SECURITY: adns: Do not corrupt pointer when nameserver speaks first

[adns.git] / src / event.c

diff --git a/src/event.c b/src/event.c
index 885ab81032747cb4ba478c84723375fa2791f73c..b36288ddfab610e305a4205d659f963bdaabb4d4 100644 (file)
--- a/src/event.c
+++ b/src/event.c
@@ -5,16 +5,16 @@
  * - user-visible check/wait and event-loop-related functions
  */
 /*
- *  This file is
- *    Copyright (C) 1997-1999 Ian Jackson <ian@davenant.greenend.org.uk>
- *
- *  It is part of adns, which is
- *    Copyright (C) 1997-1999 Ian Jackson <ian@davenant.greenend.org.uk>
- *    Copyright (C) 1999 Tony Finch <dot@dotat.at>
+ *  This file is part of adns, which is
+ *    Copyright (C) 1997-2000,2003,2006,2014-2016  Ian Jackson
+ *    Copyright (C) 2014  Mark Wooding
+ *    Copyright (C) 1999-2000,2003,2006  Tony Finch
+ *    Copyright (C) 1991 Massachusetts Institute of Technology
+ *  (See the file INSTALL for full details.)
  *  
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2, or (at your option)
+ *  the Free Software Foundation; either version 3, or (at your option)
  *  any later version.
  *  
  *  This program is distributed in the hope that it will be useful,
@@ -23,8 +23,7 @@
  *  GNU General Public License for more details.
  *  
  *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software Foundation,
- *  Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 
+ *  along with this program; if not, write to the Free Software Foundation.
  */
 
 #include <errno.h>
@@ -44,9 +43,6 @@
 /* TCP connection management. */
 
 static void tcp_close(adns_state ads) {
-  int serv;
-  
-  serv= ads->tcpserver;
   close(ads->tcpsocket);
   ads->tcpsocket= -1;
   ads->tcprecv.used= ads->tcprecv_skip= ads->tcpsend.used= 0;
@@ -54,11 +50,18 @@ static void tcp_close(adns_state ads) {
 
 void adns__tcp_broken(adns_state ads, const char *what, const char *why) {
   int serv;
+  adns_query qu;
   
   assert(ads->tcpstate == server_connecting || ads->tcpstate == server_ok);
   serv= ads->tcpserver;
   if (what) adns__warn(ads,serv,0,"TCP connection failed: %s: %s",what,why);
 
+  if (ads->tcpstate == server_connecting) {
+    /* Counts as a retry for all the queries waiting for TCP. */
+    for (qu= ads->tcpw.head; qu; qu= qu->next)
+      qu->retries++;
+  }
+
   tcp_close(ads);
   ads->tcpstate= server_broken;
   ads->tcpserver= (serv+1)%ads->nservers;
@@ -76,9 +79,24 @@ static void tcp_connected(adns_state ads, struct timeval now) {
   }
 }
 
+static void tcp_broken_events(adns_state ads) {
+  adns_query qu, nqu;
+  
+  assert(ads->tcpstate == server_broken);
+  for (qu= ads->tcpw.head; qu; qu= nqu) {
+    nqu= qu->next;
+    assert(qu->state == query_tcpw);
+    if (qu->retries > ads->nservers) {
+      LIST_UNLINK(ads->tcpw,qu);
+      adns__query_fail(qu,adns_s_allservfail);
+    }
+  }
+  ads->tcpstate= server_disconnected;
+}
+
 void adns__tcp_tryconnect(adns_state ads, struct timeval now) {
   int r, fd, tries;
-  struct sockaddr_in addr;
+  adns_rr_addr *addr;
   struct protoent *proto;
 
   for (tries=0; tries<ads->nservers; tries++) {
@@ -98,23 +116,24 @@ void adns__tcp_tryconnect(adns_state ads, struct timeval now) {
     assert(!ads->tcprecv_skip);
 
     proto= getprotobyname("tcp");
-    if (!proto) { adns__diag(ads,-1,0,"unable to find protocol no. for TCP !"); return; }
-    fd= socket(AF_INET,SOCK_STREAM,proto->p_proto);
+    if (!proto) {
+      adns__diag(ads,-1,0,"unable to find protocol no. for TCP !");
+      return;
+    }
+    addr = &ads->servers[ads->tcpserver];
+    fd= socket(addr->addr.sa.sa_family, SOCK_STREAM, proto->p_proto);
     if (fd<0) {
       adns__diag(ads,-1,0,"cannot create TCP socket: %s",strerror(errno));
       return;
     }
     r= adns__setnonblock(ads,fd);
     if (r) {
-      adns__diag(ads,-1,0,"cannot make TCP socket nonblocking: %s",strerror(r));
+      adns__diag(ads,-1,0,"cannot make TCP socket nonblocking:"
+                " %s",strerror(r));
       close(fd);
       return;
     }
-    memset(&addr,0,sizeof(addr));
-    addr.sin_family= AF_INET;
-    addr.sin_port= htons(DNS_PORT);
-    addr.sin_addr= ads->servers[ads->tcpserver].addr;
-    r= connect(fd,(const struct sockaddr*)&addr,sizeof(addr));
+    r= connect(fd,&addr->addr.sa,addr->len);
     ads->tcpsocket= fd;
     ads->tcpstate= server_connecting;
     if (r==0) { tcp_connected(ads,now); return; }
@@ -124,7 +143,7 @@ void adns__tcp_tryconnect(adns_state ads, struct timeval now) {
       return;
     }
     adns__tcp_broken(ads,"connect",strerror(errno));
-    ads->tcpstate= server_disconnected;
+    tcp_broken_events(ads);
   }
 }
 
@@ -211,21 +230,11 @@ static void timeouts_queue(adns_state ads, int act,
 static void tcp_events(adns_state ads, int act,
                       struct timeval **tv_io, struct timeval *tvbuf,
                       struct timeval now) {
-  adns_query qu, nqu;
-  
   for (;;) {
     switch (ads->tcpstate) {
     case server_broken:
       if (!act) { inter_immed(tv_io,tvbuf); return; }
-      for (qu= ads->tcpw.head; qu; qu= nqu) {
-       nqu= qu->next;
-       assert(qu->state == query_tcpw);
-       if (qu->retries > ads->nservers) {
-         LIST_UNLINK(ads->tcpw,qu);
-         adns__query_fail(qu,adns_s_allservfail);
-       }
-      }
-      ads->tcpstate= server_disconnected;
+      tcp_broken_events(ads);
     case server_disconnected: /* fall through */
       if (!ads->tcpw.head) return;
       if (!act) { inter_immed(tv_io,tvbuf); return; }
@@ -277,7 +286,7 @@ void adns_firsttimeout(adns_state ads,
                       struct timeval now) {
   adns__consistency(ads,0,cc_entex);
   adns__timeouts(ads, 0, tv_io,tvbuf, now);
-  adns__consistency(ads,0,cc_entex);
+  adns__returning(ads,0);
 }
 
 void adns_processtimeouts(adns_state ads, const struct timeval *now) {
@@ -286,7 +295,7 @@ void adns_processtimeouts(adns_state ads, const struct timeval *now) {
   adns__consistency(ads,0,cc_entex);
   adns__must_gettimeofday(ads,&now,&tv_buf);
   if (now) adns__timeouts(ads, 1, 0,0, *now);
-  adns__consistency(ads,0,cc_entex);
+  adns__returning(ads,0);
 }
 
 /* fd handling functions.  These are the top-level of the real work of
@@ -295,44 +304,59 @@ void adns_processtimeouts(adns_state ads, const struct timeval *now) {
 
 int adns__pollfds(adns_state ads, struct pollfd pollfds_buf[MAX_POLLFDS]) {
   /* Returns the number of entries filled in.  Always zeroes revents. */
+  int nwanted=0;
+#define ADD_POLLFD(wantfd, wantevents) do{     \
+    pollfds_buf[nwanted].fd= (wantfd);         \
+    pollfds_buf[nwanted].events= (wantevents); \
+    pollfds_buf[nwanted].revents= 0;           \
+    nwanted++;                                 \
+  }while(0)
 
-  assert(MAX_POLLFDS==2);
+  int i;
 
-  pollfds_buf[0].fd= ads->udpsocket;
-  pollfds_buf[0].events= POLLIN;
-  pollfds_buf[0].revents= 0;
+  assert(MAX_POLLFDS == MAXUDP + 1);
+
+  for (i=0; i<ads->nudpsockets; i++)
+    ADD_POLLFD(ads->udpsockets[i].fd, POLLIN);
 
   switch (ads->tcpstate) {
   case server_disconnected:
-    return 1;
+  case server_broken:
+    break;
   case server_connecting:
-    pollfds_buf[1].events= POLLOUT;
+    ADD_POLLFD(ads->tcpsocket, POLLOUT);
     break;
   case server_ok:
-    pollfds_buf[1].events= ads->tcpsend.used ? POLLIN|POLLOUT|POLLPRI : POLLIN|POLLPRI;
+    ADD_POLLFD(ads->tcpsocket,
+              ads->tcpsend.used ? POLLIN|POLLOUT|POLLPRI : POLLIN|POLLPRI);
     break;
   default:
     abort();
   }
-  pollfds_buf[1].fd= ads->tcpsocket;
-  return 2;
+  assert(nwanted<=MAX_POLLFDS);
+#undef ADD_POLLFD
+  return nwanted;
 }
 
 int adns_processreadable(adns_state ads, int fd, const struct timeval *now) {
-  int want, dgramlen, r, udpaddrlen, serv, old_skip;
+  int want, dgramlen, r, i, serv, old_skip;
+  socklen_t udpaddrlen;
   byte udpbuf[DNS_MAXUDP];
-  struct sockaddr_in udpaddr;
+  char addrbuf[ADNS_ADDR2TEXT_BUFLEN];
+  struct udpsocket *udp;
+  adns_sockaddr udpaddr;
   
   adns__consistency(ads,0,cc_entex);
 
   switch (ads->tcpstate) {
   case server_disconnected:
+  case server_broken:
   case server_connecting:
     break;
   case server_ok:
     if (fd != ads->tcpsocket) break;
     assert(!ads->tcprecv_skip);
-    for (;;) {
+    do {
       if (ads->tcprecv.used >= ads->tcprecv_skip+2) {
        dgramlen= ((ads->tcprecv.buf[ads->tcprecv_skip]<<8) |
                   ads->tcprecv.buf[ads->tcprecv_skip+1]);
@@ -349,7 +373,8 @@ int adns_processreadable(adns_state ads, int fd, const struct timeval *now) {
        want= 2;
       }
       ads->tcprecv.used -= ads->tcprecv_skip;
-      memmove(ads->tcprecv.buf,ads->tcprecv.buf+ads->tcprecv_skip,ads->tcprecv.used);
+      memmove(ads->tcprecv.buf, ads->tcprecv.buf+ads->tcprecv_skip,
+             ads->tcprecv.used);
       ads->tcprecv_skip= 0;
       if (!adns__vbuf_ensure(&ads->tcprecv,want)) { r= ENOMEM; goto xit; }
       assert(ads->tcprecv.used <= ads->tcprecv.avail);
@@ -366,17 +391,18 @@ int adns_processreadable(adns_state ads, int fd, const struct timeval *now) {
          if (errno_resources(errno)) { r= errno; goto xit; }
        }
        adns__tcp_broken(ads,"read",r?strerror(errno):"closed");
-       r= 0; goto xit;
       }
-    } /* never reached */
+    } while (ads->tcpstate == server_ok);
+    r= 0; goto xit;
   default:
     abort();
   }
-  if (fd == ads->udpsocket) {
+  for (i=0; i<ads->nudpsockets; i++) {
+    udp= &ads->udpsockets[i];
+    if (fd != udp->fd) continue;
     for (;;) {
       udpaddrlen= sizeof(udpaddr);
-      r= recvfrom(ads->udpsocket,udpbuf,sizeof(udpbuf),0,
-                 (struct sockaddr*)&udpaddr,&udpaddrlen);
+      r= recvfrom(fd,udpbuf,sizeof(udpbuf),0, &udpaddr.sa,&udpaddrlen);
       if (r<0) {
        if (errno == EAGAIN || errno == EWOULDBLOCK) { r= 0; goto xit; }
        if (errno == EINTR) continue;
@@ -384,36 +410,23 @@ int adns_processreadable(adns_state ads, int fd, const struct timeval *now) {
        adns__warn(ads,-1,0,"datagram receive error: %s",strerror(errno));
        r= 0; goto xit;
       }
-      if (udpaddrlen != sizeof(udpaddr)) {
-       adns__diag(ads,-1,0,"datagram received with wrong address length %d"
-                  " (expected %d)", udpaddrlen,sizeof(udpaddr));
-       continue;
-      }
-      if (udpaddr.sin_family != AF_INET) {
-       adns__diag(ads,-1,0,"datagram received with wrong protocol family"
-                  " %u (expected %u)",udpaddr.sin_family,AF_INET);
-       continue;
-      }
-      if (ntohs(udpaddr.sin_port) != DNS_PORT) {
-       adns__diag(ads,-1,0,"datagram received from wrong port %u (expected %u)",
-                  ntohs(udpaddr.sin_port),DNS_PORT);
-       continue;
-      }
       for (serv= 0;
           serv < ads->nservers &&
-            ads->servers[serv].addr.s_addr != udpaddr.sin_addr.s_addr;
+            !adns__sockaddrs_equal(&udpaddr.sa,
+                                   &ads->servers[serv].addr.sa);
           serv++);
       if (serv >= ads->nservers) {
        adns__warn(ads,-1,0,"datagram received from unknown nameserver %s",
-                  inet_ntoa(udpaddr.sin_addr));
+                  adns__sockaddr_ntoa(&udpaddr.sa, addrbuf));
        continue;
       }
       adns__procdgram(ads,udpbuf,r,serv,0,*now);
     }
+    break;
   }
   r= 0;
 xit:
-  adns__consistency(ads,0,cc_entex);
+  adns__returning(ads,0);
   return r;
 }
 
@@ -424,14 +437,31 @@ int adns_processwriteable(adns_state ads, int fd, const struct timeval *now) {
 
   switch (ads->tcpstate) {
   case server_disconnected:
+  case server_broken:
     break;
   case server_connecting:
     if (fd != ads->tcpsocket) break;
     assert(ads->tcprecv.used==0);
     assert(ads->tcprecv_skip==0);
     for (;;) {
+      /* This function can be called even if the fd wasn't actually
+       * flagged as writeable.  For asynch tcp connect we have to
+       * actually use the writeability to tell us the connect has
+       * completed (or failed), so we need to double check. */
+      fd_set writeable;
+      struct timeval timeout = { 0,0 };
+      FD_ZERO(&writeable);
+      FD_SET(ads->tcpsocket,&writeable);
+      r= select(ads->tcpsocket+1,0,&writeable,0,&timeout);
+      if (r==0) break;
+      if (r<0) {
+       if (errno==EINTR) continue;
+       adns__tcp_broken(ads,"select","failed connecting writeability check");
+       r= 0; goto xit;
+      }
+      assert(FD_ISSET(ads->tcpsocket,&writeable));
       if (!adns__vbuf_ensure(&ads->tcprecv,1)) { r= ENOMEM; goto xit; }
-      r= read(ads->tcpsocket,&ads->tcprecv.buf,1);
+      r= read(ads->tcpsocket,ads->tcprecv.buf,1);
       if (r==0 || (r<0 && (errno==EAGAIN || errno==EWOULDBLOCK))) {
        tcp_connected(ads,*now);
        r= 0; goto xit;
@@ -446,8 +476,8 @@ int adns_processwriteable(adns_state ads, int fd, const struct timeval *now) {
       r= 0; goto xit;
     } /* not reached */
   case server_ok:
-    if (!(ads->tcpsend.used && fd == ads->tcpsocket)) break;
-    for (;;) {
+    if (fd != ads->tcpsocket) break;
+    while (ads->tcpsend.used) {
       adns__sigpipe_protect(ads);
       r= write(ads->tcpsocket,ads->tcpsend.buf,ads->tcpsend.used);
       adns__sigpipe_unprotect(ads);
@@ -461,20 +491,24 @@ int adns_processwriteable(adns_state ads, int fd, const struct timeval *now) {
        ads->tcpsend.used -= r;
        memmove(ads->tcpsend.buf,ads->tcpsend.buf+r,ads->tcpsend.used);
       }
-    } /* not reached */
+    }
+    r= 0;
+    goto xit;
   default:
     abort();
   }
   r= 0;
 xit:
-  adns__consistency(ads,0,cc_entex);
+  adns__returning(ads,0);
   return r;
 }
   
-int adns_processexceptional(adns_state ads, int fd, const struct timeval *now) {
+int adns_processexceptional(adns_state ads, int fd,
+                           const struct timeval *now) {
   adns__consistency(ads,0,cc_entex);
   switch (ads->tcpstate) {
   case server_disconnected:
+  case server_broken:
     break;
   case server_connecting:
   case server_ok:
@@ -484,14 +518,15 @@ int adns_processexceptional(adns_state ads, int fd, const struct timeval *now) {
   default:
     abort();
   }
-  adns__consistency(ads,0,cc_entex);
+  adns__returning(ads,0);
   return 0;
 }
 
 static void fd_event(adns_state ads, int fd,
                     int revent, int pollflag,
                     int maxfd, const fd_set *fds,
-                    int (*func)(adns_state, int fd, const struct timeval *now),
+                    int (*func)(adns_state, int fd,
+                                const struct timeval *now),
                     struct timeval now, int *r_r) {
   int r;
   
@@ -502,7 +537,8 @@ static void fd_event(adns_state ads, int fd,
     if (r_r) {
       *r_r= r;
     } else {
-      adns__diag(ads,-1,0,"process fd failed after select: %s",strerror(errno));
+      adns__diag(ads,-1,0,"process fd failed after select:"
+                " %s",strerror(errno));
       adns_globalsystemfailure(ads);
     }
   }
@@ -519,9 +555,12 @@ void adns__fdevents(adns_state ads,
     fd= pollfds[i].fd;
     if (fd >= maxfd) maxfd= fd+1;
     revents= pollfds[i].revents;
-    fd_event(ads,fd, revents,POLLIN, maxfd,readfds, adns_processreadable,now,r_r);
-    fd_event(ads,fd, revents,POLLOUT, maxfd,writefds, adns_processwriteable,now,r_r);
-    fd_event(ads,fd, revents,POLLPRI, maxfd,exceptfds, adns_processexceptional,now,r_r);
+#define EV(pollfl,fds,how)  \
+    fd_event(ads,fd, revents,pollfl, maxfd,fds, adns_process##how,now,r_r)
+    EV( POLLIN,  readfds,   readable    );
+    EV( POLLOUT, writefds,  writeable   );
+    EV( POLLPRI, exceptfds, exceptional );
+#undef EV
   }
 }
 
@@ -540,8 +579,8 @@ void adns_beforeselect(adns_state ads, int *maxfd_io, fd_set *readfds_io,
   if (tv_mod && (!*tv_mod || (*tv_mod)->tv_sec || (*tv_mod)->tv_usec)) {
     /* The caller is planning to sleep. */
     adns__must_gettimeofday(ads,&now,&tv_nowbuf);
-    if (!now) { inter_immed(tv_mod,tv_iobuf); goto xit; }
-    adns__timeouts(ads, 1, tv_mod,tv_tobuf, *now);
+    if (!now) { inter_immed(tv_mod,tv_tobuf); goto xit; }
+    adns__timeouts(ads, 0, tv_mod,tv_tobuf, *now);
   }
 
   npollfds= adns__pollfds(ads,pollfds);
@@ -556,7 +595,7 @@ void adns_beforeselect(adns_state ads, int *maxfd_io, fd_set *readfds_io,
   *maxfd_io= maxfd;
 
 xit:
-  adns__consistency(ads,0,cc_entex);
+  adns__returning(ads,0);
 }
 
 void adns_afterselect(adns_state ads, int maxfd, const fd_set *readfds,
@@ -578,7 +617,7 @@ void adns_afterselect(adns_state ads, int maxfd, const fd_set *readfds,
                 maxfd,readfds,writefds,exceptfds,
                 *now, 0);
 xit:
-  adns__consistency(ads,0,cc_entex);
+  adns__returning(ads,0);
 }
 
 /* General helpful functions. */
@@ -595,11 +634,12 @@ void adns_globalsystemfailure(adns_state ads) {
     adns__tcp_broken(ads,0,0);
     break;
   case server_disconnected:
+  case server_broken:
     break;
   default:
     abort();
   }
-  adns__consistency(ads,0,cc_entex);
+  adns__returning(ads,0);
 }
 
 int adns_processany(adns_state ads) {
@@ -618,13 +658,13 @@ int adns_processany(adns_state ads) {
    * likely just to want to do a read on one or two fds anyway.
    */
   npollfds= adns__pollfds(ads,pollfds);
-  for (i=0; i<npollfds; i++) pollfds[i].revents= pollfds[i].events;
+  for (i=0; i<npollfds; i++) pollfds[i].revents= pollfds[i].events & ~POLLPRI;
   adns__fdevents(ads,
                 pollfds,npollfds,
                 0,0,0,0,
                 now,&r);
 
-  adns__consistency(ads,0,cc_entex);
+  adns__returning(ads,0);
   return 0;
 }
 
@@ -665,7 +705,7 @@ int adns_wait(adns_state ads,
              void **context_r) {
   int r, maxfd, rsel;
   fd_set readfds, writefds, exceptfds;
-  struct timeval *now, nowbuf, tvbuf, *tvp;
+  struct timeval tvbuf, *tvp;
   
   adns__consistency(ads,*query_io,cc_entex);
   for (;;) {
@@ -688,7 +728,7 @@ int adns_wait(adns_state ads,
       adns_afterselect(ads,maxfd,&readfds,&writefds,&exceptfds,0);
     }
   }
-  adns__consistency(ads,0,cc_entex);
+  adns__returning(ads,0);
   return r;
 }
 
@@ -704,6 +744,6 @@ int adns_check(adns_state ads,
   if (!r) adns__autosys(ads,now);
 
   r= adns__internal_check(ads,query_io,answer_r,context_r);
-  adns__consistency(ads,0,cc_entex);
+  adns__returning(ads,0);
   return r;
 }