Annotation of embedaddon/curl/lib/doh.c, revision 1.1
1.1 ! misho 1: /***************************************************************************
! 2: * _ _ ____ _
! 3: * Project ___| | | | _ \| |
! 4: * / __| | | | |_) | |
! 5: * | (__| |_| | _ <| |___
! 6: * \___|\___/|_| \_\_____|
! 7: *
! 8: * Copyright (C) 2018 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
! 9: *
! 10: * This software is licensed as described in the file COPYING, which
! 11: * you should have received as part of this distribution. The terms
! 12: * are also available at https://curl.haxx.se/docs/copyright.html.
! 13: *
! 14: * You may opt to use, copy, modify, merge, publish, distribute and/or sell
! 15: * copies of the Software, and permit persons to whom the Software is
! 16: * furnished to do so, under the terms of the COPYING file.
! 17: *
! 18: * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
! 19: * KIND, either express or implied.
! 20: *
! 21: ***************************************************************************/
! 22:
! 23: #include "curl_setup.h"
! 24:
! 25: #ifndef CURL_DISABLE_DOH
! 26:
! 27: #include "urldata.h"
! 28: #include "curl_addrinfo.h"
! 29: #include "doh.h"
! 30:
! 31: #include "sendf.h"
! 32: #include "multiif.h"
! 33: #include "url.h"
! 34: #include "share.h"
! 35: #include "curl_base64.h"
! 36: #include "connect.h"
! 37: #include "strdup.h"
! 38: /* The last 3 #include files should be in this order */
! 39: #include "curl_printf.h"
! 40: #include "curl_memory.h"
! 41: #include "memdebug.h"
! 42:
! 43: #define DNS_CLASS_IN 0x01
! 44: #define DOH_MAX_RESPONSE_SIZE 3000 /* bytes */
! 45:
! 46: #ifndef CURL_DISABLE_VERBOSE_STRINGS
! 47: static const char * const errors[]={
! 48: "",
! 49: "Bad label",
! 50: "Out of range",
! 51: "Label loop",
! 52: "Too small",
! 53: "Out of memory",
! 54: "RDATA length",
! 55: "Malformat",
! 56: "Bad RCODE",
! 57: "Unexpected TYPE",
! 58: "Unexpected CLASS",
! 59: "No content",
! 60: "Bad ID"
! 61: };
! 62:
! 63: static const char *doh_strerror(DOHcode code)
! 64: {
! 65: if((code >= DOH_OK) && (code <= DOH_DNS_BAD_ID))
! 66: return errors[code];
! 67: return "bad error code";
! 68: }
! 69: #endif
! 70:
! 71: #ifdef DEBUGBUILD
! 72: #define UNITTEST
! 73: #else
! 74: #define UNITTEST static
! 75: #endif
! 76:
! 77: /* @unittest 1655
! 78: */
! 79: UNITTEST DOHcode doh_encode(const char *host,
! 80: DNStype dnstype,
! 81: unsigned char *dnsp, /* buffer */
! 82: size_t len, /* buffer size */
! 83: size_t *olen) /* output length */
! 84: {
! 85: const size_t hostlen = strlen(host);
! 86: unsigned char *orig = dnsp;
! 87: const char *hostp = host;
! 88:
! 89: /* The expected output length is 16 bytes more than the length of
! 90: * the QNAME-encoding of the host name.
! 91: *
! 92: * A valid DNS name may not contain a zero-length label, except at
! 93: * the end. For this reason, a name beginning with a dot, or
! 94: * containing a sequence of two or more consecutive dots, is invalid
! 95: * and cannot be encoded as a QNAME.
! 96: *
! 97: * If the host name ends with a trailing dot, the corresponding
! 98: * QNAME-encoding is one byte longer than the host name. If (as is
! 99: * also valid) the hostname is shortened by the omission of the
! 100: * trailing dot, then its QNAME-encoding will be two bytes longer
! 101: * than the host name.
! 102: *
! 103: * Each [ label, dot ] pair is encoded as [ length, label ],
! 104: * preserving overall length. A final [ label ] without a dot is
! 105: * also encoded as [ length, label ], increasing overall length
! 106: * by one. The encoding is completed by appending a zero byte,
! 107: * representing the zero-length root label, again increasing
! 108: * the overall length by one.
! 109: */
! 110:
! 111: size_t expected_len;
! 112: DEBUGASSERT(hostlen);
! 113: expected_len = 12 + 1 + hostlen + 4;
! 114: if(host[hostlen-1]!='.')
! 115: expected_len++;
! 116:
! 117: if(expected_len > (256 + 16)) /* RFCs 1034, 1035 */
! 118: return DOH_DNS_NAME_TOO_LONG;
! 119:
! 120: if(len < expected_len)
! 121: return DOH_TOO_SMALL_BUFFER;
! 122:
! 123: *dnsp++ = 0; /* 16 bit id */
! 124: *dnsp++ = 0;
! 125: *dnsp++ = 0x01; /* |QR| Opcode |AA|TC|RD| Set the RD bit */
! 126: *dnsp++ = '\0'; /* |RA| Z | RCODE | */
! 127: *dnsp++ = '\0';
! 128: *dnsp++ = 1; /* QDCOUNT (number of entries in the question section) */
! 129: *dnsp++ = '\0';
! 130: *dnsp++ = '\0'; /* ANCOUNT */
! 131: *dnsp++ = '\0';
! 132: *dnsp++ = '\0'; /* NSCOUNT */
! 133: *dnsp++ = '\0';
! 134: *dnsp++ = '\0'; /* ARCOUNT */
! 135:
! 136: /* encode each label and store it in the QNAME */
! 137: while(*hostp) {
! 138: size_t labellen;
! 139: char *dot = strchr(hostp, '.');
! 140: if(dot)
! 141: labellen = dot - hostp;
! 142: else
! 143: labellen = strlen(hostp);
! 144: if((labellen > 63) || (!labellen)) {
! 145: /* label is too long or too short, error out */
! 146: *olen = 0;
! 147: return DOH_DNS_BAD_LABEL;
! 148: }
! 149: /* label is non-empty, process it */
! 150: *dnsp++ = (unsigned char)labellen;
! 151: memcpy(dnsp, hostp, labellen);
! 152: dnsp += labellen;
! 153: hostp += labellen;
! 154: /* advance past dot, but only if there is one */
! 155: if(dot)
! 156: hostp++;
! 157: } /* next label */
! 158:
! 159: *dnsp++ = 0; /* append zero-length label for root */
! 160:
! 161: /* There are assigned TYPE codes beyond 255: use range [1..65535] */
! 162: *dnsp++ = (unsigned char)(255 & (dnstype>>8)); /* upper 8 bit TYPE */
! 163: *dnsp++ = (unsigned char)(255 & dnstype); /* lower 8 bit TYPE */
! 164:
! 165: *dnsp++ = '\0'; /* upper 8 bit CLASS */
! 166: *dnsp++ = DNS_CLASS_IN; /* IN - "the Internet" */
! 167:
! 168: *olen = dnsp - orig;
! 169:
! 170: /* verify that our estimation of length is valid, since
! 171: * this has led to buffer overflows in this function */
! 172: DEBUGASSERT(*olen == expected_len);
! 173: return DOH_OK;
! 174: }
! 175:
! 176: static size_t
! 177: doh_write_cb(const void *contents, size_t size, size_t nmemb, void *userp)
! 178: {
! 179: size_t realsize = size * nmemb;
! 180: struct dohresponse *mem = (struct dohresponse *)userp;
! 181:
! 182: if((mem->size + realsize) > DOH_MAX_RESPONSE_SIZE)
! 183: /* suspiciously much for us */
! 184: return 0;
! 185:
! 186: mem->memory = Curl_saferealloc(mem->memory, mem->size + realsize);
! 187: if(!mem->memory)
! 188: /* out of memory! */
! 189: return 0;
! 190:
! 191: memcpy(&(mem->memory[mem->size]), contents, realsize);
! 192: mem->size += realsize;
! 193:
! 194: return realsize;
! 195: }
! 196:
! 197: /* called from multi.c when this DOH transfer is complete */
! 198: static int Curl_doh_done(struct Curl_easy *doh, CURLcode result)
! 199: {
! 200: struct Curl_easy *data = doh->set.dohfor;
! 201: /* so one of the DOH request done for the 'data' transfer is now complete! */
! 202: data->req.doh.pending--;
! 203: infof(data, "a DOH request is completed, %u to go\n", data->req.doh.pending);
! 204: if(result)
! 205: infof(data, "DOH request %s\n", curl_easy_strerror(result));
! 206:
! 207: if(!data->req.doh.pending) {
! 208: /* DOH completed */
! 209: curl_slist_free_all(data->req.doh.headers);
! 210: data->req.doh.headers = NULL;
! 211: Curl_expire(data, 0, EXPIRE_RUN_NOW);
! 212: }
! 213: return 0;
! 214: }
! 215:
! 216: #define ERROR_CHECK_SETOPT(x,y) \
! 217: do { \
! 218: result = curl_easy_setopt(doh, x, y); \
! 219: if(result) \
! 220: goto error; \
! 221: } while(0)
! 222:
! 223: static CURLcode dohprobe(struct Curl_easy *data,
! 224: struct dnsprobe *p, DNStype dnstype,
! 225: const char *host,
! 226: const char *url, CURLM *multi,
! 227: struct curl_slist *headers)
! 228: {
! 229: struct Curl_easy *doh = NULL;
! 230: char *nurl = NULL;
! 231: CURLcode result = CURLE_OK;
! 232: timediff_t timeout_ms;
! 233: DOHcode d = doh_encode(host, dnstype, p->dohbuffer, sizeof(p->dohbuffer),
! 234: &p->dohlen);
! 235: if(d) {
! 236: failf(data, "Failed to encode DOH packet [%d]\n", d);
! 237: return CURLE_OUT_OF_MEMORY;
! 238: }
! 239:
! 240: p->dnstype = dnstype;
! 241: p->serverdoh.memory = NULL;
! 242: /* the memory will be grown as needed by realloc in the doh_write_cb
! 243: function */
! 244: p->serverdoh.size = 0;
! 245:
! 246: /* Note: this is code for sending the DoH request with GET but there's still
! 247: no logic that actually enables this. We should either add that ability or
! 248: yank out the GET code. Discuss! */
! 249: if(data->set.doh_get) {
! 250: char *b64;
! 251: size_t b64len;
! 252: result = Curl_base64url_encode(data, (char *)p->dohbuffer, p->dohlen,
! 253: &b64, &b64len);
! 254: if(result)
! 255: goto error;
! 256: nurl = aprintf("%s?dns=%s", url, b64);
! 257: free(b64);
! 258: if(!nurl) {
! 259: result = CURLE_OUT_OF_MEMORY;
! 260: goto error;
! 261: }
! 262: url = nurl;
! 263: }
! 264:
! 265: timeout_ms = Curl_timeleft(data, NULL, TRUE);
! 266: if(timeout_ms <= 0) {
! 267: result = CURLE_OPERATION_TIMEDOUT;
! 268: goto error;
! 269: }
! 270: /* Curl_open() is the internal version of curl_easy_init() */
! 271: result = Curl_open(&doh);
! 272: if(!result) {
! 273: /* pass in the struct pointer via a local variable to please coverity and
! 274: the gcc typecheck helpers */
! 275: struct dohresponse *resp = &p->serverdoh;
! 276: ERROR_CHECK_SETOPT(CURLOPT_URL, url);
! 277: ERROR_CHECK_SETOPT(CURLOPT_WRITEFUNCTION, doh_write_cb);
! 278: ERROR_CHECK_SETOPT(CURLOPT_WRITEDATA, resp);
! 279: if(!data->set.doh_get) {
! 280: ERROR_CHECK_SETOPT(CURLOPT_POSTFIELDS, p->dohbuffer);
! 281: ERROR_CHECK_SETOPT(CURLOPT_POSTFIELDSIZE, (long)p->dohlen);
! 282: }
! 283: ERROR_CHECK_SETOPT(CURLOPT_HTTPHEADER, headers);
! 284: #ifdef USE_NGHTTP2
! 285: ERROR_CHECK_SETOPT(CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2TLS);
! 286: #endif
! 287: #ifndef CURLDEBUG
! 288: /* enforce HTTPS if not debug */
! 289: ERROR_CHECK_SETOPT(CURLOPT_PROTOCOLS, CURLPROTO_HTTPS);
! 290: #else
! 291: /* in debug mode, also allow http */
! 292: ERROR_CHECK_SETOPT(CURLOPT_PROTOCOLS, CURLPROTO_HTTP|CURLPROTO_HTTPS);
! 293: #endif
! 294: ERROR_CHECK_SETOPT(CURLOPT_TIMEOUT_MS, (long)timeout_ms);
! 295: if(data->set.verbose)
! 296: ERROR_CHECK_SETOPT(CURLOPT_VERBOSE, 1L);
! 297: if(data->set.no_signal)
! 298: ERROR_CHECK_SETOPT(CURLOPT_NOSIGNAL, 1L);
! 299:
! 300: /* Inherit *some* SSL options from the user's transfer. This is a
! 301: best-guess as to which options are needed for compatibility. #3661 */
! 302: if(data->set.ssl.falsestart)
! 303: ERROR_CHECK_SETOPT(CURLOPT_SSL_FALSESTART, 1L);
! 304: if(data->set.ssl.primary.verifyhost)
! 305: ERROR_CHECK_SETOPT(CURLOPT_SSL_VERIFYHOST, 2L);
! 306: #ifndef CURL_DISABLE_PROXY
! 307: if(data->set.proxy_ssl.primary.verifyhost)
! 308: ERROR_CHECK_SETOPT(CURLOPT_PROXY_SSL_VERIFYHOST, 2L);
! 309: if(data->set.proxy_ssl.primary.verifypeer)
! 310: ERROR_CHECK_SETOPT(CURLOPT_PROXY_SSL_VERIFYPEER, 1L);
! 311: if(data->set.str[STRING_SSL_CAFILE_PROXY]) {
! 312: ERROR_CHECK_SETOPT(CURLOPT_PROXY_CAINFO,
! 313: data->set.str[STRING_SSL_CAFILE_PROXY]);
! 314: }
! 315: if(data->set.str[STRING_SSL_CRLFILE_PROXY]) {
! 316: ERROR_CHECK_SETOPT(CURLOPT_PROXY_CRLFILE,
! 317: data->set.str[STRING_SSL_CRLFILE_PROXY]);
! 318: }
! 319: if(data->set.proxy_ssl.no_revoke)
! 320: ERROR_CHECK_SETOPT(CURLOPT_PROXY_SSL_OPTIONS, CURLSSLOPT_NO_REVOKE);
! 321: else if(data->set.proxy_ssl.revoke_best_effort)
! 322: ERROR_CHECK_SETOPT(CURLOPT_PROXY_SSL_OPTIONS,
! 323: CURLSSLOPT_REVOKE_BEST_EFFORT);
! 324: if(data->set.str[STRING_SSL_CAPATH_PROXY]) {
! 325: ERROR_CHECK_SETOPT(CURLOPT_PROXY_CAPATH,
! 326: data->set.str[STRING_SSL_CAPATH_PROXY]);
! 327: }
! 328: #endif
! 329: if(data->set.ssl.primary.verifypeer)
! 330: ERROR_CHECK_SETOPT(CURLOPT_SSL_VERIFYPEER, 1L);
! 331: if(data->set.ssl.primary.verifystatus)
! 332: ERROR_CHECK_SETOPT(CURLOPT_SSL_VERIFYSTATUS, 1L);
! 333: if(data->set.str[STRING_SSL_CAFILE_ORIG]) {
! 334: ERROR_CHECK_SETOPT(CURLOPT_CAINFO,
! 335: data->set.str[STRING_SSL_CAFILE_ORIG]);
! 336: }
! 337: if(data->set.str[STRING_SSL_CAPATH_ORIG]) {
! 338: ERROR_CHECK_SETOPT(CURLOPT_CAPATH,
! 339: data->set.str[STRING_SSL_CAPATH_ORIG]);
! 340: }
! 341: if(data->set.str[STRING_SSL_CRLFILE_ORIG]) {
! 342: ERROR_CHECK_SETOPT(CURLOPT_CRLFILE,
! 343: data->set.str[STRING_SSL_CRLFILE_ORIG]);
! 344: }
! 345: if(data->set.ssl.certinfo)
! 346: ERROR_CHECK_SETOPT(CURLOPT_CERTINFO, 1L);
! 347: if(data->set.str[STRING_SSL_RANDOM_FILE]) {
! 348: ERROR_CHECK_SETOPT(CURLOPT_RANDOM_FILE,
! 349: data->set.str[STRING_SSL_RANDOM_FILE]);
! 350: }
! 351: if(data->set.str[STRING_SSL_EGDSOCKET]) {
! 352: ERROR_CHECK_SETOPT(CURLOPT_EGDSOCKET,
! 353: data->set.str[STRING_SSL_EGDSOCKET]);
! 354: }
! 355: if(data->set.ssl.no_revoke)
! 356: ERROR_CHECK_SETOPT(CURLOPT_SSL_OPTIONS, CURLSSLOPT_NO_REVOKE);
! 357: else if(data->set.ssl.revoke_best_effort)
! 358: ERROR_CHECK_SETOPT(CURLOPT_SSL_OPTIONS, CURLSSLOPT_REVOKE_BEST_EFFORT);
! 359: if(data->set.ssl.fsslctx)
! 360: ERROR_CHECK_SETOPT(CURLOPT_SSL_CTX_FUNCTION, data->set.ssl.fsslctx);
! 361: if(data->set.ssl.fsslctxp)
! 362: ERROR_CHECK_SETOPT(CURLOPT_SSL_CTX_DATA, data->set.ssl.fsslctxp);
! 363:
! 364: doh->set.fmultidone = Curl_doh_done;
! 365: doh->set.dohfor = data; /* identify for which transfer this is done */
! 366: p->easy = doh;
! 367:
! 368: /* add this transfer to the multi handle */
! 369: if(curl_multi_add_handle(multi, doh))
! 370: goto error;
! 371: }
! 372: else
! 373: goto error;
! 374: free(nurl);
! 375: return CURLE_OK;
! 376:
! 377: error:
! 378: free(nurl);
! 379: Curl_close(&doh);
! 380: return result;
! 381: }
! 382:
! 383: /*
! 384: * Curl_doh() resolves a name using DOH. It resolves a name and returns a
! 385: * 'Curl_addrinfo *' with the address information.
! 386: */
! 387:
! 388: Curl_addrinfo *Curl_doh(struct connectdata *conn,
! 389: const char *hostname,
! 390: int port,
! 391: int *waitp)
! 392: {
! 393: struct Curl_easy *data = conn->data;
! 394: CURLcode result = CURLE_OK;
! 395: int slot;
! 396: *waitp = TRUE; /* this never returns synchronously */
! 397: (void)conn;
! 398: (void)hostname;
! 399: (void)port;
! 400:
! 401: /* start clean, consider allocating this struct on demand */
! 402: memset(&data->req.doh, 0, sizeof(struct dohdata));
! 403:
! 404: data->req.doh.host = hostname;
! 405: data->req.doh.port = port;
! 406: data->req.doh.headers =
! 407: curl_slist_append(NULL,
! 408: "Content-Type: application/dns-message");
! 409: if(!data->req.doh.headers)
! 410: goto error;
! 411:
! 412: if(conn->ip_version != CURL_IPRESOLVE_V6) {
! 413: /* create IPv4 DOH request */
! 414: result = dohprobe(data, &data->req.doh.probe[DOH_PROBE_SLOT_IPADDR_V4],
! 415: DNS_TYPE_A, hostname, data->set.str[STRING_DOH],
! 416: data->multi, data->req.doh.headers);
! 417: if(result)
! 418: goto error;
! 419: data->req.doh.pending++;
! 420: }
! 421:
! 422: if(conn->ip_version != CURL_IPRESOLVE_V4) {
! 423: /* create IPv6 DOH request */
! 424: result = dohprobe(data, &data->req.doh.probe[DOH_PROBE_SLOT_IPADDR_V6],
! 425: DNS_TYPE_AAAA, hostname, data->set.str[STRING_DOH],
! 426: data->multi, data->req.doh.headers);
! 427: if(result)
! 428: goto error;
! 429: data->req.doh.pending++;
! 430: }
! 431: return NULL;
! 432:
! 433: error:
! 434: curl_slist_free_all(data->req.doh.headers);
! 435: data->req.doh.headers = NULL;
! 436: for(slot = 0; slot < DOH_PROBE_SLOTS; slot++) {
! 437: Curl_close(&data->req.doh.probe[slot].easy);
! 438: }
! 439: return NULL;
! 440: }
! 441:
! 442: static DOHcode skipqname(const unsigned char *doh, size_t dohlen,
! 443: unsigned int *indexp)
! 444: {
! 445: unsigned char length;
! 446: do {
! 447: if(dohlen < (*indexp + 1))
! 448: return DOH_DNS_OUT_OF_RANGE;
! 449: length = doh[*indexp];
! 450: if((length & 0xc0) == 0xc0) {
! 451: /* name pointer, advance over it and be done */
! 452: if(dohlen < (*indexp + 2))
! 453: return DOH_DNS_OUT_OF_RANGE;
! 454: *indexp += 2;
! 455: break;
! 456: }
! 457: if(length & 0xc0)
! 458: return DOH_DNS_BAD_LABEL;
! 459: if(dohlen < (*indexp + 1 + length))
! 460: return DOH_DNS_OUT_OF_RANGE;
! 461: *indexp += 1 + length;
! 462: } while(length);
! 463: return DOH_OK;
! 464: }
! 465:
! 466: static unsigned short get16bit(const unsigned char *doh, int index)
! 467: {
! 468: return (unsigned short)((doh[index] << 8) | doh[index + 1]);
! 469: }
! 470:
! 471: static unsigned int get32bit(const unsigned char *doh, int index)
! 472: {
! 473: /* make clang and gcc optimize this to bswap by incrementing
! 474: the pointer first. */
! 475: doh += index;
! 476:
! 477: /* avoid undefined behaviour by casting to unsigned before shifting
! 478: 24 bits, possibly into the sign bit. codegen is same, but
! 479: ub sanitizer won't be upset */
! 480: return ( (unsigned)doh[0] << 24) | (doh[1] << 16) |(doh[2] << 8) | doh[3];
! 481: }
! 482:
! 483: static DOHcode store_a(const unsigned char *doh, int index, struct dohentry *d)
! 484: {
! 485: /* silently ignore addresses over the limit */
! 486: if(d->numaddr < DOH_MAX_ADDR) {
! 487: struct dohaddr *a = &d->addr[d->numaddr];
! 488: a->type = DNS_TYPE_A;
! 489: memcpy(&a->ip.v4, &doh[index], 4);
! 490: d->numaddr++;
! 491: }
! 492: return DOH_OK;
! 493: }
! 494:
! 495: static DOHcode store_aaaa(const unsigned char *doh,
! 496: int index,
! 497: struct dohentry *d)
! 498: {
! 499: /* silently ignore addresses over the limit */
! 500: if(d->numaddr < DOH_MAX_ADDR) {
! 501: struct dohaddr *a = &d->addr[d->numaddr];
! 502: a->type = DNS_TYPE_AAAA;
! 503: memcpy(&a->ip.v6, &doh[index], 16);
! 504: d->numaddr++;
! 505: }
! 506: return DOH_OK;
! 507: }
! 508:
! 509: static DOHcode cnameappend(struct cnamestore *c,
! 510: const unsigned char *src,
! 511: size_t len)
! 512: {
! 513: if(!c->alloc) {
! 514: c->allocsize = len + 1;
! 515: c->alloc = malloc(c->allocsize);
! 516: if(!c->alloc)
! 517: return DOH_OUT_OF_MEM;
! 518: }
! 519: else if(c->allocsize < (c->allocsize + len + 1)) {
! 520: char *ptr;
! 521: c->allocsize += len + 1;
! 522: ptr = realloc(c->alloc, c->allocsize);
! 523: if(!ptr) {
! 524: free(c->alloc);
! 525: return DOH_OUT_OF_MEM;
! 526: }
! 527: c->alloc = ptr;
! 528: }
! 529: memcpy(&c->alloc[c->len], src, len);
! 530: c->len += len;
! 531: c->alloc[c->len] = 0; /* keep it zero terminated */
! 532: return DOH_OK;
! 533: }
! 534:
! 535: static DOHcode store_cname(const unsigned char *doh,
! 536: size_t dohlen,
! 537: unsigned int index,
! 538: struct dohentry *d)
! 539: {
! 540: struct cnamestore *c;
! 541: unsigned int loop = 128; /* a valid DNS name can never loop this much */
! 542: unsigned char length;
! 543:
! 544: if(d->numcname == DOH_MAX_CNAME)
! 545: return DOH_OK; /* skip! */
! 546:
! 547: c = &d->cname[d->numcname++];
! 548: do {
! 549: if(index >= dohlen)
! 550: return DOH_DNS_OUT_OF_RANGE;
! 551: length = doh[index];
! 552: if((length & 0xc0) == 0xc0) {
! 553: int newpos;
! 554: /* name pointer, get the new offset (14 bits) */
! 555: if((index + 1) >= dohlen)
! 556: return DOH_DNS_OUT_OF_RANGE;
! 557:
! 558: /* move to the new index */
! 559: newpos = (length & 0x3f) << 8 | doh[index + 1];
! 560: index = newpos;
! 561: continue;
! 562: }
! 563: else if(length & 0xc0)
! 564: return DOH_DNS_BAD_LABEL; /* bad input */
! 565: else
! 566: index++;
! 567:
! 568: if(length) {
! 569: DOHcode rc;
! 570: if(c->len) {
! 571: rc = cnameappend(c, (unsigned char *)".", 1);
! 572: if(rc)
! 573: return rc;
! 574: }
! 575: if((index + length) > dohlen)
! 576: return DOH_DNS_BAD_LABEL;
! 577:
! 578: rc = cnameappend(c, &doh[index], length);
! 579: if(rc)
! 580: return rc;
! 581: index += length;
! 582: }
! 583: } while(length && --loop);
! 584:
! 585: if(!loop)
! 586: return DOH_DNS_LABEL_LOOP;
! 587: return DOH_OK;
! 588: }
! 589:
! 590: static DOHcode rdata(const unsigned char *doh,
! 591: size_t dohlen,
! 592: unsigned short rdlength,
! 593: unsigned short type,
! 594: int index,
! 595: struct dohentry *d)
! 596: {
! 597: /* RDATA
! 598: - A (TYPE 1): 4 bytes
! 599: - AAAA (TYPE 28): 16 bytes
! 600: - NS (TYPE 2): N bytes */
! 601: DOHcode rc;
! 602:
! 603: switch(type) {
! 604: case DNS_TYPE_A:
! 605: if(rdlength != 4)
! 606: return DOH_DNS_RDATA_LEN;
! 607: rc = store_a(doh, index, d);
! 608: if(rc)
! 609: return rc;
! 610: break;
! 611: case DNS_TYPE_AAAA:
! 612: if(rdlength != 16)
! 613: return DOH_DNS_RDATA_LEN;
! 614: rc = store_aaaa(doh, index, d);
! 615: if(rc)
! 616: return rc;
! 617: break;
! 618: case DNS_TYPE_CNAME:
! 619: rc = store_cname(doh, dohlen, index, d);
! 620: if(rc)
! 621: return rc;
! 622: break;
! 623: case DNS_TYPE_DNAME:
! 624: /* explicit for clarity; just skip; rely on synthesized CNAME */
! 625: break;
! 626: default:
! 627: /* unsupported type, just skip it */
! 628: break;
! 629: }
! 630: return DOH_OK;
! 631: }
! 632:
! 633: static void init_dohentry(struct dohentry *de)
! 634: {
! 635: memset(de, 0, sizeof(*de));
! 636: de->ttl = INT_MAX;
! 637: }
! 638:
! 639:
! 640: UNITTEST DOHcode doh_decode(const unsigned char *doh,
! 641: size_t dohlen,
! 642: DNStype dnstype,
! 643: struct dohentry *d)
! 644: {
! 645: unsigned char rcode;
! 646: unsigned short qdcount;
! 647: unsigned short ancount;
! 648: unsigned short type = 0;
! 649: unsigned short rdlength;
! 650: unsigned short nscount;
! 651: unsigned short arcount;
! 652: unsigned int index = 12;
! 653: DOHcode rc;
! 654:
! 655: if(dohlen < 12)
! 656: return DOH_TOO_SMALL_BUFFER; /* too small */
! 657: if(!doh || doh[0] || doh[1])
! 658: return DOH_DNS_BAD_ID; /* bad ID */
! 659: rcode = doh[3] & 0x0f;
! 660: if(rcode)
! 661: return DOH_DNS_BAD_RCODE; /* bad rcode */
! 662:
! 663: qdcount = get16bit(doh, 4);
! 664: while(qdcount) {
! 665: rc = skipqname(doh, dohlen, &index);
! 666: if(rc)
! 667: return rc; /* bad qname */
! 668: if(dohlen < (index + 4))
! 669: return DOH_DNS_OUT_OF_RANGE;
! 670: index += 4; /* skip question's type and class */
! 671: qdcount--;
! 672: }
! 673:
! 674: ancount = get16bit(doh, 6);
! 675: while(ancount) {
! 676: unsigned short class;
! 677: unsigned int ttl;
! 678:
! 679: rc = skipqname(doh, dohlen, &index);
! 680: if(rc)
! 681: return rc; /* bad qname */
! 682:
! 683: if(dohlen < (index + 2))
! 684: return DOH_DNS_OUT_OF_RANGE;
! 685:
! 686: type = get16bit(doh, index);
! 687: if((type != DNS_TYPE_CNAME) /* may be synthesized from DNAME */
! 688: && (type != DNS_TYPE_DNAME) /* if present, accept and ignore */
! 689: && (type != dnstype))
! 690: /* Not the same type as was asked for nor CNAME nor DNAME */
! 691: return DOH_DNS_UNEXPECTED_TYPE;
! 692: index += 2;
! 693:
! 694: if(dohlen < (index + 2))
! 695: return DOH_DNS_OUT_OF_RANGE;
! 696: class = get16bit(doh, index);
! 697: if(DNS_CLASS_IN != class)
! 698: return DOH_DNS_UNEXPECTED_CLASS; /* unsupported */
! 699: index += 2;
! 700:
! 701: if(dohlen < (index + 4))
! 702: return DOH_DNS_OUT_OF_RANGE;
! 703:
! 704: ttl = get32bit(doh, index);
! 705: if(ttl < d->ttl)
! 706: d->ttl = ttl;
! 707: index += 4;
! 708:
! 709: if(dohlen < (index + 2))
! 710: return DOH_DNS_OUT_OF_RANGE;
! 711:
! 712: rdlength = get16bit(doh, index);
! 713: index += 2;
! 714: if(dohlen < (index + rdlength))
! 715: return DOH_DNS_OUT_OF_RANGE;
! 716:
! 717: rc = rdata(doh, dohlen, rdlength, type, index, d);
! 718: if(rc)
! 719: return rc; /* bad rdata */
! 720: index += rdlength;
! 721: ancount--;
! 722: }
! 723:
! 724: nscount = get16bit(doh, 8);
! 725: while(nscount) {
! 726: rc = skipqname(doh, dohlen, &index);
! 727: if(rc)
! 728: return rc; /* bad qname */
! 729:
! 730: if(dohlen < (index + 8))
! 731: return DOH_DNS_OUT_OF_RANGE;
! 732:
! 733: index += 2 + 2 + 4; /* type, class and ttl */
! 734:
! 735: if(dohlen < (index + 2))
! 736: return DOH_DNS_OUT_OF_RANGE;
! 737:
! 738: rdlength = get16bit(doh, index);
! 739: index += 2;
! 740: if(dohlen < (index + rdlength))
! 741: return DOH_DNS_OUT_OF_RANGE;
! 742: index += rdlength;
! 743: nscount--;
! 744: }
! 745:
! 746: arcount = get16bit(doh, 10);
! 747: while(arcount) {
! 748: rc = skipqname(doh, dohlen, &index);
! 749: if(rc)
! 750: return rc; /* bad qname */
! 751:
! 752: if(dohlen < (index + 8))
! 753: return DOH_DNS_OUT_OF_RANGE;
! 754:
! 755: index += 2 + 2 + 4; /* type, class and ttl */
! 756:
! 757: if(dohlen < (index + 2))
! 758: return DOH_DNS_OUT_OF_RANGE;
! 759:
! 760: rdlength = get16bit(doh, index);
! 761: index += 2;
! 762: if(dohlen < (index + rdlength))
! 763: return DOH_DNS_OUT_OF_RANGE;
! 764: index += rdlength;
! 765: arcount--;
! 766: }
! 767:
! 768: if(index != dohlen)
! 769: return DOH_DNS_MALFORMAT; /* something is wrong */
! 770:
! 771: if((type != DNS_TYPE_NS) && !d->numcname && !d->numaddr)
! 772: /* nothing stored! */
! 773: return DOH_NO_CONTENT;
! 774:
! 775: return DOH_OK; /* ok */
! 776: }
! 777:
! 778: #ifndef CURL_DISABLE_VERBOSE_STRINGS
! 779: static void showdoh(struct Curl_easy *data,
! 780: const struct dohentry *d)
! 781: {
! 782: int i;
! 783: infof(data, "TTL: %u seconds\n", d->ttl);
! 784: for(i = 0; i < d->numaddr; i++) {
! 785: const struct dohaddr *a = &d->addr[i];
! 786: if(a->type == DNS_TYPE_A) {
! 787: infof(data, "DOH A: %u.%u.%u.%u\n",
! 788: a->ip.v4[0], a->ip.v4[1],
! 789: a->ip.v4[2], a->ip.v4[3]);
! 790: }
! 791: else if(a->type == DNS_TYPE_AAAA) {
! 792: int j;
! 793: char buffer[128];
! 794: char *ptr;
! 795: size_t len;
! 796: msnprintf(buffer, 128, "DOH AAAA: ");
! 797: ptr = &buffer[10];
! 798: len = 118;
! 799: for(j = 0; j < 16; j += 2) {
! 800: size_t l;
! 801: msnprintf(ptr, len, "%s%02x%02x", j?":":"", d->addr[i].ip.v6[j],
! 802: d->addr[i].ip.v6[j + 1]);
! 803: l = strlen(ptr);
! 804: len -= l;
! 805: ptr += l;
! 806: }
! 807: infof(data, "%s\n", buffer);
! 808: }
! 809: }
! 810: for(i = 0; i < d->numcname; i++) {
! 811: infof(data, "CNAME: %s\n", d->cname[i].alloc);
! 812: }
! 813: }
! 814: #else
! 815: #define showdoh(x,y)
! 816: #endif
! 817:
! 818: /*
! 819: * doh2ai()
! 820: *
! 821: * This function returns a pointer to the first element of a newly allocated
! 822: * Curl_addrinfo struct linked list filled with the data from a set of DOH
! 823: * lookups. Curl_addrinfo is meant to work like the addrinfo struct does for
! 824: * a IPv6 stack, but usable also for IPv4, all hosts and environments.
! 825: *
! 826: * The memory allocated by this function *MUST* be free'd later on calling
! 827: * Curl_freeaddrinfo(). For each successful call to this function there
! 828: * must be an associated call later to Curl_freeaddrinfo().
! 829: */
! 830:
! 831: static Curl_addrinfo *
! 832: doh2ai(const struct dohentry *de, const char *hostname, int port)
! 833: {
! 834: Curl_addrinfo *ai;
! 835: Curl_addrinfo *prevai = NULL;
! 836: Curl_addrinfo *firstai = NULL;
! 837: struct sockaddr_in *addr;
! 838: #ifdef ENABLE_IPV6
! 839: struct sockaddr_in6 *addr6;
! 840: #endif
! 841: CURLcode result = CURLE_OK;
! 842: int i;
! 843:
! 844: if(!de)
! 845: /* no input == no output! */
! 846: return NULL;
! 847:
! 848: for(i = 0; i < de->numaddr; i++) {
! 849: size_t ss_size;
! 850: CURL_SA_FAMILY_T addrtype;
! 851: if(de->addr[i].type == DNS_TYPE_AAAA) {
! 852: #ifndef ENABLE_IPV6
! 853: /* we can't handle IPv6 addresses */
! 854: continue;
! 855: #else
! 856: ss_size = sizeof(struct sockaddr_in6);
! 857: addrtype = AF_INET6;
! 858: #endif
! 859: }
! 860: else {
! 861: ss_size = sizeof(struct sockaddr_in);
! 862: addrtype = AF_INET;
! 863: }
! 864:
! 865: ai = calloc(1, sizeof(Curl_addrinfo));
! 866: if(!ai) {
! 867: result = CURLE_OUT_OF_MEMORY;
! 868: break;
! 869: }
! 870: ai->ai_canonname = strdup(hostname);
! 871: if(!ai->ai_canonname) {
! 872: result = CURLE_OUT_OF_MEMORY;
! 873: free(ai);
! 874: break;
! 875: }
! 876: ai->ai_addr = calloc(1, ss_size);
! 877: if(!ai->ai_addr) {
! 878: result = CURLE_OUT_OF_MEMORY;
! 879: free(ai->ai_canonname);
! 880: free(ai);
! 881: break;
! 882: }
! 883:
! 884: if(!firstai)
! 885: /* store the pointer we want to return from this function */
! 886: firstai = ai;
! 887:
! 888: if(prevai)
! 889: /* make the previous entry point to this */
! 890: prevai->ai_next = ai;
! 891:
! 892: ai->ai_family = addrtype;
! 893:
! 894: /* we return all names as STREAM, so when using this address for TFTP
! 895: the type must be ignored and conn->socktype be used instead! */
! 896: ai->ai_socktype = SOCK_STREAM;
! 897:
! 898: ai->ai_addrlen = (curl_socklen_t)ss_size;
! 899:
! 900: /* leave the rest of the struct filled with zero */
! 901:
! 902: switch(ai->ai_family) {
! 903: case AF_INET:
! 904: addr = (void *)ai->ai_addr; /* storage area for this info */
! 905: DEBUGASSERT(sizeof(struct in_addr) == sizeof(de->addr[i].ip.v4));
! 906: memcpy(&addr->sin_addr, &de->addr[i].ip.v4, sizeof(struct in_addr));
! 907: addr->sin_family = (CURL_SA_FAMILY_T)addrtype;
! 908: addr->sin_port = htons((unsigned short)port);
! 909: break;
! 910:
! 911: #ifdef ENABLE_IPV6
! 912: case AF_INET6:
! 913: addr6 = (void *)ai->ai_addr; /* storage area for this info */
! 914: DEBUGASSERT(sizeof(struct in6_addr) == sizeof(de->addr[i].ip.v6));
! 915: memcpy(&addr6->sin6_addr, &de->addr[i].ip.v6, sizeof(struct in6_addr));
! 916: addr6->sin6_family = (CURL_SA_FAMILY_T)addrtype;
! 917: addr6->sin6_port = htons((unsigned short)port);
! 918: break;
! 919: #endif
! 920: }
! 921:
! 922: prevai = ai;
! 923: }
! 924:
! 925: if(result) {
! 926: Curl_freeaddrinfo(firstai);
! 927: firstai = NULL;
! 928: }
! 929:
! 930: return firstai;
! 931: }
! 932:
! 933: #ifndef CURL_DISABLE_VERBOSE_STRINGS
! 934: static const char *type2name(DNStype dnstype)
! 935: {
! 936: return (dnstype == DNS_TYPE_A)?"A":"AAAA";
! 937: }
! 938: #endif
! 939:
! 940: UNITTEST void de_cleanup(struct dohentry *d)
! 941: {
! 942: int i = 0;
! 943: for(i = 0; i < d->numcname; i++) {
! 944: free(d->cname[i].alloc);
! 945: }
! 946: }
! 947:
! 948: CURLcode Curl_doh_is_resolved(struct connectdata *conn,
! 949: struct Curl_dns_entry **dnsp)
! 950: {
! 951: CURLcode result;
! 952: struct Curl_easy *data = conn->data;
! 953: *dnsp = NULL; /* defaults to no response */
! 954:
! 955: if(!data->req.doh.probe[DOH_PROBE_SLOT_IPADDR_V4].easy &&
! 956: !data->req.doh.probe[DOH_PROBE_SLOT_IPADDR_V6].easy) {
! 957: failf(data, "Could not DOH-resolve: %s", conn->async.hostname);
! 958: return conn->bits.proxy?CURLE_COULDNT_RESOLVE_PROXY:
! 959: CURLE_COULDNT_RESOLVE_HOST;
! 960: }
! 961: else if(!data->req.doh.pending) {
! 962: DOHcode rc[DOH_PROBE_SLOTS];
! 963: struct dohentry de;
! 964: int slot;
! 965: /* remove DOH handles from multi handle and close them */
! 966: for(slot = 0; slot < DOH_PROBE_SLOTS; slot++) {
! 967: curl_multi_remove_handle(data->multi, data->req.doh.probe[slot].easy);
! 968: Curl_close(&data->req.doh.probe[slot].easy);
! 969: }
! 970: /* parse the responses, create the struct and return it! */
! 971: init_dohentry(&de);
! 972: for(slot = 0; slot < DOH_PROBE_SLOTS; slot++) {
! 973: rc[slot] = doh_decode(data->req.doh.probe[slot].serverdoh.memory,
! 974: data->req.doh.probe[slot].serverdoh.size,
! 975: data->req.doh.probe[slot].dnstype,
! 976: &de);
! 977: Curl_safefree(data->req.doh.probe[slot].serverdoh.memory);
! 978: if(rc[slot]) {
! 979: infof(data, "DOH: %s type %s for %s\n", doh_strerror(rc[slot]),
! 980: type2name(data->req.doh.probe[slot].dnstype),
! 981: data->req.doh.host);
! 982: }
! 983: } /* next slot */
! 984:
! 985: result = CURLE_COULDNT_RESOLVE_HOST; /* until we know better */
! 986: if(!rc[DOH_PROBE_SLOT_IPADDR_V4] || !rc[DOH_PROBE_SLOT_IPADDR_V6]) {
! 987: /* we have an address, of one kind or other */
! 988: struct Curl_dns_entry *dns;
! 989: struct Curl_addrinfo *ai;
! 990:
! 991: infof(data, "DOH Host name: %s\n", data->req.doh.host);
! 992: showdoh(data, &de);
! 993:
! 994: ai = doh2ai(&de, data->req.doh.host, data->req.doh.port);
! 995: if(!ai) {
! 996: de_cleanup(&de);
! 997: return CURLE_OUT_OF_MEMORY;
! 998: }
! 999:
! 1000: if(data->share)
! 1001: Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
! 1002:
! 1003: /* we got a response, store it in the cache */
! 1004: dns = Curl_cache_addr(data, ai, data->req.doh.host, data->req.doh.port);
! 1005:
! 1006: if(data->share)
! 1007: Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
! 1008:
! 1009: if(!dns) {
! 1010: /* returned failure, bail out nicely */
! 1011: Curl_freeaddrinfo(ai);
! 1012: }
! 1013: else {
! 1014: conn->async.dns = dns;
! 1015: *dnsp = dns;
! 1016: result = CURLE_OK; /* address resolution OK */
! 1017: }
! 1018: } /* address processing done */
! 1019:
! 1020: /* Now process any build-specific attributes retrieved from DNS */
! 1021:
! 1022: /* All done */
! 1023: de_cleanup(&de);
! 1024: return result;
! 1025:
! 1026: } /* !data->req.doh.pending */
! 1027:
! 1028: /* else wait for pending DOH transactions to complete */
! 1029: return CURLE_OK;
! 1030: }
! 1031:
! 1032: #endif /* CURL_DISABLE_DOH */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to doh.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / curl / lib