blob: 1425764863c1664c21c4513e31002f7dd7719be7 [file] [log] [blame]
lh9ed821d2023-04-07 01:36:19 -07001/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
7
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
12
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
15*/
16
17/* The SURF random number generator was taken from djbdns-1.05, by
18 Daniel J Bernstein, which is public domain. */
19
20
21#include "dnsmasq.h"
22
23#ifdef HAVE_BROKEN_RTC
24#include <sys/times.h>
25#endif
26
27#if defined(HAVE_LIBIDN2)
28#include <idn2.h>
29#elif defined(HAVE_IDN)
30#include <idna.h>
31#endif
32
33#ifdef HAVE_LINUX_NETWORK
34#include <sys/utsname.h>
35#endif
36
37/* SURF random number generator */
38
39static u32 seed[32];
40static u32 in[12];
41static u32 out[8];
42static int outleft = 0;
43
44void rand_init()
45{
46 int fd = open(RANDFILE, O_RDONLY);
47
48 if (fd == -1 ||
49 !read_write(fd, (unsigned char *)&seed, sizeof(seed), 1) ||
50 !read_write(fd, (unsigned char *)&in, sizeof(in), 1))
51 die(_("failed to seed the random number generator: %s"), NULL, EC_MISC);
52
53 close(fd);
54}
55
56#define ROTATE(x,b) (((x) << (b)) | ((x) >> (32 - (b))))
57#define MUSH(i,b) x = t[i] += (((x ^ seed[i]) + sum) ^ ROTATE(x,b));
58
59static void surf(void)
60{
61 u32 t[12]; u32 x; u32 sum = 0;
62 int r; int i; int loop;
63
64 for (i = 0;i < 12;++i) t[i] = in[i] ^ seed[12 + i];
65 for (i = 0;i < 8;++i) out[i] = seed[24 + i];
66 x = t[11];
67 for (loop = 0;loop < 2;++loop) {
68 for (r = 0;r < 16;++r) {
69 sum += 0x9e3779b9;
70 MUSH(0,5) MUSH(1,7) MUSH(2,9) MUSH(3,13)
71 MUSH(4,5) MUSH(5,7) MUSH(6,9) MUSH(7,13)
72 MUSH(8,5) MUSH(9,7) MUSH(10,9) MUSH(11,13)
73 }
74 for (i = 0;i < 8;++i) out[i] ^= t[i + 4];
75 }
76}
77
78unsigned short rand16(void)
79{
80 if (!outleft)
81 {
82 if (!++in[0]) if (!++in[1]) if (!++in[2]) ++in[3];
83 surf();
84 outleft = 8;
85 }
86
87 return (unsigned short) out[--outleft];
88}
89
90u32 rand32(void)
91{
92 if (!outleft)
93 {
94 if (!++in[0]) if (!++in[1]) if (!++in[2]) ++in[3];
95 surf();
96 outleft = 8;
97 }
98
99 return out[--outleft];
100}
101
102u64 rand64(void)
103{
104 static int outleft = 0;
105
106 if (outleft < 2)
107 {
108 if (!++in[0]) if (!++in[1]) if (!++in[2]) ++in[3];
109 surf();
110 outleft = 8;
111 }
112
113 outleft -= 2;
114
115 return (u64)out[outleft+1] + (((u64)out[outleft]) << 32);
116}
117
118/* returns 2 if names is OK but contains one or more underscores */
119static int check_name(char *in)
120{
121 /* remove trailing .
122 also fail empty string and label > 63 chars */
123 size_t dotgap = 0, l = strlen(in);
124 char c;
125 int nowhite = 0;
126 int hasuscore = 0;
127
128 if (l == 0 || l > MAXDNAME) return 0;
129
130 if (in[l-1] == '.')
131 {
132 in[l-1] = 0;
133 nowhite = 1;
134 }
135
136 for (; (c = *in); in++)
137 {
138 if (c == '.')
139 dotgap = 0;
140 else if (++dotgap > MAXLABEL)
141 return 0;
142 else if (isascii((unsigned char)c) && iscntrl((unsigned char)c))
143 /* iscntrl only gives expected results for ascii */
144 return 0;
145#if !defined(HAVE_IDN) && !defined(HAVE_LIBIDN2)
146 else if (!isascii((unsigned char)c))
147 return 0;
148#endif
149 else if (c != ' ')
150 {
151 nowhite = 1;
152 if (c == '_')
153 hasuscore = 1;
154 }
155 }
156
157 if (!nowhite)
158 return 0;
159
160 return hasuscore ? 2 : 1;
161}
162
163/* Hostnames have a more limited valid charset than domain names
164 so check for legal char a-z A-Z 0-9 - _
165 Note that this may receive a FQDN, so only check the first label
166 for the tighter criteria. */
167int legal_hostname(char *name)
168{
169 char c;
170 int first;
171
172 if (!check_name(name))
173 return 0;
174
175 for (first = 1; (c = *name); name++, first = 0)
176 /* check for legal char a-z A-Z 0-9 - _ . */
177 {
178 if ((c >= 'A' && c <= 'Z') ||
179 (c >= 'a' && c <= 'z') ||
180 (c >= '0' && c <= '9'))
181 continue;
182
183 if (!first && (c == '-' || c == '_'))
184 continue;
185
186 /* end of hostname part */
187 if (c == '.')
188 return 1;
189
190 return 0;
191 }
192
193 return 1;
194}
195
196char *canonicalise(char *in, int *nomem)
197{
198 char *ret = NULL;
199 int rc;
200
201 if (nomem)
202 *nomem = 0;
203
204 if (!(rc = check_name(in)))
205 return NULL;
206
207#if defined(HAVE_LIBIDN2) && (!defined(IDN2_VERSION_NUMBER) || IDN2_VERSION_NUMBER < 0x02000003)
208 /* older libidn2 strips underscores, so don't do IDN processing
209 if the name has an underscore (check_name() returned 2) */
210 if (rc != 2)
211#endif
212#if defined(HAVE_IDN) || defined(HAVE_LIBIDN2)
213 {
214# ifdef HAVE_LIBIDN2
215 rc = idn2_to_ascii_lz(in, &ret, IDN2_NONTRANSITIONAL);
216 if (rc == IDN2_DISALLOWED)
217 rc = idn2_to_ascii_lz(in, &ret, IDN2_TRANSITIONAL);
218# else
219 rc = idna_to_ascii_lz(in, &ret, 0);
220# endif
221 if (rc != IDNA_SUCCESS)
222 {
223 if (ret)
224 free(ret);
225
226 if (nomem && (rc == IDNA_MALLOC_ERROR || rc == IDNA_DLOPEN_ERROR))
227 {
228 my_syslog(LOG_ERR, _("failed to allocate memory"));
229 *nomem = 1;
230 }
231
232 return NULL;
233 }
234
235 return ret;
236 }
237#endif
238
239 if ((ret = whine_malloc(strlen(in)+1)))
240 strcpy(ret, in);
241 else if (nomem)
242 *nomem = 1;
243
244 return ret;
245}
246
247unsigned char *do_rfc1035_name(unsigned char *p, char *sval, char *limit)
248{
249 int j;
250
251 while (sval && *sval)
252 {
253 unsigned char *cp = p++;
254
255 if (limit && p > (unsigned char*)limit)
256 return NULL;
257
258 for (j = 0; *sval && (*sval != '.'); sval++, j++)
259 {
260 if (limit && p + 1 > (unsigned char*)limit)
261 return NULL;
262
263#ifdef HAVE_DNSSEC
264 if (option_bool(OPT_DNSSEC_VALID) && *sval == NAME_ESCAPE)
265 *p++ = (*(++sval))-1;
266 else
267#endif
268 *p++ = *sval;
269 }
270
271 *cp = j;
272 if (*sval)
273 sval++;
274 }
275
276 return p;
277}
278
279/* for use during startup */
280void *safe_malloc(size_t size)
281{
282 void *ret = calloc(1, size);
283
284 if (!ret)
285 die(_("could not get memory"), NULL, EC_NOMEM);
286
287 return ret;
288}
289
290/* Ensure limited size string is always terminated.
291 * Can be replaced by (void)strlcpy() on some platforms */
292void safe_strncpy(char *dest, const char *src, size_t size)
293{
294 if (size != 0)
295 {
296 dest[size-1] = '\0';
297 strncpy(dest, src, size-1);
298 }
299}
300
301void safe_pipe(int *fd, int read_noblock)
302{
303 if (pipe(fd) == -1 ||
304 !fix_fd(fd[1]) ||
305 (read_noblock && !fix_fd(fd[0])))
306 die(_("cannot create pipe: %s"), NULL, EC_MISC);
307}
308
309void *whine_malloc(size_t size)
310{
311 void *ret = calloc(1, size);
312
313 if (!ret)
314 my_syslog(LOG_ERR, _("failed to allocate %d bytes"), (int) size);
315
316 return ret;
317}
318
319int sockaddr_isequal(const union mysockaddr *s1, const union mysockaddr *s2)
320{
321 if (s1->sa.sa_family == s2->sa.sa_family)
322 {
323 if (s1->sa.sa_family == AF_INET &&
324 s1->in.sin_port == s2->in.sin_port &&
325 s1->in.sin_addr.s_addr == s2->in.sin_addr.s_addr)
326 return 1;
327
328 if (s1->sa.sa_family == AF_INET6 &&
329 s1->in6.sin6_port == s2->in6.sin6_port &&
330 s1->in6.sin6_scope_id == s2->in6.sin6_scope_id &&
331 IN6_ARE_ADDR_EQUAL(&s1->in6.sin6_addr, &s2->in6.sin6_addr))
332 return 1;
333 }
334 return 0;
335}
336
337int sa_len(union mysockaddr *addr)
338{
339#ifdef HAVE_SOCKADDR_SA_LEN
340 return addr->sa.sa_len;
341#else
342 if (addr->sa.sa_family == AF_INET6)
343 return sizeof(addr->in6);
344 else
345 return sizeof(addr->in);
346#endif
347}
348
349/* don't use strcasecmp and friends here - they may be messed up by LOCALE */
350int hostname_isequal(const char *a, const char *b)
351{
352 unsigned int c1, c2;
353
354 do {
355 c1 = (unsigned char) *a++;
356 c2 = (unsigned char) *b++;
357
358 if (c1 >= 'A' && c1 <= 'Z')
359 c1 += 'a' - 'A';
360 if (c2 >= 'A' && c2 <= 'Z')
361 c2 += 'a' - 'A';
362
363 if (c1 != c2)
364 return 0;
365 } while (c1);
366
367 return 1;
368}
369
370/* is b equal to or a subdomain of a return 2 for equal, 1 for subdomain */
371int hostname_issubdomain(char *a, char *b)
372{
373 char *ap, *bp;
374 unsigned int c1, c2;
375
376 /* move to the end */
377 for (ap = a; *ap; ap++);
378 for (bp = b; *bp; bp++);
379
380 /* a shorter than b or a empty. */
381 if ((bp - b) < (ap - a) || ap == a)
382 return 0;
383
384 do
385 {
386 c1 = (unsigned char) *(--ap);
387 c2 = (unsigned char) *(--bp);
388
389 if (c1 >= 'A' && c1 <= 'Z')
390 c1 += 'a' - 'A';
391 if (c2 >= 'A' && c2 <= 'Z')
392 c2 += 'a' - 'A';
393
394 if (c1 != c2)
395 return 0;
396 } while (ap != a);
397
398 if (bp == b)
399 return 2;
400
401 if (*(--bp) == '.')
402 return 1;
403
404 return 0;
405}
406
407
408time_t dnsmasq_time(void)
409{
410#ifdef HAVE_BROKEN_RTC
411 struct tms dummy;
412 static long tps = 0;
413
414 if (tps == 0)
415 tps = sysconf(_SC_CLK_TCK);
416
417 return (time_t)(times(&dummy)/tps);
418#else
419 return time(NULL);
420#endif
421}
422
423int netmask_length(struct in_addr mask)
424{
425 int zero_count = 0;
426
427 while (0x0 == (mask.s_addr & 0x1) && zero_count < 32)
428 {
429 mask.s_addr >>= 1;
430 zero_count++;
431 }
432
433 return 32 - zero_count;
434}
435
436int is_same_net(struct in_addr a, struct in_addr b, struct in_addr mask)
437{
438 return (a.s_addr & mask.s_addr) == (b.s_addr & mask.s_addr);
439}
440
441int is_same_net_prefix(struct in_addr a, struct in_addr b, int prefix)
442{
443 struct in_addr mask;
444
445 mask.s_addr = htonl(~((1 << (32 - prefix)) - 1));
446
447 return is_same_net(a, b, mask);
448}
449
450
451int is_same_net6(struct in6_addr *a, struct in6_addr *b, int prefixlen)
452{
453 int pfbytes = prefixlen >> 3;
454 int pfbits = prefixlen & 7;
455
456 if (memcmp(&a->s6_addr, &b->s6_addr, pfbytes) != 0)
457 return 0;
458
459 if (pfbits == 0 ||
460 (a->s6_addr[pfbytes] >> (8 - pfbits) == b->s6_addr[pfbytes] >> (8 - pfbits)))
461 return 1;
462
463 return 0;
464}
465
466/* return least significant 64 bits if IPv6 address */
467u64 addr6part(struct in6_addr *addr)
468{
469 int i;
470 u64 ret = 0;
471
472 for (i = 8; i < 16; i++)
473 ret = (ret << 8) + addr->s6_addr[i];
474
475 return ret;
476}
477
478void setaddr6part(struct in6_addr *addr, u64 host)
479{
480 int i;
481
482 for (i = 15; i >= 8; i--)
483 {
484 addr->s6_addr[i] = host;
485 host = host >> 8;
486 }
487}
488
489
490/* returns port number from address */
491int prettyprint_addr(union mysockaddr *addr, char *buf)
492{
493 int port = 0;
494
495 if (addr->sa.sa_family == AF_INET)
496 {
497 inet_ntop(AF_INET, &addr->in.sin_addr, buf, ADDRSTRLEN);
498 port = ntohs(addr->in.sin_port);
499 }
500 else if (addr->sa.sa_family == AF_INET6)
501 {
502 char name[IF_NAMESIZE];
503 inet_ntop(AF_INET6, &addr->in6.sin6_addr, buf, ADDRSTRLEN);
504 if (addr->in6.sin6_scope_id != 0 &&
505 if_indextoname(addr->in6.sin6_scope_id, name) &&
506 strlen(buf) + strlen(name) + 2 <= ADDRSTRLEN)
507 {
508 strcat(buf, "%");
509 strcat(buf, name);
510 }
511 port = ntohs(addr->in6.sin6_port);
512 }
513
514 return port;
515}
516
517void prettyprint_time(char *buf, unsigned int t)
518{
519 if (t == 0xffffffff)
520 sprintf(buf, _("infinite"));
521 else
522 {
523 unsigned int x, p = 0;
524 if ((x = t/86400))
525 p += sprintf(&buf[p], "%ud", x);
526 if ((x = (t/3600)%24))
527 p += sprintf(&buf[p], "%uh", x);
528 if ((x = (t/60)%60))
529 p += sprintf(&buf[p], "%um", x);
530 if ((x = t%60))
531 p += sprintf(&buf[p], "%us", x);
532 }
533}
534
535
536/* in may equal out, when maxlen may be -1 (No max len).
537 Return -1 for extraneous no-hex chars found. */
538int parse_hex(char *in, unsigned char *out, int maxlen,
539 unsigned int *wildcard_mask, int *mac_type)
540{
541 int done = 0, mask = 0, i = 0;
542 char *r;
543
544 if (mac_type)
545 *mac_type = 0;
546
547 while (!done && (maxlen == -1 || i < maxlen))
548 {
549 for (r = in; *r != 0 && *r != ':' && *r != '-' && *r != ' '; r++)
550 if (*r != '*' && !isxdigit((unsigned char)*r))
551 return -1;
552
553 if (*r == 0)
554 done = 1;
555
556 if (r != in )
557 {
558 if (*r == '-' && i == 0 && mac_type)
559 {
560 *r = 0;
561 *mac_type = strtol(in, NULL, 16);
562 mac_type = NULL;
563 }
564 else
565 {
566 *r = 0;
567 if (strcmp(in, "*") == 0)
568 {
569 mask = (mask << 1) | 1;
570 i++;
571 }
572 else
573 {
574 int j, bytes = (1 + (r - in))/2;
575 for (j = 0; j < bytes; j++)
576 {
577 char sav = sav;
578 if (j < bytes - 1)
579 {
580 sav = in[(j+1)*2];
581 in[(j+1)*2] = 0;
582 }
583 /* checks above allow mix of hexdigit and *, which
584 is illegal. */
585 if (strchr(&in[j*2], '*'))
586 return -1;
587 out[i] = strtol(&in[j*2], NULL, 16);
588 mask = mask << 1;
589 if (++i == maxlen)
590 break;
591 if (j < bytes - 1)
592 in[(j+1)*2] = sav;
593 }
594 }
595 }
596 }
597 in = r+1;
598 }
599
600 if (wildcard_mask)
601 *wildcard_mask = mask;
602
603 return i;
604}
605
606/* return 0 for no match, or (no matched octets) + 1 */
607int memcmp_masked(unsigned char *a, unsigned char *b, int len, unsigned int mask)
608{
609 int i, count;
610 for (count = 1, i = len - 1; i >= 0; i--, mask = mask >> 1)
611 if (!(mask & 1))
612 {
613 if (a[i] == b[i])
614 count++;
615 else
616 return 0;
617 }
618 return count;
619}
620
621/* _note_ may copy buffer */
622int expand_buf(struct iovec *iov, size_t size)
623{
624 void *new;
625
626 if (size <= (size_t)iov->iov_len)
627 return 1;
628
629 if (!(new = whine_malloc(size)))
630 {
631 errno = ENOMEM;
632 return 0;
633 }
634
635 if (iov->iov_base)
636 {
637 memcpy(new, iov->iov_base, iov->iov_len);
638 free(iov->iov_base);
639 }
640
641 iov->iov_base = new;
642 iov->iov_len = size;
643
644 return 1;
645}
646
647char *print_mac(char *buff, unsigned char *mac, int len)
648{
649 char *p = buff;
650 int i;
651
652 if (len == 0)
653 sprintf(p, "<null>");
654 else
655 for (i = 0; i < len; i++)
656 p += sprintf(p, "%.2x%s", mac[i], (i == len - 1) ? "" : ":");
657
658 return buff;
659}
660
661/* rc is return from sendto and friends.
662 Return 1 if we should retry.
663 Set errno to zero if we succeeded. */
664int retry_send(ssize_t rc)
665{
666 static int retries = 0;
667 struct timespec waiter;
668
669 if (rc != -1)
670 {
671 retries = 0;
672 errno = 0;
673 return 0;
674 }
675
676 /* Linux kernels can return EAGAIN in perpetuity when calling
677 sendmsg() and the relevant interface has gone. Here we loop
678 retrying in EAGAIN for 1 second max, to avoid this hanging
679 dnsmasq. */
680
681 if (errno == EAGAIN || errno == EWOULDBLOCK)
682 {
683 waiter.tv_sec = 0;
684 waiter.tv_nsec = 10000;
685 nanosleep(&waiter, NULL);
686 if (retries++ < 1000)
687 return 1;
688 }
689
690 retries = 0;
691
692 if (errno == EINTR)
693 return 1;
694
695 return 0;
696}
697
698int read_write(int fd, unsigned char *packet, int size, int rw)
699{
700 ssize_t n, done;
701
702 for (done = 0; done < size; done += n)
703 {
704 do {
705 if (rw)
706 n = read(fd, &packet[done], (size_t)(size - done));
707 else
708 n = write(fd, &packet[done], (size_t)(size - done));
709
710 if (n == 0)
711 return 0;
712
713 } while (retry_send(n) || errno == ENOMEM || errno == ENOBUFS);
714
715 if (errno != 0)
716 return 0;
717 }
718
719 return 1;
720}
721
722/* close all fds except STDIN, STDOUT and STDERR, spare1, spare2 and spare3 */
723void close_fds(long max_fd, int spare1, int spare2, int spare3)
724{
725 /* On Linux, use the /proc/ filesystem to find which files
726 are actually open, rather than iterate over the whole space,
727 for efficiency reasons. If this fails we drop back to the dumb code. */
728#ifdef HAVE_LINUX_NETWORK
729 DIR *d;
730
731 if ((d = opendir("/proc/self/fd")))
732 {
733 struct dirent *de;
734
735 while ((de = readdir(d)))
736 {
737 long fd;
738 char *e = NULL;
739
740 errno = 0;
741 fd = strtol(de->d_name, &e, 10);
742
743 if (errno != 0 || !e || *e || fd == dirfd(d) ||
744 fd == STDOUT_FILENO || fd == STDERR_FILENO || fd == STDIN_FILENO ||
745 fd == spare1 || fd == spare2 || fd == spare3)
746 continue;
747
748 close(fd);
749 }
750
751 closedir(d);
752 return;
753 }
754#endif
755
756 /* fallback, dumb code. */
757 for (max_fd--; max_fd >= 0; max_fd--)
758 if (max_fd != STDOUT_FILENO && max_fd != STDERR_FILENO && max_fd != STDIN_FILENO &&
759 max_fd != spare1 && max_fd != spare2 && max_fd != spare3)
760 close(max_fd);
761}
762
763/* Basically match a string value against a wildcard pattern. */
764int wildcard_match(const char* wildcard, const char* match)
765{
766 while (*wildcard && *match)
767 {
768 if (*wildcard == '*')
769 return 1;
770
771 if (*wildcard != *match)
772 return 0;
773
774 ++wildcard;
775 ++match;
776 }
777
778 return *wildcard == *match;
779}
780
781/* The same but comparing a maximum of NUM characters, like strncmp. */
782int wildcard_matchn(const char* wildcard, const char* match, int num)
783{
784 while (*wildcard && *match && num)
785 {
786 if (*wildcard == '*')
787 return 1;
788
789 if (*wildcard != *match)
790 return 0;
791
792 ++wildcard;
793 ++match;
794 --num;
795 }
796
797 return (!num) || (*wildcard == *match);
798}
799
800#ifdef HAVE_LINUX_NETWORK
801int kernel_version(void)
802{
803 struct utsname utsname;
804 int version;
805 char *split;
806
807 if (uname(&utsname) < 0)
808 die(_("failed to find kernel version: %s"), NULL, EC_MISC);
809
810 split = strtok(utsname.release, ".");
811 version = (split ? atoi(split) : 0);
812 split = strtok(NULL, ".");
813 version = version * 256 + (split ? atoi(split) : 0);
814 split = strtok(NULL, ".");
815 return version * 256 + (split ? atoi(split) : 0);
816}
817#endif