dnsd: fixes various segfaults.

One was a lib api change that was not updated and another
is a stack buffer overflow.
It also adds support for '*' in dnsd.conf. It resolves all hostnames to
a specific ip address. This is useful if you for example want redirect
all http traffic to your first-boot-web-wizard on you router/firewall.

By Timo Teras

diff --git a/libbb/udp_io.c b/libbb/udp_io.c
index 689c39a828edb39a48d5635e858a02f004e0f8cf..c99e516434bbd4ec50a69b1f836bf2ac0aed1d28 100644 (file)
--- a/libbb/udp_io.c
+++ b/libbb/udp_io.c
@@ -36,11 +36,12 @@ send_to_from(int fd, void *buf, size_t len, int flags,
 #else
        struct iovec iov[1];
        struct msghdr msg;
-       char cbuf[sizeof(struct in_pktinfo)
+       union {
+               char cmsg[CMSG_SPACE(sizeof(struct in_pktinfo))];
 #if ENABLE_FEATURE_IPV6 && defined(IPV6_PKTINFO)
-               | sizeof(struct in6_pktinfo) /* (a|b) is poor man's max(a,b) */
+               char cmsg6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
 #endif
-       ];
+       } u;
        struct cmsghdr* cmsgptr;
 
        if (from->sa_family != AF_INET
@@ -57,15 +58,15 @@ send_to_from(int fd, void *buf, size_t len, int flags,
        iov[0].iov_base = buf;
        iov[0].iov_len = len;
 
-       memset(cbuf, 0, sizeof(cbuf));
+       memset(&u, 0, sizeof(u));
 
        memset(&msg, 0, sizeof(msg));
        msg.msg_name = (void *)(struct sockaddr *)to; /* or compiler will annoy us */
        msg.msg_namelen = tolen;
        msg.msg_iov = iov;
        msg.msg_iovlen = 1;
-       msg.msg_control = cbuf;
-       msg.msg_controllen = sizeof(cbuf);
+       msg.msg_control = &u;
+       msg.msg_controllen = sizeof(u);
        msg.msg_flags = flags;
 
        cmsgptr = CMSG_FIRSTHDR(&msg);
@@ -89,6 +90,8 @@ send_to_from(int fd, void *buf, size_t len, int flags,
                pktptr->ipi6_addr = ((struct sockaddr_in6*)from)->sin6_addr;
        }
 #endif
+       msg.msg_controllen = cmsgptr->cmsg_len;
+
        return sendmsg(fd, &msg, flags);
 #endif
 }
@@ -109,7 +112,9 @@ recv_from_to(int fd, void *buf, size_t len, int flags,
        struct iovec iov[1];
        union {
                char cmsg[CMSG_SPACE(sizeof(struct in_pktinfo))];
+#if ENABLE_FEATURE_IPV6 && defined(IPV6_PKTINFO)
                char cmsg6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
+#endif
        } u;
        struct cmsghdr *cmsgptr;
        struct msghdr msg;

diff --git a/networking/dnsd.c b/networking/dnsd.c
index cb62d2081ed5268af4770911e6cf0f8b4bde72b0..97ba2dc6afb2c07d9fca80710709c6d624e603f5 100644 (file)
--- a/networking/dnsd.c
+++ b/networking/dnsd.c
@@ -194,7 +194,8 @@ static int table_lookup(uint16_t type, uint8_t * as, uint8_t * qs)
                        for (i = 1; i <= (int)(d->name[0]); i++)
                                if (tolower(qs[i]) != d->name[i])
                                        break;
-                       if (i > (int)(d->name[0])) {
+                       if (i > (int)(d->name[0]) ||
+                           (d->name[0] == 1 && d->name[1] == '*')) {
                                strcpy((char *)as, d->ip);
 #if DEBUG
                                fprintf(stderr, " OK as:%s\n", as);
@@ -202,7 +203,8 @@ static int table_lookup(uint16_t type, uint8_t * as, uint8_t * qs)
                                return 0;
                        }
                } else if (type == REQ_PTR) { /* search by IP-address */
-                       if (!strncmp((char*)&d->rip[1], (char*)&qs[1], strlen(d->rip)-1)) {
+                       if ((d->name[0] != 1 || d->name[1] != '*') &&
+                           !strncmp((char*)&d->rip[1], (char*)&qs[1], strlen(d->rip)-1)) {
                                strcpy((char *)as, d->name);
                                return 0;
                        }
@@ -401,7 +403,7 @@ int dnsd_main(int argc ATTRIBUTE_UNUSED, char **argv)
                r = process_packet(buf);
                if (r <= 0)
                        continue;
-               send_to_from(udps, buf, r, 0, &to->u.sa, &from->u.sa, lsa->len);
+               send_to_from(udps, buf, r, 0, &from->u.sa, &to->u.sa, lsa->len);
        }
        return 0;
 }