Gitiles
Code Review Sign In
192.168.1.100 / T106_DC / 9ed821d7e5d875a3395740a9cc2545671fa429b7 / . / ap / app / dnsmasq / dnsmasq-2.86 / src / rfc1035.c
blob: 6fc4f2614492aa233b530bb2a65ab208e6692a24 [file] [log] [blame]
lh9ed821d2023-04-07 01:36:19 -0700[diff] [blame^]1/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
7
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
12
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
15*/
16
17#include "dnsmasq.h"
18
19int extract_name(struct dns_header *header, size_t plen, unsigned char **pp,
20 char *name, int isExtract, int extrabytes)
21{
22 unsigned char *cp = (unsigned char *)name, *p = *pp, *p1 = NULL;
23 unsigned int j, l, namelen = 0, hops = 0;
24 int retvalue = 1;
25
26 if (isExtract)
27 *cp = 0;
28
29 while (1)
30 {
31 unsigned int label_type;
32
33 if (!CHECK_LEN(header, p, plen, 1))
34 return 0;
35
36 if ((l = *p++) == 0)
37 /* end marker */
38 {
39 /* check that there are the correct no. of bytes after the name */
40 if (!CHECK_LEN(header, p1 ? p1 : p, plen, extrabytes))
41 return 0;
42
43 if (isExtract)
44 {
45 if (cp != (unsigned char *)name)
46 cp--;
47 *cp = 0; /* terminate: lose final period */
48 }
49 else if (*cp != 0)
50 retvalue = 2;
51
52 if (p1) /* we jumped via compression */
53 *pp = p1;
54 else
55 *pp = p;
56
57 return retvalue;
58 }
59
60 label_type = l & 0xc0;
61
62 if (label_type == 0xc0) /* pointer */
63 {
64 if (!CHECK_LEN(header, p, plen, 1))
65 return 0;
66
67 /* get offset */
68 l = (l&0x3f) << 8;
69 l |= *p++;
70
71 if (!p1) /* first jump, save location to go back to */
72 p1 = p;
73
74 hops++; /* break malicious infinite loops */
75 if (hops > 255)
76 return 0;
77
78 p = l + (unsigned char *)header;
79 }
80 else if (label_type == 0x00)
81 { /* label_type = 0 -> label. */
82 namelen += l + 1; /* include period */
83 if (namelen >= MAXDNAME)
84 return 0;
85 if (!CHECK_LEN(header, p, plen, l))
86 return 0;
87
88 for(j=0; j<l; j++, p++)
89 if (isExtract)
90 {
91 unsigned char c = *p;
92#ifdef HAVE_DNSSEC
93 if (option_bool(OPT_DNSSEC_VALID))
94 {
95 if (c == 0 || c == '.' || c == NAME_ESCAPE)
96 {
97 *cp++ = NAME_ESCAPE;
98 *cp++ = c+1;
99 }
100 else
101 *cp++ = c;
102 }
103 else
104#endif
105 if (c != 0 && c != '.')
106 *cp++ = c;
107 else
108 return 0;
109 }
110 else
111 {
112 unsigned char c1 = *cp, c2 = *p;
113
114 if (c1 == 0)
115 retvalue = 2;
116 else
117 {
118 cp++;
119 if (c1 >= 'A' && c1 <= 'Z')
120 c1 += 'a' - 'A';
121#ifdef HAVE_DNSSEC
122 if (option_bool(OPT_DNSSEC_VALID) && c1 == NAME_ESCAPE)
123 c1 = (*cp++)-1;
124#endif
125
126 if (c2 >= 'A' && c2 <= 'Z')
127 c2 += 'a' - 'A';
128
129 if (c1 != c2)
130 retvalue = 2;
131 }
132 }
133
134 if (isExtract)
135 *cp++ = '.';
136 else if (*cp != 0 && *cp++ != '.')
137 retvalue = 2;
138 }
139 else
140 return 0; /* label types 0x40 and 0x80 not supported */
141 }
142}
143
144/* Max size of input string (for IPv6) is 75 chars.) */
145#define MAXARPANAME 75
146int in_arpa_name_2_addr(char *namein, union all_addr *addrp)
147{
148 int j;
149 char name[MAXARPANAME+1], *cp1;
150 unsigned char *addr = (unsigned char *)addrp;
151 char *lastchunk = NULL, *penchunk = NULL;
152
153 if (strlen(namein) > MAXARPANAME)
154 return 0;
155
156 memset(addrp, 0, sizeof(union all_addr));
157
158 /* turn name into a series of asciiz strings */
159 /* j counts no. of labels */
160 for(j = 1,cp1 = name; *namein; cp1++, namein++)
161 if (*namein == '.')
162 {
163 penchunk = lastchunk;
164 lastchunk = cp1 + 1;
165 *cp1 = 0;
166 j++;
167 }
168 else
169 *cp1 = *namein;
170
171 *cp1 = 0;
172
173 if (j<3)
174 return 0;
175
176 if (hostname_isequal(lastchunk, "arpa") && hostname_isequal(penchunk, "in-addr"))
177 {
178 /* IP v4 */
179 /* address arrives as a name of the form
180 www.xxx.yyy.zzz.in-addr.arpa
181 some of the low order address octets might be missing
182 and should be set to zero. */
183 for (cp1 = name; cp1 != penchunk; cp1 += strlen(cp1)+1)
184 {
185 /* check for digits only (weeds out things like
186 50.0/24.67.28.64.in-addr.arpa which are used
187 as CNAME targets according to RFC 2317 */
188 char *cp;
189 for (cp = cp1; *cp; cp++)
190 if (!isdigit((unsigned char)*cp))
191 return 0;
192
193 addr[3] = addr[2];
194 addr[2] = addr[1];
195 addr[1] = addr[0];
196 addr[0] = atoi(cp1);
197 }
198
199 return F_IPV4;
200 }
201 else if (hostname_isequal(penchunk, "ip6") &&
202 (hostname_isequal(lastchunk, "int") || hostname_isequal(lastchunk, "arpa")))
203 {
204 /* IP v6:
205 Address arrives as 0.1.2.3.4.5.6.7.8.9.a.b.c.d.e.f.ip6.[int|arpa]
206 or \[xfedcba9876543210fedcba9876543210/128].ip6.[int|arpa]
207
208 Note that most of these the various representations are obsolete and
209 left-over from the many DNS-for-IPv6 wars. We support all the formats
210 that we can since there is no reason not to.
211 */
212
213 if (*name == '\\' && *(name+1) == '[' &&
214 (*(name+2) == 'x' || *(name+2) == 'X'))
215 {
216 for (j = 0, cp1 = name+3; *cp1 && isxdigit((unsigned char) *cp1) && j < 32; cp1++, j++)
217 {
218 char xdig[2];
219 xdig[0] = *cp1;
220 xdig[1] = 0;
221 if (j%2)
222 addr[j/2] |= strtol(xdig, NULL, 16);
223 else
224 addr[j/2] = strtol(xdig, NULL, 16) << 4;
225 }
226
227 if (*cp1 == '/' && j == 32)
228 return F_IPV6;
229 }
230 else
231 {
232 for (cp1 = name; cp1 != penchunk; cp1 += strlen(cp1)+1)
233 {
234 if (*(cp1+1) || !isxdigit((unsigned char)*cp1))
235 return 0;
236
237 for (j = sizeof(struct in6_addr)-1; j>0; j--)
238 addr[j] = (addr[j] >> 4) | (addr[j-1] << 4);
239 addr[0] = (addr[0] >> 4) | (strtol(cp1, NULL, 16) << 4);
240 }
241
242 return F_IPV6;
243 }
244 }
245
246 return 0;
247}
248
249unsigned char *skip_name(unsigned char *ansp, struct dns_header *header, size_t plen, int extrabytes)
250{
251 while(1)
252 {
253 unsigned int label_type;
254
255 if (!CHECK_LEN(header, ansp, plen, 1))
256 return NULL;
257
258 label_type = (*ansp) & 0xc0;
259
260 if (label_type == 0xc0)
261 {
262 /* pointer for compression. */
263 ansp += 2;
264 break;
265 }
266 else if (label_type == 0x80)
267 return NULL; /* reserved */
268 else if (label_type == 0x40)
269 {
270 /* Extended label type */
271 unsigned int count;
272
273 if (!CHECK_LEN(header, ansp, plen, 2))
274 return NULL;
275
276 if (((*ansp++) & 0x3f) != 1)
277 return NULL; /* we only understand bitstrings */
278
279 count = *(ansp++); /* Bits in bitstring */
280
281 if (count == 0) /* count == 0 means 256 bits */
282 ansp += 32;
283 else
284 ansp += ((count-1)>>3)+1;
285 }
286 else
287 { /* label type == 0 Bottom six bits is length */
288 unsigned int len = (*ansp++) & 0x3f;
289
290 if (!ADD_RDLEN(header, ansp, plen, len))
291 return NULL;
292
293 if (len == 0)
294 break; /* zero length label marks the end. */
295 }
296 }
297
298 if (!CHECK_LEN(header, ansp, plen, extrabytes))
299 return NULL;
300
301 return ansp;
302}
303
304unsigned char *skip_questions(struct dns_header *header, size_t plen)
305{
306 int q;
307 unsigned char *ansp = (unsigned char *)(header+1);
308
309 for (q = ntohs(header->qdcount); q != 0; q--)
310 {
311 if (!(ansp = skip_name(ansp, header, plen, 4)))
312 return NULL;
313 ansp += 4; /* class and type */
314 }
315
316 return ansp;
317}
318
319unsigned char *skip_section(unsigned char *ansp, int count, struct dns_header *header, size_t plen)
320{
321 int i, rdlen;
322
323 for (i = 0; i < count; i++)
324 {
325 if (!(ansp = skip_name(ansp, header, plen, 10)))
326 return NULL;
327 ansp += 8; /* type, class, TTL */
328 GETSHORT(rdlen, ansp);
329 if (!ADD_RDLEN(header, ansp, plen, rdlen))
330 return NULL;
331 }
332
333 return ansp;
334}
335
336size_t resize_packet(struct dns_header *header, size_t plen, unsigned char *pheader, size_t hlen)
337{
338 unsigned char *ansp = skip_questions(header, plen);
339
340 /* if packet is malformed, just return as-is. */
341 if (!ansp)
342 return plen;
343
344 if (!(ansp = skip_section(ansp, ntohs(header->ancount) + ntohs(header->nscount) + ntohs(header->arcount),
345 header, plen)))
346 return plen;
347
348 /* restore pseudoheader */
349 if (pheader && ntohs(header->arcount) == 0)
350 {
351 /* must use memmove, may overlap */
352 memmove(ansp, pheader, hlen);
353 header->arcount = htons(1);
354 ansp += hlen;
355 }
356
357 return ansp - (unsigned char *)header;
358}
359
360/* is addr in the non-globally-routed IP space? */
361int private_net(struct in_addr addr, int ban_localhost)
362{
363 in_addr_t ip_addr = ntohl(addr.s_addr);
364
365 return
366 (((ip_addr & 0xFF000000) == 0x7F000000) && ban_localhost) /* 127.0.0.0/8 (loopback) */ ||
367 (((ip_addr & 0xFF000000) == 0x00000000) && ban_localhost) /* RFC 5735 section 3. "here" network */ ||
368 ((ip_addr & 0xFF000000) == 0x0A000000) /* 10.0.0.0/8 (private) */ ||
369 ((ip_addr & 0xFFF00000) == 0xAC100000) /* 172.16.0.0/12 (private) */ ||
370 ((ip_addr & 0xFFFF0000) == 0xC0A80000) /* 192.168.0.0/16 (private) */ ||
371 ((ip_addr & 0xFFFF0000) == 0xA9FE0000) /* 169.254.0.0/16 (zeroconf) */ ||
372 ((ip_addr & 0xFFFFFF00) == 0xC0000200) /* 192.0.2.0/24 (test-net) */ ||
373 ((ip_addr & 0xFFFFFF00) == 0xC6336400) /* 198.51.100.0/24(test-net) */ ||
374 ((ip_addr & 0xFFFFFF00) == 0xCB007100) /* 203.0.113.0/24 (test-net) */ ||
375 ((ip_addr & 0xFFFFFFFF) == 0xFFFFFFFF) /* 255.255.255.255/32 (broadcast)*/ ;
376}
377
378static int private_net6(struct in6_addr *a, int ban_localhost)
379{
380 /* Block IPv4-mapped IPv6 addresses in private IPv4 address space */
381 if (IN6_IS_ADDR_V4MAPPED(a))
382 {
383 struct in_addr v4;
384 v4.s_addr = ((const uint32_t *) (a))[3];
385 return private_net(v4, ban_localhost);
386 }
387
388 return
389 (IN6_IS_ADDR_UNSPECIFIED(a) && ban_localhost) || /* RFC 6303 4.3 */
390 (IN6_IS_ADDR_LOOPBACK(a) && ban_localhost) || /* RFC 6303 4.3 */
391 IN6_IS_ADDR_LINKLOCAL(a) || /* RFC 6303 4.5 */
392 IN6_IS_ADDR_SITELOCAL(a) ||
393 ((unsigned char *)a)[0] == 0xfd || /* RFC 6303 4.4 */
394 ((u32 *)a)[0] == htonl(0x20010db8); /* RFC 6303 4.6 */
395}
396
397static unsigned char *do_doctor(unsigned char *p, int count, struct dns_header *header, size_t qlen, int *doctored)
398{
399 int i, qtype, qclass, rdlen;
400
401 for (i = count; i != 0; i--)
402 {
403 if (!(p = skip_name(p, header, qlen, 10)))
404 return 0; /* bad packet */
405
406 GETSHORT(qtype, p);
407 GETSHORT(qclass, p);
408 p += 4; /* ttl */
409 GETSHORT(rdlen, p);
410
411 if (qclass == C_IN && qtype == T_A)
412 {
413 struct doctor *doctor;
414 struct in_addr addr;
415
416 if (!CHECK_LEN(header, p, qlen, INADDRSZ))
417 return 0;
418
419 /* alignment */
420 memcpy(&addr, p, INADDRSZ);
421
422 for (doctor = daemon->doctors; doctor; doctor = doctor->next)
423 {
424 if (doctor->end.s_addr == 0)
425 {
426 if (!is_same_net(doctor->in, addr, doctor->mask))
427 continue;
428 }
429 else if (ntohl(doctor->in.s_addr) > ntohl(addr.s_addr) ||
430 ntohl(doctor->end.s_addr) < ntohl(addr.s_addr))
431 continue;
432
433 addr.s_addr &= ~doctor->mask.s_addr;
434 addr.s_addr |= (doctor->out.s_addr & doctor->mask.s_addr);
435 /* Since we munged the data, the server it came from is no longer authoritative */
436 header->hb3 &= ~HB3_AA;
437 *doctored = 1;
438 memcpy(p, &addr, INADDRSZ);
439 break;
440 }
441 }
442
443 if (!ADD_RDLEN(header, p, qlen, rdlen))
444 return 0; /* bad packet */
445 }
446
447 return p;
448}
449
450static int find_soa(struct dns_header *header, size_t qlen, int *doctored)
451{
452 unsigned char *p;
453 int qtype, qclass, rdlen;
454 unsigned long ttl, minttl = ULONG_MAX;
455 int i, found_soa = 0;
456
457 /* first move to NS section and find TTL from any SOA section */
458 if (!(p = skip_questions(header, qlen)) ||
459 !(p = do_doctor(p, ntohs(header->ancount), header, qlen, doctored)))
460 return 0; /* bad packet */
461
462 for (i = ntohs(header->nscount); i != 0; i--)
463 {
464 if (!(p = skip_name(p, header, qlen, 10)))
465 return 0; /* bad packet */
466
467 GETSHORT(qtype, p);
468 GETSHORT(qclass, p);
469 GETLONG(ttl, p);
470 GETSHORT(rdlen, p);
471
472 if ((qclass == C_IN) && (qtype == T_SOA))
473 {
474 found_soa = 1;
475 if (ttl < minttl)
476 minttl = ttl;
477
478 /* MNAME */
479 if (!(p = skip_name(p, header, qlen, 0)))
480 return 0;
481 /* RNAME */
482 if (!(p = skip_name(p, header, qlen, 20)))
483 return 0;
484 p += 16; /* SERIAL REFRESH RETRY EXPIRE */
485
486 GETLONG(ttl, p); /* minTTL */
487 if (ttl < minttl)
488 minttl = ttl;
489 }
490 else if (!ADD_RDLEN(header, p, qlen, rdlen))
491 return 0; /* bad packet */
492 }
493
494 /* rewrite addresses in additional section too */
495 if (!do_doctor(p, ntohs(header->arcount), header, qlen, doctored))
496 return 0;
497
498 if (!found_soa)
499 minttl = daemon->neg_ttl;
500
501 return minttl;
502}
503
504/* Print TXT reply to log */
505static int print_txt(struct dns_header *header, const size_t qlen, char *name,
506 unsigned char *p, const int ardlen, int secflag)
507{
508 unsigned char *p1 = p;
509 if (!CHECK_LEN(header, p1, qlen, ardlen))
510 return 0;
511 /* Loop over TXT payload */
512 while ((p1 - p) < ardlen)
513 {
514 unsigned int i, len = *p1;
515 unsigned char *p3 = p1;
516 if ((p1 + len - p) >= ardlen)
517 return 0; /* bad packet */
518
519 /* make counted string zero-term and sanitise */
520 for (i = 0; i < len; i++)
521 {
522 if (!isprint((int)*(p3+1)))
523 break;
524 *p3 = *(p3+1);
525 p3++;
526 }
527
528 *p3 = 0;
529 log_query(secflag | F_FORWARD | F_UPSTREAM, name, NULL, (char*)p1);
530 /* restore */
531 memmove(p1 + 1, p1, i);
532 *p1 = len;
533 p1 += len+1;
534 }
535 return 1;
536}
537
538/* Note that the following code can create CNAME chains that don't point to a real record,
539 either because of lack of memory, or lack of SOA records. These are treated by the cache code as
540 expired and cleaned out that way.
541 Return 1 if we reject an address because it look like part of dns-rebinding attack. */
542int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t now,
543 char **ipsets, int is_sign, int check_rebind, int no_cache_dnssec,
544 int secure, int *doctored)
545{
546 unsigned char *p, *p1, *endrr, *namep;
547 int j, qtype, qclass, aqtype, aqclass, ardlen, res, searched_soa = 0;
548 unsigned long ttl = 0;
549 union all_addr addr;
550#ifdef HAVE_IPSET
551 char **ipsets_cur;
552#else
553 (void)ipsets; /* unused */
554#endif
555 int found = 0, cname_count = CNAME_CHAIN;
556 struct crec *cpp = NULL;
557 int flags = RCODE(header) == NXDOMAIN ? F_NXDOMAIN : 0;
558#ifdef HAVE_DNSSEC
559 int cname_short = 0;
560#endif
561 unsigned long cttl = ULONG_MAX, attl;
562
563 cache_start_insert();
564
565 /* find_soa is needed for dns_doctor side effects, so don't call it lazily if there are any. */
566 if (daemon->doctors || option_bool(OPT_DNSSEC_VALID))
567 {
568 searched_soa = 1;
569 ttl = find_soa(header, qlen, doctored);
570
571 if (*doctored)
572 {
573 if (secure)
574 return 0;
575#ifdef HAVE_DNSSEC
576 if (option_bool(OPT_DNSSEC_VALID))
577 for (j = 0; j < ntohs(header->ancount); j++)
578 if (daemon->rr_status[j] != 0)
579 return 0;
580#endif
581 }
582 }
583
584 namep = p = (unsigned char *)(header+1);
585
586 if (ntohs(header->qdcount) != 1 || !extract_name(header, qlen, &p, name, 1, 4))
587 return 0; /* bad packet */
588
589 GETSHORT(qtype, p);
590 GETSHORT(qclass, p);
591
592 if (qclass != C_IN)
593 return 0;
594
595 /* PTRs: we chase CNAMEs here, since we have no way to
596 represent them in the cache. */
597 if (qtype == T_PTR)
598 {
599 int insert = 1, name_encoding = in_arpa_name_2_addr(name, &addr);
600
601 if (!(flags & F_NXDOMAIN))
602 {
603 cname_loop:
604 if (!(p1 = skip_questions(header, qlen)))
605 return 0;
606
607 for (j = 0; j < ntohs(header->ancount); j++)
608 {
609 int secflag = 0;
610 if (!(res = extract_name(header, qlen, &p1, name, 0, 10)))
611 return 0; /* bad packet */
612
613 GETSHORT(aqtype, p1);
614 GETSHORT(aqclass, p1);
615 GETLONG(attl, p1);
616
617 if ((daemon->max_ttl != 0) && (attl > daemon->max_ttl) && !is_sign)
618 {
619 (p1) -= 4;
620 PUTLONG(daemon->max_ttl, p1);
621 }
622 GETSHORT(ardlen, p1);
623 endrr = p1+ardlen;
624
625 /* TTL of record is minimum of CNAMES and PTR */
626 if (attl < cttl)
627 cttl = attl;
628
629 if (aqclass == C_IN && res != 2 && (aqtype == T_CNAME || aqtype == T_PTR))
630 {
631#ifdef HAVE_DNSSEC
632 if (option_bool(OPT_DNSSEC_VALID) && !no_cache_dnssec && daemon->rr_status[j] != 0)
633 {
634 /* validated RR anywhere in CNAME chain, don't cache. */
635 if (cname_short || aqtype == T_CNAME)
636 insert = 0;
637
638 secflag = F_DNSSECOK;
639 /* limit TTL based on signature. */
640 if (daemon->rr_status[j] < cttl)
641 cttl = daemon->rr_status[j];
642 }
643#endif
644
645 if (aqtype == T_CNAME)
646 log_query(secflag | F_CNAME | F_FORWARD | F_UPSTREAM, name, NULL, NULL);
647
648 if (!extract_name(header, qlen, &p1, name, 1, 0))
649 return 0;
650
651 if (aqtype == T_CNAME)
652 {
653 if (!cname_count--)
654 return 0; /* looped CNAMES, we can't cache. */
655#ifdef HAVE_DNSSEC
656 cname_short = 1;
657#endif
658 goto cname_loop;
659 }
660
661 found = 1;
662
663 if (!name_encoding)
664 log_query(secflag | F_FORWARD | F_UPSTREAM, name, NULL, querystr(NULL, aqtype));
665 else
666 {
667 log_query(name_encoding | secflag | F_REVERSE | F_UPSTREAM, name, &addr, NULL);
668 if (insert)
669 cache_insert(name, &addr, C_IN, now, cttl, name_encoding | secflag | F_REVERSE);
670 }
671 }
672
673 p1 = endrr;
674 if (!CHECK_LEN(header, p1, qlen, 0))
675 return 0; /* bad packet */
676 }
677 }
678
679 if (!found && !option_bool(OPT_NO_NEG))
680 {
681 if (!searched_soa)
682 {
683 searched_soa = 1;
684 ttl = find_soa(header, qlen, doctored);
685 }
686
687 flags |= F_NEG | (secure ? F_DNSSECOK : 0);
688 if (name_encoding && ttl)
689 {
690 flags |= F_REVERSE | name_encoding;
691 cache_insert(NULL, &addr, C_IN, now, ttl, flags);
692 }
693
694 log_query(flags | F_UPSTREAM, name, &addr, NULL);
695 }
696 }
697 else
698 {
699 /* everything other than PTR */
700 struct crec *newc;
701 int addrlen = 0, insert = 1;
702
703 if (qtype == T_A)
704 {
705 addrlen = INADDRSZ;
706 flags |= F_IPV4;
707 }
708 else if (qtype == T_AAAA)
709 {
710 addrlen = IN6ADDRSZ;
711 flags |= F_IPV6;
712 }
713 else if (qtype == T_SRV)
714 flags |= F_SRV;
715 else
716 insert = 0; /* NOTE: do not cache data from CNAME queries. */
717
718 cname_loop1:
719 if (!(p1 = skip_questions(header, qlen)))
720 return 0;
721
722 for (j = 0; j < ntohs(header->ancount); j++)
723 {
724 int secflag = 0;
725
726 if (!(res = extract_name(header, qlen, &p1, name, 0, 10)))
727 return 0; /* bad packet */
728
729 GETSHORT(aqtype, p1);
730 GETSHORT(aqclass, p1);
731 GETLONG(attl, p1);
732 if ((daemon->max_ttl != 0) && (attl > daemon->max_ttl) && !is_sign)
733 {
734 (p1) -= 4;
735 PUTLONG(daemon->max_ttl, p1);
736 }
737 GETSHORT(ardlen, p1);
738 endrr = p1+ardlen;
739
740 /* Not what we're looking for? */
741 if (aqclass != C_IN || res == 2)
742 {
743 p1 = endrr;
744 if (!CHECK_LEN(header, p1, qlen, 0))
745 return 0; /* bad packet */
746 continue;
747 }
748
749#ifdef HAVE_DNSSEC
750 if (option_bool(OPT_DNSSEC_VALID) && !no_cache_dnssec && daemon->rr_status[j] != 0)
751 {
752 secflag = F_DNSSECOK;
753
754 /* limit TTl based on sig. */
755 if (daemon->rr_status[j] < attl)
756 attl = daemon->rr_status[j];
757 }
758#endif
759
760 if (aqtype == T_CNAME)
761 {
762 if (!cname_count--)
763 return 0; /* looped CNAMES */
764
765 log_query(secflag | F_CNAME | F_FORWARD | F_UPSTREAM, name, NULL, NULL);
766
767 if (insert)
768 {
769 if ((newc = cache_insert(name, NULL, C_IN, now, attl, F_CNAME | F_FORWARD | secflag)))
770 {
771 newc->addr.cname.target.cache = NULL;
772 newc->addr.cname.is_name_ptr = 0;
773 if (cpp)
774 {
775 next_uid(newc);
776 cpp->addr.cname.target.cache = newc;
777 cpp->addr.cname.uid = newc->uid;
778 }
779 }
780
781 cpp = newc;
782 if (attl < cttl)
783 cttl = attl;
784 }
785
786 namep = p1;
787 if (!extract_name(header, qlen, &p1, name, 1, 0))
788 return 0;
789
790 goto cname_loop1;
791 }
792 else if (aqtype != qtype)
793 {
794#ifdef HAVE_DNSSEC
795 if (!option_bool(OPT_DNSSEC_VALID) || aqtype != T_RRSIG)
796#endif
797 log_query(secflag | F_FORWARD | F_UPSTREAM, name, NULL, querystr(NULL, aqtype));
798 }
799 else if (!(flags & F_NXDOMAIN))
800 {
801 found = 1;
802
803 if (flags & F_SRV)
804 {
805 unsigned char *tmp = namep;
806
807 if (!CHECK_LEN(header, p1, qlen, 6))
808 return 0; /* bad packet */
809 GETSHORT(addr.srv.priority, p1);
810 GETSHORT(addr.srv.weight, p1);
811 GETSHORT(addr.srv.srvport, p1);
812 if (!extract_name(header, qlen, &p1, name, 1, 0))
813 return 0;
814 addr.srv.targetlen = strlen(name) + 1; /* include terminating zero */
815 if (!(addr.srv.target = blockdata_alloc(name, addr.srv.targetlen)))
816 return 0;
817
818 /* we overwrote the original name, so get it back here. */
819 if (!extract_name(header, qlen, &tmp, name, 1, 0))
820 return 0;
821 }
822 else if (flags & (F_IPV4 | F_IPV6))
823 {
824 /* copy address into aligned storage */
825 if (!CHECK_LEN(header, p1, qlen, addrlen))
826 return 0; /* bad packet */
827 memcpy(&addr, p1, addrlen);
828
829 /* check for returned address in private space */
830 if (check_rebind)
831 {
832 if ((flags & F_IPV4) &&
833 private_net(addr.addr4, !option_bool(OPT_LOCAL_REBIND)))
834 return 1;
835
836 if ((flags & F_IPV6) &&
837 private_net6(&addr.addr6, !option_bool(OPT_LOCAL_REBIND)))
838 return 1;
839 }
840
841#ifdef HAVE_IPSET
842 if (ipsets && (flags & (F_IPV4 | F_IPV6)))
843 {
844 ipsets_cur = ipsets;
845 while (*ipsets_cur)
846 {
847 log_query((flags & (F_IPV4 | F_IPV6)) | F_IPSET, name, &addr, *ipsets_cur);
848 add_to_ipset(*ipsets_cur++, &addr, flags, 0);
849 }
850 }
851#endif
852 }
853
854 if (insert)
855 {
856 newc = cache_insert(name, &addr, C_IN, now, attl, flags | F_FORWARD | secflag);
857 if (newc && cpp)
858 {
859 next_uid(newc);
860 cpp->addr.cname.target.cache = newc;
861 cpp->addr.cname.uid = newc->uid;
862 }
863 cpp = NULL;
864 }
865
866 if (aqtype == T_TXT)
867 {
868 if (!print_txt(header, qlen, name, p1, ardlen, secflag))
869 return 0;
870 }
871 else
872 log_query(flags | F_FORWARD | secflag | F_UPSTREAM, name, &addr, querystr(NULL, aqtype));
873 }
874
875 p1 = endrr;
876 if (!CHECK_LEN(header, p1, qlen, 0))
877 return 0; /* bad packet */
878 }
879
880 if (!found && !option_bool(OPT_NO_NEG))
881 {
882 if (!searched_soa)
883 {
884 searched_soa = 1;
885 ttl = find_soa(header, qlen, doctored);
886 }
887
888 /* If there's no SOA to get the TTL from, but there is a CNAME
889 pointing at this, inherit its TTL */
890 if (ttl || cpp)
891 {
892 if (ttl == 0)
893 ttl = cttl;
894
895 log_query(F_UPSTREAM | F_FORWARD | F_NEG | flags | (secure ? F_DNSSECOK : 0), name, NULL, NULL);
896
897 if (insert)
898 {
899 newc = cache_insert(name, NULL, C_IN, now, ttl, F_FORWARD | F_NEG | flags | (secure ? F_DNSSECOK : 0));
900 if (newc && cpp)
901 {
902 next_uid(newc);
903 cpp->addr.cname.target.cache = newc;
904 cpp->addr.cname.uid = newc->uid;
905 }
906 }
907 }
908 }
909 }
910
911 /* Don't put stuff from a truncated packet into the cache.
912 Don't cache replies from non-recursive nameservers, since we may get a
913 reply containing a CNAME but not its target, even though the target
914 does exist. */
915 if (!(header->hb3 & HB3_TC) &&
916 !(header->hb4 & HB4_CD) &&
917 (header->hb4 & HB4_RA) &&
918 !no_cache_dnssec)
919 cache_end_insert();
920
921 return 0;
922}
923
924#if defined(HAVE_CONNTRACK) && defined(HAVE_UBUS)
925/* Don't pass control chars and weird escapes to UBus. */
926static int safe_name(char *name)
927{
928 unsigned char *r;
929
930 for (r = (unsigned char *)name; *r; r++)
931 if (!isprint((int)*r))
932 return 0;
933
934 return 1;
935}
936
937void report_addresses(struct dns_header *header, size_t len, u32 mark)
938{
939 unsigned char *p, *endrr;
940 int i;
941 unsigned long attl;
942 struct allowlist *allowlists;
943 char **pattern_pos;
944
945 if (RCODE(header) != NOERROR)
946 return;
947
948 for (allowlists = daemon->allowlists; allowlists; allowlists = allowlists->next)
949 if (allowlists->mark == (mark & daemon->allowlist_mask & allowlists->mask))
950 for (pattern_pos = allowlists->patterns; *pattern_pos; pattern_pos++)
951 if (!strcmp(*pattern_pos, "*"))
952 return;
953
954 if (!(p = skip_questions(header, len)))
955 return;
956 for (i = ntohs(header->ancount); i != 0; i--)
957 {
958 int aqtype, aqclass, ardlen;
959
960 if (!extract_name(header, len, &p, daemon->namebuff, 1, 10))
961 return;
962
963 if (!CHECK_LEN(header, p, len, 10))
964 return;
965 GETSHORT(aqtype, p);
966 GETSHORT(aqclass, p);
967 GETLONG(attl, p);
968 GETSHORT(ardlen, p);
969
970 if (!CHECK_LEN(header, p, len, ardlen))
971 return;
972 endrr = p+ardlen;
973
974 if (aqclass == C_IN)
975 {
976 if (aqtype == T_CNAME)
977 {
978 if (!extract_name(header, len, &p, daemon->workspacename, 1, 0))
979 return;
980 if (safe_name(daemon->namebuff) && safe_name(daemon->workspacename))
981 ubus_event_bcast_connmark_allowlist_resolved(mark, daemon->namebuff, daemon->workspacename, attl);
982 }
983 if (aqtype == T_A)
984 {
985 struct in_addr addr;
986 char ip[INET_ADDRSTRLEN];
987 if (ardlen != INADDRSZ)
988 return;
989 memcpy(&addr, p, ardlen);
990 if (inet_ntop(AF_INET, &addr, ip, sizeof ip) && safe_name(daemon->namebuff))
991 ubus_event_bcast_connmark_allowlist_resolved(mark, daemon->namebuff, ip, attl);
992 }
993 else if (aqtype == T_AAAA)
994 {
995 struct in6_addr addr;
996 char ip[INET6_ADDRSTRLEN];
997 if (ardlen != IN6ADDRSZ)
998 return;
999 memcpy(&addr, p, ardlen);
1000 if (inet_ntop(AF_INET6, &addr, ip, sizeof ip) && safe_name(daemon->namebuff))
1001 ubus_event_bcast_connmark_allowlist_resolved(mark, daemon->namebuff, ip, attl);
1002 }
1003 }
1004
1005 p = endrr;
1006 }
1007}
1008#endif
1009
1010/* If the packet holds exactly one query
1011 return F_IPV4 or F_IPV6 and leave the name from the query in name */
1012unsigned int extract_request(struct dns_header *header, size_t qlen, char *name, unsigned short *typep)
1013{
1014 unsigned char *p = (unsigned char *)(header+1);
1015 int qtype, qclass;
1016
1017 if (typep)
1018 *typep = 0;
1019
1020 *name = 0; /* return empty name if no query found. */
1021
1022 if (ntohs(header->qdcount) != 1 || OPCODE(header) != QUERY)
1023 return 0; /* must be exactly one query. */
1024
1025 if (!(header->hb3 & HB3_QR) && (ntohs(header->ancount) != 0 || ntohs(header->nscount) != 0))
1026 return 0; /* non-standard query. */
1027
1028 if (!extract_name(header, qlen, &p, name, 1, 4))
1029 return 0; /* bad packet */
1030
1031 GETSHORT(qtype, p);
1032 GETSHORT(qclass, p);
1033
1034 if (typep)
1035 *typep = qtype;
1036
1037 if (qclass == C_IN)
1038 {
1039 if (qtype == T_A)
1040 return F_IPV4;
1041 if (qtype == T_AAAA)
1042 return F_IPV6;
1043 if (qtype == T_ANY)
1044 return F_IPV4 | F_IPV6;
1045 }
1046
1047#ifdef HAVE_DNSSEC
1048 /* F_DNSSECOK as agument to search_servers() inhibits forwarding
1049 to servers for domains without a trust anchor. This make the
1050 behaviour for DS and DNSKEY queries we forward the same
1051 as for DS and DNSKEY queries we originate. */
1052 if (option_bool(OPT_DNSSEC_VALID) && (qtype == T_DS || qtype == T_DNSKEY))
1053 return F_DNSSECOK;
1054#endif
1055
1056 return F_QUERY;
1057}
1058
1059void setup_reply(struct dns_header *header, unsigned int flags, int ede)
1060{
1061 /* clear authoritative and truncated flags, set QR flag */
1062 header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC )) | HB3_QR;
1063 /* clear AD flag, set RA flag */
1064 header->hb4 = (header->hb4 & ~HB4_AD) | HB4_RA;
1065
1066 header->nscount = htons(0);
1067 header->arcount = htons(0);
1068 header->ancount = htons(0); /* no answers unless changed below */
1069 if (flags == F_NOERR)
1070 SET_RCODE(header, NOERROR); /* empty domain */
1071 else if (flags == F_NXDOMAIN)
1072 SET_RCODE(header, NXDOMAIN);
1073 else if (flags & ( F_IPV4 | F_IPV6))
1074 {
1075 SET_RCODE(header, NOERROR);
1076 header->hb3 |= HB3_AA;
1077 }
1078 else /* nowhere to forward to */
1079 {
1080 union all_addr a;
1081 a.log.rcode = REFUSED;
1082 a.log.ede = ede;
1083 log_query(F_CONFIG | F_RCODE, "error", &a, NULL);
1084 SET_RCODE(header, REFUSED);
1085 }
1086}
1087
1088/* check if name matches local names ie from /etc/hosts or DHCP or local mx names. */
1089int check_for_local_domain(char *name, time_t now)
1090{
1091 struct mx_srv_record *mx;
1092 struct txt_record *txt;
1093 struct interface_name *intr;
1094 struct ptr_record *ptr;
1095 struct naptr *naptr;
1096
1097 for (naptr = daemon->naptr; naptr; naptr = naptr->next)
1098 if (hostname_issubdomain(name, naptr->name))
1099 return 1;
1100
1101 for (mx = daemon->mxnames; mx; mx = mx->next)
1102 if (hostname_issubdomain(name, mx->name))
1103 return 1;
1104
1105 for (txt = daemon->txt; txt; txt = txt->next)
1106 if (hostname_issubdomain(name, txt->name))
1107 return 1;
1108
1109 for (intr = daemon->int_names; intr; intr = intr->next)
1110 if (hostname_issubdomain(name, intr->name))
1111 return 1;
1112
1113 for (ptr = daemon->ptr; ptr; ptr = ptr->next)
1114 if (hostname_issubdomain(name, ptr->name))
1115 return 1;
1116
1117 if (cache_find_non_terminal(name, now))
1118 return 1;
1119
1120 return 0;
1121}
1122
1123static int check_bad_address(struct dns_header *header, size_t qlen, struct bogus_addr *baddr, char *name, unsigned long *ttlp)
1124{
1125 unsigned char *p;
1126 int i, qtype, qclass, rdlen;
1127 unsigned long ttl;
1128 struct bogus_addr *baddrp;
1129
1130 /* skip over questions */
1131 if (!(p = skip_questions(header, qlen)))
1132 return 0; /* bad packet */
1133
1134 for (i = ntohs(header->ancount); i != 0; i--)
1135 {
1136 if (name && !extract_name(header, qlen, &p, name, 1, 10))
1137 return 0; /* bad packet */
1138
1139 if (!name && !(p = skip_name(p, header, qlen, 10)))
1140 return 0;
1141
1142 GETSHORT(qtype, p);
1143 GETSHORT(qclass, p);
1144 GETLONG(ttl, p);
1145 GETSHORT(rdlen, p);
1146
1147 if (ttlp)
1148 *ttlp = ttl;
1149
1150 if (qclass == C_IN)
1151 {
1152 if (qtype == T_A)
1153 {
1154 struct in_addr addr;
1155
1156 if (!CHECK_LEN(header, p, qlen, INADDRSZ))
1157 return 0;
1158
1159 memcpy(&addr, p, INADDRSZ);
1160
1161 for (baddrp = baddr; baddrp; baddrp = baddrp->next)
1162 if (!baddrp->is6 && is_same_net_prefix(addr, baddrp->addr.addr4, baddrp->prefix))
1163 return 1;
1164 }
1165 else if (qtype == T_AAAA)
1166 {
1167 struct in6_addr addr;
1168
1169 if (!CHECK_LEN(header, p, qlen, IN6ADDRSZ))
1170 return 0;
1171
1172 memcpy(&addr, p, IN6ADDRSZ);
1173
1174 for (baddrp = baddr; baddrp; baddrp = baddrp->next)
1175 if (baddrp->is6 && is_same_net6(&addr, &baddrp->addr.addr6, baddrp->prefix))
1176 return 1;
1177 }
1178 }
1179
1180 if (!ADD_RDLEN(header, p, qlen, rdlen))
1181 return 0;
1182 }
1183
1184 return 0;
1185}
1186
1187/* Is the packet a reply with the answer address equal to addr?
1188 If so mung is into an NXDOMAIN reply and also put that information
1189 in the cache. */
1190int check_for_bogus_wildcard(struct dns_header *header, size_t qlen, char *name, time_t now)
1191{
1192 unsigned long ttl;
1193
1194 if (check_bad_address(header, qlen, daemon->bogus_addr, name, &ttl))
1195 {
1196 /* Found a bogus address. Insert that info here, since there no SOA record
1197 to get the ttl from in the normal processing */
1198 cache_start_insert();
1199 cache_insert(name, NULL, C_IN, now, ttl, F_IPV4 | F_FORWARD | F_NEG | F_NXDOMAIN);
1200 cache_end_insert();
1201
1202 return 1;
1203 }
1204
1205 return 0;
1206}
1207
1208int check_for_ignored_address(struct dns_header *header, size_t qlen)
1209{
1210 return check_bad_address(header, qlen, daemon->ignore_addr, NULL, NULL);
1211}
1212
1213int add_resource_record(struct dns_header *header, char *limit, int *truncp, int nameoffset, unsigned char **pp,
1214 unsigned long ttl, int *offset, unsigned short type, unsigned short class, char *format, ...)
1215{
1216 va_list ap;
1217 unsigned char *sav, *p = *pp;
1218 int j;
1219 unsigned short usval;
1220 long lval;
1221 char *sval;
1222
1223#define CHECK_LIMIT(size) \
1224 if (limit && p + (size) > (unsigned char*)limit) goto truncated;
1225
1226 va_start(ap, format); /* make ap point to 1st unamed argument */
1227
1228 if (truncp && *truncp)
1229 goto truncated;
1230
1231 if (nameoffset > 0)
1232 {
1233 CHECK_LIMIT(2);
1234 PUTSHORT(nameoffset | 0xc000, p);
1235 }
1236 else
1237 {
1238 char *name = va_arg(ap, char *);
1239 if (name && !(p = do_rfc1035_name(p, name, limit)))
1240 goto truncated;
1241
1242 if (nameoffset < 0)
1243 {
1244 CHECK_LIMIT(2);
1245 PUTSHORT(-nameoffset | 0xc000, p);
1246 }
1247 else
1248 {
1249 CHECK_LIMIT(1);
1250 *p++ = 0;
1251 }
1252 }
1253
1254 /* type (2) + class (2) + ttl (4) + rdlen (2) */
1255 CHECK_LIMIT(10);
1256
1257 PUTSHORT(type, p);
1258 PUTSHORT(class, p);
1259 PUTLONG(ttl, p); /* TTL */
1260
1261 sav = p; /* Save pointer to RDLength field */
1262 PUTSHORT(0, p); /* Placeholder RDLength */
1263
1264 for (; *format; format++)
1265 switch (*format)
1266 {
1267 case '6':
1268 CHECK_LIMIT(IN6ADDRSZ);
1269 sval = va_arg(ap, char *);
1270 memcpy(p, sval, IN6ADDRSZ);
1271 p += IN6ADDRSZ;
1272 break;
1273
1274 case '4':
1275 CHECK_LIMIT(INADDRSZ);
1276 sval = va_arg(ap, char *);
1277 memcpy(p, sval, INADDRSZ);
1278 p += INADDRSZ;
1279 break;
1280
1281 case 'b':
1282 CHECK_LIMIT(1);
1283 usval = va_arg(ap, int);
1284 *p++ = usval;
1285 break;
1286
1287 case 's':
1288 CHECK_LIMIT(2);
1289 usval = va_arg(ap, int);
1290 PUTSHORT(usval, p);
1291 break;
1292
1293 case 'l':
1294 CHECK_LIMIT(4);
1295 lval = va_arg(ap, long);
1296 PUTLONG(lval, p);
1297 break;
1298
1299 case 'd':
1300 /* get domain-name answer arg and store it in RDATA field */
1301 if (offset)
1302 *offset = p - (unsigned char *)header;
1303 if (!(p = do_rfc1035_name(p, va_arg(ap, char *), limit)))
1304 goto truncated;
1305 CHECK_LIMIT(1);
1306 *p++ = 0;
1307 break;
1308
1309 case 't':
1310 usval = va_arg(ap, int);
1311 CHECK_LIMIT(usval);
1312 sval = va_arg(ap, char *);
1313 if (usval != 0)
1314 memcpy(p, sval, usval);
1315 p += usval;
1316 break;
1317
1318 case 'z':
1319 sval = va_arg(ap, char *);
1320 usval = sval ? strlen(sval) : 0;
1321 if (usval > 255)
1322 usval = 255;
1323 CHECK_LIMIT(usval + 1);
1324 *p++ = (unsigned char)usval;
1325 memcpy(p, sval, usval);
1326 p += usval;
1327 break;
1328 }
1329
1330 va_end(ap); /* clean up variable argument pointer */
1331
1332 /* Now, store real RDLength. sav already checked against limit. */
1333 j = p - sav - 2;
1334 PUTSHORT(j, sav);
1335
1336 *pp = p;
1337 return 1;
1338
1339 truncated:
1340 va_end(ap);
1341 if (truncp)
1342 *truncp = 1;
1343 return 0;
1344
1345#undef CHECK_LIMIT
1346}
1347
1348static unsigned long crec_ttl(struct crec *crecp, time_t now)
1349{
1350 /* Return 0 ttl for DHCP entries, which might change
1351 before the lease expires, unless configured otherwise. */
1352
1353 if (crecp->flags & F_DHCP)
1354 {
1355 int conf_ttl = daemon->use_dhcp_ttl ? daemon->dhcp_ttl : daemon->local_ttl;
1356
1357 /* Apply ceiling of actual lease length to configured TTL. */
1358 if (!(crecp->flags & F_IMMORTAL) && (crecp->ttd - now) < conf_ttl)
1359 return crecp->ttd - now;
1360
1361 return conf_ttl;
1362 }
1363
1364 /* Immortal entries other than DHCP are local, and hold TTL in TTD field. */
1365 if (crecp->flags & F_IMMORTAL)
1366 return crecp->ttd;
1367
1368 /* Return the Max TTL value if it is lower than the actual TTL */
1369 if (daemon->max_ttl == 0 || ((unsigned)(crecp->ttd - now) < daemon->max_ttl))
1370 return crecp->ttd - now;
1371 else
1372 return daemon->max_ttl;
1373}
1374
1375static int cache_validated(const struct crec *crecp)
1376{
1377 return (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK));
1378}
1379
1380/* return zero if we can't answer from cache, or packet size if we can */
1381size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
1382 struct in_addr local_addr, struct in_addr local_netmask,
1383 time_t now, int ad_reqd, int do_bit, int have_pseudoheader)
1384{
1385 char *name = daemon->namebuff;
1386 unsigned char *p, *ansp;
1387 unsigned int qtype, qclass;
1388 union all_addr addr;
1389 int nameoffset;
1390 unsigned short flag;
1391 int q, ans, anscount = 0, addncount = 0;
1392 int dryrun = 0;
1393 struct crec *crecp;
1394 int nxdomain = 0, notimp = 0, auth = 1, trunc = 0, sec_data = 1;
1395 struct mx_srv_record *rec;
1396 size_t len;
1397 int rd_bit = (header->hb3 & HB3_RD);
1398
1399 /* never answer queries with RD unset, to avoid cache snooping. */
1400 if (ntohs(header->ancount) != 0 ||
1401 ntohs(header->nscount) != 0 ||
1402 ntohs(header->qdcount) == 0 ||
1403 OPCODE(header) != QUERY )
1404 return 0;
1405
1406 /* Don't return AD set if checking disabled. */
1407 if (header->hb4 & HB4_CD)
1408 sec_data = 0;
1409
1410 /* If there is an additional data section then it will be overwritten by
1411 partial replies, so we have to do a dry run to see if we can answer
1412 the query. */
1413 if (ntohs(header->arcount) != 0)
1414 dryrun = 1;
1415
1416 for (rec = daemon->mxnames; rec; rec = rec->next)
1417 rec->offset = 0;
1418
1419 rerun:
1420 /* determine end of question section (we put answers there) */
1421 if (!(ansp = skip_questions(header, qlen)))
1422 return 0; /* bad packet */
1423
1424 /* now process each question, answers go in RRs after the question */
1425 p = (unsigned char *)(header+1);
1426
1427 for (q = ntohs(header->qdcount); q != 0; q--)
1428 {
1429 int count = 255; /* catch loops */
1430
1431 /* save pointer to name for copying into answers */
1432 nameoffset = p - (unsigned char *)header;
1433
1434 /* now extract name as .-concatenated string into name */
1435 if (!extract_name(header, qlen, &p, name, 1, 4))
1436 return 0; /* bad packet */
1437
1438 GETSHORT(qtype, p);
1439 GETSHORT(qclass, p);
1440
1441 ans = 0; /* have we answered this question */
1442
1443 while (--count != 0 && (crecp = cache_find_by_name(NULL, name, now, F_CNAME)))
1444 {
1445 char *cname_target = cache_get_cname_target(crecp);
1446
1447 /* If the client asked for DNSSEC don't use cached data. */
1448 if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) ||
1449 (rd_bit && (!do_bit || cache_validated(crecp))))
1450 {
1451 if (crecp->flags & F_CONFIG || qtype == T_CNAME)
1452 ans = 1;
1453
1454 if (!(crecp->flags & F_DNSSECOK))
1455 sec_data = 0;
1456
1457 if (!dryrun)
1458 {
1459 log_query(crecp->flags, name, NULL, record_source(crecp->uid));
1460 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
1461 crec_ttl(crecp, now), &nameoffset,
1462 T_CNAME, C_IN, "d", cname_target))
1463 anscount++;
1464 }
1465
1466 }
1467 else
1468 return 0; /* give up if any cached CNAME in chain can't be used for DNSSEC reasons. */
1469
1470 strcpy(name, cname_target);
1471 }
1472
1473 if (qtype == T_TXT || qtype == T_ANY)
1474 {
1475 struct txt_record *t;
1476 for(t = daemon->txt; t ; t = t->next)
1477 {
1478 if (t->class == qclass && hostname_isequal(name, t->name))
1479 {
1480 ans = 1, sec_data = 0;
1481 if (!dryrun)
1482 {
1483 unsigned long ttl = daemon->local_ttl;
1484 int ok = 1;
1485#ifndef NO_ID
1486 /* Dynamically generate stat record */
1487 if (t->stat != 0)
1488 {
1489 ttl = 0;
1490 if (!cache_make_stat(t))
1491 ok = 0;
1492 }
1493#endif
1494 if (ok)
1495 {
1496 log_query(F_CONFIG | F_RRNAME, name, NULL, "<TXT>");
1497 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
1498 ttl, NULL,
1499 T_TXT, t->class, "t", t->len, t->txt))
1500 anscount++;
1501 }
1502 }
1503 }
1504 }
1505 }
1506
1507 if (qclass == C_CHAOS)
1508 {
1509 /* don't forward *.bind and *.server chaos queries - always reply with NOTIMP */
1510 if (hostname_issubdomain("bind", name) || hostname_issubdomain("server", name))
1511 {
1512 if (!ans)
1513 {
1514 notimp = 1, auth = 0;
1515 if (!dryrun)
1516 {
1517 addr.log.rcode = NOTIMP;
1518 log_query(F_CONFIG | F_RCODE, name, &addr, NULL);
1519 }
1520 ans = 1, sec_data = 0;
1521 }
1522 }
1523 }
1524
1525 if (qclass == C_IN)
1526 {
1527 struct txt_record *t;
1528
1529 for (t = daemon->rr; t; t = t->next)
1530 if ((t->class == qtype || qtype == T_ANY) && hostname_isequal(name, t->name))
1531 {
1532 ans = 1;
1533 sec_data = 0;
1534 if (!dryrun)
1535 {
1536 log_query(F_CONFIG | F_RRNAME, name, NULL, querystr(NULL, t->class));
1537 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
1538 daemon->local_ttl, NULL,
1539 t->class, C_IN, "t", t->len, t->txt))
1540 anscount++;
1541 }
1542 }
1543
1544 if (qtype == T_PTR || qtype == T_ANY)
1545 {
1546 /* see if it's w.z.y.z.in-addr.arpa format */
1547 int is_arpa = in_arpa_name_2_addr(name, &addr);
1548 struct ptr_record *ptr;
1549 struct interface_name* intr = NULL;
1550
1551 for (ptr = daemon->ptr; ptr; ptr = ptr->next)
1552 if (hostname_isequal(name, ptr->name))
1553 break;
1554
1555 if (is_arpa == F_IPV4)
1556 for (intr = daemon->int_names; intr; intr = intr->next)
1557 {
1558 struct addrlist *addrlist;
1559
1560 for (addrlist = intr->addr; addrlist; addrlist = addrlist->next)
1561 if (!(addrlist->flags & ADDRLIST_IPV6) && addr.addr4.s_addr == addrlist->addr.addr4.s_addr)
1562 break;
1563
1564 if (addrlist)
1565 break;
1566 else
1567 while (intr->next && strcmp(intr->intr, intr->next->intr) == 0)
1568 intr = intr->next;
1569 }
1570 else if (is_arpa == F_IPV6)
1571 for (intr = daemon->int_names; intr; intr = intr->next)
1572 {
1573 struct addrlist *addrlist;
1574
1575 for (addrlist = intr->addr; addrlist; addrlist = addrlist->next)
1576 if ((addrlist->flags & ADDRLIST_IPV6) && IN6_ARE_ADDR_EQUAL(&addr.addr6, &addrlist->addr.addr6))
1577 break;
1578
1579 if (addrlist)
1580 break;
1581 else
1582 while (intr->next && strcmp(intr->intr, intr->next->intr) == 0)
1583 intr = intr->next;
1584 }
1585
1586 if (intr)
1587 {
1588 sec_data = 0;
1589 ans = 1;
1590 if (!dryrun)
1591 {
1592 log_query(is_arpa | F_REVERSE | F_CONFIG, intr->name, &addr, NULL);
1593 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
1594 daemon->local_ttl, NULL,
1595 T_PTR, C_IN, "d", intr->name))
1596 anscount++;
1597 }
1598 }
1599 else if (ptr)
1600 {
1601 ans = 1;
1602 sec_data = 0;
1603 if (!dryrun)
1604 {
1605 log_query(F_CONFIG | F_RRNAME, name, NULL, "<PTR>");
1606 for (ptr = daemon->ptr; ptr; ptr = ptr->next)
1607 if (hostname_isequal(name, ptr->name) &&
1608 add_resource_record(header, limit, &trunc, nameoffset, &ansp,
1609 daemon->local_ttl, NULL,
1610 T_PTR, C_IN, "d", ptr->ptr))
1611 anscount++;
1612
1613 }
1614 }
1615 else if ((crecp = cache_find_by_addr(NULL, &addr, now, is_arpa)))
1616 {
1617 /* Don't use cache when DNSSEC data required, unless we know that
1618 the zone is unsigned, which implies that we're doing
1619 validation. */
1620 if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) ||
1621 (rd_bit && (!do_bit || cache_validated(crecp)) ))
1622 {
1623 do
1624 {
1625 /* don't answer wildcard queries with data not from /etc/hosts or dhcp leases */
1626 if (qtype == T_ANY && !(crecp->flags & (F_HOSTS | F_DHCP)))
1627 continue;
1628
1629 if (!(crecp->flags & F_DNSSECOK))
1630 sec_data = 0;
1631
1632 ans = 1;
1633
1634 if (crecp->flags & F_NEG)
1635 {
1636 auth = 0;
1637 if (crecp->flags & F_NXDOMAIN)
1638 nxdomain = 1;
1639 if (!dryrun)
1640 log_query(crecp->flags & ~F_FORWARD, name, &addr, NULL);
1641 }
1642 else
1643 {
1644 if (!(crecp->flags & (F_HOSTS | F_DHCP)))
1645 auth = 0;
1646 if (!dryrun)
1647 {
1648 log_query(crecp->flags & ~F_FORWARD, cache_get_name(crecp), &addr,
1649 record_source(crecp->uid));
1650
1651 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
1652 crec_ttl(crecp, now), NULL,
1653 T_PTR, C_IN, "d", cache_get_name(crecp)))
1654 anscount++;
1655 }
1656 }
1657 } while ((crecp = cache_find_by_addr(crecp, &addr, now, is_arpa)));
1658 }
1659 }
1660 else if (is_rev_synth(is_arpa, &addr, name))
1661 {
1662 ans = 1;
1663 sec_data = 0;
1664 if (!dryrun)
1665 {
1666 log_query(F_CONFIG | F_REVERSE | is_arpa, name, &addr, NULL);
1667
1668 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
1669 daemon->local_ttl, NULL,
1670 T_PTR, C_IN, "d", name))
1671 anscount++;
1672 }
1673 }
1674 else if (option_bool(OPT_BOGUSPRIV) &&
1675 ((is_arpa == F_IPV6 && private_net6(&addr.addr6, 1)) || (is_arpa == F_IPV4 && private_net(addr.addr4, 1))) &&
1676 !lookup_domain(name, F_DOMAINSRV, NULL, NULL))
1677 {
1678 /* if no configured server, not in cache, enabled and private IPV4 address, return NXDOMAIN */
1679 ans = 1;
1680 sec_data = 0;
1681 nxdomain = 1;
1682 if (!dryrun)
1683 log_query(F_CONFIG | F_REVERSE | is_arpa | F_NEG | F_NXDOMAIN,
1684 name, &addr, NULL);
1685 }
1686 }
1687
1688 for (flag = F_IPV4; flag; flag = (flag == F_IPV4) ? F_IPV6 : 0)
1689 {
1690 unsigned short type = (flag == F_IPV6) ? T_AAAA : T_A;
1691 struct interface_name *intr;
1692
1693 if (qtype != type && qtype != T_ANY)
1694 continue;
1695
1696 /* interface name stuff */
1697 for (intr = daemon->int_names; intr; intr = intr->next)
1698 if (hostname_isequal(name, intr->name))
1699 break;
1700
1701 if (intr)
1702 {
1703 struct addrlist *addrlist;
1704 int gotit = 0, localise = 0;
1705
1706 enumerate_interfaces(0);
1707
1708 /* See if a putative address is on the network from which we received
1709 the query, is so we'll filter other answers. */
1710 if (local_addr.s_addr != 0 && option_bool(OPT_LOCALISE) && type == T_A)
1711 for (intr = daemon->int_names; intr; intr = intr->next)
1712 if (hostname_isequal(name, intr->name))
1713 for (addrlist = intr->addr; addrlist; addrlist = addrlist->next)
1714 if (!(addrlist->flags & ADDRLIST_IPV6) &&
1715 is_same_net(addrlist->addr.addr4, local_addr, local_netmask))
1716 {
1717 localise = 1;
1718 break;
1719 }
1720
1721 for (intr = daemon->int_names; intr; intr = intr->next)
1722 if (hostname_isequal(name, intr->name))
1723 {
1724 for (addrlist = intr->addr; addrlist; addrlist = addrlist->next)
1725 if (((addrlist->flags & ADDRLIST_IPV6) ? T_AAAA : T_A) == type)
1726 {
1727 if (localise &&
1728 !is_same_net(addrlist->addr.addr4, local_addr, local_netmask))
1729 continue;
1730
1731 if (addrlist->flags & ADDRLIST_REVONLY)
1732 continue;
1733
1734 ans = 1;
1735 sec_data = 0;
1736 if (!dryrun)
1737 {
1738 gotit = 1;
1739 log_query(F_FORWARD | F_CONFIG | flag, name, &addrlist->addr, NULL);
1740 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
1741 daemon->local_ttl, NULL, type, C_IN,
1742 type == T_A ? "4" : "6", &addrlist->addr))
1743 anscount++;
1744 }
1745 }
1746 }
1747
1748 if (!dryrun && !gotit)
1749 log_query(F_FORWARD | F_CONFIG | flag | F_NEG, name, NULL, NULL);
1750
1751 continue;
1752 }
1753
1754 if ((crecp = cache_find_by_name(NULL, name, now, flag | (dryrun ? F_NO_RR : 0))))
1755 {
1756 int localise = 0;
1757
1758 /* See if a putative address is on the network from which we received
1759 the query, is so we'll filter other answers. */
1760 if (local_addr.s_addr != 0 && option_bool(OPT_LOCALISE) && flag == F_IPV4)
1761 {
1762 struct crec *save = crecp;
1763 do {
1764 if ((crecp->flags & F_HOSTS) &&
1765 is_same_net(crecp->addr.addr4, local_addr, local_netmask))
1766 {
1767 localise = 1;
1768 break;
1769 }
1770 } while ((crecp = cache_find_by_name(crecp, name, now, flag)));
1771 crecp = save;
1772 }
1773
1774 /* If the client asked for DNSSEC don't use cached data. */
1775 if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) ||
1776 (rd_bit && (!do_bit || cache_validated(crecp)) ))
1777 do
1778 {
1779 /* don't answer wildcard queries with data not from /etc/hosts
1780 or DHCP leases */
1781 if (qtype == T_ANY && !(crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)))
1782 break;
1783
1784 if (!(crecp->flags & F_DNSSECOK))
1785 sec_data = 0;
1786
1787 if (crecp->flags & F_NEG)
1788 {
1789 ans = 1;
1790 auth = 0;
1791 if (crecp->flags & F_NXDOMAIN)
1792 nxdomain = 1;
1793 if (!dryrun)
1794 log_query(crecp->flags, name, NULL, NULL);
1795 }
1796 else
1797 {
1798 /* If we are returning local answers depending on network,
1799 filter here. */
1800 if (localise &&
1801 (crecp->flags & F_HOSTS) &&
1802 !is_same_net(crecp->addr.addr4, local_addr, local_netmask))
1803 continue;
1804
1805 if (!(crecp->flags & (F_HOSTS | F_DHCP)))
1806 auth = 0;
1807
1808 ans = 1;
1809 if (!dryrun)
1810 {
1811 log_query(crecp->flags & ~F_REVERSE, name, &crecp->addr,
1812 record_source(crecp->uid));
1813
1814 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
1815 crec_ttl(crecp, now), NULL, type, C_IN,
1816 type == T_A ? "4" : "6", &crecp->addr))
1817 anscount++;
1818 }
1819 }
1820 } while ((crecp = cache_find_by_name(crecp, name, now, flag)));
1821 }
1822 else if (is_name_synthetic(flag, name, &addr))
1823 {
1824 ans = 1, sec_data = 0;
1825 if (!dryrun)
1826 {
1827 log_query(F_FORWARD | F_CONFIG | flag, name, &addr, NULL);
1828 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
1829 daemon->local_ttl, NULL, type, C_IN, type == T_A ? "4" : "6", &addr))
1830 anscount++;
1831 }
1832 }
1833 }
1834
1835 if (qtype == T_MX || qtype == T_ANY)
1836 {
1837 int found = 0;
1838 for (rec = daemon->mxnames; rec; rec = rec->next)
1839 if (!rec->issrv && hostname_isequal(name, rec->name))
1840 {
1841 ans = found = 1;
1842 sec_data = 0;
1843 if (!dryrun)
1844 {
1845 int offset;
1846 log_query(F_CONFIG | F_RRNAME, name, NULL, "<MX>");
1847 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl,
1848 &offset, T_MX, C_IN, "sd", rec->weight, rec->target))
1849 {
1850 anscount++;
1851 if (rec->target)
1852 rec->offset = offset;
1853 }
1854 }
1855 }
1856
1857 if (!found && (option_bool(OPT_SELFMX) || option_bool(OPT_LOCALMX)) &&
1858 cache_find_by_name(NULL, name, now, F_HOSTS | F_DHCP | F_NO_RR))
1859 {
1860 ans = 1;
1861 sec_data = 0;
1862 if (!dryrun)
1863 {
1864 log_query(F_CONFIG | F_RRNAME, name, NULL, "<MX>");
1865 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl, NULL,
1866 T_MX, C_IN, "sd", 1,
1867 option_bool(OPT_SELFMX) ? name : daemon->mxtarget))
1868 anscount++;
1869 }
1870 }
1871 }
1872
1873 if (qtype == T_SRV || qtype == T_ANY)
1874 {
1875 int found = 0;
1876 struct mx_srv_record *move = NULL, **up = &daemon->mxnames;
1877
1878 for (rec = daemon->mxnames; rec; rec = rec->next)
1879 if (rec->issrv && hostname_isequal(name, rec->name))
1880 {
1881 found = ans = 1;
1882 sec_data = 0;
1883 if (!dryrun)
1884 {
1885 int offset;
1886 log_query(F_CONFIG | F_RRNAME, name, NULL, "<SRV>");
1887 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl,
1888 &offset, T_SRV, C_IN, "sssd",
1889 rec->priority, rec->weight, rec->srvport, rec->target))
1890 {
1891 anscount++;
1892 if (rec->target)
1893 rec->offset = offset;
1894 }
1895 }
1896
1897 /* unlink first SRV record found */
1898 if (!move)
1899 {
1900 move = rec;
1901 *up = rec->next;
1902 }
1903 else
1904 up = &rec->next;
1905 }
1906 else
1907 up = &rec->next;
1908
1909 /* put first SRV record back at the end. */
1910 if (move)
1911 {
1912 *up = move;
1913 move->next = NULL;
1914 }
1915
1916 if (!found)
1917 {
1918 if ((crecp = cache_find_by_name(NULL, name, now, F_SRV | (dryrun ? F_NO_RR : 0))) &&
1919 rd_bit && (!do_bit || (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK))))
1920 {
1921 if (!(crecp->flags & F_DNSSECOK))
1922 sec_data = 0;
1923
1924 auth = 0;
1925 found = ans = 1;
1926
1927 do {
1928 if (crecp->flags & F_NEG)
1929 {
1930 if (crecp->flags & F_NXDOMAIN)
1931 nxdomain = 1;
1932 if (!dryrun)
1933 log_query(crecp->flags, name, NULL, NULL);
1934 }
1935 else if (!dryrun)
1936 {
1937 char *target = blockdata_retrieve(crecp->addr.srv.target, crecp->addr.srv.targetlen, NULL);
1938 log_query(crecp->flags, name, NULL, 0);
1939
1940 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
1941 crec_ttl(crecp, now), NULL, T_SRV, C_IN, "sssd",
1942 crecp->addr.srv.priority, crecp->addr.srv.weight, crecp->addr.srv.srvport,
1943 target))
1944 anscount++;
1945 }
1946 } while ((crecp = cache_find_by_name(crecp, name, now, F_SRV)));
1947 }
1948 }
1949
1950 if (!found && option_bool(OPT_FILTER) && (qtype == T_SRV || (qtype == T_ANY && strchr(name, '_'))))
1951 {
1952 ans = 1;
1953 sec_data = 0;
1954 if (!dryrun)
1955 log_query(F_CONFIG | F_NEG, name, NULL, NULL);
1956 }
1957 }
1958
1959 if (qtype == T_NAPTR || qtype == T_ANY)
1960 {
1961 struct naptr *na;
1962 for (na = daemon->naptr; na; na = na->next)
1963 if (hostname_isequal(name, na->name))
1964 {
1965 ans = 1;
1966 sec_data = 0;
1967 if (!dryrun)
1968 {
1969 log_query(F_CONFIG | F_RRNAME, name, NULL, "<NAPTR>");
1970 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl,
1971 NULL, T_NAPTR, C_IN, "sszzzd",
1972 na->order, na->pref, na->flags, na->services, na->regexp, na->replace))
1973 anscount++;
1974 }
1975 }
1976 }
1977
1978 if (qtype == T_MAILB)
1979 ans = 1, nxdomain = 1, sec_data = 0;
1980
1981 if (qtype == T_SOA && option_bool(OPT_FILTER))
1982 {
1983 ans = 1;
1984 sec_data = 0;
1985 if (!dryrun)
1986 log_query(F_CONFIG | F_NEG, name, &addr, NULL);
1987 }
1988 }
1989
1990 if (!ans)
1991 return 0; /* failed to answer a question */
1992 }
1993
1994 if (dryrun)
1995 {
1996 dryrun = 0;
1997 goto rerun;
1998 }
1999
2000 /* create an additional data section, for stuff in SRV and MX record replies. */
2001 for (rec = daemon->mxnames; rec; rec = rec->next)
2002 if (rec->offset != 0)
2003 {
2004 /* squash dupes */
2005 struct mx_srv_record *tmp;
2006 for (tmp = rec->next; tmp; tmp = tmp->next)
2007 if (tmp->offset != 0 && hostname_isequal(rec->target, tmp->target))
2008 tmp->offset = 0;
2009
2010 crecp = NULL;
2011 while ((crecp = cache_find_by_name(crecp, rec->target, now, F_IPV4 | F_IPV6)))
2012 {
2013 int type = crecp->flags & F_IPV4 ? T_A : T_AAAA;
2014
2015 if (crecp->flags & F_NEG)
2016 continue;
2017
2018 if (add_resource_record(header, limit, NULL, rec->offset, &ansp,
2019 crec_ttl(crecp, now), NULL, type, C_IN,
2020 crecp->flags & F_IPV4 ? "4" : "6", &crecp->addr))
2021 addncount++;
2022 }
2023 }
2024
2025 /* done all questions, set up header and return length of result */
2026 /* clear authoritative and truncated flags, set QR flag */
2027 header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR;
2028 /* set RA flag */
2029 header->hb4 |= HB4_RA;
2030
2031 /* authoritative - only hosts and DHCP derived names. */
2032 if (auth)
2033 header->hb3 |= HB3_AA;
2034
2035 /* truncation */
2036 if (trunc)
2037 header->hb3 |= HB3_TC;
2038
2039 if (nxdomain)
2040 SET_RCODE(header, NXDOMAIN);
2041 else if (notimp)
2042 SET_RCODE(header, NOTIMP);
2043 else
2044 SET_RCODE(header, NOERROR); /* no error */
2045 header->ancount = htons(anscount);
2046 header->nscount = htons(0);
2047 header->arcount = htons(addncount);
2048
2049 len = ansp - (unsigned char *)header;
2050
2051 /* Advertise our packet size limit in our reply */
2052 if (have_pseudoheader)
2053 len = add_pseudoheader(header, len, (unsigned char *)limit, daemon->edns_pktsz, 0, NULL, 0, do_bit, 0);
2054
2055 if (ad_reqd && sec_data)
2056 header->hb4 |= HB4_AD;
2057 else
2058 header->hb4 &= ~HB4_AD;
2059
2060 return len;
2061}