/**
* @file dns/dnsparser.c
- * @brief helper library to parse DNS packets.
+ * @brief helper library to parse DNS packets.
* @author Philipp Toelke
* @author Christian Grothoff
*/
{
char *output;
size_t slen;
-
+
if (NULL != strchr (label, '.'))
return GNUNET_SYSERR; /* not a label! Did you mean GNUNET_DNSPARSER_check_name? */
- if (IDNA_SUCCESS !=
+ if (IDNA_SUCCESS !=
idna_to_ascii_8z (label, &output, IDNA_ALLOW_UNASSIGNED))
return GNUNET_SYSERR;
slen = strlen (output);
char *output;
size_t slen;
char *tok;
-
+
ldup = GNUNET_strdup (name);
for (tok = strtok (ldup, "."); NULL != tok; tok = strtok (NULL, "."))
if (GNUNET_OK !=
return GNUNET_SYSERR;
}
GNUNET_free (ldup);
- if (IDNA_SUCCESS !=
+ if (IDNA_SUCCESS !=
idna_to_ascii_8z (name, &output, IDNA_ALLOW_UNASSIGNED))
return GNUNET_SYSERR;
slen = strlen (output);
return;
GNUNET_free_non_null (soa->mname);
GNUNET_free_non_null (soa->rname);
- GNUNET_free (soa);
+ GNUNET_free (soa);
+}
+
+
+/**
+ * Free CERT information record.
+ *
+ * @param cert record to free
+ */
+void
+GNUNET_DNSPARSER_free_cert (struct GNUNET_DNSPARSER_CertRecord *cert)
+{
+ if (NULL == cert)
+ return;
+ GNUNET_free_non_null (cert->certificate_data);
+ GNUNET_free (cert);
}
GNUNET_free_non_null (srv->domain_name);
GNUNET_free_non_null (srv->proto);
GNUNET_free_non_null (srv->service);
- GNUNET_free (srv);
+ GNUNET_free (srv);
}
if (NULL == mx)
return;
GNUNET_free_non_null (mx->mxhost);
- GNUNET_free (mx);
+ GNUNET_free (mx);
}
/**
* Free the given DNS record.
- *
+ *
* @param r record to free
*/
void
case GNUNET_DNSPARSER_TYPE_SRV:
GNUNET_DNSPARSER_free_srv (r->data.srv);
break;
+ case GNUNET_DNSPARSER_TYPE_CERT:
+ GNUNET_DNSPARSER_free_cert (r->data.cert);
+ break;
case GNUNET_DNSPARSER_TYPE_NS:
case GNUNET_DNSPARSER_TYPE_CNAME:
case GNUNET_DNSPARSER_TYPE_PTR:
size_t xoff;
char *utf8;
Idna_rc rc;
-
+
ret = GNUNET_strdup ("");
while (1)
{
GNUNET_free (xstr);
ret = tmp;
if (strlen (ret) > udp_payload_length)
- {
+ {
GNUNET_break_op (0);
goto error; /* we are looping (building an infinite string) */
}
*off += 2;
/* pointers always terminate names */
break;
- }
+ }
else
{
/* neither pointer nor inline string, not supported... */
if (0 < strlen(ret))
ret[strlen(ret)-1] = '\0'; /* eat tailing '.' */
return ret;
- error:
+ error:
GNUNET_break_op (0);
GNUNET_free (ret);
return NULL;
char *name;
struct GNUNET_TUN_DnsQueryLine ql;
- name = GNUNET_DNSPARSER_parse_name (udp_payload,
+ name = GNUNET_DNSPARSER_parse_name (udp_payload,
udp_payload_length,
off);
if (NULL == name)
return NULL;
}
memcpy (&soa_bin,
- &udp_payload[*off],
+ &udp_payload[*off],
sizeof (struct GNUNET_TUN_DnsSoaRecord));
soa->serial = ntohl (soa_bin.serial);
soa->refresh = ntohl (soa_bin.refresh);
GNUNET_break_op (0);
return NULL;
}
- memcpy (&mxpref, &udp_payload[*off], sizeof (uint16_t));
+ memcpy (&mxpref, &udp_payload[*off], sizeof (uint16_t));
(*off) += sizeof (uint16_t);
mx = GNUNET_new (struct GNUNET_DNSPARSER_MxRecord);
mx->preference = ntohs (mxpref);
if (*off + sizeof (struct GNUNET_TUN_DnsSrvRecord) > udp_payload_length)
return NULL;
memcpy (&srv_bin,
- &udp_payload[*off],
- sizeof (struct GNUNET_TUN_DnsSrvRecord));
+ &udp_payload[*off],
+ sizeof (struct GNUNET_TUN_DnsSrvRecord));
(*off) += sizeof (struct GNUNET_TUN_DnsSrvRecord);
srv = GNUNET_new (struct GNUNET_DNSPARSER_SrvRecord);
srv->priority = ntohs (srv_bin.prio);
}
+/**
+ * Parse a DNS CERT record.
+ *
+ * @param udp_payload reference to UDP packet
+ * @param udp_payload_length length of @a udp_payload
+ * @param off pointer to the offset of the query to parse in the CERT record (to be
+ * incremented by the size of the record), unchanged on error
+ * @return the parsed CERT record, NULL on error
+ */
+struct GNUNET_DNSPARSER_CertRecord *
+GNUNET_DNSPARSER_parse_cert (const char *udp_payload,
+ size_t udp_payload_length,
+ size_t *off)
+{
+ struct GNUNET_DNSPARSER_CertRecord *cert;
+ struct GNUNET_TUN_DnsCertRecord dcert;
+
+ if (*off + sizeof (struct GNUNET_TUN_DnsCertRecord) >= udp_payload_length)
+ {
+ GNUNET_break_op (0);
+ return NULL;
+ }
+ memcpy (&dcert, &udp_payload[*off], sizeof (struct GNUNET_TUN_DnsCertRecord));
+ (*off) += sizeof (sizeof (struct GNUNET_TUN_DnsCertRecord));
+ cert = GNUNET_new (struct GNUNET_DNSPARSER_CertRecord);
+ cert->cert_type = ntohs (dcert.cert_type);
+ cert->cert_tag = ntohs (dcert.cert_tag);
+ cert->algorithm = dcert.algorithm;
+ cert->certificate_size = udp_payload_length - (*off);
+ cert->certificate_data = GNUNET_malloc (cert->certificate_size);
+ memcpy (cert->certificate_data,
+ &udp_payload[*off],
+ cert->certificate_size);
+ (*off) += cert->certificate_size;
+ return cert;
+}
+
+
/**
* Parse a DNS record entry.
*
size_t old_off;
uint16_t data_len;
- name = GNUNET_DNSPARSER_parse_name (udp_payload,
+ name = GNUNET_DNSPARSER_parse_name (udp_payload,
udp_payload_length,
off);
if (NULL == name)
case GNUNET_DNSPARSER_TYPE_PTR:
r->data.hostname = GNUNET_DNSPARSER_parse_name (udp_payload,
udp_payload_length,
- off);
+ off);
if ( (NULL == r->data.hostname) ||
(old_off + data_len != *off) )
return GNUNET_SYSERR;
break;
}
(*off) += data_len;
- return GNUNET_OK;
+ return GNUNET_OK;
}
* processing and manipulation.
*
* @param udp_payload wire-format of the DNS packet
- * @param udp_payload_length number of bytes in @a udp_payload
+ * @param udp_payload_length number of bytes in @a udp_payload
* @return NULL on error, otherwise the parsed packet
*/
struct GNUNET_DNSPARSER_Packet *
struct GNUNET_DNSPARSER_Packet *p;
const struct GNUNET_TUN_DnsHeader *dns;
size_t off;
- unsigned int n;
+ unsigned int n;
unsigned int i;
if (udp_payload_length < sizeof (struct GNUNET_TUN_DnsHeader))
udp_payload_length,
&off,
&p->authority_records[i]))
- goto error;
+ goto error;
}
n = ntohs (dns->additional_rcount);
if (n > 0)
udp_payload_length,
&off,
&p->additional_records[i]))
- goto error;
+ goto error;
}
return p;
error:
if (NULL == name)
return GNUNET_SYSERR;
- if (IDNA_SUCCESS !=
+ if (IDNA_SUCCESS !=
(rc = idna_to_ascii_8z (name, &idna_start, IDNA_ALLOW_UNASSIGNED)))
{
- GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
_("Failed to convert UTF-8 name `%s' to DNS IDNA format: %s\n"),
name,
idna_strerror (rc));
else
len = dot - idna_name;
if ( (len >= 64) || (0 == len) )
- goto fail; /* segment too long or empty */
+ {
+ GNUNET_break (0);
+ goto fail; /* segment too long or empty */
+ }
dst[pos++] = (char) (uint8_t) len;
memcpy (&dst[pos], idna_name, len);
pos += len;
#else
free (idna_start);
#endif
- return GNUNET_NO;
+ return GNUNET_NO;
}
}
+/**
+ * Add a CERT record to the UDP packet at the given location.
+ *
+ * @param dst where to write the CERT record
+ * @param dst_len number of bytes in @a dst
+ * @param off pointer to offset where to write the CERT information (increment by bytes used);
+ * can also change if there was an error
+ * @param cert CERT information to write
+ * @return #GNUNET_SYSERR if @a cert is invalid
+ * #GNUNET_NO if @a cert did not fit
+ * #GNUNET_OK if @a cert was added to @a dst
+ */
+int
+GNUNET_DNSPARSER_builder_add_cert (char *dst,
+ size_t dst_len,
+ size_t *off,
+ const struct GNUNET_DNSPARSER_CertRecord *cert)
+{
+ struct GNUNET_TUN_DnsCertRecord dcert;
+
+ if ( (cert->cert_type > UINT16_MAX) ||
+ (cert->cert_tag > UINT16_MAX) ||
+ (cert->algorithm > UINT8_MAX) )
+ {
+ GNUNET_break (0);
+ return GNUNET_SYSERR;
+ }
+ if (*off + sizeof (struct GNUNET_TUN_DnsCertRecord) + cert->certificate_size > dst_len)
+ return GNUNET_NO;
+ dcert.cert_type = htons ((uint16_t) cert->cert_type);
+ dcert.cert_tag = htons ((uint16_t) cert->cert_tag);
+ dcert.algorithm = (uint8_t) cert->algorithm;
+ memcpy (&dst[*off], &dcert, sizeof (dcert));
+ (*off) += sizeof (dcert);
+ memcpy (&dst[*off], cert->certificate_data, cert->certificate_size);
+ (*off) += cert->certificate_size;
+ return GNUNET_OK;
+}
+
+
/**
* Add an SOA record to the UDP packet at the given location.
*
int ret;
if ( (GNUNET_OK != (ret = GNUNET_DNSPARSER_builder_add_name (dst,
- dst_len,
- off,
- soa->mname))) ||
+ dst_len,
+ off,
+ soa->mname))) ||
(GNUNET_OK != (ret = GNUNET_DNSPARSER_builder_add_name (dst,
- dst_len,
- off,
- soa->rname)) ) )
+ dst_len,
+ off,
+ soa->rname)) ) )
return ret;
if (*off + sizeof (struct GNUNET_TUN_DnsSoaRecord) > dst_len)
return GNUNET_NO;
size_t pos;
struct GNUNET_TUN_DnsRecordLine rl;
char *name;
-
+
start = *off;
/* for SRV records, we can create the name from the details
of the record if needed */
pos = *off + sizeof (struct GNUNET_TUN_DnsRecordLine);
switch (record->type)
- {
+ {
case GNUNET_DNSPARSER_TYPE_MX:
- ret = GNUNET_DNSPARSER_builder_add_mx (dst, dst_len, &pos, record->data.mx);
+ ret = GNUNET_DNSPARSER_builder_add_mx (dst, dst_len, &pos, record->data.mx);
+ break;
+ case GNUNET_DNSPARSER_TYPE_CERT:
+ ret = GNUNET_DNSPARSER_builder_add_cert (dst, dst_len, &pos, record->data.cert);
break;
case GNUNET_DNSPARSER_TYPE_SOA:
ret = GNUNET_DNSPARSER_builder_add_soa (dst, dst_len, &pos, record->data.soa);
rl.data_len = htons ((uint16_t) (pos - (*off + sizeof (struct GNUNET_TUN_DnsRecordLine))));
memcpy (&dst[*off], &rl, sizeof (struct GNUNET_TUN_DnsRecordLine));
*off = pos;
- return GNUNET_OK;
+ return GNUNET_OK;
}
/**
* Given a DNS packet @a p, generate the corresponding UDP payload.
* Note that we do not attempt to pack the strings with pointers
- * as this would complicate the code and this is about being
+ * as this would complicate the code and this is about being
* simple and secure, not fast, fancy and broken like bind.
*
* @param p packet to pack
uint16_t max,
char **buf,
size_t *buf_length)
-{
+{
struct GNUNET_TUN_DnsHeader dns;
size_t off;
char tmp[max];
unsigned int i;
int ret;
int trc;
-
+
if ( (p->num_queries > UINT16_MAX) ||
(p->num_answers > UINT16_MAX) ||
(p->num_authority_records > UINT16_MAX) ||
trc = GNUNET_NO;
for (i=0;i<p->num_queries;i++)
{
- ret = GNUNET_DNSPARSER_builder_add_query (tmp, sizeof (tmp), &off, &p->queries[i]);
+ ret = GNUNET_DNSPARSER_builder_add_query (tmp, sizeof (tmp), &off, &p->queries[i]);
if (GNUNET_SYSERR == ret)
return GNUNET_SYSERR;
if (GNUNET_NO == ret)
{
dns.query_count = htons ((uint16_t) (i-1));
- trc = GNUNET_YES;
+ trc = GNUNET_YES;
break;
}
}
for (i=0;i<p->num_answers;i++)
{
- ret = add_record (tmp, sizeof (tmp), &off, &p->answers[i]);
+ ret = add_record (tmp, sizeof (tmp), &off, &p->answers[i]);
if (GNUNET_SYSERR == ret)
return GNUNET_SYSERR;
if (GNUNET_NO == ret)
{
dns.answer_rcount = htons ((uint16_t) (i-1));
- trc = GNUNET_YES;
+ trc = GNUNET_YES;
break;
}
}
for (i=0;i<p->num_authority_records;i++)
{
- ret = add_record (tmp, sizeof (tmp), &off, &p->authority_records[i]);
+ ret = add_record (tmp, sizeof (tmp), &off, &p->authority_records[i]);
if (GNUNET_SYSERR == ret)
return GNUNET_SYSERR;
if (GNUNET_NO == ret)
{
dns.authority_rcount = htons ((uint16_t) (i-1));
- trc = GNUNET_YES;
+ trc = GNUNET_YES;
break;
}
}
for (i=0;i<p->num_additional_records;i++)
{
- ret = add_record (tmp, sizeof (tmp), &off, &p->additional_records[i]);
+ ret = add_record (tmp, sizeof (tmp), &off, &p->additional_records[i]);
if (GNUNET_SYSERR == ret)
return GNUNET_SYSERR;
if (GNUNET_NO == ret)
{
dns.additional_rcount = htons (i-1);
- trc = GNUNET_YES;
+ trc = GNUNET_YES;
break;
}
}
if (GNUNET_YES == trc)
- dns.flags.message_truncated = 1;
+ dns.flags.message_truncated = 1;
memcpy (tmp, &dns, sizeof (struct GNUNET_TUN_DnsHeader));
*buf = GNUNET_malloc (off);