aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2016-12-31 21:16:27 +0100
committerFlorian Weimer <fweimer@redhat.com>2016-12-31 21:16:27 +0100
commit4f157746e0c713965d9143b52fef606312087c48 (patch)
tree82a04d21a1d007fc93b1ead4544877a0e20b1049
parentCVE-2015-5180: resolv: Fix crash with internal QTYPE [BZ #18784] (diff)
downloadglibc-4f157746e0c713965d9143b52fef606312087c48.tar.gz
glibc-4f157746e0c713965d9143b52fef606312087c48.tar.bz2
glibc-4f157746e0c713965d9143b52fef606312087c48.zip
Update DNS RR type definitions [BZ #20593]
This commit includes a new script which allows generating parts of the header files from IANA DNS parameters protocol registry.
-rw-r--r--ChangeLog24
-rw-r--r--resolv/arpa/nameser.h145
-rw-r--r--resolv/arpa/nameser_compat.h127
-rw-r--r--resolv/res_debug.c7
-rw-r--r--scripts/gen-rrtypes.py68
5 files changed, 270 insertions, 101 deletions
diff --git a/ChangeLog b/ChangeLog
index 3beacb05d8..137a426bbb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,29 @@
2016-12-31 Florian Weimer <fweimer@redhat.com>
+ [BZ #20593]
+ Update DNS RR type definitions.
+ * scripts/gen-rrtypes.py: New file.
+ * resolv/arpa/nameser.h (ns_type): Remove ns_t_zxfr, a
+ BIND-internal RR type not used on the Internet. Add ns_t_ds,
+ ns_t_sshfp, ns_t_ipseckey, ns_t_rrsig, ns_t_nsec, ns_t_dnskey,
+ ns_t_dhcid, ns_t_nsec3, ns_t_nsec3param, ns_t_tlsa, ns_t_smimea,
+ ns_t_hip, ns_t_ninfo, ns_t_rkey, ns_t_talink, ns_t_cds,
+ ns_t_cdnskey, ns_t_openpgpkey, ns_t_csync, ns_t_spf, ns_t_uinfo,
+ ns_t_uid, ns_t_gid, ns_t_unspec, ns_t_nid, ns_t_l32, ns_t_l64,
+ ns_t_lp, ns_t_eui48, ns_t_eui64, ns_t_uri, ns_t_caa, ns_t_avc,
+ ns_t_ta, ns_t_dlv.
+ * resolv/arpa/nameser_compat.h (T_KX, T_CERT, T_SINK, T_OPT)
+ (T_APL, T_DS, T_SSHFP, T_IPSECKEY, T_RRSIG, T_NSEC, T_DNSKEY)
+ (T_DHCID, T_NSEC3, T_NSEC3PARAM, T_TLSA, T_SMIMEA, T_HIP, T_NINFO)
+ (T_RKEY, T_TALINK, T_CDS, T_CDNSKEY, T_OPENPGPKEY, T_CSYNC, T_SPF)
+ (T_UINFO, T_UID, T_GID, T_UNSPEC, T_NID, T_L32, T_L64, T_LP)
+ (T_EUI48, T_EUI64, T_TKEY, T_URI, T_CAA, T_AVC, T_TA, T_DLV):
+ Define.
+ * resolv/res_debug.c (__p_type_syms): Update comment. Remove
+ entry for ns_t_zxfr.
+
+2016-12-31 Florian Weimer <fweimer@redhat.com>
+
[BZ #18784]
CVE-2015-5180
* include/arpa/nameser_compat.h (T_QUERY_A_AND_AAAA): Rename from
diff --git a/resolv/arpa/nameser.h b/resolv/arpa/nameser.h
index 80d5cdf951..a99d5ec508 100644
--- a/resolv/arpa/nameser.h
+++ b/resolv/arpa/nameser.h
@@ -228,60 +228,97 @@ typedef struct ns_tcp_tsig_state ns_tcp_tsig_state;
/*%
* Currently defined type values for resources and queries.
*/
-typedef enum __ns_type {
- ns_t_invalid = 0, /*%< Cookie. */
- ns_t_a = 1, /*%< Host address. */
- ns_t_ns = 2, /*%< Authoritative server. */
- ns_t_md = 3, /*%< Mail destination. */
- ns_t_mf = 4, /*%< Mail forwarder. */
- ns_t_cname = 5, /*%< Canonical name. */
- ns_t_soa = 6, /*%< Start of authority zone. */
- ns_t_mb = 7, /*%< Mailbox domain name. */
- ns_t_mg = 8, /*%< Mail group member. */
- ns_t_mr = 9, /*%< Mail rename name. */
- ns_t_null = 10, /*%< Null resource record. */
- ns_t_wks = 11, /*%< Well known service. */
- ns_t_ptr = 12, /*%< Domain name pointer. */
- ns_t_hinfo = 13, /*%< Host information. */
- ns_t_minfo = 14, /*%< Mailbox information. */
- ns_t_mx = 15, /*%< Mail routing information. */
- ns_t_txt = 16, /*%< Text strings. */
- ns_t_rp = 17, /*%< Responsible person. */
- ns_t_afsdb = 18, /*%< AFS cell database. */
- ns_t_x25 = 19, /*%< X_25 calling address. */
- ns_t_isdn = 20, /*%< ISDN calling address. */
- ns_t_rt = 21, /*%< Router. */
- ns_t_nsap = 22, /*%< NSAP address. */
- ns_t_nsap_ptr = 23, /*%< Reverse NSAP lookup (deprecated). */
- ns_t_sig = 24, /*%< Security signature. */
- ns_t_key = 25, /*%< Security key. */
- ns_t_px = 26, /*%< X.400 mail mapping. */
- ns_t_gpos = 27, /*%< Geographical position (withdrawn). */
- ns_t_aaaa = 28, /*%< Ip6 Address. */
- ns_t_loc = 29, /*%< Location Information. */
- ns_t_nxt = 30, /*%< Next domain (security). */
- ns_t_eid = 31, /*%< Endpoint identifier. */
- ns_t_nimloc = 32, /*%< Nimrod Locator. */
- ns_t_srv = 33, /*%< Server Selection. */
- ns_t_atma = 34, /*%< ATM Address */
- ns_t_naptr = 35, /*%< Naming Authority PoinTeR */
- ns_t_kx = 36, /*%< Key Exchange */
- ns_t_cert = 37, /*%< Certification record */
- ns_t_a6 = 38, /*%< IPv6 address (deprecated, use ns_t_aaaa) */
- ns_t_dname = 39, /*%< Non-terminal DNAME (for IPv6) */
- ns_t_sink = 40, /*%< Kitchen sink (experimentatl) */
- ns_t_opt = 41, /*%< EDNS0 option (meta-RR) */
- ns_t_apl = 42, /*%< Address prefix list (RFC3123) */
- ns_t_tkey = 249, /*%< Transaction key */
- ns_t_tsig = 250, /*%< Transaction signature. */
- ns_t_ixfr = 251, /*%< Incremental zone transfer. */
- ns_t_axfr = 252, /*%< Transfer zone of authority. */
- ns_t_mailb = 253, /*%< Transfer mailbox records. */
- ns_t_maila = 254, /*%< Transfer mail agent records. */
- ns_t_any = 255, /*%< Wildcard match. */
- ns_t_zxfr = 256, /*%< BIND-specific, nonstandard. */
- ns_t_max = 65536
-} ns_type;
+typedef enum __ns_type
+ {
+ ns_t_invalid = 0,
+
+ ns_t_a = 1,
+ ns_t_ns = 2,
+ ns_t_md = 3,
+ ns_t_mf = 4,
+ ns_t_cname = 5,
+ ns_t_soa = 6,
+ ns_t_mb = 7,
+ ns_t_mg = 8,
+ ns_t_mr = 9,
+ ns_t_null = 10,
+ ns_t_wks = 11,
+ ns_t_ptr = 12,
+ ns_t_hinfo = 13,
+ ns_t_minfo = 14,
+ ns_t_mx = 15,
+ ns_t_txt = 16,
+ ns_t_rp = 17,
+ ns_t_afsdb = 18,
+ ns_t_x25 = 19,
+ ns_t_isdn = 20,
+ ns_t_rt = 21,
+ ns_t_nsap = 22,
+ ns_t_nsap_ptr = 23,
+ ns_t_sig = 24,
+ ns_t_key = 25,
+ ns_t_px = 26,
+ ns_t_gpos = 27,
+ ns_t_aaaa = 28,
+ ns_t_loc = 29,
+ ns_t_nxt = 30,
+ ns_t_eid = 31,
+ ns_t_nimloc = 32,
+ ns_t_srv = 33,
+ ns_t_atma = 34,
+ ns_t_naptr = 35,
+ ns_t_kx = 36,
+ ns_t_cert = 37,
+ ns_t_a6 = 38,
+ ns_t_dname = 39,
+ ns_t_sink = 40,
+ ns_t_opt = 41,
+ ns_t_apl = 42,
+ ns_t_ds = 43,
+ ns_t_sshfp = 44,
+ ns_t_ipseckey = 45,
+ ns_t_rrsig = 46,
+ ns_t_nsec = 47,
+ ns_t_dnskey = 48,
+ ns_t_dhcid = 49,
+ ns_t_nsec3 = 50,
+ ns_t_nsec3param = 51,
+ ns_t_tlsa = 52,
+ ns_t_smimea = 53,
+ ns_t_hip = 55,
+ ns_t_ninfo = 56,
+ ns_t_rkey = 57,
+ ns_t_talink = 58,
+ ns_t_cds = 59,
+ ns_t_cdnskey = 60,
+ ns_t_openpgpkey = 61,
+ ns_t_csync = 62,
+ ns_t_spf = 99,
+ ns_t_uinfo = 100,
+ ns_t_uid = 101,
+ ns_t_gid = 102,
+ ns_t_unspec = 103,
+ ns_t_nid = 104,
+ ns_t_l32 = 105,
+ ns_t_l64 = 106,
+ ns_t_lp = 107,
+ ns_t_eui48 = 108,
+ ns_t_eui64 = 109,
+ ns_t_tkey = 249,
+ ns_t_tsig = 250,
+ ns_t_ixfr = 251,
+ ns_t_axfr = 252,
+ ns_t_mailb = 253,
+ ns_t_maila = 254,
+ ns_t_any = 255,
+ ns_t_uri = 256,
+ ns_t_caa = 257,
+ ns_t_avc = 258,
+ ns_t_ta = 32768,
+ ns_t_dlv = 32769,
+
+ ns_t_max = 65536
+ } ns_type;
/*%
* Values for class field
diff --git a/resolv/arpa/nameser_compat.h b/resolv/arpa/nameser_compat.h
index 6a2f029892..f1c390f3b9 100644
--- a/resolv/arpa/nameser_compat.h
+++ b/resolv/arpa/nameser_compat.h
@@ -120,49 +120,90 @@ typedef struct {
#define DELETE ns_uop_delete
#define ADD ns_uop_add
-#define T_A ns_t_a
-#define T_NS ns_t_ns
-#define T_MD ns_t_md
-#define T_MF ns_t_mf
-#define T_CNAME ns_t_cname
-#define T_SOA ns_t_soa
-#define T_MB ns_t_mb
-#define T_MG ns_t_mg
-#define T_MR ns_t_mr
-#define T_NULL ns_t_null
-#define T_WKS ns_t_wks
-#define T_PTR ns_t_ptr
-#define T_HINFO ns_t_hinfo
-#define T_MINFO ns_t_minfo
-#define T_MX ns_t_mx
-#define T_TXT ns_t_txt
-#define T_RP ns_t_rp
-#define T_AFSDB ns_t_afsdb
-#define T_X25 ns_t_x25
-#define T_ISDN ns_t_isdn
-#define T_RT ns_t_rt
-#define T_NSAP ns_t_nsap
-#define T_NSAP_PTR ns_t_nsap_ptr
-#define T_SIG ns_t_sig
-#define T_KEY ns_t_key
-#define T_PX ns_t_px
-#define T_GPOS ns_t_gpos
-#define T_AAAA ns_t_aaaa
-#define T_LOC ns_t_loc
-#define T_NXT ns_t_nxt
-#define T_EID ns_t_eid
-#define T_NIMLOC ns_t_nimloc
-#define T_SRV ns_t_srv
-#define T_ATMA ns_t_atma
-#define T_NAPTR ns_t_naptr
-#define T_A6 ns_t_a6
-#define T_DNAME ns_t_dname
-#define T_TSIG ns_t_tsig
-#define T_IXFR ns_t_ixfr
-#define T_AXFR ns_t_axfr
-#define T_MAILB ns_t_mailb
-#define T_MAILA ns_t_maila
-#define T_ANY ns_t_any
+#define T_A ns_t_a
+#define T_NS ns_t_ns
+#define T_MD ns_t_md
+#define T_MF ns_t_mf
+#define T_CNAME ns_t_cname
+#define T_SOA ns_t_soa
+#define T_MB ns_t_mb
+#define T_MG ns_t_mg
+#define T_MR ns_t_mr
+#define T_NULL ns_t_null
+#define T_WKS ns_t_wks
+#define T_PTR ns_t_ptr
+#define T_HINFO ns_t_hinfo
+#define T_MINFO ns_t_minfo
+#define T_MX ns_t_mx
+#define T_TXT ns_t_txt
+#define T_RP ns_t_rp
+#define T_AFSDB ns_t_afsdb
+#define T_X25 ns_t_x25
+#define T_ISDN ns_t_isdn
+#define T_RT ns_t_rt
+#define T_NSAP ns_t_nsap
+#define T_NSAP_PTR ns_t_nsap_ptr
+#define T_SIG ns_t_sig
+#define T_KEY ns_t_key
+#define T_PX ns_t_px
+#define T_GPOS ns_t_gpos
+#define T_AAAA ns_t_aaaa
+#define T_LOC ns_t_loc
+#define T_NXT ns_t_nxt
+#define T_EID ns_t_eid
+#define T_NIMLOC ns_t_nimloc
+#define T_SRV ns_t_srv
+#define T_ATMA ns_t_atma
+#define T_NAPTR ns_t_naptr
+#define T_KX ns_t_kx
+#define T_CERT ns_t_cert
+#define T_A6 ns_t_a6
+#define T_DNAME ns_t_dname
+#define T_SINK ns_t_sink
+#define T_OPT ns_t_opt
+#define T_APL ns_t_apl
+#define T_DS ns_t_ds
+#define T_SSHFP ns_t_sshfp
+#define T_IPSECKEY ns_t_ipseckey
+#define T_RRSIG ns_t_rrsig
+#define T_NSEC ns_t_nsec
+#define T_DNSKEY ns_t_dnskey
+#define T_DHCID ns_t_dhcid
+#define T_NSEC3 ns_t_nsec3
+#define T_NSEC3PARAM ns_t_nsec3param
+#define T_TLSA ns_t_tlsa
+#define T_SMIMEA ns_t_smimea
+#define T_HIP ns_t_hip
+#define T_NINFO ns_t_ninfo
+#define T_RKEY ns_t_rkey
+#define T_TALINK ns_t_talink
+#define T_CDS ns_t_cds
+#define T_CDNSKEY ns_t_cdnskey
+#define T_OPENPGPKEY ns_t_openpgpkey
+#define T_CSYNC ns_t_csync
+#define T_SPF ns_t_spf
+#define T_UINFO ns_t_uinfo
+#define T_UID ns_t_uid
+#define T_GID ns_t_gid
+#define T_UNSPEC ns_t_unspec
+#define T_NID ns_t_nid
+#define T_L32 ns_t_l32
+#define T_L64 ns_t_l64
+#define T_LP ns_t_lp
+#define T_EUI48 ns_t_eui48
+#define T_EUI64 ns_t_eui64
+#define T_TKEY ns_t_tkey
+#define T_TSIG ns_t_tsig
+#define T_IXFR ns_t_ixfr
+#define T_AXFR ns_t_axfr
+#define T_MAILB ns_t_mailb
+#define T_MAILA ns_t_maila
+#define T_ANY ns_t_any
+#define T_URI ns_t_uri
+#define T_CAA ns_t_caa
+#define T_AVC ns_t_avc
+#define T_TA ns_t_ta
+#define T_DLV ns_t_dlv
#define C_IN ns_c_in
#define C_CHAOS ns_c_chaos
diff --git a/resolv/res_debug.c b/resolv/res_debug.c
index 12059c229b..14557dd323 100644
--- a/resolv/res_debug.c
+++ b/resolv/res_debug.c
@@ -372,9 +372,8 @@ const struct res_sym __p_update_section_syms[] attribute_hidden = {
};
/*
- * Names of RR types and qtypes. Types and qtypes are the same, except
- * that T_ANY is a qtype but not a type. (You can ask for records of type
- * T_ANY, but you can't have any records of that type in the database.)
+ * Names of RR types and qtypes. The list is incomplete because its
+ * size is part of the ABI.
*/
extern const struct res_sym __p_type_syms[];
libresolv_hidden_proto (__p_type_syms)
@@ -418,13 +417,13 @@ const struct res_sym __p_type_syms[] = {
{ns_t_tsig, (char *) "TSIG", (char *) "transaction signature"},
{ns_t_ixfr, (char *) "IXFR", (char *) "incremental zone transfer"},
{ns_t_axfr, (char *) "AXFR", (char *) "zone transfer"},
- {ns_t_zxfr, (char *) "ZXFR", (char *) "compressed zone transfer"},
{ns_t_mailb, (char *) "MAILB", (char *) "mailbox-related data (deprecated)"},
{ns_t_maila, (char *) "MAILA", (char *) "mail agent (deprecated)"},
{ns_t_naptr, (char *) "NAPTR", (char *) "URN Naming Authority"},
{ns_t_kx, (char *) "KX", (char *) "Key Exchange"},
{ns_t_cert, (char *) "CERT", (char *) "Certificate"},
{ns_t_any, (char *) "ANY", (char *) "\"any\""},
+ {0, NULL, NULL}, /* Padding to preserve ABI. */
{0, NULL, NULL}
};
libresolv_hidden_data_def (__p_type_syms)
diff --git a/scripts/gen-rrtypes.py b/scripts/gen-rrtypes.py
new file mode 100644
index 0000000000..88bcb4ceeb
--- /dev/null
+++ b/scripts/gen-rrtypes.py
@@ -0,0 +1,68 @@
+#!/usr/bin/python3
+# Generate DNS RR type constants for resolv header files.
+# Copyright (C) 2016 Free Software Foundation, Inc.
+# This file is part of the GNU C Library.
+#
+# The GNU C Library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# The GNU C Library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with the GNU C Library; if not, see
+# <http://www.gnu.org/licenses/>.
+
+"""Generate DNS RR type constants for resolv header files.
+
+resolv/arpa/nameser.h and resolv/arpa/nameser_compat.h contain lists
+of RR type constants. This script downloads the current definitions
+from the IANA DNS Parameters protocol registry and translates it into
+the two different lists.
+
+Two lists are written to standard output. The first one contains enum
+constants for resolv/arpa/nameser.h. The second one lists the
+preprocessor macros for resolv/arpa/nameser_compat.h.
+
+"""
+
+# URL of the IANA registry.
+source = "http://www.iana.org/assignments/dns-parameters/dns-parameters-4.csv"
+
+import collections
+import csv
+import io
+import urllib.request
+
+Type = collections.namedtuple("Type", "name number comment")
+
+def get_types(source):
+ for row in csv.reader(io.TextIOWrapper(urllib.request.urlopen(source))):
+ if row[0] in ('TYPE', 'Unassigned', 'Private use', 'Reserved'):
+ continue
+ name, number, comment = row[:3]
+ if name == '*':
+ name = 'ANY'
+ comment = 'request for all cached records'
+ number = int(number)
+ yield Type(name, number, comment)
+
+types = list(get_types(source))
+
+print("// enum constants for resolv/arpa/nameser.h")
+print()
+for typ in types:
+ name = typ.name.replace("-", "_").lower()
+ print(" ns_t_{0} = {1.number},".format(name, typ))
+print()
+
+print("// macro aliases resolv/arpa/nameser_compat.h")
+print()
+for typ in types:
+ name = typ.name.replace("-", "_")
+ print("#define T_{0} ns_t_{1}".format(name.upper(), name.lower()))
+print()