X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=src%2Fdns%2Fdnsparser.c;h=5041d29a8a1adc9fb77428c10fd40392b1804de0;hb=e8cf81fdb3fdaef59b49da8f6e952a3225ab326e;hp=6921f0d341c82e92089d300beaa5e5e9b99f5d5d;hpb=1b242c9e8981be003396eca57878f010c827d0f4;p=oweals%2Fgnunet.git diff --git a/src/dns/dnsparser.c b/src/dns/dnsparser.c index 6921f0d34..5041d29a8 100644 --- a/src/dns/dnsparser.c +++ b/src/dns/dnsparser.c @@ -1,300 +1,1291 @@ +/* + This file is part of GNUnet + Copyright (C) 2010-2014 GNUnet e.V. + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. + */ + +/** + * @file dns/dnsparser.c + * @brief helper library to parse DNS packets. + * @author Philipp Toelke + * @author Christian Grothoff + */ #include "platform.h" +#include +#if WINDOWS +#include +#endif +#include "gnunet_util_lib.h" #include "gnunet_dnsparser_lib.h" +#include "gnunet_tun_lib.h" + + +/** + * Check if a label in UTF-8 format can be coded into valid IDNA. + * This can fail if the ASCII-conversion becomes longer than 63 characters. + * + * @param label label to check (UTF-8 string) + * @return #GNUNET_OK if the label can be converted to IDNA, + * #GNUNET_SYSERR if the label is not valid for DNS names + */ +int +GNUNET_DNSPARSER_check_label (const char *label) +{ + char *output; + size_t slen; + + if (NULL != strchr (label, '.')) + return GNUNET_SYSERR; /* not a label! Did you mean GNUNET_DNSPARSER_check_name? */ + if (IDNA_SUCCESS != + idna_to_ascii_8z (label, &output, IDNA_ALLOW_UNASSIGNED)) + return GNUNET_SYSERR; + slen = strlen (output); +#if WINDOWS + idn_free (output); +#else + free (output); +#endif + return (slen > 63) ? GNUNET_SYSERR : GNUNET_OK; +} + + +/** + * Check if a label in UTF-8 format can be coded into valid IDNA. + * This can fail if the ASCII-conversion becomes longer than 253 characters. + * + * @param name name to check (UTF-8 string) + * @return #GNUNET_OK if the label can be converted to IDNA, + * #GNUNET_SYSERR if the label is not valid for DNS names + */ +int +GNUNET_DNSPARSER_check_name (const char *name) +{ + char *ldup; + char *output; + size_t slen; + char *tok; + + ldup = GNUNET_strdup (name); + for (tok = strtok (ldup, "."); NULL != tok; tok = strtok (NULL, ".")) + if (GNUNET_OK != + GNUNET_DNSPARSER_check_label (tok)) + { + GNUNET_free (ldup); + return GNUNET_SYSERR; + } + GNUNET_free (ldup); + if (IDNA_SUCCESS != + idna_to_ascii_8z (name, &output, IDNA_ALLOW_UNASSIGNED)) + return GNUNET_SYSERR; + slen = strlen (output); +#if WINDOWS + idn_free (output); +#else + free (output); +#endif + return (slen > 253) ? GNUNET_SYSERR : GNUNET_OK; +} + + +/** + * Free SOA information record. + * + * @param soa record to free + */ +void +GNUNET_DNSPARSER_free_soa (struct GNUNET_DNSPARSER_SoaRecord *soa) +{ + if (NULL == soa) + return; + GNUNET_free_non_null (soa->mname); + GNUNET_free_non_null (soa->rname); + GNUNET_free (soa); +} + + +/** + * Free CERT information record. + * + * @param cert record to free + */ +void +GNUNET_DNSPARSER_free_cert (struct GNUNET_DNSPARSER_CertRecord *cert) +{ + if (NULL == cert) + return; + GNUNET_free_non_null (cert->certificate_data); + GNUNET_free (cert); +} + /** - * Parse a name from DNS to a normal .-delimited, 0-terminated string. + * Free SRV information record. * - * @param d The destination of the name. Should have at least 255 bytes allocated. - * @param src The DNS-Packet - * @param idx The offset inside the Packet from which on the name should be read - * @returns The offset of the first unparsed byte (the byte right behind the name) + * @param srv record to free */ -static unsigned int -parse_dns_name (char *d, const unsigned char *src, unsigned short idx) -{ /*{{{ */ - char *dest = d; +void +GNUNET_DNSPARSER_free_srv (struct GNUNET_DNSPARSER_SrvRecord *srv) +{ + if (NULL == srv) + return; + GNUNET_free_non_null (srv->target); + GNUNET_free (srv); +} - int len = src[idx++]; - while (len != 0) +/** + * Free MX information record. + * + * @param mx record to free + */ +void +GNUNET_DNSPARSER_free_mx (struct GNUNET_DNSPARSER_MxRecord *mx) +{ + if (NULL == mx) + return; + GNUNET_free_non_null (mx->mxhost); + GNUNET_free (mx); +} + + +/** + * Free the given DNS record. + * + * @param r record to free + */ +void +GNUNET_DNSPARSER_free_record (struct GNUNET_DNSPARSER_Record *r) +{ + GNUNET_free_non_null (r->name); + switch (r->type) { - if (len & 0xC0) - { /* Compressed name, offset in this and the next octet */ - unsigned short offset = ((len & 0x3F) << 8) | src[idx++]; + case GNUNET_DNSPARSER_TYPE_MX: + GNUNET_DNSPARSER_free_mx (r->data.mx); + break; + case GNUNET_DNSPARSER_TYPE_SOA: + GNUNET_DNSPARSER_free_soa (r->data.soa); + break; + case GNUNET_DNSPARSER_TYPE_SRV: + GNUNET_DNSPARSER_free_srv (r->data.srv); + break; + case GNUNET_DNSPARSER_TYPE_CERT: + GNUNET_DNSPARSER_free_cert (r->data.cert); + break; + case GNUNET_DNSPARSER_TYPE_NS: + case GNUNET_DNSPARSER_TYPE_CNAME: + case GNUNET_DNSPARSER_TYPE_PTR: + GNUNET_free_non_null (r->data.hostname); + break; + default: + GNUNET_free_non_null (r->data.raw.data); + break; + } +} + - parse_dns_name (dest, src, offset - 12); /* 12 for the Header of the DNS-Packet, idx starts at 0 which is 12 bytes from the start of the packet */ - return idx; +/** + * Parse name inside of a DNS query or record. + * + * @param udp_payload entire UDP payload + * @param udp_payload_length length of @a udp_payload + * @param off pointer to the offset of the name to parse in the udp_payload (to be + * incremented by the size of the name) + * @param depth current depth of our recursion (to prevent stack overflow) + * @return name as 0-terminated C string on success, NULL if the payload is malformed + */ +static char * +parse_name (const char *udp_payload, + size_t udp_payload_length, + size_t *off, + unsigned int depth) +{ + const uint8_t *input = (const uint8_t *) udp_payload; + char *ret; + char *tmp; + char *xstr; + uint8_t len; + size_t xoff; + char *utf8; + Idna_rc rc; + + ret = GNUNET_strdup (""); + while (1) + { + if (*off >= udp_payload_length) + { + GNUNET_break_op (0); + goto error; + } + len = input[*off]; + if (0 == len) + { + (*off)++; + break; } - memcpy (dest, src + idx, len); - idx += len; - dest += len; - *dest = '.'; - dest++; - len = src[idx++]; - }; - *dest = 0; - - return idx; + if (len < 64) + { + if (*off + 1 + len > udp_payload_length) + { + GNUNET_break_op (0); + goto error; + } + GNUNET_asprintf (&tmp, + "%.*s", + (int) len, + &udp_payload[*off + 1]); + if (IDNA_SUCCESS != + (rc = idna_to_unicode_8z8z (tmp, &utf8, IDNA_ALLOW_UNASSIGNED))) + { + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + _("Failed to convert DNS IDNA name `%s' to UTF-8: %s\n"), + tmp, + idna_strerror (rc)); + GNUNET_free (tmp); + GNUNET_asprintf (&tmp, + "%s%.*s.", + ret, + (int) len, + &udp_payload[*off + 1]); + } + else + { + GNUNET_free (tmp); + GNUNET_asprintf (&tmp, + "%s%s.", + ret, + utf8); +#if WINDOWS + idn_free (utf8); +#else + free (utf8); +#endif + } + GNUNET_free (ret); + ret = tmp; + *off += 1 + len; + } + else if ((64 | 128) == (len & (64 | 128)) ) + { + if (depth > 32) + { + GNUNET_break_op (0); + goto error; /* hard bound on stack to prevent "infinite" recursion, disallow! */ + } + /* pointer to string */ + if (*off + 1 > udp_payload_length) + { + GNUNET_break_op (0); + goto error; + } + xoff = ((len - (64 | 128)) << 8) + input[*off+1]; + xstr = parse_name (udp_payload, + udp_payload_length, + &xoff, + depth + 1); + if (NULL == xstr) + { + GNUNET_break_op (0); + goto error; + } + GNUNET_asprintf (&tmp, + "%s%s.", + ret, + xstr); + GNUNET_free (ret); + GNUNET_free (xstr); + ret = tmp; + if (strlen (ret) > udp_payload_length) + { + GNUNET_break_op (0); + goto error; /* we are looping (building an infinite string) */ + } + *off += 2; + /* pointers always terminate names */ + break; + } + else + { + /* neither pointer nor inline string, not supported... */ + GNUNET_break_op (0); + goto error; + } + } + if (0 < strlen(ret)) + ret[strlen(ret)-1] = '\0'; /* eat tailing '.' */ + return ret; + error: + GNUNET_break_op (0); + GNUNET_free (ret); + return NULL; } -/*}}}*/ /** - * Parse a complete DNS-Record from raw DNS-data to a struct dns_record + * Parse name inside of a DNS query or record. * - * @param data The DNS-data - * @param dst Pointer to count pointers; individual pointers will be allocated - * @param count Number of records to parse - * @param idx The offset inside the Packet from which on the name should be read - * @returns The offset of the first unparsed byte (the byte right behind the last record) + * @param udp_payload entire UDP payload + * @param udp_payload_length length of @a udp_payload + * @param off pointer to the offset of the name to parse in the udp_payload (to be + * incremented by the size of the name) + * @return name as 0-terminated C string on success, NULL if the payload is malformed */ -static unsigned short -parse_dns_record (unsigned char *data, /*{{{ */ - struct dns_record **dst, unsigned short count, - unsigned short idx) +char * +GNUNET_DNSPARSER_parse_name (const char *udp_payload, + size_t udp_payload_length, + size_t *off) { - int i; - unsigned short _idx; + return parse_name (udp_payload, udp_payload_length, off, 0); +} - for (i = 0; i < count; i++) + +/** + * Parse a DNS query entry. + * + * @param udp_payload entire UDP payload + * @param udp_payload_length length of @a udp_payload + * @param off pointer to the offset of the query to parse in the udp_payload (to be + * incremented by the size of the query) + * @param q where to write the query information + * @return #GNUNET_OK on success, #GNUNET_SYSERR if the query is malformed + */ +int +GNUNET_DNSPARSER_parse_query (const char *udp_payload, + size_t udp_payload_length, + size_t *off, + struct GNUNET_DNSPARSER_Query *q) +{ + char *name; + struct GNUNET_TUN_DnsQueryLine ql; + + name = GNUNET_DNSPARSER_parse_name (udp_payload, + udp_payload_length, + off); + if (NULL == name) + { + GNUNET_break_op (0); + return GNUNET_SYSERR; + } + q->name = name; + if (*off + sizeof (struct GNUNET_TUN_DnsQueryLine) > udp_payload_length) { - dst[i] = GNUNET_malloc (sizeof (struct dns_record)); - dst[i]->name = alloca (255); // see RFC1035, no name can be longer than this. - char *name = dst[i]->name; - - _idx = parse_dns_name (name, data, idx); - dst[i]->namelen = _idx - idx; - - dst[i]->name = GNUNET_malloc (dst[i]->namelen); - memcpy (dst[i]->name, name, dst[i]->namelen); - - idx = _idx; - - dst[i]->type = *((unsigned short *) (data + idx)); - idx += 2; - dst[i]->class = *((unsigned short *) (data + idx)); - idx += 2; - dst[i]->ttl = *((unsigned int *) (data + idx)); - idx += 4; - dst[i]->data_len = *((unsigned short *) (data + idx)); - idx += 2; - dst[i]->data = GNUNET_malloc (ntohs (dst[i]->data_len)); - memcpy (dst[i]->data, data + idx, ntohs (dst[i]->data_len)); - idx += ntohs (dst[i]->data_len); + GNUNET_break_op (0); + return GNUNET_SYSERR; } - return idx; -} /*}}} */ + memcpy (&ql, &udp_payload[*off], sizeof (ql)); + *off += sizeof (ql); + q->type = ntohs (ql.type); + q->dns_traffic_class = ntohs (ql.dns_traffic_class); + return GNUNET_OK; +} + /** - * Parse a raw DNS-Packet into an usable struct + * Parse a DNS SOA record. + * + * @param udp_payload reference to UDP packet + * @param udp_payload_length length of @a udp_payload + * @param off pointer to the offset of the query to parse in the SOA record (to be + * incremented by the size of the record), unchanged on error + * @return the parsed SOA record, NULL on error */ -struct dns_pkt_parsed * -parse_dns_packet (struct dns_pkt *pkt) -{ /*{{{ */ - struct dns_pkt_parsed *ppkt = GNUNET_malloc (sizeof (struct dns_pkt_parsed)); +struct GNUNET_DNSPARSER_SoaRecord * +GNUNET_DNSPARSER_parse_soa (const char *udp_payload, + size_t udp_payload_length, + size_t *off) +{ + struct GNUNET_DNSPARSER_SoaRecord *soa; + struct GNUNET_TUN_DnsSoaRecord soa_bin; + size_t old_off; - memcpy (&ppkt->s, &pkt->s, sizeof pkt->s); + old_off = *off; + soa = GNUNET_new (struct GNUNET_DNSPARSER_SoaRecord); + soa->mname = GNUNET_DNSPARSER_parse_name (udp_payload, + udp_payload_length, + off); + soa->rname = GNUNET_DNSPARSER_parse_name (udp_payload, + udp_payload_length, + off); + if ( (NULL == soa->mname) || + (NULL == soa->rname) || + (*off + sizeof (struct GNUNET_TUN_DnsSoaRecord) > udp_payload_length) ) + { + GNUNET_break_op (0); + GNUNET_DNSPARSER_free_soa (soa); + *off = old_off; + return NULL; + } + memcpy (&soa_bin, + &udp_payload[*off], + sizeof (struct GNUNET_TUN_DnsSoaRecord)); + soa->serial = ntohl (soa_bin.serial); + soa->refresh = ntohl (soa_bin.refresh); + soa->retry = ntohl (soa_bin.retry); + soa->expire = ntohl (soa_bin.expire); + soa->minimum_ttl = ntohl (soa_bin.minimum); + (*off) += sizeof (struct GNUNET_TUN_DnsSoaRecord); + return soa; +} - unsigned short qdcount = ntohs (ppkt->s.qdcount); - unsigned short ancount = ntohs (ppkt->s.ancount); - unsigned short nscount = ntohs (ppkt->s.nscount); - unsigned short arcount = ntohs (ppkt->s.arcount); - ppkt->queries = GNUNET_malloc (qdcount * sizeof (struct dns_query *)); - ppkt->answers = GNUNET_malloc (ancount * sizeof (struct dns_record *)); - ppkt->nameservers = GNUNET_malloc (nscount * sizeof (struct dns_record *)); - ppkt->additional = GNUNET_malloc (arcount * sizeof (struct dns_record *)); +/** + * Parse a DNS MX record. + * + * @param udp_payload reference to UDP packet + * @param udp_payload_length length of @a udp_payload + * @param off pointer to the offset of the query to parse in the MX record (to be + * incremented by the size of the record), unchanged on error + * @return the parsed MX record, NULL on error + */ +struct GNUNET_DNSPARSER_MxRecord * +GNUNET_DNSPARSER_parse_mx (const char *udp_payload, + size_t udp_payload_length, + size_t *off) +{ + struct GNUNET_DNSPARSER_MxRecord *mx; + uint16_t mxpref; + size_t old_off; - unsigned short idx = 0, _idx; /* This keeps track how far we have parsed the data */ + old_off = *off; + if (*off + sizeof (uint16_t) > udp_payload_length) + { + GNUNET_break_op (0); + return NULL; + } + memcpy (&mxpref, &udp_payload[*off], sizeof (uint16_t)); + (*off) += sizeof (uint16_t); + mx = GNUNET_new (struct GNUNET_DNSPARSER_MxRecord); + mx->preference = ntohs (mxpref); + mx->mxhost = GNUNET_DNSPARSER_parse_name (udp_payload, + udp_payload_length, + off); + if (NULL == mx->mxhost) + { + GNUNET_break_op (0); + GNUNET_DNSPARSER_free_mx (mx); + *off = old_off; + return NULL; + } + return mx; +} - /* Parse the Query */ - int i; - for (i = 0; i < qdcount; i++) - { /*{{{ */ - ppkt->queries[i] = GNUNET_malloc (sizeof (struct dns_query)); - char *name = alloca (255); /* see RFC1035, it can't be more than this. */ +/** + * Parse a DNS SRV record. + * + * @param udp_payload reference to UDP packet + * @param udp_payload_length length of @a udp_payload + * @param off pointer to the offset of the query to parse in the SRV record (to be + * incremented by the size of the record), unchanged on error + * @return the parsed SRV record, NULL on error + */ +struct GNUNET_DNSPARSER_SrvRecord * +GNUNET_DNSPARSER_parse_srv (const char *udp_payload, + size_t udp_payload_length, + size_t *off) +{ + struct GNUNET_DNSPARSER_SrvRecord *srv; + struct GNUNET_TUN_DnsSrvRecord srv_bin; + size_t old_off; + + old_off = *off; + if (*off + sizeof (struct GNUNET_TUN_DnsSrvRecord) > udp_payload_length) + return NULL; + memcpy (&srv_bin, + &udp_payload[*off], + sizeof (struct GNUNET_TUN_DnsSrvRecord)); + (*off) += sizeof (struct GNUNET_TUN_DnsSrvRecord); + srv = GNUNET_new (struct GNUNET_DNSPARSER_SrvRecord); + srv->priority = ntohs (srv_bin.prio); + srv->weight = ntohs (srv_bin.weight); + srv->port = ntohs (srv_bin.port); + srv->target = GNUNET_DNSPARSER_parse_name (udp_payload, + udp_payload_length, + off); + if (NULL == srv->target) + { + GNUNET_DNSPARSER_free_srv (srv); + *off = old_off; + return NULL; + } + return srv; +} - _idx = parse_dns_name (name, pkt->data, idx); - ppkt->queries[i]->namelen = _idx - idx; - idx = _idx; - ppkt->queries[i]->name = GNUNET_malloc (ppkt->queries[i]->namelen); - memcpy (ppkt->queries[i]->name, name, ppkt->queries[i]->namelen); +/** + * Parse a DNS CERT record. + * + * @param udp_payload reference to UDP packet + * @param udp_payload_length length of @a udp_payload + * @param off pointer to the offset of the query to parse in the CERT record (to be + * incremented by the size of the record), unchanged on error + * @return the parsed CERT record, NULL on error + */ +struct GNUNET_DNSPARSER_CertRecord * +GNUNET_DNSPARSER_parse_cert (const char *udp_payload, + size_t udp_payload_length, + size_t *off) +{ + struct GNUNET_DNSPARSER_CertRecord *cert; + struct GNUNET_TUN_DnsCertRecord dcert; - ppkt->queries[i]->qtype = *((unsigned short *) (pkt->data + idx)); - idx += 2; - ppkt->queries[i]->qclass = *((unsigned short *) (pkt->data + idx)); - idx += 2; + if (*off + sizeof (struct GNUNET_TUN_DnsCertRecord) >= udp_payload_length) + { + GNUNET_break_op (0); + return NULL; } - /*}}} */ - idx = parse_dns_record (pkt->data, ppkt->answers, ancount, idx); - idx = parse_dns_record (pkt->data, ppkt->nameservers, nscount, idx); - idx = parse_dns_record (pkt->data, ppkt->additional, arcount, idx); - return ppkt; -} /*}}} */ - -static void -unparse_dns_name (char *dest, char *src, size_t len) + memcpy (&dcert, &udp_payload[*off], sizeof (struct GNUNET_TUN_DnsCertRecord)); + (*off) += sizeof (struct GNUNET_TUN_DnsCertRecord); + cert = GNUNET_new (struct GNUNET_DNSPARSER_CertRecord); + cert->cert_type = ntohs (dcert.cert_type); + cert->cert_tag = ntohs (dcert.cert_tag); + cert->algorithm = dcert.algorithm; + cert->certificate_size = udp_payload_length - (*off); + cert->certificate_data = GNUNET_malloc (cert->certificate_size); + memcpy (cert->certificate_data, + &udp_payload[*off], + cert->certificate_size); + (*off) += cert->certificate_size; + return cert; +} + + +/** + * Parse a DNS record entry. + * + * @param udp_payload entire UDP payload + * @param udp_payload_length length of @a udp_payload + * @param off pointer to the offset of the record to parse in the udp_payload (to be + * incremented by the size of the record) + * @param r where to write the record information + * @return #GNUNET_OK on success, #GNUNET_SYSERR if the record is malformed + */ +int +GNUNET_DNSPARSER_parse_record (const char *udp_payload, + size_t udp_payload_length, + size_t *off, + struct GNUNET_DNSPARSER_Record *r) { - char *b = dest; - char cnt = 0; + char *name; + struct GNUNET_TUN_DnsRecordLine rl; + size_t old_off; + uint16_t data_len; - dest++; - while (*src != 0) + name = GNUNET_DNSPARSER_parse_name (udp_payload, + udp_payload_length, + off); + if (NULL == name) + { + GNUNET_break_op (0); + return GNUNET_SYSERR; + } + r->name = name; + if (*off + sizeof (struct GNUNET_TUN_DnsRecordLine) > udp_payload_length) { - while (*src != '.' && *src != 0) + GNUNET_break_op (0); + return GNUNET_SYSERR; + } + memcpy (&rl, &udp_payload[*off], sizeof (rl)); + (*off) += sizeof (rl); + r->type = ntohs (rl.type); + r->dns_traffic_class = ntohs (rl.dns_traffic_class); + r->expiration_time = GNUNET_TIME_relative_to_absolute (GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, + ntohl (rl.ttl))); + data_len = ntohs (rl.data_len); + if (*off + data_len > udp_payload_length) + { + GNUNET_break_op (0); + return GNUNET_SYSERR; + } + old_off = *off; + switch (r->type) + { + case GNUNET_DNSPARSER_TYPE_NS: + case GNUNET_DNSPARSER_TYPE_CNAME: + case GNUNET_DNSPARSER_TYPE_PTR: + r->data.hostname = GNUNET_DNSPARSER_parse_name (udp_payload, + udp_payload_length, + off); + if ( (NULL == r->data.hostname) || + (old_off + data_len != *off) ) + return GNUNET_SYSERR; + return GNUNET_OK; + case GNUNET_DNSPARSER_TYPE_SOA: + r->data.soa = GNUNET_DNSPARSER_parse_soa (udp_payload, + udp_payload_length, + off); + if ( (NULL == r->data.soa) || + (old_off + data_len != *off) ) + { + GNUNET_break_op (0); + return GNUNET_SYSERR; + } + return GNUNET_OK; + case GNUNET_DNSPARSER_TYPE_MX: + r->data.mx = GNUNET_DNSPARSER_parse_mx (udp_payload, + udp_payload_length, + off); + if ( (NULL == r->data.mx) || + (old_off + data_len != *off) ) + { + GNUNET_break_op (0); + return GNUNET_SYSERR; + } + return GNUNET_OK; + case GNUNET_DNSPARSER_TYPE_SRV: + r->data.srv = GNUNET_DNSPARSER_parse_srv (udp_payload, + udp_payload_length, + off); + if ( (NULL == r->data.srv) || + (old_off + data_len != *off) ) { - *dest = *src; - src++; - dest++; - cnt++; + GNUNET_break_op (0); + return GNUNET_SYSERR; } - *b = cnt; - cnt = 0; - b = dest; - dest++; - src++; + return GNUNET_OK; + default: + r->data.raw.data = GNUNET_malloc (data_len); + r->data.raw.data_len = data_len; + memcpy (r->data.raw.data, &udp_payload[*off], data_len); + break; } - *b = 0; + (*off) += data_len; + return GNUNET_OK; } -struct dns_pkt * -unparse_dns_packet (struct dns_pkt_parsed *ppkt) -{ - size_t size = sizeof (struct dns_pkt) - 1; - int i; - for (i = 0; i < ntohs (ppkt->s.qdcount); i++) - size += ppkt->queries[i]->namelen + 1; +/** + * Parse a UDP payload of a DNS packet in to a nice struct for further + * processing and manipulation. + * + * @param udp_payload wire-format of the DNS packet + * @param udp_payload_length number of bytes in @a udp_payload + * @return NULL on error, otherwise the parsed packet + */ +struct GNUNET_DNSPARSER_Packet * +GNUNET_DNSPARSER_parse (const char *udp_payload, + size_t udp_payload_length) +{ + struct GNUNET_DNSPARSER_Packet *p; + const struct GNUNET_TUN_DnsHeader *dns; + size_t off; + unsigned int n; + unsigned int i; - for (i = 0; i < ntohs (ppkt->s.ancount); i++) + if (udp_payload_length < sizeof (struct GNUNET_TUN_DnsHeader)) + return NULL; + dns = (const struct GNUNET_TUN_DnsHeader *) udp_payload; + off = sizeof (struct GNUNET_TUN_DnsHeader); + p = GNUNET_new (struct GNUNET_DNSPARSER_Packet); + p->flags = dns->flags; + p->id = dns->id; + n = ntohs (dns->query_count); + if (n > 0) + { + p->queries = GNUNET_malloc (n * sizeof (struct GNUNET_DNSPARSER_Query)); + p->num_queries = n; + for (i=0;iqueries[i])) + goto error; + } + n = ntohs (dns->answer_rcount); + if (n > 0) { - size += ppkt->answers[i]->namelen + 1; - size += ppkt->answers[i]->data_len; + p->answers = GNUNET_malloc (n * sizeof (struct GNUNET_DNSPARSER_Record)); + p->num_answers = n; + for (i=0;ianswers[i])) + goto error; } - for (i = 0; i < ntohs (ppkt->s.nscount); i++) + n = ntohs (dns->authority_rcount); + if (n > 0) { - size += ppkt->nameservers[i]->namelen + 1; - size += ppkt->nameservers[i]->data_len; + p->authority_records = GNUNET_malloc (n * sizeof (struct GNUNET_DNSPARSER_Record)); + p->num_authority_records = n; + for (i=0;iauthority_records[i])) + goto error; } - for (i = 0; i < ntohs (ppkt->s.arcount); i++) + n = ntohs (dns->additional_rcount); + if (n > 0) { - size += ppkt->additional[i]->namelen + 1; - size += ppkt->additional[i]->data_len; + p->additional_records = GNUNET_malloc (n * sizeof (struct GNUNET_DNSPARSER_Record)); + p->num_additional_records = n; + for (i=0;iadditional_records[i])) + goto error; } + return p; + error: + GNUNET_break_op (0); + GNUNET_DNSPARSER_free_packet (p); + return NULL; +} - size += - 4 * ntohs (ppkt->s.qdcount) + 10 * (ntohs (ppkt->s.ancount) + - ntohs (ppkt->s.arcount) + - ntohs (ppkt->s.nscount)); - struct dns_pkt *pkt = GNUNET_malloc (size); - char *pkt_c = (char *) pkt; +/** + * Free memory taken by a packet. + * + * @param p packet to free + */ +void +GNUNET_DNSPARSER_free_packet (struct GNUNET_DNSPARSER_Packet *p) +{ + unsigned int i; + + for (i=0;inum_queries;i++) + GNUNET_free_non_null (p->queries[i].name); + GNUNET_free_non_null (p->queries); + for (i=0;inum_answers;i++) + GNUNET_DNSPARSER_free_record (&p->answers[i]); + GNUNET_free_non_null (p->answers); + for (i=0;inum_authority_records;i++) + GNUNET_DNSPARSER_free_record (&p->authority_records[i]); + GNUNET_free_non_null (p->authority_records); + for (i=0;inum_additional_records;i++) + GNUNET_DNSPARSER_free_record (&p->additional_records[i]); + GNUNET_free_non_null (p->additional_records); + GNUNET_free (p); +} + + +/* ********************** DNS packet assembly code **************** */ + + +/** + * Add a DNS name to the UDP packet at the given location, converting + * the name to IDNA notation as necessary. + * + * @param dst where to write the name (UDP packet) + * @param dst_len number of bytes in @a dst + * @param off pointer to offset where to write the name (increment by bytes used) + * must not be changed if there is an error + * @param name name to write + * @return #GNUNET_SYSERR if @a name is invalid + * #GNUNET_NO if @a name did not fit + * #GNUNET_OK if @a name was added to @a dst + */ +int +GNUNET_DNSPARSER_builder_add_name (char *dst, + size_t dst_len, + size_t *off, + const char *name) +{ + const char *dot; + const char *idna_name; + char *idna_start; + size_t start; + size_t pos; + size_t len; + Idna_rc rc; - memcpy (&pkt->s, &ppkt->s, sizeof ppkt->s); - size_t idx = sizeof ppkt->s; + if (NULL == name) + return GNUNET_SYSERR; - for (i = 0; i < ntohs (ppkt->s.qdcount); i++) + if (IDNA_SUCCESS != + (rc = idna_to_ascii_8z (name, &idna_start, IDNA_ALLOW_UNASSIGNED))) { - unparse_dns_name (&pkt_c[idx], ppkt->queries[i]->name, - ppkt->queries[i]->namelen); - idx += ppkt->queries[i]->namelen; - struct dns_query_line *d = (struct dns_query_line *) &pkt_c[idx]; - - d->class = ppkt->queries[i]->qclass; - d->type = ppkt->queries[i]->qtype; - idx += sizeof (struct dns_query_line); + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + _("Failed to convert UTF-8 name `%s' to DNS IDNA format: %s\n"), + name, + idna_strerror (rc)); + return GNUNET_NO; } - - for (i = 0; i < ntohs (ppkt->s.ancount); i++) + idna_name = idna_start; + start = *off; + if (start + strlen (idna_name) + 2 > dst_len) + goto fail; + pos = start; + do { - unparse_dns_name (&pkt_c[idx], ppkt->answers[i]->name, - ppkt->answers[i]->namelen); - idx += ppkt->answers[i]->namelen; - struct dns_record_line *r = (struct dns_record_line *) &pkt_c[idx]; - - r->type = ppkt->answers[i]->type; - r->class = ppkt->answers[i]->class; - r->ttl = ppkt->answers[i]->ttl; - r->data_len = ppkt->answers[i]->data_len; - idx += sizeof (struct dns_record_line); - memcpy (&r->data, ppkt->answers[i]->data, ppkt->answers[i]->data_len); - idx += ppkt->answers[i]->data_len; + dot = strchr (idna_name, '.'); + if (NULL == dot) + len = strlen (idna_name); + else + len = dot - idna_name; + if ( (len >= 64) || (0 == len) ) + { + GNUNET_break (0); + goto fail; /* segment too long or empty */ + } + dst[pos++] = (char) (uint8_t) len; + memcpy (&dst[pos], idna_name, len); + pos += len; + idna_name += len + 1; /* also skip dot */ } + while (NULL != dot); + dst[pos++] = '\0'; /* terminator */ + *off = pos; +#if WINDOWS + idn_free (idna_start); +#else + free (idna_start); +#endif + return GNUNET_OK; + fail: +#if WINDOWS + idn_free (idna_start); +#else + free (idna_start); +#endif + return GNUNET_NO; +} + + +/** + * Add a DNS query to the UDP packet at the given location. + * + * @param dst where to write the query + * @param dst_len number of bytes in @a dst + * @param off pointer to offset where to write the query (increment by bytes used) + * must not be changed if there is an error + * @param query query to write + * @return #GNUNET_SYSERR if @a query is invalid + * #GNUNET_NO if @a query did not fit + * #GNUNET_OK if @a query was added to @a dst + */ +int +GNUNET_DNSPARSER_builder_add_query (char *dst, + size_t dst_len, + size_t *off, + const struct GNUNET_DNSPARSER_Query *query) +{ + int ret; + struct GNUNET_TUN_DnsQueryLine ql; + + ret = GNUNET_DNSPARSER_builder_add_name (dst, dst_len - sizeof (struct GNUNET_TUN_DnsQueryLine), off, query->name); + if (ret != GNUNET_OK) + return ret; + ql.type = htons (query->type); + ql.dns_traffic_class = htons (query->dns_traffic_class); + memcpy (&dst[*off], &ql, sizeof (ql)); + (*off) += sizeof (ql); + return GNUNET_OK; +} + + +/** + * Add an MX record to the UDP packet at the given location. + * + * @param dst where to write the mx record + * @param dst_len number of bytes in @a dst + * @param off pointer to offset where to write the mx information (increment by bytes used); + * can also change if there was an error + * @param mx mx information to write + * @return #GNUNET_SYSERR if @a mx is invalid + * #GNUNET_NO if @a mx did not fit + * #GNUNET_OK if @a mx was added to @a dst + */ +int +GNUNET_DNSPARSER_builder_add_mx (char *dst, + size_t dst_len, + size_t *off, + const struct GNUNET_DNSPARSER_MxRecord *mx) +{ + uint16_t mxpref; + + if (*off + sizeof (uint16_t) > dst_len) + return GNUNET_NO; + mxpref = htons (mx->preference); + memcpy (&dst[*off], &mxpref, sizeof (mxpref)); + (*off) += sizeof (mxpref); + return GNUNET_DNSPARSER_builder_add_name (dst, dst_len, off, mx->mxhost); +} + - for (i = 0; i < ntohs (ppkt->s.nscount); i++) +/** + * Add a CERT record to the UDP packet at the given location. + * + * @param dst where to write the CERT record + * @param dst_len number of bytes in @a dst + * @param off pointer to offset where to write the CERT information (increment by bytes used); + * can also change if there was an error + * @param cert CERT information to write + * @return #GNUNET_SYSERR if @a cert is invalid + * #GNUNET_NO if @a cert did not fit + * #GNUNET_OK if @a cert was added to @a dst + */ +int +GNUNET_DNSPARSER_builder_add_cert (char *dst, + size_t dst_len, + size_t *off, + const struct GNUNET_DNSPARSER_CertRecord *cert) +{ + struct GNUNET_TUN_DnsCertRecord dcert; + + if ( (cert->cert_type > UINT16_MAX) || + (cert->cert_tag > UINT16_MAX) || + (cert->algorithm > UINT8_MAX) ) { - unparse_dns_name (&pkt_c[idx], ppkt->nameservers[i]->name, - ppkt->nameservers[i]->namelen); - idx += ppkt->nameservers[i]->namelen; - struct dns_record_line *r = (struct dns_record_line *) &pkt_c[idx]; - - r->type = ppkt->nameservers[i]->type; - r->class = ppkt->nameservers[i]->class; - r->ttl = ppkt->nameservers[i]->ttl; - r->data_len = ppkt->nameservers[i]->data_len; - idx += sizeof (struct dns_record_line); - memcpy (&r->data, ppkt->nameservers[i]->data, - ppkt->nameservers[i]->data_len); - idx += ppkt->nameservers[i]->data_len; + GNUNET_break (0); + return GNUNET_SYSERR; } + if (*off + sizeof (struct GNUNET_TUN_DnsCertRecord) + cert->certificate_size > dst_len) + return GNUNET_NO; + dcert.cert_type = htons ((uint16_t) cert->cert_type); + dcert.cert_tag = htons ((uint16_t) cert->cert_tag); + dcert.algorithm = (uint8_t) cert->algorithm; + memcpy (&dst[*off], &dcert, sizeof (dcert)); + (*off) += sizeof (dcert); + memcpy (&dst[*off], cert->certificate_data, cert->certificate_size); + (*off) += cert->certificate_size; + return GNUNET_OK; +} + + +/** + * Add an SOA record to the UDP packet at the given location. + * + * @param dst where to write the SOA record + * @param dst_len number of bytes in @a dst + * @param off pointer to offset where to write the SOA information (increment by bytes used) + * can also change if there was an error + * @param soa SOA information to write + * @return #GNUNET_SYSERR if @a soa is invalid + * #GNUNET_NO if @a soa did not fit + * #GNUNET_OK if @a soa was added to @a dst + */ +int +GNUNET_DNSPARSER_builder_add_soa (char *dst, + size_t dst_len, + size_t *off, + const struct GNUNET_DNSPARSER_SoaRecord *soa) +{ + struct GNUNET_TUN_DnsSoaRecord sd; + int ret; + + if ( (GNUNET_OK != (ret = GNUNET_DNSPARSER_builder_add_name (dst, + dst_len, + off, + soa->mname))) || + (GNUNET_OK != (ret = GNUNET_DNSPARSER_builder_add_name (dst, + dst_len, + off, + soa->rname)) ) ) + return ret; + if (*off + sizeof (struct GNUNET_TUN_DnsSoaRecord) > dst_len) + return GNUNET_NO; + sd.serial = htonl (soa->serial); + sd.refresh = htonl (soa->refresh); + sd.retry = htonl (soa->retry); + sd.expire = htonl (soa->expire); + sd.minimum = htonl (soa->minimum_ttl); + memcpy (&dst[*off], &sd, sizeof (sd)); + (*off) += sizeof (sd); + return GNUNET_OK; +} + + +/** + * Add an SRV record to the UDP packet at the given location. + * + * @param dst where to write the SRV record + * @param dst_len number of bytes in @a dst + * @param off pointer to offset where to write the SRV information (increment by bytes used) + * can also change if there was an error + * @param srv SRV information to write + * @return #GNUNET_SYSERR if @a srv is invalid + * #GNUNET_NO if @a srv did not fit + * #GNUNET_OK if @a srv was added to @a dst + */ +int +GNUNET_DNSPARSER_builder_add_srv (char *dst, + size_t dst_len, + size_t *off, + const struct GNUNET_DNSPARSER_SrvRecord *srv) +{ + struct GNUNET_TUN_DnsSrvRecord sd; + int ret; + + if (*off + sizeof (struct GNUNET_TUN_DnsSrvRecord) > dst_len) + return GNUNET_NO; + sd.prio = htons (srv->priority); + sd.weight = htons (srv->weight); + sd.port = htons (srv->port); + memcpy (&dst[*off], &sd, sizeof (sd)); + (*off) += sizeof (sd); + if (GNUNET_OK != (ret = GNUNET_DNSPARSER_builder_add_name (dst, + dst_len, + off, + srv->target))) + return ret; + return GNUNET_OK; +} + - for (i = 0; i < ntohs (ppkt->s.arcount); i++) +/** + * Add a DNS record to the UDP packet at the given location. + * + * @param dst where to write the query + * @param dst_len number of bytes in @a dst + * @param off pointer to offset where to write the query (increment by bytes used) + * must not be changed if there is an error + * @param record record to write + * @return #GNUNET_SYSERR if @a record is invalid + * #GNUNET_NO if @a record did not fit + * #GNUNET_OK if @a record was added to @a dst + */ +static int +add_record (char *dst, + size_t dst_len, + size_t *off, + const struct GNUNET_DNSPARSER_Record *record) +{ + int ret; + size_t start; + size_t pos; + struct GNUNET_TUN_DnsRecordLine rl; + + start = *off; + ret = GNUNET_DNSPARSER_builder_add_name (dst, + dst_len - sizeof (struct GNUNET_TUN_DnsRecordLine), + off, + record->name); + if (GNUNET_OK != ret) + return ret; + /* '*off' is now the position where we will need to write the record line */ + + pos = *off + sizeof (struct GNUNET_TUN_DnsRecordLine); + switch (record->type) + { + case GNUNET_DNSPARSER_TYPE_MX: + ret = GNUNET_DNSPARSER_builder_add_mx (dst, dst_len, &pos, record->data.mx); + break; + case GNUNET_DNSPARSER_TYPE_CERT: + ret = GNUNET_DNSPARSER_builder_add_cert (dst, dst_len, &pos, record->data.cert); + break; + case GNUNET_DNSPARSER_TYPE_SOA: + ret = GNUNET_DNSPARSER_builder_add_soa (dst, dst_len, &pos, record->data.soa); + break; + case GNUNET_DNSPARSER_TYPE_NS: + case GNUNET_DNSPARSER_TYPE_CNAME: + case GNUNET_DNSPARSER_TYPE_PTR: + ret = GNUNET_DNSPARSER_builder_add_name (dst, dst_len, &pos, record->data.hostname); + break; + case GNUNET_DNSPARSER_TYPE_SRV: + ret = GNUNET_DNSPARSER_builder_add_srv (dst, dst_len, &pos, record->data.srv); + break; + default: + if (pos + record->data.raw.data_len > dst_len) + { + ret = GNUNET_NO; + break; + } + memcpy (&dst[pos], record->data.raw.data, record->data.raw.data_len); + pos += record->data.raw.data_len; + ret = GNUNET_OK; + break; + } + if (GNUNET_OK != ret) { - unparse_dns_name (&pkt_c[idx], ppkt->additional[i]->name, - ppkt->additional[i]->namelen); - idx += ppkt->additional[i]->namelen; - struct dns_record_line *r = (struct dns_record_line *) &pkt_c[idx]; - - r->type = ppkt->additional[i]->type; - r->class = ppkt->additional[i]->class; - r->ttl = ppkt->additional[i]->ttl; - r->data_len = ppkt->additional[i]->data_len; - idx += sizeof (struct dns_record_line); - memcpy (&r->data, ppkt->additional[i]->data, ppkt->additional[i]->data_len); - idx += ppkt->additional[i]->data_len; + *off = start; + return GNUNET_NO; } - return pkt; + if (pos - (*off + sizeof (struct GNUNET_TUN_DnsRecordLine)) > UINT16_MAX) + { + /* record data too long */ + *off = start; + return GNUNET_NO; + } + rl.type = htons (record->type); + rl.dns_traffic_class = htons (record->dns_traffic_class); + rl.ttl = htonl (GNUNET_TIME_absolute_get_remaining (record->expiration_time).rel_value_us / 1000LL / 1000LL); /* in seconds */ + rl.data_len = htons ((uint16_t) (pos - (*off + sizeof (struct GNUNET_TUN_DnsRecordLine)))); + memcpy (&dst[*off], &rl, sizeof (struct GNUNET_TUN_DnsRecordLine)); + *off = pos; + return GNUNET_OK; } -void -free_parsed_dns_packet (struct dns_pkt_parsed *ppkt) + +/** + * Given a DNS packet @a p, generate the corresponding UDP payload. + * Note that we do not attempt to pack the strings with pointers + * as this would complicate the code and this is about being + * simple and secure, not fast, fancy and broken like bind. + * + * @param p packet to pack + * @param max maximum allowed size for the resulting UDP payload + * @param buf set to a buffer with the packed message + * @param buf_length set to the length of @a buf + * @return #GNUNET_SYSERR if @a p is invalid + * #GNUNET_NO if @a p was truncated (but there is still a result in @a buf) + * #GNUNET_OK if @a p was packed completely into @a buf + */ +int +GNUNET_DNSPARSER_pack (const struct GNUNET_DNSPARSER_Packet *p, + uint16_t max, + char **buf, + size_t *buf_length) { - unsigned short qdcount = ntohs (ppkt->s.qdcount); - unsigned short ancount = ntohs (ppkt->s.ancount); - unsigned short nscount = ntohs (ppkt->s.nscount); - unsigned short arcount = ntohs (ppkt->s.arcount); + struct GNUNET_TUN_DnsHeader dns; + size_t off; + char tmp[max]; + unsigned int i; + int ret; + int trc; - int i; + if ( (p->num_queries > UINT16_MAX) || + (p->num_answers > UINT16_MAX) || + (p->num_authority_records > UINT16_MAX) || + (p->num_additional_records > UINT16_MAX) ) + return GNUNET_SYSERR; + dns.id = p->id; + dns.flags = p->flags; + dns.query_count = htons (p->num_queries); + dns.answer_rcount = htons (p->num_answers); + dns.authority_rcount = htons (p->num_authority_records); + dns.additional_rcount = htons (p->num_additional_records); - for (i = 0; i < qdcount; i++) + off = sizeof (struct GNUNET_TUN_DnsHeader); + trc = GNUNET_NO; + for (i=0;inum_queries;i++) { - GNUNET_free (ppkt->queries[i]->name); - GNUNET_free (ppkt->queries[i]); + ret = GNUNET_DNSPARSER_builder_add_query (tmp, sizeof (tmp), &off, &p->queries[i]); + if (GNUNET_SYSERR == ret) + return GNUNET_SYSERR; + if (GNUNET_NO == ret) + { + dns.query_count = htons ((uint16_t) (i-1)); + trc = GNUNET_YES; + break; + } } - GNUNET_free (ppkt->queries); - for (i = 0; i < ancount; i++) + for (i=0;inum_answers;i++) { - GNUNET_free (ppkt->answers[i]->name); - GNUNET_free (ppkt->answers[i]->data); - GNUNET_free (ppkt->answers[i]); + ret = add_record (tmp, sizeof (tmp), &off, &p->answers[i]); + if (GNUNET_SYSERR == ret) + return GNUNET_SYSERR; + if (GNUNET_NO == ret) + { + dns.answer_rcount = htons ((uint16_t) (i-1)); + trc = GNUNET_YES; + break; + } } - GNUNET_free (ppkt->answers); - for (i = 0; i < nscount; i++) + for (i=0;inum_authority_records;i++) { - GNUNET_free (ppkt->nameservers[i]->name); - GNUNET_free (ppkt->nameservers[i]->data); - GNUNET_free (ppkt->nameservers[i]); + ret = add_record (tmp, sizeof (tmp), &off, &p->authority_records[i]); + if (GNUNET_SYSERR == ret) + return GNUNET_SYSERR; + if (GNUNET_NO == ret) + { + dns.authority_rcount = htons ((uint16_t) (i-1)); + trc = GNUNET_YES; + break; + } } - GNUNET_free (ppkt->nameservers); - for (i = 0; i < arcount; i++) + for (i=0;inum_additional_records;i++) + { + ret = add_record (tmp, sizeof (tmp), &off, &p->additional_records[i]); + if (GNUNET_SYSERR == ret) + return GNUNET_SYSERR; + if (GNUNET_NO == ret) + { + dns.additional_rcount = htons (i-1); + trc = GNUNET_YES; + break; + } + } + + if (GNUNET_YES == trc) + dns.flags.message_truncated = 1; + memcpy (tmp, &dns, sizeof (struct GNUNET_TUN_DnsHeader)); + + *buf = GNUNET_malloc (off); + *buf_length = off; + memcpy (*buf, tmp, off); + if (GNUNET_YES == trc) + return GNUNET_NO; + return GNUNET_OK; +} + + +/** + * Convert a block of binary data to HEX. + * + * @param data binary data to convert + * @param data_size number of bytes in @a data + * @return HEX string (lower case) + */ +char * +GNUNET_DNSPARSER_bin_to_hex (const void *data, + size_t data_size) +{ + char *ret; + size_t off; + const uint8_t *idata; + + idata = data; + ret = GNUNET_malloc (data_size * 2 + 1); + for (off = 0; off < data_size; off++) + sprintf (&ret[off * 2], + "%02x", + idata[off]); + return ret; +} + + +/** + * Convert a HEX string to block of binary data. + * + * @param hex HEX string to convert (may contain mixed case) + * @param data where to write result, must be + * at least `strlen(hex)/2` bytes long + * @return number of bytes written to data + */ +size_t +GNUNET_DNSPARSER_hex_to_bin (const char *hex, + void *data) +{ + size_t data_size; + size_t off; + uint8_t *idata; + unsigned int h; + char in[3]; + + data_size = strlen (hex) / 2; + idata = data; + in[2] = '\0'; + for (off = 0; off < data_size; off++) { - GNUNET_free (ppkt->additional[i]->name); - GNUNET_free (ppkt->additional[i]->data); - GNUNET_free (ppkt->additional[i]); + in[0] = tolower ((int) hex[off * 2]); + in[1] = tolower ((int) hex[off * 2 + 1]); + if (1 != sscanf (in, "%x", &h)) + return off; + idata[off] = (uint8_t) h; } - GNUNET_free (ppkt->additional); - GNUNET_free (ppkt); + return off; } + + +/* end of dnsparser.c */