mDNSResponder: Update to v625.41.2

The sources can be obtained via: https://opensource.apple.com/tarballs/mDNSResponder/mDNSResponder-625.41.2.tar.gz Update #3522.
author: Sebastian Huber <sebastian.huber@embedded-brains.de> 2018-09-19 08:52:21 +0200
committer: Sebastian Huber <sebastian.huber@embedded-brains.de> 2018-09-20 11:23:32 +0200
commit: f761b290f135957f47e1c9af71b4a81c76c32b48 (patch)
tree: 2b7d273db4ff2388867efec5ad432fa49cd4047e /mDNSResponder/mDNSPosix
parent: mDNSResponder: Update to v576.30.4 (diff)
download: rtems-libbsd-f761b290f135957f47e1c9af71b4a81c76c32b48.tar.bz2
8 files changed, 52 insertions, 34 deletions
diff --git a/mDNSResponder/mDNSPosix/._ReadMe.txt b/mDNSResponder/mDNSPosix/._ReadMe.txt
new file mode 100755
index 00000000..cd621b2a
--- /dev/null
+++ b/mDNSResponder/mDNSPosix/._ReadMe.txt
diff --git a/mDNSResponder/mDNSPosix/Identify.c b/mDNSResponder/mDNSPosix/Identify.c
index 003ac631..6a5d362b 100644
--- a/mDNSResponder/mDNSPosix/Identify.c
+++ b/mDNSResponder/mDNSPosix/Identify.c
@@ -330,8 +330,10 @@ mDNSexport int main(int argc, char **argv)
             if (StopNow == 2) break;
         }
 #endif
-        else {
-            if (strlen(arg) >= sizeof(hostname)) {
+        else
+        {
+            if (strlen(arg) >= sizeof(hostname))
+            {
                 fprintf(stderr, "hostname must be < %d characters\n", (int)sizeof(hostname));
                 goto usage;
             }
diff --git a/mDNSResponder/mDNSPosix/Makefile b/mDNSResponder/mDNSPosix/Makefile
index 817a3775..de8bd00c 100755
--- a/mDNSResponder/mDNSPosix/Makefile
+++ b/mDNSResponder/mDNSPosix/Makefile
@@ -153,6 +153,7 @@ LINKOPTS = -lSystem
 LDSUFFIX = dylib
 JDK = /System/Library/Frameworks/JavaVM.framework/Home
 JAVACFLAGS_OS = -dynamiclib -I/System/Library/Frameworks/JavaVM.framework/Headers -framework JavaVM
+OPTIONALTARG = dnsextd
 else
 
 $(error ERROR: Must specify target OS on command-line, e.g. "make os=x [target]".\
@@ -215,7 +216,7 @@ CFLAGS = $(CFLAGS_COMMON) $(CFLAGS_OS) $(CFLAGS_DEBUG)
 
 #############################################################################
 
-all: setup Daemon libdns_sd Clients SAClient SAResponder SAProxyResponder Identify NetMonitor dnsextd $(OPTIONALTARG)
+all: setup Daemon libdns_sd Clients SAClient SAResponder SAProxyResponder Identify NetMonitor $(OPTIONALTARG)
 
 install: setup InstalledDaemon InstalledStartup InstalledLib InstalledManPages InstalledClients $(OPTINSTALL)
 
diff --git a/mDNSResponder/mDNSPosix/ReadMe.txt b/mDNSResponder/mDNSPosix/ReadMe.txt
index c2f56412..a374ddf0 100755
--- a/mDNSResponder/mDNSPosix/ReadMe.txt
+++ b/mDNSResponder/mDNSPosix/ReadMe.txt
@@ -308,6 +308,20 @@ CVE-ID
 CVE-2011-0220 : JaeSeung Song of the Department of Computing at Imperial
 College London
 
+Impact:  A local application may be able to cause a denial of service
+Description:  A denial of service issue was addressed through
+improved memory handling.
+CVE-ID
+CVE-2015-7988 : Alexandre Helie
+
+Impact:  A remote attacker may be able to cause unexpected
+application termination or arbitrary code execution
+Description:  Multiple memory corruption issues existed in DNS
+data parsing. These issues were addressed through improved bounds
+checking.
+CVE-ID
+CVE-2015-7987 : Alexandre Helie
+
 To Do List
 ----------
 • port to a System V that's not Solaris
diff --git a/mDNSResponder/mDNSPosix/mDNSPosix.c b/mDNSResponder/mDNSPosix/mDNSPosix.c
index 1ff9837d..77b57149 100755
--- a/mDNSResponder/mDNSPosix/mDNSPosix.c
+++ b/mDNSResponder/mDNSPosix/mDNSPosix.c
@@ -1,6 +1,6 @@
 /* -*- Mode: C; tab-width: 4 -*-
  *
- * Copyright (c) 2002-2004 Apple Computer, Inc. All rights reserved.
+ * Copyright (c) 2002-2015 Apple Inc. All rights reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -525,6 +525,7 @@ mDNSexport int ParseDNSServers(mDNS *m, const char *filePath)
             numOfServers++;
         }
     }
+	fclose(fp);
     return (numOfServers > 0) ? 0 : -1;
 }
 
@@ -648,10 +649,22 @@ mDNSlocal int SetupSocket(struct sockaddr *intfAddr, mDNSIPPort port, int interf
     // ... with a shared UDP port, if it's for multicast receiving
     if (err == 0 && port.NotAnInteger)
     {
-        #if defined(SO_REUSEPORT)
-        err = setsockopt(*sktPtr, SOL_SOCKET, SO_REUSEPORT, &kOn, sizeof(kOn));
-        #elif defined(SO_REUSEADDR)
+        // <rdar://problem/20946253>
+        // We test for SO_REUSEADDR first, as suggested by Jonny Törnbom from Axis Communications
+        // Linux kernel versions 3.9 introduces support for socket option
+        // SO_REUSEPORT, however this is not implemented the same as on *BSD
+        // systems. Linux version implements a "port hijacking" prevention
+        // mechanism, limiting processes wanting to bind to an already existing
+        // addr:port to have the same effective UID as the first who bound it. What
+        // this meant for us was that the daemon ran as one user and when for
+        // instance mDNSClientPosix was executed by another user, it wasn't allowed
+        // to bind to the socket. Our suggestion was to switch the order in which
+        // SO_REUSEPORT and SO_REUSEADDR was tested so that SO_REUSEADDR stays on
+        // top and SO_REUSEPORT to be used only if SO_REUSEADDR doesn't exist.
+        #if defined(SO_REUSEADDR) && !defined(__MAC_OS_X_VERSION_MIN_REQUIRED)
         err = setsockopt(*sktPtr, SOL_SOCKET, SO_REUSEADDR, &kOn, sizeof(kOn));
+        #elif defined(SO_REUSEPORT)
+        err = setsockopt(*sktPtr, SOL_SOCKET, SO_REUSEPORT, &kOn, sizeof(kOn));
         #else
             #error This platform has no way to avoid address busy errors on multicast.
         #endif
@@ -919,6 +932,7 @@ mDNSlocal int SetupOneInterface(mDNS *const m, struct sockaddr *intfAddr, struct
 	if (strcmp(intfName, STRINGIFY(DIRECTLINK_INTERFACE_NAME)) == 0)
 		intf->coreIntf.DirectLink = mDNStrue;
 #endif
+    intf->coreIntf.SupportsUnicastMDNSResponse = mDNStrue;
 
     // The interface is all ready to go, let's register it with the mDNS core.
     if (err == 0)
@@ -1625,21 +1639,15 @@ mDNSexport mDNSBool mDNSPlatformInterfaceIsD2D(mDNSInterfaceID InterfaceID)
     return mDNSfalse;
 }
 
-mDNSexport mDNSBool mDNSPlatformAllowPID(mDNS *const m, DNSQuestion *q)
+mDNSexport void mDNSPlatformGetDNSRoutePolicy(mDNS *const m, DNSQuestion *q, mDNSBool *isCellBlocked)
 {
     (void) m;
-    (void) q;
-    return mDNStrue;
-}
 
-mDNSexport mDNSs32 mDNSPlatformGetServiceID(mDNS *const m, DNSQuestion *q)
-{
-    (void) m;
-    (void) q;
-    return -1;
+    q->ServiceID = -1;
+    *isCellBlocked = mDNSfalse;
 }
 
-mDNSexport void mDNSPlatformSetDelegatePID(UDPSocket *src, const mDNSAddr *dst, DNSQuestion *q)
+mDNSexport void mDNSPlatformSetuDNSSocktOpt(UDPSocket *src, const mDNSAddr *dst, DNSQuestion *q)
 {
     (void) src;
     (void) dst;
diff --git a/mDNSResponder/mDNSPosix/mDNSUNP.c b/mDNSResponder/mDNSPosix/mDNSUNP.c
index 5c4d9fe1..3cfeac6e 100755
--- a/mDNSResponder/mDNSPosix/mDNSUNP.c
+++ b/mDNSResponder/mDNSPosix/mDNSUNP.c
@@ -83,14 +83,12 @@ void plen_to_mask(int plen, char *addr) {
 struct ifi_info *get_ifi_info_linuxv6(int family, int doaliases)
 {
     struct ifi_info *ifi, *ifihead, **ifipnext, *ifipold, **ifiptr;
-    FILE *fp;
+    FILE *fp = NULL;
     char addr[8][5];
     int flags, myflags, index, plen, scope;
     char ifname[9], lastname[IFNAMSIZ];
     char addr6[32+7+1]; /* don't forget the seven ':' */
     struct addrinfo hints, *res0;
-    struct sockaddr_in6 *sin6;
-    struct in6_addr *addrptr;
     int err;
     int sockfd = -1;
     struct ifreq ifr;
@@ -150,18 +148,13 @@ struct ifi_info *get_ifi_info_linuxv6(int family, int doaliases)
             char ipv6addr[INET6_ADDRSTRLEN];
             plen_to_mask(plen, ipv6addr);
             ifi->ifi_netmask = calloc(1, sizeof(struct sockaddr_in6));
-            if (ifi->ifi_addr == NULL) {
+            if (ifi->ifi_netmask == NULL) {
                 goto gotError;
             }
-            sin6=calloc(1, sizeof(struct sockaddr_in6));
-            addrptr=calloc(1, sizeof(struct in6_addr));
-            inet_pton(family, ipv6addr, addrptr);
-            sin6->sin6_family=family;
-            sin6->sin6_addr=*addrptr;
-            sin6->sin6_scope_id=scope;
-            memcpy(ifi->ifi_netmask, sin6, sizeof(struct sockaddr_in6));
-            free(sin6);
 
+            ((struct sockaddr_in6 *)ifi->ifi_netmask)->sin6_family=family;
+            ((struct sockaddr_in6 *)ifi->ifi_netmask)->sin6_scope_id=scope;
+            inet_pton(family, ipv6addr, &((struct sockaddr_in6 *)ifi->ifi_netmask)->sin6_addr);
 
             /* Add interface name */
             memcpy(ifi->ifi_name, ifname, IFI_NAME);
@@ -179,6 +172,7 @@ struct ifi_info *get_ifi_info_linuxv6(int family, int doaliases)
                      * EADDRNOTAVAIL for the main interface
                      */
                     free(ifi->ifi_addr);
+                    free(ifi->ifi_netmask);
                     free(ifi);
                     ifipnext  = ifiptr;
                     *ifipnext = ifipold;
@@ -207,6 +201,9 @@ done:
     if (sockfd != -1) {
         assert(close(sockfd) == 0);
     }
+    if (fp != NULL) {
+        fclose(fp);
+    }
     return(ifihead);    /* pointer to first structure in linked list */
 }
 #endif // defined(AF_INET6) && HAVE_IPV6 && HAVE_LINUX
diff --git a/mDNSResponder/mDNSPosix/mdnsd.sh b/mDNSResponder/mDNSPosix/mdnsd.sh
index 14fef9b4..c43d9fcb 100644
--- a/mDNSResponder/mDNSPosix/mdnsd.sh
+++ b/mDNSResponder/mDNSPosix/mdnsd.sh
@@ -36,7 +36,7 @@ if [ -r /sbin/start-stop-daemon ]; then
 	# Suse Linux doesn't work with symbolic signal names, but we really don't need
 	# to specify "-s TERM" since SIGTERM (15) is the default stop signal anway
 	# STOP="start-stop-daemon --stop -s TERM --quiet --oknodo --exec"
-	STOP="start-stop-daemon --stop --quiet --oknodo --exec"
+	STOP="start-stop-daemon --stop --quiet --oknodo --retry 2 --exec"
 else
 	killmdnsd() {
 		kill -TERM `cat /var/run/mdnsd.pid`
diff --git a/mDNSResponder/mDNSPosix/nss_mdns.c b/mDNSResponder/mDNSPosix/nss_mdns.c
index afadb3c6..ade4d4d2 100755
--- a/mDNSResponder/mDNSPosix/nss_mdns.c
+++ b/mDNSResponder/mDNSPosix/nss_mdns.c
@@ -1088,7 +1088,6 @@ mdns_lookup_callback
         ns_type_t expected_rr_type =
             af_to_rr (result->hostent->h_addrtype);
 
-        // Idiot check class
         if (rrclass != C_IN)
         {
             syslog (LOG_WARNING,
@@ -1270,7 +1269,6 @@ add_address_to_buffer (result_map_t * result, const void * data, int len)
         return NULL;
     }
 
-    // Idiot check
     if (len != result->hostent->h_length)
     {
         syslog (LOG_WARNING,
@@ -1311,7 +1309,6 @@ contains_address (result_map_t * result, const void * data, int len)
 {
     int i;
 
-    // Idiot check
     if (len != result->hostent->h_length)
     {
         syslog (LOG_WARNING,
@@ -2473,7 +2470,6 @@ cmp_dns_suffix (const char * name, const char * domain)
     const char * nametail;
     const char * domaintail;
 
-    // Idiot checks
     if (*name == 0 || *name == k_dns_separator)
     {
         // Name can't be empty or start with separator
author	Sebastian Huber <sebastian.huber@embedded-brains.de>	2018-09-19 08:52:21 +0200
committer	Sebastian Huber <sebastian.huber@embedded-brains.de>	2018-09-20 11:23:32 +0200
commit	f761b290f135957f47e1c9af71b4a81c76c32b48 (patch)
tree	2b7d273db4ff2388867efec5ad432fa49cd4047e /mDNSResponder/mDNSPosix
parent	mDNSResponder: Update to v576.30.4 (diff)
download	rtems-libbsd-f761b290f135957f47e1c9af71b4a81c76c32b48.tar.bz2