by_pspec (G_OBJECT (resolver), props[PROP_TIMEOUT]);
 }
 
 /**