X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=src%2Fdns%2Fdnsparser.c;h=2be34fc15fd0f6f250519a6023fd5b8348ab9543;hb=00cad61e45eb0b5ace71795d370b194317c99eee;hp=369f90215dfb75c24c76b82fb2fd3bafe3b2186b;hpb=ae4f506a574161c3baaf071d491f8c4987bc0623;p=oweals%2Fgnunet.git diff --git a/src/dns/dnsparser.c b/src/dns/dnsparser.c index 369f90215..2be34fc15 100644 --- a/src/dns/dnsparser.c +++ b/src/dns/dnsparser.c @@ -1,6 +1,6 @@ /* This file is part of GNUnet - (C) 2010-2013 Christian Grothoff (and other contributing authors) + (C) 2010-2014 Christian Grothoff (and other contributing authors) GNUnet is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published @@ -20,7 +20,7 @@ /** * @file dns/dnsparser.c - * @brief helper library to parse DNS packets. + * @brief helper library to parse DNS packets. * @author Philipp Toelke * @author Christian Grothoff */ @@ -47,10 +47,10 @@ GNUNET_DNSPARSER_check_label (const char *label) { char *output; size_t slen; - + if (NULL != strchr (label, '.')) return GNUNET_SYSERR; /* not a label! Did you mean GNUNET_DNSPARSER_check_name? */ - if (IDNA_SUCCESS != + if (IDNA_SUCCESS != idna_to_ascii_8z (label, &output, IDNA_ALLOW_UNASSIGNED)) return GNUNET_SYSERR; slen = strlen (output); @@ -78,7 +78,7 @@ GNUNET_DNSPARSER_check_name (const char *name) char *output; size_t slen; char *tok; - + ldup = GNUNET_strdup (name); for (tok = strtok (ldup, "."); NULL != tok; tok = strtok (NULL, ".")) if (GNUNET_OK != @@ -88,7 +88,7 @@ GNUNET_DNSPARSER_check_name (const char *name) return GNUNET_SYSERR; } GNUNET_free (ldup); - if (IDNA_SUCCESS != + if (IDNA_SUCCESS != idna_to_ascii_8z (name, &output, IDNA_ALLOW_UNASSIGNED)) return GNUNET_SYSERR; slen = strlen (output); @@ -113,7 +113,22 @@ GNUNET_DNSPARSER_free_soa (struct GNUNET_DNSPARSER_SoaRecord *soa) return; GNUNET_free_non_null (soa->mname); GNUNET_free_non_null (soa->rname); - GNUNET_free (soa); + GNUNET_free (soa); +} + + +/** + * Free CERT information record. + * + * @param cert record to free + */ +void +GNUNET_DNSPARSER_free_cert (struct GNUNET_DNSPARSER_CertRecord *cert) +{ + if (NULL == cert) + return; + GNUNET_free_non_null (cert->certificate_data); + GNUNET_free (cert); } @@ -128,10 +143,7 @@ GNUNET_DNSPARSER_free_srv (struct GNUNET_DNSPARSER_SrvRecord *srv) if (NULL == srv) return; GNUNET_free_non_null (srv->target); - GNUNET_free_non_null (srv->domain_name); - GNUNET_free_non_null (srv->proto); - GNUNET_free_non_null (srv->service); - GNUNET_free (srv); + GNUNET_free (srv); } @@ -146,13 +158,13 @@ GNUNET_DNSPARSER_free_mx (struct GNUNET_DNSPARSER_MxRecord *mx) if (NULL == mx) return; GNUNET_free_non_null (mx->mxhost); - GNUNET_free (mx); + GNUNET_free (mx); } /** * Free the given DNS record. - * + * * @param r record to free */ void @@ -170,6 +182,9 @@ GNUNET_DNSPARSER_free_record (struct GNUNET_DNSPARSER_Record *r) case GNUNET_DNSPARSER_TYPE_SRV: GNUNET_DNSPARSER_free_srv (r->data.srv); break; + case GNUNET_DNSPARSER_TYPE_CERT: + GNUNET_DNSPARSER_free_cert (r->data.cert); + break; case GNUNET_DNSPARSER_TYPE_NS: case GNUNET_DNSPARSER_TYPE_CNAME: case GNUNET_DNSPARSER_TYPE_PTR: @@ -206,7 +221,7 @@ parse_name (const char *udp_payload, size_t xoff; char *utf8; Idna_rc rc; - + ret = GNUNET_strdup (""); while (1) { @@ -294,14 +309,14 @@ parse_name (const char *udp_payload, GNUNET_free (xstr); ret = tmp; if (strlen (ret) > udp_payload_length) - { + { GNUNET_break_op (0); goto error; /* we are looping (building an infinite string) */ } *off += 2; /* pointers always terminate names */ break; - } + } else { /* neither pointer nor inline string, not supported... */ @@ -312,7 +327,7 @@ parse_name (const char *udp_payload, if (0 < strlen(ret)) ret[strlen(ret)-1] = '\0'; /* eat tailing '.' */ return ret; - error: + error: GNUNET_break_op (0); GNUNET_free (ret); return NULL; @@ -356,7 +371,7 @@ GNUNET_DNSPARSER_parse_query (const char *udp_payload, char *name; struct GNUNET_TUN_DnsQueryLine ql; - name = GNUNET_DNSPARSER_parse_name (udp_payload, + name = GNUNET_DNSPARSER_parse_name (udp_payload, udp_payload_length, off); if (NULL == name) @@ -414,7 +429,7 @@ GNUNET_DNSPARSER_parse_soa (const char *udp_payload, return NULL; } memcpy (&soa_bin, - &udp_payload[*off], + &udp_payload[*off], sizeof (struct GNUNET_TUN_DnsSoaRecord)); soa->serial = ntohl (soa_bin.serial); soa->refresh = ntohl (soa_bin.refresh); @@ -450,7 +465,7 @@ GNUNET_DNSPARSER_parse_mx (const char *udp_payload, GNUNET_break_op (0); return NULL; } - memcpy (&mxpref, &udp_payload[*off], sizeof (uint16_t)); + memcpy (&mxpref, &udp_payload[*off], sizeof (uint16_t)); (*off) += sizeof (uint16_t); mx = GNUNET_new (struct GNUNET_DNSPARSER_MxRecord); mx->preference = ntohs (mxpref); @@ -471,7 +486,6 @@ GNUNET_DNSPARSER_parse_mx (const char *udp_payload, /** * Parse a DNS SRV record. * - * @param r_name name of the SRV record * @param udp_payload reference to UDP packet * @param udp_payload_length length of @a udp_payload * @param off pointer to the offset of the query to parse in the SRV record (to be @@ -479,58 +493,25 @@ GNUNET_DNSPARSER_parse_mx (const char *udp_payload, * @return the parsed SRV record, NULL on error */ struct GNUNET_DNSPARSER_SrvRecord * -GNUNET_DNSPARSER_parse_srv (const char *r_name, - const char *udp_payload, +GNUNET_DNSPARSER_parse_srv (const char *udp_payload, size_t udp_payload_length, size_t *off) { struct GNUNET_DNSPARSER_SrvRecord *srv; struct GNUNET_TUN_DnsSrvRecord srv_bin; size_t old_off; - char *ndup; - char *tok; - if ('_' != *r_name) - return NULL; /* all valid srv names must start with "_" */ - if (NULL == strstr (r_name, "._")) - return NULL; /* necessary string from "._$PROTO" not present */ old_off = *off; if (*off + sizeof (struct GNUNET_TUN_DnsSrvRecord) > udp_payload_length) return NULL; memcpy (&srv_bin, - &udp_payload[*off], - sizeof (struct GNUNET_TUN_DnsSrvRecord)); + &udp_payload[*off], + sizeof (struct GNUNET_TUN_DnsSrvRecord)); (*off) += sizeof (struct GNUNET_TUN_DnsSrvRecord); srv = GNUNET_new (struct GNUNET_DNSPARSER_SrvRecord); srv->priority = ntohs (srv_bin.prio); srv->weight = ntohs (srv_bin.weight); srv->port = ntohs (srv_bin.port); - /* parse 'data.hostname' into components, which are - "_$SERVICE._$PROTO.$DOMAIN_NAME" */ - ndup = GNUNET_strdup (r_name); - tok = strtok (ndup, "."); - GNUNET_assert (NULL != tok); - GNUNET_assert ('_' == *tok); - srv->service = GNUNET_strdup (&tok[1]); - tok = strtok (NULL, "."); - if ( (NULL == tok) || ('_' != *tok) ) - { - GNUNET_DNSPARSER_free_srv (srv); - GNUNET_free (ndup); - *off = old_off; - return NULL; - } - srv->proto = GNUNET_strdup (&tok[1]); - tok = strtok (NULL, "."); - if (NULL == tok) - { - GNUNET_DNSPARSER_free_srv (srv); - GNUNET_free (ndup); - *off = old_off; - return NULL; - } - srv->domain_name = GNUNET_strdup (tok); - GNUNET_free (ndup); srv->target = GNUNET_DNSPARSER_parse_name (udp_payload, udp_payload_length, off); @@ -544,6 +525,44 @@ GNUNET_DNSPARSER_parse_srv (const char *r_name, } +/** + * Parse a DNS CERT record. + * + * @param udp_payload reference to UDP packet + * @param udp_payload_length length of @a udp_payload + * @param off pointer to the offset of the query to parse in the CERT record (to be + * incremented by the size of the record), unchanged on error + * @return the parsed CERT record, NULL on error + */ +struct GNUNET_DNSPARSER_CertRecord * +GNUNET_DNSPARSER_parse_cert (const char *udp_payload, + size_t udp_payload_length, + size_t *off) +{ + struct GNUNET_DNSPARSER_CertRecord *cert; + struct GNUNET_TUN_DnsCertRecord dcert; + + if (*off + sizeof (struct GNUNET_TUN_DnsCertRecord) >= udp_payload_length) + { + GNUNET_break_op (0); + return NULL; + } + memcpy (&dcert, &udp_payload[*off], sizeof (struct GNUNET_TUN_DnsCertRecord)); + (*off) += sizeof (sizeof (struct GNUNET_TUN_DnsCertRecord)); + cert = GNUNET_new (struct GNUNET_DNSPARSER_CertRecord); + cert->cert_type = ntohs (dcert.cert_type); + cert->cert_tag = ntohs (dcert.cert_tag); + cert->algorithm = dcert.algorithm; + cert->certificate_size = udp_payload_length - (*off); + cert->certificate_data = GNUNET_malloc (cert->certificate_size); + memcpy (cert->certificate_data, + &udp_payload[*off], + cert->certificate_size); + (*off) += cert->certificate_size; + return cert; +} + + /** * Parse a DNS record entry. * @@ -565,7 +584,7 @@ GNUNET_DNSPARSER_parse_record (const char *udp_payload, size_t old_off; uint16_t data_len; - name = GNUNET_DNSPARSER_parse_name (udp_payload, + name = GNUNET_DNSPARSER_parse_name (udp_payload, udp_payload_length, off); if (NULL == name) @@ -599,7 +618,7 @@ GNUNET_DNSPARSER_parse_record (const char *udp_payload, case GNUNET_DNSPARSER_TYPE_PTR: r->data.hostname = GNUNET_DNSPARSER_parse_name (udp_payload, udp_payload_length, - off); + off); if ( (NULL == r->data.hostname) || (old_off + data_len != *off) ) return GNUNET_SYSERR; @@ -627,8 +646,7 @@ GNUNET_DNSPARSER_parse_record (const char *udp_payload, } return GNUNET_OK; case GNUNET_DNSPARSER_TYPE_SRV: - r->data.srv = GNUNET_DNSPARSER_parse_srv (r->name, - udp_payload, + r->data.srv = GNUNET_DNSPARSER_parse_srv (udp_payload, udp_payload_length, off); if ( (NULL == r->data.srv) || @@ -645,7 +663,7 @@ GNUNET_DNSPARSER_parse_record (const char *udp_payload, break; } (*off) += data_len; - return GNUNET_OK; + return GNUNET_OK; } @@ -654,7 +672,7 @@ GNUNET_DNSPARSER_parse_record (const char *udp_payload, * processing and manipulation. * * @param udp_payload wire-format of the DNS packet - * @param udp_payload_length number of bytes in @a udp_payload + * @param udp_payload_length number of bytes in @a udp_payload * @return NULL on error, otherwise the parsed packet */ struct GNUNET_DNSPARSER_Packet * @@ -664,7 +682,7 @@ GNUNET_DNSPARSER_parse (const char *udp_payload, struct GNUNET_DNSPARSER_Packet *p; const struct GNUNET_TUN_DnsHeader *dns; size_t off; - unsigned int n; + unsigned int n; unsigned int i; if (udp_payload_length < sizeof (struct GNUNET_TUN_DnsHeader)) @@ -711,7 +729,7 @@ GNUNET_DNSPARSER_parse (const char *udp_payload, udp_payload_length, &off, &p->authority_records[i])) - goto error; + goto error; } n = ntohs (dns->additional_rcount); if (n > 0) @@ -724,7 +742,7 @@ GNUNET_DNSPARSER_parse (const char *udp_payload, udp_payload_length, &off, &p->additional_records[i])) - goto error; + goto error; } return p; error: @@ -793,10 +811,10 @@ GNUNET_DNSPARSER_builder_add_name (char *dst, if (NULL == name) return GNUNET_SYSERR; - if (IDNA_SUCCESS != + if (IDNA_SUCCESS != (rc = idna_to_ascii_8z (name, &idna_start, IDNA_ALLOW_UNASSIGNED))) { - GNUNET_log (GNUNET_ERROR_TYPE_INFO, + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, _("Failed to convert UTF-8 name `%s' to DNS IDNA format: %s\n"), name, idna_strerror (rc)); @@ -815,7 +833,10 @@ GNUNET_DNSPARSER_builder_add_name (char *dst, else len = dot - idna_name; if ( (len >= 64) || (0 == len) ) - goto fail; /* segment too long or empty */ + { + GNUNET_break (0); + goto fail; /* segment too long or empty */ + } dst[pos++] = (char) (uint8_t) len; memcpy (&dst[pos], idna_name, len); pos += len; @@ -836,7 +857,7 @@ GNUNET_DNSPARSER_builder_add_name (char *dst, #else free (idna_start); #endif - return GNUNET_NO; + return GNUNET_NO; } @@ -901,6 +922,46 @@ GNUNET_DNSPARSER_builder_add_mx (char *dst, } +/** + * Add a CERT record to the UDP packet at the given location. + * + * @param dst where to write the CERT record + * @param dst_len number of bytes in @a dst + * @param off pointer to offset where to write the CERT information (increment by bytes used); + * can also change if there was an error + * @param cert CERT information to write + * @return #GNUNET_SYSERR if @a cert is invalid + * #GNUNET_NO if @a cert did not fit + * #GNUNET_OK if @a cert was added to @a dst + */ +int +GNUNET_DNSPARSER_builder_add_cert (char *dst, + size_t dst_len, + size_t *off, + const struct GNUNET_DNSPARSER_CertRecord *cert) +{ + struct GNUNET_TUN_DnsCertRecord dcert; + + if ( (cert->cert_type > UINT16_MAX) || + (cert->cert_tag > UINT16_MAX) || + (cert->algorithm > UINT8_MAX) ) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + if (*off + sizeof (struct GNUNET_TUN_DnsCertRecord) + cert->certificate_size > dst_len) + return GNUNET_NO; + dcert.cert_type = htons ((uint16_t) cert->cert_type); + dcert.cert_tag = htons ((uint16_t) cert->cert_tag); + dcert.algorithm = (uint8_t) cert->algorithm; + memcpy (&dst[*off], &dcert, sizeof (dcert)); + (*off) += sizeof (dcert); + memcpy (&dst[*off], cert->certificate_data, cert->certificate_size); + (*off) += cert->certificate_size; + return GNUNET_OK; +} + + /** * Add an SOA record to the UDP packet at the given location. * @@ -923,13 +984,13 @@ GNUNET_DNSPARSER_builder_add_soa (char *dst, int ret; if ( (GNUNET_OK != (ret = GNUNET_DNSPARSER_builder_add_name (dst, - dst_len, - off, - soa->mname))) || + dst_len, + off, + soa->mname))) || (GNUNET_OK != (ret = GNUNET_DNSPARSER_builder_add_name (dst, - dst_len, - off, - soa->rname)) ) ) + dst_len, + off, + soa->rname)) ) ) return ret; if (*off + sizeof (struct GNUNET_TUN_DnsSoaRecord) > dst_len) return GNUNET_NO; @@ -1003,31 +1064,24 @@ add_record (char *dst, size_t start; size_t pos; struct GNUNET_TUN_DnsRecordLine rl; - char *name; - + start = *off; - /* for SRV records, we can create the name from the details - of the record if needed */ - name = record->name; - if ( (GNUNET_DNSPARSER_TYPE_SRV == record->type) && - (NULL == name) ) - GNUNET_asprintf (&name, - "_%s._%s.%s", - record->data.srv->service, - record->data.srv->proto, - record->data.srv->domain_name); - ret = GNUNET_DNSPARSER_builder_add_name (dst, dst_len - sizeof (struct GNUNET_TUN_DnsRecordLine), off, name); - if (name != record->name) - GNUNET_free (name); + ret = GNUNET_DNSPARSER_builder_add_name (dst, + dst_len - sizeof (struct GNUNET_TUN_DnsRecordLine), + off, + record->name); if (GNUNET_OK != ret) return ret; /* '*off' is now the position where we will need to write the record line */ pos = *off + sizeof (struct GNUNET_TUN_DnsRecordLine); switch (record->type) - { + { case GNUNET_DNSPARSER_TYPE_MX: - ret = GNUNET_DNSPARSER_builder_add_mx (dst, dst_len, &pos, record->data.mx); + ret = GNUNET_DNSPARSER_builder_add_mx (dst, dst_len, &pos, record->data.mx); + break; + case GNUNET_DNSPARSER_TYPE_CERT: + ret = GNUNET_DNSPARSER_builder_add_cert (dst, dst_len, &pos, record->data.cert); break; case GNUNET_DNSPARSER_TYPE_SOA: ret = GNUNET_DNSPARSER_builder_add_soa (dst, dst_len, &pos, record->data.soa); @@ -1069,14 +1123,14 @@ add_record (char *dst, rl.data_len = htons ((uint16_t) (pos - (*off + sizeof (struct GNUNET_TUN_DnsRecordLine)))); memcpy (&dst[*off], &rl, sizeof (struct GNUNET_TUN_DnsRecordLine)); *off = pos; - return GNUNET_OK; + return GNUNET_OK; } /** * Given a DNS packet @a p, generate the corresponding UDP payload. * Note that we do not attempt to pack the strings with pointers - * as this would complicate the code and this is about being + * as this would complicate the code and this is about being * simple and secure, not fast, fancy and broken like bind. * * @param p packet to pack @@ -1092,14 +1146,14 @@ GNUNET_DNSPARSER_pack (const struct GNUNET_DNSPARSER_Packet *p, uint16_t max, char **buf, size_t *buf_length) -{ +{ struct GNUNET_TUN_DnsHeader dns; size_t off; char tmp[max]; unsigned int i; int ret; int trc; - + if ( (p->num_queries > UINT16_MAX) || (p->num_answers > UINT16_MAX) || (p->num_authority_records > UINT16_MAX) || @@ -1116,55 +1170,55 @@ GNUNET_DNSPARSER_pack (const struct GNUNET_DNSPARSER_Packet *p, trc = GNUNET_NO; for (i=0;inum_queries;i++) { - ret = GNUNET_DNSPARSER_builder_add_query (tmp, sizeof (tmp), &off, &p->queries[i]); + ret = GNUNET_DNSPARSER_builder_add_query (tmp, sizeof (tmp), &off, &p->queries[i]); if (GNUNET_SYSERR == ret) return GNUNET_SYSERR; if (GNUNET_NO == ret) { dns.query_count = htons ((uint16_t) (i-1)); - trc = GNUNET_YES; + trc = GNUNET_YES; break; } } for (i=0;inum_answers;i++) { - ret = add_record (tmp, sizeof (tmp), &off, &p->answers[i]); + ret = add_record (tmp, sizeof (tmp), &off, &p->answers[i]); if (GNUNET_SYSERR == ret) return GNUNET_SYSERR; if (GNUNET_NO == ret) { dns.answer_rcount = htons ((uint16_t) (i-1)); - trc = GNUNET_YES; + trc = GNUNET_YES; break; } } for (i=0;inum_authority_records;i++) { - ret = add_record (tmp, sizeof (tmp), &off, &p->authority_records[i]); + ret = add_record (tmp, sizeof (tmp), &off, &p->authority_records[i]); if (GNUNET_SYSERR == ret) return GNUNET_SYSERR; if (GNUNET_NO == ret) { dns.authority_rcount = htons ((uint16_t) (i-1)); - trc = GNUNET_YES; + trc = GNUNET_YES; break; } } for (i=0;inum_additional_records;i++) { - ret = add_record (tmp, sizeof (tmp), &off, &p->additional_records[i]); + ret = add_record (tmp, sizeof (tmp), &off, &p->additional_records[i]); if (GNUNET_SYSERR == ret) return GNUNET_SYSERR; if (GNUNET_NO == ret) { dns.additional_rcount = htons (i-1); - trc = GNUNET_YES; + trc = GNUNET_YES; break; } } if (GNUNET_YES == trc) - dns.flags.message_truncated = 1; + dns.flags.message_truncated = 1; memcpy (tmp, &dns, sizeof (struct GNUNET_TUN_DnsHeader)); *buf = GNUNET_malloc (off); @@ -1175,4 +1229,63 @@ GNUNET_DNSPARSER_pack (const struct GNUNET_DNSPARSER_Packet *p, return GNUNET_OK; } + +/** + * Convert a block of binary data to HEX. + * + * @param data binary data to convert + * @param data_size number of bytes in @a data + * @return HEX string (lower case) + */ +char * +GNUNET_DNSPARSER_bin_to_hex (const void *data, + size_t data_size) +{ + char *ret; + size_t off; + const uint8_t *idata; + + idata = data; + ret = GNUNET_malloc (data_size * 2 + 1); + for (off = 0; off < data_size; off++) + sprintf (&ret[off * 2], + "%x", + idata[off]); + return ret; +} + + +/** + * Convert a HEX string to block of binary data. + * + * @param hex HEX string to convert (may contain mixed case) + * @param data where to write result, must be + * at least `strlen(hex)/2` bytes long + * @return number of bytes written to data + */ +size_t +GNUNET_DNSPARSER_hex_to_bin (const char *hex, + void *data) +{ + size_t data_size; + size_t off; + uint8_t *idata; + unsigned int h; + char in[3]; + + data_size = strlen (hex) / 2; + idata = data; + in[2] = '\0'; + for (off = 0; off < data_size; off++) + { + in[0] = tolower ((int) hex[off * 2]); + in[1] = tolower ((int) hex[off * 2 + 1]); + if (1 != sscanf (in, "%x", &h)) + return off; + idata[off] = (uint8_t) h; + } + return off; +} + + /* end of dnsparser.c */