diff options
author | Florian Weimer <fweimer@redhat.com> | 2016-12-31 21:16:27 +0100 |
---|---|---|
committer | Florian Weimer <fweimer@redhat.com> | 2016-12-31 21:16:27 +0100 |
commit | 4f157746e0c713965d9143b52fef606312087c48 (patch) | |
tree | 82a04d21a1d007fc93b1ead4544877a0e20b1049 | |
parent | CVE-2015-5180: resolv: Fix crash with internal QTYPE [BZ #18784] (diff) | |
download | glibc-4f157746e0c713965d9143b52fef606312087c48.tar.gz glibc-4f157746e0c713965d9143b52fef606312087c48.tar.bz2 glibc-4f157746e0c713965d9143b52fef606312087c48.zip |
Update DNS RR type definitions [BZ #20593]
This commit includes a new script which allows generating parts of
the header files from IANA DNS parameters protocol registry.
-rw-r--r-- | ChangeLog | 24 | ||||
-rw-r--r-- | resolv/arpa/nameser.h | 145 | ||||
-rw-r--r-- | resolv/arpa/nameser_compat.h | 127 | ||||
-rw-r--r-- | resolv/res_debug.c | 7 | ||||
-rw-r--r-- | scripts/gen-rrtypes.py | 68 |
5 files changed, 270 insertions, 101 deletions
@@ -1,5 +1,29 @@ 2016-12-31 Florian Weimer <fweimer@redhat.com> + [BZ #20593] + Update DNS RR type definitions. + * scripts/gen-rrtypes.py: New file. + * resolv/arpa/nameser.h (ns_type): Remove ns_t_zxfr, a + BIND-internal RR type not used on the Internet. Add ns_t_ds, + ns_t_sshfp, ns_t_ipseckey, ns_t_rrsig, ns_t_nsec, ns_t_dnskey, + ns_t_dhcid, ns_t_nsec3, ns_t_nsec3param, ns_t_tlsa, ns_t_smimea, + ns_t_hip, ns_t_ninfo, ns_t_rkey, ns_t_talink, ns_t_cds, + ns_t_cdnskey, ns_t_openpgpkey, ns_t_csync, ns_t_spf, ns_t_uinfo, + ns_t_uid, ns_t_gid, ns_t_unspec, ns_t_nid, ns_t_l32, ns_t_l64, + ns_t_lp, ns_t_eui48, ns_t_eui64, ns_t_uri, ns_t_caa, ns_t_avc, + ns_t_ta, ns_t_dlv. + * resolv/arpa/nameser_compat.h (T_KX, T_CERT, T_SINK, T_OPT) + (T_APL, T_DS, T_SSHFP, T_IPSECKEY, T_RRSIG, T_NSEC, T_DNSKEY) + (T_DHCID, T_NSEC3, T_NSEC3PARAM, T_TLSA, T_SMIMEA, T_HIP, T_NINFO) + (T_RKEY, T_TALINK, T_CDS, T_CDNSKEY, T_OPENPGPKEY, T_CSYNC, T_SPF) + (T_UINFO, T_UID, T_GID, T_UNSPEC, T_NID, T_L32, T_L64, T_LP) + (T_EUI48, T_EUI64, T_TKEY, T_URI, T_CAA, T_AVC, T_TA, T_DLV): + Define. + * resolv/res_debug.c (__p_type_syms): Update comment. Remove + entry for ns_t_zxfr. + +2016-12-31 Florian Weimer <fweimer@redhat.com> + [BZ #18784] CVE-2015-5180 * include/arpa/nameser_compat.h (T_QUERY_A_AND_AAAA): Rename from diff --git a/resolv/arpa/nameser.h b/resolv/arpa/nameser.h index 80d5cdf951..a99d5ec508 100644 --- a/resolv/arpa/nameser.h +++ b/resolv/arpa/nameser.h @@ -228,60 +228,97 @@ typedef struct ns_tcp_tsig_state ns_tcp_tsig_state; /*% * Currently defined type values for resources and queries. */ -typedef enum __ns_type { - ns_t_invalid = 0, /*%< Cookie. */ - ns_t_a = 1, /*%< Host address. */ - ns_t_ns = 2, /*%< Authoritative server. */ - ns_t_md = 3, /*%< Mail destination. */ - ns_t_mf = 4, /*%< Mail forwarder. */ - ns_t_cname = 5, /*%< Canonical name. */ - ns_t_soa = 6, /*%< Start of authority zone. */ - ns_t_mb = 7, /*%< Mailbox domain name. */ - ns_t_mg = 8, /*%< Mail group member. */ - ns_t_mr = 9, /*%< Mail rename name. */ - ns_t_null = 10, /*%< Null resource record. */ - ns_t_wks = 11, /*%< Well known service. */ - ns_t_ptr = 12, /*%< Domain name pointer. */ - ns_t_hinfo = 13, /*%< Host information. */ - ns_t_minfo = 14, /*%< Mailbox information. */ - ns_t_mx = 15, /*%< Mail routing information. */ - ns_t_txt = 16, /*%< Text strings. */ - ns_t_rp = 17, /*%< Responsible person. */ - ns_t_afsdb = 18, /*%< AFS cell database. */ - ns_t_x25 = 19, /*%< X_25 calling address. */ - ns_t_isdn = 20, /*%< ISDN calling address. */ - ns_t_rt = 21, /*%< Router. */ - ns_t_nsap = 22, /*%< NSAP address. */ - ns_t_nsap_ptr = 23, /*%< Reverse NSAP lookup (deprecated). */ - ns_t_sig = 24, /*%< Security signature. */ - ns_t_key = 25, /*%< Security key. */ - ns_t_px = 26, /*%< X.400 mail mapping. */ - ns_t_gpos = 27, /*%< Geographical position (withdrawn). */ - ns_t_aaaa = 28, /*%< Ip6 Address. */ - ns_t_loc = 29, /*%< Location Information. */ - ns_t_nxt = 30, /*%< Next domain (security). */ - ns_t_eid = 31, /*%< Endpoint identifier. */ - ns_t_nimloc = 32, /*%< Nimrod Locator. */ - ns_t_srv = 33, /*%< Server Selection. */ - ns_t_atma = 34, /*%< ATM Address */ - ns_t_naptr = 35, /*%< Naming Authority PoinTeR */ - ns_t_kx = 36, /*%< Key Exchange */ - ns_t_cert = 37, /*%< Certification record */ - ns_t_a6 = 38, /*%< IPv6 address (deprecated, use ns_t_aaaa) */ - ns_t_dname = 39, /*%< Non-terminal DNAME (for IPv6) */ - ns_t_sink = 40, /*%< Kitchen sink (experimentatl) */ - ns_t_opt = 41, /*%< EDNS0 option (meta-RR) */ - ns_t_apl = 42, /*%< Address prefix list (RFC3123) */ - ns_t_tkey = 249, /*%< Transaction key */ - ns_t_tsig = 250, /*%< Transaction signature. */ - ns_t_ixfr = 251, /*%< Incremental zone transfer. */ - ns_t_axfr = 252, /*%< Transfer zone of authority. */ - ns_t_mailb = 253, /*%< Transfer mailbox records. */ - ns_t_maila = 254, /*%< Transfer mail agent records. */ - ns_t_any = 255, /*%< Wildcard match. */ - ns_t_zxfr = 256, /*%< BIND-specific, nonstandard. */ - ns_t_max = 65536 -} ns_type; +typedef enum __ns_type + { + ns_t_invalid = 0, + + ns_t_a = 1, + ns_t_ns = 2, + ns_t_md = 3, + ns_t_mf = 4, + ns_t_cname = 5, + ns_t_soa = 6, + ns_t_mb = 7, + ns_t_mg = 8, + ns_t_mr = 9, + ns_t_null = 10, + ns_t_wks = 11, + ns_t_ptr = 12, + ns_t_hinfo = 13, + ns_t_minfo = 14, + ns_t_mx = 15, + ns_t_txt = 16, + ns_t_rp = 17, + ns_t_afsdb = 18, + ns_t_x25 = 19, + ns_t_isdn = 20, + ns_t_rt = 21, + ns_t_nsap = 22, + ns_t_nsap_ptr = 23, + ns_t_sig = 24, + ns_t_key = 25, + ns_t_px = 26, + ns_t_gpos = 27, + ns_t_aaaa = 28, + ns_t_loc = 29, + ns_t_nxt = 30, + ns_t_eid = 31, + ns_t_nimloc = 32, + ns_t_srv = 33, + ns_t_atma = 34, + ns_t_naptr = 35, + ns_t_kx = 36, + ns_t_cert = 37, + ns_t_a6 = 38, + ns_t_dname = 39, + ns_t_sink = 40, + ns_t_opt = 41, + ns_t_apl = 42, + ns_t_ds = 43, + ns_t_sshfp = 44, + ns_t_ipseckey = 45, + ns_t_rrsig = 46, + ns_t_nsec = 47, + ns_t_dnskey = 48, + ns_t_dhcid = 49, + ns_t_nsec3 = 50, + ns_t_nsec3param = 51, + ns_t_tlsa = 52, + ns_t_smimea = 53, + ns_t_hip = 55, + ns_t_ninfo = 56, + ns_t_rkey = 57, + ns_t_talink = 58, + ns_t_cds = 59, + ns_t_cdnskey = 60, + ns_t_openpgpkey = 61, + ns_t_csync = 62, + ns_t_spf = 99, + ns_t_uinfo = 100, + ns_t_uid = 101, + ns_t_gid = 102, + ns_t_unspec = 103, + ns_t_nid = 104, + ns_t_l32 = 105, + ns_t_l64 = 106, + ns_t_lp = 107, + ns_t_eui48 = 108, + ns_t_eui64 = 109, + ns_t_tkey = 249, + ns_t_tsig = 250, + ns_t_ixfr = 251, + ns_t_axfr = 252, + ns_t_mailb = 253, + ns_t_maila = 254, + ns_t_any = 255, + ns_t_uri = 256, + ns_t_caa = 257, + ns_t_avc = 258, + ns_t_ta = 32768, + ns_t_dlv = 32769, + + ns_t_max = 65536 + } ns_type; /*% * Values for class field diff --git a/resolv/arpa/nameser_compat.h b/resolv/arpa/nameser_compat.h index 6a2f029892..f1c390f3b9 100644 --- a/resolv/arpa/nameser_compat.h +++ b/resolv/arpa/nameser_compat.h @@ -120,49 +120,90 @@ typedef struct { #define DELETE ns_uop_delete #define ADD ns_uop_add -#define T_A ns_t_a -#define T_NS ns_t_ns -#define T_MD ns_t_md -#define T_MF ns_t_mf -#define T_CNAME ns_t_cname -#define T_SOA ns_t_soa -#define T_MB ns_t_mb -#define T_MG ns_t_mg -#define T_MR ns_t_mr -#define T_NULL ns_t_null -#define T_WKS ns_t_wks -#define T_PTR ns_t_ptr -#define T_HINFO ns_t_hinfo -#define T_MINFO ns_t_minfo -#define T_MX ns_t_mx -#define T_TXT ns_t_txt -#define T_RP ns_t_rp -#define T_AFSDB ns_t_afsdb -#define T_X25 ns_t_x25 -#define T_ISDN ns_t_isdn -#define T_RT ns_t_rt -#define T_NSAP ns_t_nsap -#define T_NSAP_PTR ns_t_nsap_ptr -#define T_SIG ns_t_sig -#define T_KEY ns_t_key -#define T_PX ns_t_px -#define T_GPOS ns_t_gpos -#define T_AAAA ns_t_aaaa -#define T_LOC ns_t_loc -#define T_NXT ns_t_nxt -#define T_EID ns_t_eid -#define T_NIMLOC ns_t_nimloc -#define T_SRV ns_t_srv -#define T_ATMA ns_t_atma -#define T_NAPTR ns_t_naptr -#define T_A6 ns_t_a6 -#define T_DNAME ns_t_dname -#define T_TSIG ns_t_tsig -#define T_IXFR ns_t_ixfr -#define T_AXFR ns_t_axfr -#define T_MAILB ns_t_mailb -#define T_MAILA ns_t_maila -#define T_ANY ns_t_any +#define T_A ns_t_a +#define T_NS ns_t_ns +#define T_MD ns_t_md +#define T_MF ns_t_mf +#define T_CNAME ns_t_cname +#define T_SOA ns_t_soa +#define T_MB ns_t_mb +#define T_MG ns_t_mg +#define T_MR ns_t_mr +#define T_NULL ns_t_null +#define T_WKS ns_t_wks +#define T_PTR ns_t_ptr +#define T_HINFO ns_t_hinfo +#define T_MINFO ns_t_minfo +#define T_MX ns_t_mx +#define T_TXT ns_t_txt +#define T_RP ns_t_rp +#define T_AFSDB ns_t_afsdb +#define T_X25 ns_t_x25 +#define T_ISDN ns_t_isdn +#define T_RT ns_t_rt +#define T_NSAP ns_t_nsap +#define T_NSAP_PTR ns_t_nsap_ptr +#define T_SIG ns_t_sig +#define T_KEY ns_t_key +#define T_PX ns_t_px +#define T_GPOS ns_t_gpos +#define T_AAAA ns_t_aaaa +#define T_LOC ns_t_loc +#define T_NXT ns_t_nxt +#define T_EID ns_t_eid +#define T_NIMLOC ns_t_nimloc +#define T_SRV ns_t_srv +#define T_ATMA ns_t_atma +#define T_NAPTR ns_t_naptr +#define T_KX ns_t_kx +#define T_CERT ns_t_cert +#define T_A6 ns_t_a6 +#define T_DNAME ns_t_dname +#define T_SINK ns_t_sink +#define T_OPT ns_t_opt +#define T_APL ns_t_apl +#define T_DS ns_t_ds +#define T_SSHFP ns_t_sshfp +#define T_IPSECKEY ns_t_ipseckey +#define T_RRSIG ns_t_rrsig +#define T_NSEC ns_t_nsec +#define T_DNSKEY ns_t_dnskey +#define T_DHCID ns_t_dhcid +#define T_NSEC3 ns_t_nsec3 +#define T_NSEC3PARAM ns_t_nsec3param +#define T_TLSA ns_t_tlsa +#define T_SMIMEA ns_t_smimea +#define T_HIP ns_t_hip +#define T_NINFO ns_t_ninfo +#define T_RKEY ns_t_rkey +#define T_TALINK ns_t_talink +#define T_CDS ns_t_cds +#define T_CDNSKEY ns_t_cdnskey +#define T_OPENPGPKEY ns_t_openpgpkey +#define T_CSYNC ns_t_csync +#define T_SPF ns_t_spf +#define T_UINFO ns_t_uinfo +#define T_UID ns_t_uid +#define T_GID ns_t_gid +#define T_UNSPEC ns_t_unspec +#define T_NID ns_t_nid +#define T_L32 ns_t_l32 +#define T_L64 ns_t_l64 +#define T_LP ns_t_lp +#define T_EUI48 ns_t_eui48 +#define T_EUI64 ns_t_eui64 +#define T_TKEY ns_t_tkey +#define T_TSIG ns_t_tsig +#define T_IXFR ns_t_ixfr +#define T_AXFR ns_t_axfr +#define T_MAILB ns_t_mailb +#define T_MAILA ns_t_maila +#define T_ANY ns_t_any +#define T_URI ns_t_uri +#define T_CAA ns_t_caa +#define T_AVC ns_t_avc +#define T_TA ns_t_ta +#define T_DLV ns_t_dlv #define C_IN ns_c_in #define C_CHAOS ns_c_chaos diff --git a/resolv/res_debug.c b/resolv/res_debug.c index 12059c229b..14557dd323 100644 --- a/resolv/res_debug.c +++ b/resolv/res_debug.c @@ -372,9 +372,8 @@ const struct res_sym __p_update_section_syms[] attribute_hidden = { }; /* - * Names of RR types and qtypes. Types and qtypes are the same, except - * that T_ANY is a qtype but not a type. (You can ask for records of type - * T_ANY, but you can't have any records of that type in the database.) + * Names of RR types and qtypes. The list is incomplete because its + * size is part of the ABI. */ extern const struct res_sym __p_type_syms[]; libresolv_hidden_proto (__p_type_syms) @@ -418,13 +417,13 @@ const struct res_sym __p_type_syms[] = { {ns_t_tsig, (char *) "TSIG", (char *) "transaction signature"}, {ns_t_ixfr, (char *) "IXFR", (char *) "incremental zone transfer"}, {ns_t_axfr, (char *) "AXFR", (char *) "zone transfer"}, - {ns_t_zxfr, (char *) "ZXFR", (char *) "compressed zone transfer"}, {ns_t_mailb, (char *) "MAILB", (char *) "mailbox-related data (deprecated)"}, {ns_t_maila, (char *) "MAILA", (char *) "mail agent (deprecated)"}, {ns_t_naptr, (char *) "NAPTR", (char *) "URN Naming Authority"}, {ns_t_kx, (char *) "KX", (char *) "Key Exchange"}, {ns_t_cert, (char *) "CERT", (char *) "Certificate"}, {ns_t_any, (char *) "ANY", (char *) "\"any\""}, + {0, NULL, NULL}, /* Padding to preserve ABI. */ {0, NULL, NULL} }; libresolv_hidden_data_def (__p_type_syms) diff --git a/scripts/gen-rrtypes.py b/scripts/gen-rrtypes.py new file mode 100644 index 0000000000..88bcb4ceeb --- /dev/null +++ b/scripts/gen-rrtypes.py @@ -0,0 +1,68 @@ +#!/usr/bin/python3 +# Generate DNS RR type constants for resolv header files. +# Copyright (C) 2016 Free Software Foundation, Inc. +# This file is part of the GNU C Library. +# +# The GNU C Library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# The GNU C Library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with the GNU C Library; if not, see +# <http://www.gnu.org/licenses/>. + +"""Generate DNS RR type constants for resolv header files. + +resolv/arpa/nameser.h and resolv/arpa/nameser_compat.h contain lists +of RR type constants. This script downloads the current definitions +from the IANA DNS Parameters protocol registry and translates it into +the two different lists. + +Two lists are written to standard output. The first one contains enum +constants for resolv/arpa/nameser.h. The second one lists the +preprocessor macros for resolv/arpa/nameser_compat.h. + +""" + +# URL of the IANA registry. +source = "http://www.iana.org/assignments/dns-parameters/dns-parameters-4.csv" + +import collections +import csv +import io +import urllib.request + +Type = collections.namedtuple("Type", "name number comment") + +def get_types(source): + for row in csv.reader(io.TextIOWrapper(urllib.request.urlopen(source))): + if row[0] in ('TYPE', 'Unassigned', 'Private use', 'Reserved'): + continue + name, number, comment = row[:3] + if name == '*': + name = 'ANY' + comment = 'request for all cached records' + number = int(number) + yield Type(name, number, comment) + +types = list(get_types(source)) + +print("// enum constants for resolv/arpa/nameser.h") +print() +for typ in types: + name = typ.name.replace("-", "_").lower() + print(" ns_t_{0} = {1.number},".format(name, typ)) +print() + +print("// macro aliases resolv/arpa/nameser_compat.h") +print() +for typ in types: + name = typ.name.replace("-", "_") + print("#define T_{0} ns_t_{1}".format(name.upper(), name.lower())) +print() |