diff options
-rw-r--r-- | NEWS | 8 | ||||
-rw-r--r-- | daemon/lua/kres-gen-30.lua | 7 | ||||
-rw-r--r-- | daemon/lua/kres-gen-31.lua | 7 | ||||
-rw-r--r-- | daemon/lua/kres-gen-32.lua | 7 | ||||
-rwxr-xr-x | daemon/lua/kres-gen.sh | 15 | ||||
-rw-r--r-- | daemon/lua/meson.build | 19 | ||||
-rw-r--r-- | daemon/proxyv2.c | 48 | ||||
-rw-r--r-- | daemon/proxyv2.h | 27 | ||||
-rw-r--r-- | lib/cache/api.c | 2 | ||||
-rw-r--r-- | lib/dnssec.c | 13 | ||||
-rw-r--r-- | meson.build | 2 | ||||
-rwxr-xr-x | scripts/update-authors.sh | 2 | ||||
-rw-r--r-- | tests/integration/meson.build | 2 |
13 files changed, 101 insertions, 58 deletions
@@ -1,3 +1,11 @@ +Knot Resolver 5.7.2 (2024-03-27) +================================ + +Bugfixes +-------- +- fix on 32-bit systems with 64-bit time_t (!1510) + + Knot Resolver 5.7.1 (2024-02-13) ================================ diff --git a/daemon/lua/kres-gen-30.lua b/daemon/lua/kres-gen-30.lua index 7639e79..f3f8a49 100644 --- a/daemon/lua/kres-gen-30.lua +++ b/daemon/lua/kres-gen-30.lua @@ -2,9 +2,10 @@ local ffi = require('ffi') --[[ This file is generated by ./kres-gen.sh ]] ffi.cdef[[ -typedef long time_t; -typedef long __time_t; -typedef long __suseconds_t; + +typedef @time_t@ time_t; +typedef @time_t@ __time_t; +typedef @time_t@ __suseconds_t; struct timeval { __time_t tv_sec; __suseconds_t tv_usec; diff --git a/daemon/lua/kres-gen-31.lua b/daemon/lua/kres-gen-31.lua index e555a6a..46b349e 100644 --- a/daemon/lua/kres-gen-31.lua +++ b/daemon/lua/kres-gen-31.lua @@ -2,9 +2,10 @@ local ffi = require('ffi') --[[ This file is generated by ./kres-gen.sh ]] ffi.cdef[[ -typedef long time_t; -typedef long __time_t; -typedef long __suseconds_t; + +typedef @time_t@ time_t; +typedef @time_t@ __time_t; +typedef @time_t@ __suseconds_t; struct timeval { __time_t tv_sec; __suseconds_t tv_usec; diff --git a/daemon/lua/kres-gen-32.lua b/daemon/lua/kres-gen-32.lua index 31a5c5d..88b50de 100644 --- a/daemon/lua/kres-gen-32.lua +++ b/daemon/lua/kres-gen-32.lua @@ -2,9 +2,10 @@ local ffi = require('ffi') --[[ This file is generated by ./kres-gen.sh ]] ffi.cdef[[ -typedef long time_t; -typedef long __time_t; -typedef long __suseconds_t; + +typedef @time_t@ time_t; +typedef @time_t@ __time_t; +typedef @time_t@ __suseconds_t; struct timeval { __time_t tv_sec; __suseconds_t tv_usec; diff --git a/daemon/lua/kres-gen.sh b/daemon/lua/kres-gen.sh index 70afb40..3befd5d 100755 --- a/daemon/lua/kres-gen.sh +++ b/daemon/lua/kres-gen.sh @@ -53,12 +53,15 @@ printf -- "local ffi = require('ffi')\n" printf -- "--[[ This file is generated by ./kres-gen.sh ]] ffi.cdef[[\n" # Some system dependencies. TODO: this generated part isn't perfectly portable. -${CDEFS} ${LIBKRES} types <<-EOF - typedef time_t - __time_t - __suseconds_t - struct timeval -EOF +printf " +typedef @time_t@ time_t; +typedef @time_t@ __time_t; +typedef @time_t@ __suseconds_t; +struct timeval { + __time_t tv_sec; + __suseconds_t tv_usec; +}; +" ## Various types (mainly), from libknot and libkres diff --git a/daemon/lua/meson.build b/daemon/lua/meson.build index b19777c..6df5bc5 100644 --- a/daemon/lua/meson.build +++ b/daemon/lua/meson.build @@ -47,10 +47,23 @@ else kres_gen_fname = 'kres-gen-30.lua' endif +# Exact types around time_t aren't easy to detect, but at least we need the same size. +time_t_size = meson.get_compiler('c').sizeof('time_t', prefix: '#include <sys/time.h>') +kres_gen_config = {} +foreach t: [ 'long', 'long long' ] + if meson.get_compiler('c').sizeof(t) == time_t_size + kres_gen_config = { 'time_t': t } + break + endif +endforeach +if kres_gen_config == {} + error('Unexpected sizeof(time_t) == @0@'.format(time_t_size)) +endif + kres_gen_lua = configure_file( input: kres_gen_fname, output: 'kres-gen.lua', - copy: true, + configuration: kres_gen_config, ) run_target( # run manually to re-generate kres-gen.lua @@ -72,9 +85,9 @@ if get_option('kres_gen_test') and not meson.is_cross_build() ] # Construct the lua tester as a meson string. kres_gen_test_luastr = ''' - dofile('@0@') + dofile('@0@/../../@1@') local ffi = require('ffi') - '''.format(meson.current_source_dir() / kres_gen_fname) + '''.format(meson.current_build_dir(), kres_gen_lua) foreach ttc: types_to_check # We're careful with adding just includes; otherwise it's more fragile (e.g. linking flags). if 'dep' in ttc diff --git a/daemon/proxyv2.c b/daemon/proxyv2.c index f977ccb..aedbb91 100644 --- a/daemon/proxyv2.c +++ b/daemon/proxyv2.c @@ -2,6 +2,9 @@ * SPDX-License-Identifier: GPL-3.0-or-later */ +#include "daemon/session.h" +#include "daemon/network.h" + #include "daemon/proxyv2.h" #include "lib/generic/trie.h" @@ -91,12 +94,12 @@ static inline enum proxy2_family proxy2_header_protocol(const struct proxy2_head static inline union proxy2_address *proxy2_get_address(const struct proxy2_header *h) { - return (union proxy2_address *) ((uint8_t *) h + sizeof(struct proxy2_header)); + return (union proxy2_address *)((uint8_t *)h + sizeof(struct proxy2_header)); } static inline struct proxy2_tlv *get_tlvs(const struct proxy2_header *h, size_t addr_len) { - return (struct proxy2_tlv *) ((uint8_t *) proxy2_get_address(h) + addr_len); + return (struct proxy2_tlv *)((uint8_t *)proxy2_get_address(h) + addr_len); } /** Gets the length of the TLV's `value` attribute. */ @@ -111,20 +114,20 @@ static inline bool has_tlv(const struct proxy2_header *h, uint64_t addr_length = ntohs(h->length); ptrdiff_t hdr_len = sizeof(struct proxy2_header) + addr_length; - uint8_t *tlv_hdr_end = (uint8_t *) tlv + sizeof(struct proxy2_tlv); - ptrdiff_t distance = tlv_hdr_end - (uint8_t *) h; + uint8_t *tlv_hdr_end = (uint8_t *)tlv + sizeof(struct proxy2_tlv); + ptrdiff_t distance = tlv_hdr_end - (uint8_t *)h; if (hdr_len < distance) return false; uint8_t *tlv_end = tlv_hdr_end + proxy2_tlv_length(tlv); - distance = tlv_end - (uint8_t *) h; + distance = tlv_end - (uint8_t *)h; return hdr_len >= distance; } static inline void next_tlv(struct proxy2_tlv **tlv) { - uint8_t *next = ((uint8_t *) *tlv + sizeof(struct proxy2_tlv) + proxy2_tlv_length(*tlv)); - *tlv = (struct proxy2_tlv *) next; + uint8_t *next = ((uint8_t *)*tlv + sizeof(struct proxy2_tlv) + proxy2_tlv_length(*tlv)); + *tlv = (struct proxy2_tlv *)next; } @@ -140,7 +143,7 @@ bool proxy_allowed(const struct network *net, const struct sockaddr *saddr) trie = net->proxy_addrs4; addr_size = sizeof(addr.ip4); - addr.ip4 = ((struct sockaddr_in *) saddr)->sin_addr; + addr.ip4 = ((struct sockaddr_in *)saddr)->sin_addr; break; case AF_INET6: if (net->proxy_all6) @@ -148,7 +151,7 @@ bool proxy_allowed(const struct network *net, const struct sockaddr *saddr) trie = net->proxy_addrs6; addr_size = sizeof(addr.ip6); - addr.ip6 = ((struct sockaddr_in6 *) saddr)->sin6_addr; + addr.ip6 = ((struct sockaddr_in6 *)saddr)->sin6_addr; break; default: kr_assert(false); // Only IPv4 and IPv6 proxy addresses supported @@ -156,14 +159,14 @@ bool proxy_allowed(const struct network *net, const struct sockaddr *saddr) } trie_val_t *val; - int ret = trie_get_leq(trie, (char *) &addr, addr_size, &val); + int ret = trie_get_leq(trie, (char *)&addr, addr_size, &val); if (ret != kr_ok() && ret != 1) return false; kr_assert(val); const struct net_proxy_data *found = *val; kr_assert(found); - return kr_bitcmp((char *) &addr, (char *) &found->addr, found->netmask) == 0; + return kr_bitcmp((char *)&addr, (char *)&found->addr, found->netmask) == 0; } ssize_t proxy_process_header(struct proxy_result *out, struct session *s, @@ -172,7 +175,7 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s, if (!buf) return kr_error(EINVAL); - const struct proxy2_header *hdr = (struct proxy2_header *) buf; + const struct proxy2_header *hdr = (struct proxy2_header *)buf; uint64_t content_length = ntohs(hdr->length); ssize_t hdr_len = sizeof(struct proxy2_header) + content_length; @@ -191,7 +194,7 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s, enum proxy2_command command = proxy2_header_command(hdr); if (command == PROXY2_CMD_LOCAL) { /* Addresses for LOCAL are to be discarded */ - *out = (struct proxy_result) { .command = PROXY2_CMD_LOCAL }; + *out = (struct proxy_result){ .command = PROXY2_CMD_LOCAL }; goto fill_wirebuf; } @@ -200,13 +203,14 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s, return kr_error(KNOT_EMALF); } - *out = (struct proxy_result) { .command = PROXY2_CMD_PROXY }; + *out = (struct proxy_result){ .command = PROXY2_CMD_PROXY }; /* Parse flags */ enum proxy2_family family = proxy2_header_family(hdr); switch(family) { case PROXY2_AF_UNSPEC: - case PROXY2_AF_UNIX: /* UNIX is unsupported, fall back to UNSPEC */ + case PROXY2_AF_UNIX: + /* UNIX is unsupported, fall back to UNSPEC */ out->family = AF_UNSPEC; break; case PROXY2_AF_INET: @@ -215,7 +219,8 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s, case PROXY2_AF_INET6: out->family = AF_INET6; break; - default: /* PROXYv2 prohibits other values */ + default: + /* PROXYv2 prohibits other values */ return kr_error(KNOT_EMALF); } @@ -227,7 +232,8 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s, case PROXY2_PROTOCOL_STREAM: out->protocol = SOCK_STREAM; break; - default: /* PROXYv2 prohibits other values */ + default: + /* PROXYv2 prohibits other values */ return kr_error(KNOT_EMALF); } @@ -240,12 +246,12 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s, if (content_length < addr_length) return kr_error(KNOT_EMALF); - out->src_addr.ip4 = (struct sockaddr_in) { + out->src_addr.ip4 = (struct sockaddr_in){ .sin_family = AF_INET, .sin_addr = { .s_addr = addr->ipv4_addr.src_addr }, .sin_port = addr->ipv4_addr.src_port, }; - out->dst_addr.ip4 = (struct sockaddr_in) { + out->dst_addr.ip4 = (struct sockaddr_in){ .sin_family = AF_INET, .sin_addr = { .s_addr = addr->ipv4_addr.dst_addr }, .sin_port = addr->ipv4_addr.dst_port, @@ -256,7 +262,7 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s, if (content_length < addr_length) return kr_error(KNOT_EMALF); - out->src_addr.ip6 = (struct sockaddr_in6) { + out->src_addr.ip6 = (struct sockaddr_in6){ .sin6_family = AF_INET6, .sin6_port = addr->ipv6_addr.src_port }; @@ -264,7 +270,7 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s, &out->src_addr.ip6.sin6_addr.s6_addr, &addr->ipv6_addr.src_addr, sizeof(out->src_addr.ip6.sin6_addr.s6_addr)); - out->dst_addr.ip6 = (struct sockaddr_in6) { + out->dst_addr.ip6 = (struct sockaddr_in6){ .sin6_family = AF_INET6, .sin6_port = addr->ipv6_addr.dst_port }; diff --git a/daemon/proxyv2.h b/daemon/proxyv2.h index 2d57744..fdee126 100644 --- a/daemon/proxyv2.h +++ b/daemon/proxyv2.h @@ -6,10 +6,11 @@ #include <stdint.h> -#include "daemon/session.h" -#include "daemon/network.h" #include "lib/utils.h" +struct network; +struct session; + extern const char PROXY2_SIGNATURE[12]; #define PROXY2_MIN_SIZE 16 @@ -21,14 +22,20 @@ enum proxy2_command { /** Parsed result of the PROXY protocol */ struct proxy_result { - enum proxy2_command command; /**< Proxy command - PROXY or LOCAL. */ - int family; /**< Address family from netinet library (e.g. AF_INET6). */ - int protocol; /**< Protocol type from socket library (e.g. SOCK_STREAM). */ - union kr_sockaddr src_addr; /**< Parsed source address and port. */ - union kr_sockaddr dst_addr; /**< Parsed destination address and port. */ - bool has_tls : 1; /**< `true` = client has used TLS with the proxy. - If TLS padding is enabled, it will be used even if - the proxy did not use TLS with kresd. */ + /** Proxy command - PROXY or LOCAL. */ + enum proxy2_command command; + /** Address family from netinet library (e.g. AF_INET6). */ + int family; + /** Protocol type from socket library (e.g. SOCK_STREAM). */ + int protocol; + /** Parsed source address and port. */ + union kr_sockaddr src_addr; + /** Parsed destination address and port. */ + union kr_sockaddr dst_addr; + /** `true` = client has used TLS with the proxy. If TLS padding is + * enabled, it will be used even if the communication between kresd and + * the proxy is unencrypted. */ + bool has_tls : 1; }; /** Checks for a PROXY protocol version 2 signature in the specified buffer. */ diff --git a/lib/cache/api.c b/lib/cache/api.c index bb627ea..f71a8d0 100644 --- a/lib/cache/api.c +++ b/lib/cache/api.c @@ -40,7 +40,7 @@ /** Cache version */ -static const uint16_t CACHE_VERSION = 6; +static const uint16_t CACHE_VERSION = 7; /** Key size */ #define KEY_HSIZE (sizeof(uint8_t) + sizeof(uint16_t)) #define KEY_SIZE (KEY_HSIZE + KNOT_DNAME_MAXLEN) diff --git a/lib/dnssec.c b/lib/dnssec.c index 262570c..12b8f20 100644 --- a/lib/dnssec.c +++ b/lib/dnssec.c @@ -240,8 +240,11 @@ fail: return NULL; } -/// Return if we want to afford yet another crypto-validation (and account it). -static bool check_crypto_limit(const kr_rrset_validation_ctx_t *vctx) +/** Checks whether we want to allow yet another crypto-validation and if yes, + * decrements the remaining number of allowed validations. + * + * Returns `true` if the crypto-validation is allowed; otherwise false */ +static bool account_crypto_limit(kr_rrset_validation_ctx_t *vctx) { if (vctx->limit_crypto_remains == NULL) return true; // no limiting @@ -281,7 +284,7 @@ static int kr_svldr_rrset_with_key(knot_rrset_t *rrs, const knot_rdataset_t *rrs } else if (retv != 0) { continue; } - if (!check_crypto_limit(vctx)) + if (!account_crypto_limit(vctx)) return vctx->result = kr_error(E2BIG); // We only expect non-expanded wildcard records in input; // that also means we don't need to perform non-existence proofs. @@ -392,7 +395,7 @@ static int kr_rrset_validate_with_key(kr_rrset_validation_ctx_t *vctx, break; } } - if (!check_crypto_limit(vctx)) { + if (!account_crypto_limit(vctx)) { vctx->result = kr_error(E2BIG); goto finish; } @@ -477,7 +480,7 @@ int kr_dnskeys_trusted(kr_rrset_validation_ctx_t *vctx, const knot_rdataset_t *s ret = kr_svldr_rrset_with_key(keys, sigs, vctx, &key); svldr_key_del(&key); if (ret == 0 || ret == kr_error(E2BIG)) { - kr_assert(vctx->result == 0); + kr_assert(vctx->result == ret); return vctx->result; } } diff --git a/meson.build b/meson.build index 12c5eb3..8e22e17 100644 --- a/meson.build +++ b/meson.build @@ -4,7 +4,7 @@ project( 'knot-resolver', ['c', 'cpp'], license: 'GPLv3+', - version: '5.7.1', + version: '5.7.2', default_options: ['c_std=gnu11', 'b_ndebug=true'], meson_version: '>=0.49', ) diff --git a/scripts/update-authors.sh b/scripts/update-authors.sh index fe1d857..a2ddc27 100755 --- a/scripts/update-authors.sh +++ b/scripts/update-authors.sh @@ -15,7 +15,7 @@ TEMP_FILE="$(mktemp AUTHORS.XXXXXXXXXX)" # drop all names from the current file sed '/^People who contributed commits to our Git repo are/q' "${AUTHORS_FILE}" > "${TEMP_FILE}" # append to the new file -git log --format="%aN <%aE>" | sort -u | git check-mailmap --stdin | sort -u >> "${TEMP_FILE}" +git log --no-show-signature --format="%aN <%aE>" | sort -u | git check-mailmap --stdin | sort -u >> "${TEMP_FILE}" echo '' >> "${TEMP_FILE}" echo 'Knot Resolver source tree also bundles code and content published by:' >> "${TEMP_FILE}" diff --git a/tests/integration/meson.build b/tests/integration/meson.build index ffe3403..98b661f 100644 --- a/tests/integration/meson.build +++ b/tests/integration/meson.build @@ -9,7 +9,7 @@ augeas = dependency('augeas') # python3 dependencies py3_deps += [ - ['augeas', 'augeas (for deckard)'], + ['augeas', 'python-augeas (for deckard)'], ['dns', 'dnspython (for deckard)'], ['dpkt', 'dpkt (for deckard)'], ['jinja2', 'jinja2 (for deckard)'], |