summaryrefslogtreecommitdiff
path: root/evdns.c
Commit message (Collapse)AuthorAgeFilesLines
* Allow evdns_base_new to succeed with no nameservers configuredDaniel Kempenich2023-01-271-1/+1
| | | | | | If resolv.conf has no nameservers, evdns_base_new can still succeed with the default of using the name server from localhost matching the man page documentation for resolv.conf.
* Replace magic numbers with consts for evdns_base_resolv_conf_parse() errorsDaniel Kempenich2023-01-271-11/+12
|
* evdns: integrate deferred_response_callback into evdns_requestmkm2022-11-131-103/+88
| | | | | | | | | | | | | | | | | the allocation of the struct deferred_reply_callback can fail. If that happens a program waiting for a callback never gets a callback. The program would asume that it either gets an error or a callback when e.g. calling evdns_base_resolve_ipv6. I did an analysis of the evdns.c code and concluded that struct evdns_request would live until the callback is executed. Based on that conclusion I removed the struct deferred_reply_callback and moved the neccessary fields for data which should be copied from struct request into struct evdns_request. The fields evdns_callback_type user_callback and void *user_pointer are moved into struct evdns_request as it is a more natural place for them to live than struct request.
* Fix non-std printf %p arguments (#1327)mareksm2022-08-281-15/+15
| | | | | * Fix non-std printf %p arguments when running with -Werror -pedantic-errors Co-authored-by: Mareks Malnacs <mareks.malnacs>
* evdns: accept domains up to 254 long (previosly only 63 long was accepted)Azat Khuzhin2022-07-101-5/+5
| | | | | | | | | | | | | | | | | Previously evdns was using HOST_NAME_MAX, and define it to 255 *only* if it not set, however it does set on linux: $ egrep -r define.*HOST_NAME_MAX /usr/include/bits /usr/include/bits/local_lim.h:#define HOST_NAME_MAX 64 /usr/include/bits/posix1_lim.h:#define _POSIX_HOST_NAME_MAX 255 /usr/include/bits/confname.h:#define _SC_HOST_NAME_MAX _SC_HOST_NAME_MAX But 64 should be the limit of the host component, not for the whole hostname, as also noted by @ploxiln So use our own EVDNS_NAME_MAX const, which is set to 255. Fixes: #1280
* feat: add `evdns_base_get_nameserver_fd` methodYongsheng Xu2021-12-101-0/+21
| | | | To get underlying udp socket fd.
* Revert "evdns: do not check server_req twice"Azat Khuzhin2021-11-301-5/+7
| | | | | | | | That was wrong assumption. This reverts commit 991f0ed3d86ffca0c017ab83cd239289912bdaad. Fixes: #1231
* Properly initialize sockaddr length on systems with sin_len.Tobias Heider2021-07-121-0/+9
|
* evdns: add ability to get CNAMESergey Matveychuk2021-05-241-8/+23
| | | | | | | | Add new flag (DNS_CNAME_CALLBACK) for evdns_base_resolve_ipv4()/evdns_base_resolve_ipv6(). If set, you will get one more callback with type == DNS_CNAME and CNAME in addrs argument.
* dns: remove evdns_set_transaction_id_fnfanquake2021-04-031-6/+0
|
* dns: remove evdns_set_random_bytes_fnfanquake2021-04-031-5/+0
|
* evdns: add max-probe-timeout/probe-backoff-factor settingschux05192021-01-121-8/+34
| | | | | | | | | | | I recently found that when the network status changed when calling bufferevent_socket_connect_hostname (e.g. switching between several WIFIs), all DNS servers would fail, and the timeout of probe would be very long if there were many DNS requests. I want libevent to support manual setting of MAX_PROBE_TIMEOUT and TIMEOUT_BACKOFF_FACTOR So move hardcoded MAX_PROBE_TIMEOUT and TIMEOUT_BACKOFF_FACTOR into struct, and allow changing them.
* doc: remove dead linkEmil Engler2020-12-261-1/+0
| | | | | The link is dead and an archived page cannot be found in the web.archive.org.
* evdns: do not pass NULL to memcpy() in evdns_server_request_format_response()Azat Khuzhin2020-06-251-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In case of OPT pseudo-RR `class` field is treated as a requestor's UDP payload size, and class will have 512 (DNS_MAX_UDP_SIZE), and data is NULL: (gdb) p *item $4 = { next = 0x0, name = 0x602000000130 "", type = 41, class = 512, ttl = 0, is_name = 0 '\000', datalen = 0, data = 0x0 } And UBSAN will reports: ../evdns.c:2493:5: runtime error: null pointer passed as argument 2, which is declared to never be null #0 0x7ffff70b65bb in evdns_server_request_format_response ../evdns.c:2493 #1 0x7ffff70b706b in evdns_server_request_respond ../evdns.c:2529 #2 0x5555557975ab in regress_dns_server_cb ../test/regress_testutils.c:263 #3 0x7ffff70a8489 in request_parse ../evdns.c:1576 #4 0x7ffff70aa445 in server_udp_port_read ../evdns.c:1726 #5 0x7ffff70ac5cc in server_port_ready_callback ../evdns.c:1849 #6 0x7ffff6d3054c in event_persist_closure ../event.c:1645 #7 0x7ffff6d311cd in event_process_active_single_queue ../event.c:1704 #8 0x7ffff6d33258 in event_process_active ../event.c:1805 #9 0x7ffff6d361b5 in event_base_loop ../event.c:2047 #10 0x7ffff6d334ac in event_base_dispatch ../event.c:1839 #11 0x555555739df2 in test_edns ../test/regress_dns.c:2639 #12 0x5555557b9e96 in testcase_run_bare_ ../test/tinytest.c:173 #13 0x5555557ba8f0 in testcase_run_one ../test/tinytest.c:333 #14 0x5555557bc9a0 in tinytest_main ../test/tinytest.c:527 #15 0x555555787faa in main ../test/regress_main.c:528 #16 0x7ffff606c001 in __libc_start_main (/usr/lib/libc.so.6+0x27001) #17 0x55555569436d in _start (/src/le/libevent/.cmake-debug/bin/regress+0x14036d)
* recreate socket when udp failedokhowang(王沛文)2020-06-081-9/+39
|
* evdns: Add support for setting maximum UDP DNS message size.seleznevae2020-05-311-20/+121
| | | | | | Added new option `edns-udp-size` for evdns_base which allows to control maximum allowed size of UDP DNS messages. This maximum size is passed to the DNS server via edns mechanism.
* evdns: fix coding style issuesAzat Khuzhin2020-05-251-6/+6
|
* evdns: fix trailing whitespacesAzat Khuzhin2020-05-251-1/+1
|
* evdns: bufferevent_setcb before bufferevent_free is redundantAzat Khuzhin2020-05-251-4/+1
|
* evdns: Implement dns requests via tcpayuseleznev2020-05-211-70/+755
|
* evdns: Add additional validation for values of dns optionsayuseleznev2020-05-181-0/+3
|
* evdns: fix a crash when evdns_base with waiting requests is freedayuseleznev2020-02-281-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix undefined behaviour and application crash that might take place in some rare cases after calling evdns_base_free when there are requests in the waiting queue. Current cleanup procedure in evdns_base_free_and_unlock function includes 2 steps: 1. Finish all inflight requests. 2. Finish all waiting requests. During the first step we iterate over each list in req_heads structure and finish all requests in these lists. With current logic finishing an inflight request (function request_finished) removes it from the inflight requests container and forces a wating connection to be sent (by calling evdns_requests_pump_waiting_queue). When these new requests are sent it is possible that they will be inserted to the list in req_heads that we've already cleaned. So in some cases container of the inflight requests is not empty after this procedure and some requests are not finished and deleted. When timeouts for these requests expire evdns_request_timeout_callback is called but corresponding evdns_base has been already deleted which causes undefined behaviour and possible applicaton crash. It is interesting to note that in old versions of libevent such situation was not possible. This bug was introduced by the commit 14f84bbdc77d90b1d936076661443cdbf516c593. Before this commit nameservers were deleted before finishing the requests. Therefore it was not possible that requests from the waiting queue be sent while we finish the inflight requests.
* Fix checking return value of the evdns_base_resolv_conf_parse()Azat Khuzhin2019-09-051-1/+1
| | | | Reported-by: Maxim Gorbachyov <maxim.gorbachyov@gmail.com>
* Missing <winerror.h> on win7/MinGW(MINGW32_NT-6.1)/MSYSyuangongji2019-07-111-0/+1
|
* evdns: add new options -- so-rcvbuf/so-sndbufAzat Khuzhin2019-06-151-0/+30
| | | | | | This will allow to customize SO_RCVBUF/SO_SNDBUF for nameservers in this evdns_base, you may want to adjust them if the kernel starts dropping udp packages.
* evdns: fix lock/unlock mismatch in evdns_close_server_port()zhuizhuhaomeng2019-05-061-0/+1
| | | | Closes: #809 (cherry-picked)
* evdns: do not check server_req twiceAzat Khuzhin2019-04-011-7/+5
| | | | | | | | | Reported by µchex: "In evdns.c, pointer server_req is null checked on line 1289 after it is dereferenced above. Since server_req was already null checked above on line 1243, there is no risk of crashing and the only bug is the redundant null check (and indentation) on line 1289. "
* evdns: add DNS_OPTION_NAMESERVERS_NO_DEFAULT/EVDNS_BASE_NAMESERVERS_NO_DEFAULTAzat Khuzhin2019-04-011-5/+26
| | | | | | | | | | | | | - DNS_OPTION_NAMESERVERS_NO_DEFAULT Do not "default" nameserver (i.e. "127.0.0.1:53") if there is no nameservers in resolv.conf, (iff DNS_OPTION_NAMESERVERS is set) - EVDNS_BASE_NAMESERVERS_NO_DEFAULT If EVDNS_BASE_INITIALIZE_NAMESERVERS isset, do not add default nameserver if there are no nameservers in resolv.conf (just set DNS_OPTION_NAMESERVERS_NO_DEFAULT internally) Fixes: #569
* Added DNS header mask definitions.Nathan French2019-02-121-10/+23
| | | | | | | | | | | | | | | | | | | | | Currently, we do a lot of data munging with manual hex. This is ugly and can lead to bugs. I defined the following: _QR_MASK 0x8000U _OP_MASK 0x7800U _AA_MASK 0x0400U _TC_MASK 0x0200U _RD_MASK 0x0100U _RA_MASK 0x0080U _Z_MASK 0x0040U _AD_MASK 0x0020U _CD_MASK 0x0010U _RCODE_MASK 0x000fU So that we can more easily twiddle flags. v2: make evdns flag masks unsigned literal Closes: #756 (cherry-picked)
* evdns: handle NULL filename explicitlyBogdan Harjoc2018-10-211-0/+5
| | | | | | | Otherwise we will try to open NULL filename and got EFAULT and anyway will got the same return code from evdns_base_resolv_conf_parse_impl() Closes: #680 (cherry-picked)
* evdns: fix race condition in evdns_getaddrinfo()Sergey Fionov2018-08-021-1/+8
| | | | | | | | | | | | evdns_getaddrinfo() starts two parallel requests for A and AAAA record. But if request is created from thread different from dns_base's, request of A record is started immediately and may result in calling free_getaddrinfo_request() from evdns_getaddrinfo_gotresolve() because `other_req' doesn't exist yet. After that, request of AAAA record starts and finishes, and evdns_getaddrinfo_gotresolve() is called again for structure that is already freed. This commits adds locking into evdns_getaddrinfo() function.
* Fix -Werror=implicit-fallthrough (fixes gcc-7)Azat Khuzhin2017-01-291-3/+4
| | | | Fixes: #447
* evdns: fix searching empty hostnamesAzat Khuzhin2016-03-251-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | From #332: Here follows a bug report by **Guido Vranken** via the _Tor bug bounty program_. Please credit Guido accordingly. ## Bug report The DNS code of Libevent contains this rather obvious OOB read: ```c static char * search_make_new(const struct search_state *const state, int n, const char *const base_name) { const size_t base_len = strlen(base_name); const char need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1; ``` If the length of ```base_name``` is 0, then line 3125 reads 1 byte before the buffer. This will trigger a crash on ASAN-protected builds. To reproduce: Build libevent with ASAN: ``` $ CFLAGS='-fomit-frame-pointer -fsanitize=address' ./configure && make -j4 ``` Put the attached ```resolv.conf``` and ```poc.c``` in the source directory and then do: ``` $ gcc -fsanitize=address -fomit-frame-pointer poc.c .libs/libevent.a $ ./a.out ================================================================= ==22201== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60060000efdf at pc 0x4429da bp 0x7ffe1ed47300 sp 0x7ffe1ed472f8 READ of size 1 at 0x60060000efdf thread T0 ``` P.S. we can add a check earlier, but since this is very uncommon, I didn't add it. Fixes: #332
* evdns: avoid double-free in evdns_base_free() for probing requestsAzat Khuzhin2016-03-241-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | http/cancel_by_host_no_ns: OK ../test/regress_http.c:1384: assert(regress_dnsserver(data->base, &portnum, search_table)) OK ../test/regress_http.c:1387: assert(dns_base) OK ../test/regress_http.c:1423: assert(evcon) OK ../test/regress_http.c:1444: assert(evhttp_make_request(evcon, req, EVHTTP_REQ_GET, "/delay") != -1): 0 vs -1 OK ../test/regress_http.c:1455: assert(test_ok == 2): 2 vs 2 OK ../test/regress_http.c:1480: assert(evhttp_make_request(evcon, req, EVHTTP_REQ_GET, "/test") != -1): 0 vs -1[msg] Nameserver 127.0.0.1:55948 has failed: request timed out. [msg] All nameservers have failed OK ../test/regress_http.c:1274: assert(!req) OK ../test/regress_http.c:1505: assert(evhttp_make_request(evcon, req, EVHTTP_REQ_GET, "/test") != -1): 0 vs -1 OK ../test/regress_http.c:1274: assert(!req)==19199== Invalid read of size 8 ==19199== at 0x4CC285: evdns_cancel_request (evdns.c:2849) ==19199== by 0x4CEDB2: evdns_nameserver_free (evdns.c:4018) ==19199== by 0x4CEF5B: evdns_base_free_and_unlock (evdns.c:4052) ==19199== by 0x4CF13B: evdns_base_free (evdns.c:4088) ==19199== by 0x4617A3: http_cancel_test (regress_http.c:1518) ==19199== by 0x490A78: testcase_run_bare_ (tinytest.c:105) ==19199== by 0x490D5A: testcase_run_one (tinytest.c:252) ==19199== by 0x491699: tinytest_main (tinytest.c:434) ==19199== by 0x47E0E0: main (regress_main.c:461) ==19199== Address 0x61e56d0 is 0 bytes inside a block of size 48 free'd ==19199== at 0x4C2AE6B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==19199== by 0x4AAFFF: event_mm_free_ (event.c:3516) ==19199== by 0x4C5ADD: request_finished (evdns.c:693) ==19199== by 0x4CEE95: evdns_base_free_and_unlock (evdns.c:4040) ==19199== by 0x4CF13B: evdns_base_free (evdns.c:4088) ==19199== by 0x4617A3: http_cancel_test (regress_http.c:1518) ==19199== by 0x490A78: testcase_run_bare_ (tinytest.c:105) ==19199== by 0x490D5A: testcase_run_one (tinytest.c:252) ==19199== by 0x491699: tinytest_main (tinytest.c:434) ==19199== by 0x47E0E0: main (regress_main.c:461) ==19199== Block was alloc'd at ==19199== at 0x4C2BBD5: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==19199== by 0x4AAEB2: event_mm_calloc_ (event.c:3459) ==19199== by 0x4CAAA2: nameserver_send_probe (evdns.c:2327) ==19199== by 0x4C50FF: nameserver_prod_callback (evdns.c:494) ==19199== by 0x4A564C: event_process_active_single_queue (event.c:1646) ==19199== by 0x4A5B95: event_process_active (event.c:1738) ==19199== by 0x4A6296: event_base_loop (event.c:1961) ==19199== by 0x4A5C1D: event_base_dispatch (event.c:1772) ==19199== by 0x46172C: http_cancel_test (regress_http.c:1507) ==19199== by 0x490A78: testcase_run_bare_ (tinytest.c:105) ==19199== by 0x490D5A: testcase_run_one (tinytest.c:252) ==19199== by 0x491699: tinytest_main (tinytest.c:434) ==19199==
* evdns: export cancel via callbacks in util (like async lib core/extra issues)Azat Khuzhin2016-03-231-0/+1
|
* evdns: name_parse(): fix remote stack overreadAzat Khuzhin2016-02-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | @asn-the-goblin-slayer: "the name_parse() function in libevent's DNS code is vulnerable to a buffer overread. 971 if (cp != name_out) { 972 if (cp + 1 >= end) return -1; 973 *cp++ = '.'; 974 } 975 if (cp + label_len >= end) return -1; 976 memcpy(cp, packet + j, label_len); 977 cp += label_len; 978 j += label_len; No check is made against length before the memcpy occurs. This was found through the Tor bug bounty program and the discovery should be credited to 'Guido Vranken'." Reproducer for gdb (https://gist.github.com/azat/e4fcf540e9b89ab86d02): set $PROT_NONE=0x0 set $PROT_READ=0x1 set $PROT_WRITE=0x2 set $MAP_ANONYMOUS=0x20 set $MAP_SHARED=0x01 set $MAP_FIXED=0x10 set $MAP_32BIT=0x40 start set $length=202 # overread set $length=2 # allocate with mmap to have a seg fault on page boundary set $l=(1<<20)*2 p mmap(0, $l, $PROT_READ|$PROT_WRITE, $MAP_ANONYMOUS|$MAP_SHARED|$MAP_32BIT, -1, 0) set $packet=(char *)$1+$l-$length # hack the packet set $packet[0]=63 set $packet[1]='/' p malloc(sizeof(int)) set $idx=(int *)$2 set $idx[0]=0 set $name_out_len=202 p malloc($name_out_len) set $name_out=$3 # have WRITE only mapping to fail on read set $end=$1+$l p (void *)mmap($end, 1<<12, $PROT_NONE, $MAP_ANONYMOUS|$MAP_SHARED|$MAP_FIXED|$MAP_32BIT, -1, 0) set $m=$4 p name_parse($packet, $length, $idx, $name_out, $name_out_len) x/2s (char *)$name_out Before this patch: $ gdb -ex 'source gdb' dns-example $1 = 1073741824 $2 = (void *) 0x633010 $3 = (void *) 0x633030 $4 = (void *) 0x40200000 Program received signal SIGSEGV, Segmentation fault. __memcpy_sse2_unaligned () at memcpy-sse2-unaligned.S:33 After this patch: $ gdb -ex 'source gdb' dns-example $1 = 1073741824 $2 = (void *) 0x633010 $3 = (void *) 0x633030 $4 = (void *) 0x40200000 $5 = -1 0x633030: "/" 0x633032: "" (gdb) p $m $6 = (void *) 0x40200000 (gdb) p $1 $7 = 1073741824 (gdb) p/x $1 $8 = 0x40000000 (gdb) quit P.S. plus drop one condition duplicate. Fixes: #317
* evdns: evdns_base_free(): fix UAF of evdns_base with @fail_requestsAzat Khuzhin2015-11-251-11/+19
| | | | | | | | | | If you call evdns_base_free() with @fail_requests == 1, then it will defer callback with DNS_ERR_SHUTDOWN, but that callback (internal) uses data->evdns_base, but we already freed that evdns base, so we can't do this, fix this by checking @result to DNS_ERR_SHUTDOWN. Fixes: regress dns/client_fail_requests_getaddrinfo Fixes: #269
* evdns: evdns_base_free(): free requests before namserversAzat Khuzhin2015-11-251-9/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Otherwise we will trigger next UAF: $ valgrind --vgdb-error=1 regress --no-fork +dns/client_fail_requests ==24733== Memcheck, a memory error detector ==24733== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==24733== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info ==24733== Command: regress --no-fork +dns/client_fail_requests ==24733== ==24733== ==24733== TO DEBUG THIS PROCESS USING GDB: start GDB like this ==24733== /path/to/gdb regress ==24733== and then give GDB the following command ==24733== target remote | /usr/lib/valgrind/../../bin/vgdb --pid=24733 ==24733== --pid is optional if only one valgrind process is running ==24733== dns/client_fail_requests: ==24733== Invalid read of size 4 ==24733== at 0x4C3352: request_finished (evdns.c:662) ==24733== by 0x4CC8B7: evdns_base_free_and_unlock (evdns.c:4048) ==24733== by 0x4CCAFD: evdns_base_free (evdns.c:4088) ==24733== by 0x458E95: dns_client_fail_requests_test (regress_dns.c:2039) ==24733== by 0x48EA5D: testcase_run_bare_ (tinytest.c:105) ==24733== by 0x48ED3F: testcase_run_one (tinytest.c:252) ==24733== by 0x48F67E: tinytest_main (tinytest.c:434) ==24733== by 0x47C0DA: main (regress_main.c:461) ==24733== Address 0x61e6f70 is 448 bytes inside a block of size 456 free'd ==24733== at 0x4C29EAB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==24733== by 0x4A8F4D: event_mm_free_ (event.c:3512) ==24733== by 0x4CC7A1: evdns_nameserver_free (evdns.c:4021) ==24733== by 0x4CC7DC: evdns_base_free_and_unlock (evdns.c:4037) ==24733== by 0x4CCAFD: evdns_base_free (evdns.c:4088) ==24733== by 0x458E95: dns_client_fail_requests_test (regress_dns.c:2039) ==24733== by 0x48EA5D: testcase_run_bare_ (tinytest.c:105) ==24733== by 0x48ED3F: testcase_run_one (tinytest.c:252) ==24733== by 0x48F67E: tinytest_main (tinytest.c:434) ==24733== by 0x47C0DA: main (regress_main.c:461) ==24733== Block was alloc'd at ==24733== at 0x4C28C4F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==24733== by 0x4A8D5A: event_mm_malloc_ (event.c:3437) ==24733== by 0x4C8B96: evdns_nameserver_add_impl_ (evdns.c:2505) ==24733== by 0x4C916D: evdns_base_nameserver_ip_add (evdns.c:2629) ==24733== by 0x458DA3: dns_client_fail_requests_test (regress_dns.c:2031) ==24733== by 0x48EA5D: testcase_run_bare_ (tinytest.c:105) ==24733== by 0x48ED3F: testcase_run_one (tinytest.c:252) ==24733== by 0x48F67E: tinytest_main (tinytest.c:434) ==24733== by 0x47C0DA: main (regress_main.c:461) ==24733== ==24733== (action on error) vgdb me ... Fixes: regress dns/client_fail_requests Fixes: #269
* evdns: fix randomize-case by make case-insensitive as requiredAzat Khuzhin2015-10-091-1/+1
| | | | | | | | | Interesting that this wasn't found by regression tests since they respond with that SoME-rAndDom-CaSe domains, and no case-insensitive mode is required during comparing response from the server and request. Fixes #288 Covered-by: regress dns/search_lower
* evnds: inline TEST_NAME macro to make debuggin easierAzat Khuzhin2015-10-091-20/+18
|
* Merge pull request #212 from xbao/masterNick Mathewson2015-02-031-4/+4
|\ | | | | changed strtotimeval signature to avoid conflict with Android NDK sys/time.h header (#211)
| * changed strtotimeval signature as per #211Xiao Bao Clark2015-01-281-4/+4
| |
* | New function to get address for nameserver.Nick Mathewson2015-02-021-0/+28
|/
* Fix mixed declarations and code (forbidden by ISO C90)Thomas Bernard2014-12-081-1/+1
|
* evdns: avoid read-after-free in evdns_request_timeout_callback()Azat Khuzhin2014-11-121-5/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In evdns_request_timeout_callback() in case we a giving up, we call request_finished() which will free() req structure, however we ns from it to fail it, so save pointer to ns to call nameserver_failed() on them. Founded with valgrind: $ valgrind regress dns/retry ==10497== Memcheck, a memory error detector ==10497== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==10497== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info ==10497== Command: regress dns/retry ==10497== dns/retry: [forking] ==10498== Invalid read of size 8 ==10498== at 0x4C309D: evdns_request_timeout_callback (evdns.c:2179) ==10498== by 0x49EA95: event_process_active_single_queue (event.c:1576) ==10498== by 0x49EFDD: event_process_active (event.c:1668) ==10498== by 0x49F6DD: event_base_loop (event.c:1891) ==10498== by 0x49F063: event_base_dispatch (event.c:1702) ==10498== by 0x44C7F1: dns_retry_test_impl (regress_dns.c:724) ==10498== by 0x44CF60: dns_retry_test (regress_dns.c:749) ==10498== by 0x48A8A1: testcase_run_bare_ (tinytest.c:105) ==10498== by 0x48A94E: testcase_run_forked_ (tinytest.c:189) ==10498== by 0x48AB73: testcase_run_one (tinytest.c:247) ==10498== by 0x48B4C2: tinytest_main (tinytest.c:434) ==10498== by 0x477FC7: main (regress_main.c:459) ==10498== Address 0x6176ef8 is 40 bytes inside a block of size 342 free'd ==10498== at 0x4C29E90: free (vg_replace_malloc.c:473) ==10498== by 0x4A4411: event_mm_free_ (event.c:3443) ==10498== by 0x4BE8C5: request_finished (evdns.c:702) ==10498== by 0x4C3098: evdns_request_timeout_callback (evdns.c:2178) ==10498== by 0x49EA95: event_process_active_single_queue (event.c:1576) ==10498== by 0x49EFDD: event_process_active (event.c:1668) ==10498== by 0x49F6DD: event_base_loop (event.c:1891) ==10498== by 0x49F063: event_base_dispatch (event.c:1702) ==10498== by 0x44C7F1: dns_retry_test_impl (regress_dns.c:724) ==10498== by 0x44CF60: dns_retry_test (regress_dns.c:749) ==10498== by 0x48A8A1: testcase_run_bare_ (tinytest.c:105) ==10498== by 0x48A94E: testcase_run_forked_ (tinytest.c:189) ==10498== ==10498== ==10498== HEAP SUMMARY: ==10498== in use at exit: 0 bytes in 0 blocks ==10498== total heap usage: 83 allocs, 83 frees, 10,020 bytes allocated ==10498== ==10498== All heap blocks were freed -- no leaks are possible ==10498== ==10498== For counts of detected and suppressed errors, rerun with: -v ==10498== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) OK 1 tests ok. (0 skipped) ==10497== ==10497== HEAP SUMMARY: ==10497== in use at exit: 0 bytes in 0 blocks ==10497== total heap usage: 3 allocs, 3 frees, 96 bytes allocated ==10497== ==10497== All heap blocks were freed -- no leaks are possible ==10497== ==10497== For counts of detected and suppressed errors, rerun with: -v ==10497== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) Bug was introduced in 97c750d6602517f22a1100f16592b421c38f2a45 ("evdns: fail ns after we are failing/retrasmitting request").
* evdns: fail ns after we are failing/retrasmitting requestAzat Khuzhin2014-09-301-6/+7
| | | | | | | | | | | | In case we are failing request (evdns_request_timeout_callback()), we delete timeout_event in request_finished(), while just before calling request_finished() (for failing request) there was a call to nameserver_failed(), that add event for timeout_event, IOW we must fail ns after request because otherwise we will not have timeout_event actived, and we will waiting forever. Before this patch the dns/retry_disable_when_inactive will wait forever, after - OK.
* evdns: fix EVDNS_BASE_DISABLE_WHEN_INACTIVE in case retransmit/retryAzat Khuzhin2014-09-301-6/+14
|
* Merge pull request #119 from ldx/winhostsNick Mathewson2014-09-181-7/+8
|\ | | | | Fix hosts file use on Windows.
| * Don't truncate hosts file path on Windows.Vilmos Nebehaj2014-03-211-2/+2
| | | | | | | | | | | | | | Since evutil_snprintf() (actually evutil_vsnprintf() called by it) will make sure the buffer is null-terminated by placing a null byte at len_out - 1, we need to pass the full length of the buffer; otherwise the path will end in "\\host" instead of "\\hosts".
| * Load hosts file on Windows.Vilmos Nebehaj2014-03-211-5/+6
| | | | | | | | | | | | Hosts files are not loaded in evdns_base_config_windows_nameservers() if load_nameservers_with_getnetworkparams() succeeds on Windows. Parse and load it first before setting up nameservers.