Commit 2bd3895c authored by Milan P. Stanić's avatar Milan P. Stanić

main/musl: backport fix for AD bit in res_mkquery

ref #11455
parent b553aeef
Pipeline #19153 passed with stages
in 2 minutes and 34 seconds
......@@ -2,7 +2,7 @@
# Maintainer: Timo Teräs <timo.teras@iki.fi>
pkgname=musl
pkgver=1.1.24
pkgrel=2
pkgrel=3
pkgdesc="the musl c library (libc) implementation"
url="https://musl.libc.org/"
arch="all"
......@@ -26,6 +26,7 @@ source="https://musl.libc.org/releases/musl-$pkgver.tar.gz
fix-incorrect-results-for-catanf-and-catanl-with-som.patch
fix-return-value-of-ungetc-when-argument-is-outside-.patch
fix-errno-for-posix_openpt-with-no-free-ptys-availab.patch
set-AD-bit-in-dns-queries-suppress-for-internal-use.patch
ldconfig
__stack_chk_fail_local.c
......@@ -175,6 +176,7 @@ sha512sums="8987f1e194ea616f34f4f21fe9def28fb7f81d7060e38619206c6349f79db3bbb76b
41934951bbc16f155d40824abf30d818b4c124f668f74f5a13674b5251650bb9d9bf9fde0b75462bb2a4b80dc00871ba122960fa027998e71970d533df1cb987 fix-incorrect-results-for-catanf-and-catanl-with-som.patch
81bddb171fc2171a7aa86e74bf674e3a99508d27416dfc1cfcf2824f17b33ee7dda7c5968a8a69a542fdd6eecded5b8e3973e81079d9a061aa80142d08fc1a90 fix-return-value-of-ungetc-when-argument-is-outside-.patch
144b4525483cbc97f0414955b7e5ce42c9ff69580e5be714b56330da30b0687911bd6019aef3c8611bd0a5bd7671d690b66b4920ae47cf3442a1c982ed000e22 fix-errno-for-posix_openpt-with-no-free-ptys-availab.patch
dd46ef77b71d34b6207611be59dd4555b4e53fd7169732b9e5ee9a66f1e8da69fcca6634f895b9d34d8861d37ac0eaa86618f5f3f3a81cf9c47321d1c5d37ee5 set-AD-bit-in-dns-queries-suppress-for-internal-use.patch
8d3a2d5315fc56fee7da9abb8b89bb38c6046c33d154c10d168fb35bfde6b0cf9f13042a3bceee34daf091bc409d699223735dcf19f382eeee1f6be34154f26f ldconfig
062bb49fa54839010acd4af113e20f7263dde1c8a2ca359b5fb2661ef9ed9d84a0f7c3bc10c25dcfa10bb3c5a4874588dff636ac43d5dbb3d748d75400756d0b __stack_chk_fail_local.c
0d80f37b34a35e3d14b012257c50862dfeb9d2c81139ea2dfa101d981d093b009b9fa450ba27a708ac59377a48626971dfc58e20a3799084a65777a0c32cbc7d getconf.c
......
From fd7ec068efd590c0393a612599a4fab9bb0a8633 Mon Sep 17 00:00:00 2001
From: Rich Felker <dalias@aerifal.cx>
Date: Mon, 18 May 2020 21:17:34 -0400
Subject: set AD bit in dns queries, suppress for internal use
the AD (authenticated data) bit in outgoing dns queries is defined by
rfc3655 to request that the nameserver report (via the same bit in the
response) whether the result is authenticated by DNSSEC. while all
results returned by a DNSSEC conforming nameserver will be either
authenticated or cryptographically proven to lack DNSSEC protection,
for some applications it's necessary to be able to distinguish these
two cases. in particular, conforming and compatible handling of DANE
(TLSA) records requires enforcing them only in signed zones.
when the AD bit was first defined for queries, there were reports of
compatibility problems with broken firewalls and nameservers dropping
queries with it set. these problems are probably a thing of the past,
and broken nameservers are already unsupported. however, since there
is no use in the AD bit with the netdb.h interfaces, explicitly clear
it in the queries they make. this ensures that, even with broken
setups, the standard functions will work, and at most the res_*
functions break.
---
src/network/getnameinfo.c | 1 +
src/network/lookup_name.c | 1 +
src/network/res_mkquery.c | 1 +
3 files changed, 3 insertions(+)
diff --git a/src/network/getnameinfo.c b/src/network/getnameinfo.c
index f77e73ad..949e1811 100644
--- a/src/network/getnameinfo.c
+++ b/src/network/getnameinfo.c
@@ -158,6 +158,7 @@ int getnameinfo(const struct sockaddr *restrict sa, socklen_t sl,
unsigned char query[18+PTR_MAX], reply[512];
int qlen = __res_mkquery(0, ptr, 1, RR_PTR,
0, 0, 0, query, sizeof query);
+ query[3] = 0; /* don't need AD flag */
int rlen = __res_send(query, qlen, reply, sizeof reply);
buf[0] = 0;
if (rlen > 0)
diff --git a/src/network/lookup_name.c b/src/network/lookup_name.c
index c93263a9..c4d994a1 100644
--- a/src/network/lookup_name.c
+++ b/src/network/lookup_name.c
@@ -149,6 +149,7 @@ static int name_from_dns(struct address buf[static MAXADDRS], char canon[static
0, 0, 0, qbuf[nq], sizeof *qbuf);
if (qlens[nq] == -1)
return EAI_NONAME;
+ qbuf[nq][3] = 0; /* don't need AD flag */
nq++;
}
}
diff --git a/src/network/res_mkquery.c b/src/network/res_mkquery.c
index 6fa04a5c..33f50cb9 100644
--- a/src/network/res_mkquery.c
+++ b/src/network/res_mkquery.c
@@ -20,6 +20,7 @@ int __res_mkquery(int op, const char *dname, int class, int type,
/* Construct query template - ID will be filled later */
memset(q, 0, n);
q[2] = op*8 + 1;
+ q[3] = 32; /* AD */
q[5] = 1;
memcpy((char *)q+13, dname, l);
for (i=13; q[i]; i=j+1) {
--
cgit v1.2.1
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment