From 333221862ecbebde60dd16e7ca17d26444e62f50 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Mon, 8 Apr 2019 11:19:38 +0200 Subject: [PATCH] resolv: Remove RES_INSECURE1, RES_INSECURE2 Always perform the associated security checks. --- ChangeLog | 9 +++++++++ NEWS | 3 +++ resolv/res_debug.c | 2 -- resolv/res_send.c | 32 +++++++++++++------------------- resolv/resolv.h | 2 -- 5 files changed, 25 insertions(+), 23 deletions(-) diff --git a/ChangeLog b/ChangeLog index bc43b72..6b7f19a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,14 @@ 2019-04-08 Florian Weimer + * resolv/resolv.h (RES_INSECURE1, RES_INSECURE2): Remove + definitions. + * resolv/res_send.c (send_dg): Always perform RES_INSECURE1 and + RES_INSECURE2 security checks. + * resolv/res_debug.c (p_option): Remove RES_INSECURE1 and + RES_INSECURE2 handling. + +2019-04-08 Florian Weimer + resolv: Remove support for RES_USE_INET6 and the inet6 option. * nscd/aicache.c (addhstaiX): Do not disable RES_USE_INET6. * nscd/nscd_gehst_r.c (__nscd_gethostbyname_r): Always use diff --git a/NEWS b/NEWS index 53011b6..b58e246 100644 --- a/NEWS +++ b/NEWS @@ -38,6 +38,9 @@ Deprecated and removed features, and other changes affecting compatibility: * Support for the "inet6" option in /etc/resolv.conf and the RES_USE_INET6 resolver flag (deprecated in glibc 2.25) have been removed. +* The obsolete RES_INSECURE1 and RES_INSECURE2 option flags for the DNS stub + resolver have been removed from . + Changes to build and runtime requirements: * GCC 6.2 or later is required to build the GNU C Library. diff --git a/resolv/res_debug.c b/resolv/res_debug.c index e4664c1..4dac71f 100644 --- a/resolv/res_debug.c +++ b/resolv/res_debug.c @@ -604,8 +604,6 @@ p_option(u_long option) { case RES_DEFNAMES: return "defnam"; case RES_STAYOPEN: return "styopn"; case RES_DNSRCH: return "dnsrch"; - case RES_INSECURE1: return "insecure1"; - case RES_INSECURE2: return "insecure2"; case RES_NOALIASES: return "noaliases"; case RES_ROTATE: return "rotate"; case RES_USE_EDNS0: return "edns0"; diff --git a/resolv/res_send.c b/resolv/res_send.c index ca441c4..eeeb8ac 100644 --- a/resolv/res_send.c +++ b/resolv/res_send.c @@ -1316,31 +1316,25 @@ send_dg(res_state statp, */ goto wait; } - if (!(statp->options & RES_INSECURE1) && - !res_ourserver_p(statp, &from)) { - /* - * response from wrong server? ignore it. - * XXX - potential security hazard could - * be detected here. - */ - goto wait; - } - if (!(statp->options & RES_INSECURE2) - && (recvresp1 || !res_queriesmatch(buf, buf + buflen, + + /* Paranoia check. Due to the connected UDP socket, + the kernel has already filtered invalid addresses + for us. */ + if (!res_ourserver_p(statp, &from)) + goto wait; + + /* Check for the correct header layout and a matching + question. */ + if ((recvresp1 || !res_queriesmatch(buf, buf + buflen, *thisansp, *thisansp + *thisanssizp)) && (recvresp2 || !res_queriesmatch(buf2, buf2 + buflen2, *thisansp, *thisansp - + *thisanssizp))) { - /* - * response contains wrong query? ignore it. - * XXX - potential security hazard could - * be detected here. - */ - goto wait; - } + + *thisanssizp))) + goto wait; + if (anhp->rcode == SERVFAIL || anhp->rcode == NOTIMP || anhp->rcode == REFUSED) { diff --git a/resolv/resolv.h b/resolv/resolv.h index ad053d9..7a8023a 100644 --- a/resolv/resolv.h +++ b/resolv/resolv.h @@ -115,8 +115,6 @@ struct res_sym { #define RES_DEFNAMES 0x00000080 /* use default domain name */ #define RES_STAYOPEN 0x00000100 /* Keep TCP socket open */ #define RES_DNSRCH 0x00000200 /* search up local domain tree */ -#define RES_INSECURE1 0x00000400 /* type 1 security disabled */ -#define RES_INSECURE2 0x00000800 /* type 2 security disabled */ #define RES_NOALIASES 0x00001000 /* shuts off HOSTALIASES feature */ #define RES_ROTATE 0x00004000 /* rotate ns list after each query */ #define RES_NOCHECKNAME \ -- 2.7.4