1/* Copyright (C) 2016-2019 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3
4 The GNU C Library is free software; you can redistribute it and/or
5 modify it under the terms of the GNU Lesser General Public
6 License as published by the Free Software Foundation; either
7 version 2.1 of the License, or (at your option) any later version.
8
9 The GNU C Library is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 Lesser General Public License for more details.
13
14 You should have received a copy of the GNU Lesser General Public
15 License along with the GNU C Library; if not, see
16 <http://www.gnu.org/licenses/>. */
17
18/*
19 * Copyright (c) 1985, 1989, 1993
20 * The Regents of the University of California. All rights reserved.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the above copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 4. Neither the name of the University nor the names of its contributors
31 * may be used to endorse or promote products derived from this software
32 * without specific prior written permission.
33 *
34 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
35 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
36 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
37 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
38 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
39 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
40 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
41 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
42 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
43 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
44 * SUCH DAMAGE.
45 */
46
47/*
48 * Portions Copyright (c) 1993 by Digital Equipment Corporation.
49 *
50 * Permission to use, copy, modify, and distribute this software for any
51 * purpose with or without fee is hereby granted, provided that the above
52 * copyright notice and this permission notice appear in all copies, and that
53 * the name of Digital Equipment Corporation not be used in advertising or
54 * publicity pertaining to distribution of the document or software without
55 * specific, written prior permission.
56 *
57 * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
58 * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
59 * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
60 * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
61 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
62 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
63 * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
64 * SOFTWARE.
65 */
66
67/*
68 * Portions Copyright (c) 1996-1999 by Internet Software Consortium.
69 *
70 * Permission to use, copy, modify, and distribute this software for any
71 * purpose with or without fee is hereby granted, provided that the above
72 * copyright notice and this permission notice appear in all copies.
73 *
74 * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
75 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
76 * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
77 * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
78 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
79 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
80 * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
81 * SOFTWARE.
82 */
83
84/*
85 * Send query to name server and wait for reply.
86 */
87
88#include <assert.h>
89#include <sys/types.h>
90#include <sys/param.h>
91#include <sys/time.h>
92#include <sys/socket.h>
93#include <sys/uio.h>
94#include <sys/poll.h>
95
96#include <netinet/in.h>
97#include <arpa/nameser.h>
98#include <arpa/inet.h>
99#include <sys/ioctl.h>
100
101#include <errno.h>
102#include <fcntl.h>
103#include <netdb.h>
104#include <resolv/resolv-internal.h>
105#include <resolv/resolv_context.h>
106#include <signal.h>
107#include <stdlib.h>
108#include <string.h>
109#include <unistd.h>
110#include <kernel-features.h>
111#include <libc-diag.h>
112#include <random-bits.h>
113
114#if PACKETSZ > 65536
115#define MAXPACKET PACKETSZ
116#else
117#define MAXPACKET 65536
118#endif
119
120/* From ev_streams.c. */
121
122static inline void
123__attribute ((always_inline))
124evConsIovec(void *buf, size_t cnt, struct iovec *vec) {
125 memset(vec, 0xf5, sizeof (*vec));
126 vec->iov_base = buf;
127 vec->iov_len = cnt;
128}
129
130/* From ev_timers.c. */
131
132#define BILLION 1000000000
133
134static inline void
135evConsTime(struct timespec *res, time_t sec, long nsec) {
136 res->tv_sec = sec;
137 res->tv_nsec = nsec;
138}
139
140static inline void
141evAddTime(struct timespec *res, const struct timespec *addend1,
142 const struct timespec *addend2) {
143 res->tv_sec = addend1->tv_sec + addend2->tv_sec;
144 res->tv_nsec = addend1->tv_nsec + addend2->tv_nsec;
145 if (res->tv_nsec >= BILLION) {
146 res->tv_sec++;
147 res->tv_nsec -= BILLION;
148 }
149}
150
151static inline void
152evSubTime(struct timespec *res, const struct timespec *minuend,
153 const struct timespec *subtrahend) {
154 res->tv_sec = minuend->tv_sec - subtrahend->tv_sec;
155 if (minuend->tv_nsec >= subtrahend->tv_nsec)
156 res->tv_nsec = minuend->tv_nsec - subtrahend->tv_nsec;
157 else {
158 res->tv_nsec = (BILLION
159 - subtrahend->tv_nsec + minuend->tv_nsec);
160 res->tv_sec--;
161 }
162}
163
164static int
165evCmpTime(struct timespec a, struct timespec b) {
166 long x = a.tv_sec - b.tv_sec;
167
168 if (x == 0L)
169 x = a.tv_nsec - b.tv_nsec;
170 return (x < 0L ? (-1) : x > 0L ? (1) : (0));
171}
172
173static void
174evNowTime(struct timespec *res) {
175 struct timeval now;
176
177 if (gettimeofday(&now, NULL) < 0)
178 evConsTime(res, 0, 0);
179 else
180 TIMEVAL_TO_TIMESPEC (&now, res);
181}
182
183
184#define EXT(res) ((res)->_u._ext)
185
186/* Forward. */
187
188static struct sockaddr *get_nsaddr (res_state, unsigned int);
189static int send_vc(res_state, const u_char *, int,
190 const u_char *, int,
191 u_char **, int *, int *, int, u_char **,
192 u_char **, int *, int *, int *);
193static int send_dg(res_state, const u_char *, int,
194 const u_char *, int,
195 u_char **, int *, int *, int,
196 int *, int *, u_char **,
197 u_char **, int *, int *, int *);
198static int sock_eq(struct sockaddr_in6 *, struct sockaddr_in6 *);
199
200/* Public. */
201
202/* int
203 * res_isourserver(ina)
204 * looks up "ina" in _res.ns_addr_list[]
205 * returns:
206 * 0 : not found
207 * >0 : found
208 * author:
209 * paul vixie, 29may94
210 */
211int
212res_ourserver_p(const res_state statp, const struct sockaddr_in6 *inp)
213{
214 int ns;
215
216 if (inp->sin6_family == AF_INET) {
217 struct sockaddr_in *in4p = (struct sockaddr_in *) inp;
218 in_port_t port = in4p->sin_port;
219 in_addr_t addr = in4p->sin_addr.s_addr;
220
221 for (ns = 0; ns < statp->nscount; ns++) {
222 const struct sockaddr_in *srv =
223 (struct sockaddr_in *) get_nsaddr (statp, ns);
224
225 if ((srv->sin_family == AF_INET) &&
226 (srv->sin_port == port) &&
227 (srv->sin_addr.s_addr == INADDR_ANY ||
228 srv->sin_addr.s_addr == addr))
229 return (1);
230 }
231 } else if (inp->sin6_family == AF_INET6) {
232 for (ns = 0; ns < statp->nscount; ns++) {
233 const struct sockaddr_in6 *srv
234 = (struct sockaddr_in6 *) get_nsaddr (statp, ns);
235 if ((srv->sin6_family == AF_INET6) &&
236 (srv->sin6_port == inp->sin6_port) &&
237 !(memcmp(&srv->sin6_addr, &in6addr_any,
238 sizeof (struct in6_addr)) &&
239 memcmp(&srv->sin6_addr, &inp->sin6_addr,
240 sizeof (struct in6_addr))))
241 return (1);
242 }
243 }
244 return (0);
245}
246
247int
248res_isourserver (const struct sockaddr_in *inp)
249{
250 return res_ourserver_p (&_res, (const struct sockaddr_in6 *) inp);
251}
252
253/* int
254 * res_nameinquery(name, type, class, buf, eom)
255 * look for (name,type,class) in the query section of packet (buf,eom)
256 * requires:
257 * buf + HFIXEDSZ <= eom
258 * returns:
259 * -1 : format error
260 * 0 : not found
261 * >0 : found
262 * author:
263 * paul vixie, 29may94
264 */
265int
266res_nameinquery(const char *name, int type, int class,
267 const u_char *buf, const u_char *eom)
268{
269 const u_char *cp = buf + HFIXEDSZ;
270 int qdcount = ntohs(((HEADER*)buf)->qdcount);
271
272 while (qdcount-- > 0) {
273 char tname[MAXDNAME+1];
274 int n, ttype, tclass;
275
276 n = dn_expand(buf, eom, cp, tname, sizeof tname);
277 if (n < 0)
278 return (-1);
279 cp += n;
280 if (cp + 2 * INT16SZ > eom)
281 return (-1);
282 NS_GET16(ttype, cp);
283 NS_GET16(tclass, cp);
284 if (ttype == type && tclass == class &&
285 ns_samename(tname, name) == 1)
286 return (1);
287 }
288 return (0);
289}
290libresolv_hidden_def (res_nameinquery)
291
292/* Returns a shift value for the name server index. Used to implement
293 RES_ROTATE. */
294static unsigned int
295nameserver_offset (struct __res_state *statp)
296{
297 /* If we only have one name server or rotation is disabled, return
298 offset 0 (no rotation). */
299 unsigned int nscount = statp->nscount;
300 if (nscount <= 1 || !(statp->options & RES_ROTATE))
301 return 0;
302
303 /* Global offset. The lowest bit indicates whether the offset has
304 been initialized with a random value. Use relaxed MO to access
305 global_offset because all we need is a sequence of roughly
306 sequential value. */
307 static unsigned int global_offset;
308 unsigned int offset = atomic_fetch_add_relaxed (&global_offset, 2);
309 if ((offset & 1) == 0)
310 {
311 /* Initialization is required. */
312 offset = random_bits ();
313 /* The lowest bit is the most random. Preserve it. */
314 offset <<= 1;
315
316 /* Store the new starting value. atomic_fetch_add_relaxed
317 returns the old value, so emulate that by storing the new
318 (incremented) value. Concurrent initialization with
319 different random values is harmless. */
320 atomic_store_relaxed (&global_offset, (offset | 1) + 2);
321 }
322
323 /* Remove the initialization bit. */
324 offset >>= 1;
325
326 /* Avoid the division in the most common cases. */
327 switch (nscount)
328 {
329 case 2:
330 return offset & 1;
331 case 3:
332 return offset % 3;
333 case 4:
334 return offset & 3;
335 default:
336 return offset % nscount;
337 }
338}
339
340/* int
341 * res_queriesmatch(buf1, eom1, buf2, eom2)
342 * is there a 1:1 mapping of (name,type,class)
343 * in (buf1,eom1) and (buf2,eom2)?
344 * returns:
345 * -1 : format error
346 * 0 : not a 1:1 mapping
347 * >0 : is a 1:1 mapping
348 * author:
349 * paul vixie, 29may94
350 */
351int
352res_queriesmatch(const u_char *buf1, const u_char *eom1,
353 const u_char *buf2, const u_char *eom2)
354{
355 if (buf1 + HFIXEDSZ > eom1 || buf2 + HFIXEDSZ > eom2)
356 return (-1);
357
358 /*
359 * Only header section present in replies to
360 * dynamic update packets.
361 */
362 if ((((HEADER *)buf1)->opcode == ns_o_update) &&
363 (((HEADER *)buf2)->opcode == ns_o_update))
364 return (1);
365
366 /* Note that we initially do not convert QDCOUNT to the host byte
367 order. We can compare it with the second buffer's QDCOUNT
368 value without doing this. */
369 int qdcount = ((HEADER*)buf1)->qdcount;
370 if (qdcount != ((HEADER*)buf2)->qdcount)
371 return (0);
372
373 qdcount = htons (qdcount);
374 const u_char *cp = buf1 + HFIXEDSZ;
375
376 while (qdcount-- > 0) {
377 char tname[MAXDNAME+1];
378 int n, ttype, tclass;
379
380 n = dn_expand(buf1, eom1, cp, tname, sizeof tname);
381 if (n < 0)
382 return (-1);
383 cp += n;
384 if (cp + 2 * INT16SZ > eom1)
385 return (-1);
386 NS_GET16(ttype, cp);
387 NS_GET16(tclass, cp);
388 if (!res_nameinquery(tname, ttype, tclass, buf2, eom2))
389 return (0);
390 }
391 return (1);
392}
393libresolv_hidden_def (res_queriesmatch)
394
395int
396__res_context_send (struct resolv_context *ctx,
397 const unsigned char *buf, int buflen,
398 const unsigned char *buf2, int buflen2,
399 unsigned char *ans, int anssiz,
400 unsigned char **ansp, unsigned char **ansp2,
401 int *nansp2, int *resplen2, int *ansp2_malloced)
402{
403 struct __res_state *statp = ctx->resp;
404 int gotsomewhere, terrno, try, v_circuit, resplen, n;
405
406 if (statp->nscount == 0) {
407 __set_errno (ESRCH);
408 return (-1);
409 }
410
411 if (anssiz < (buf2 == NULL ? 1 : 2) * HFIXEDSZ) {
412 __set_errno (EINVAL);
413 return (-1);
414 }
415
416 v_circuit = ((statp->options & RES_USEVC)
417 || buflen > PACKETSZ
418 || buflen2 > PACKETSZ);
419 gotsomewhere = 0;
420 terrno = ETIMEDOUT;
421
422 /*
423 * If the ns_addr_list in the resolver context has changed, then
424 * invalidate our cached copy and the associated timing data.
425 */
426 if (EXT(statp).nscount != 0) {
427 int needclose = 0;
428
429 if (EXT(statp).nscount != statp->nscount)
430 needclose++;
431 else
432 for (unsigned int ns = 0; ns < statp->nscount; ns++) {
433 if (statp->nsaddr_list[ns].sin_family != 0
434 && !sock_eq((struct sockaddr_in6 *)
435 &statp->nsaddr_list[ns],
436 EXT(statp).nsaddrs[ns]))
437 {
438 needclose++;
439 break;
440 }
441 }
442 if (needclose) {
443 __res_iclose(statp, false);
444 EXT(statp).nscount = 0;
445 }
446 }
447
448 /*
449 * Maybe initialize our private copy of the ns_addr_list.
450 */
451 if (EXT(statp).nscount == 0) {
452 for (unsigned int ns = 0; ns < statp->nscount; ns++) {
453 EXT(statp).nssocks[ns] = -1;
454 if (statp->nsaddr_list[ns].sin_family == 0)
455 continue;
456 if (EXT(statp).nsaddrs[ns] == NULL)
457 EXT(statp).nsaddrs[ns] =
458 malloc(sizeof (struct sockaddr_in6));
459 if (EXT(statp).nsaddrs[ns] != NULL)
460 memset (mempcpy(EXT(statp).nsaddrs[ns],
461 &statp->nsaddr_list[ns],
462 sizeof (struct sockaddr_in)),
463 '\0',
464 sizeof (struct sockaddr_in6)
465 - sizeof (struct sockaddr_in));
466 else
467 return -1;
468 }
469 EXT(statp).nscount = statp->nscount;
470 }
471
472 /* Name server index offset. Used to implement
473 RES_ROTATE. */
474 unsigned int ns_offset = nameserver_offset (statp);
475
476 /*
477 * Send request, RETRY times, or until successful.
478 */
479 for (try = 0; try < statp->retry; try++) {
480 for (unsigned ns_shift = 0; ns_shift < statp->nscount; ns_shift++)
481 {
482 /* The actual name server index. This implements
483 RES_ROTATE. */
484 unsigned int ns = ns_shift + ns_offset;
485 if (ns >= statp->nscount)
486 ns -= statp->nscount;
487
488 same_ns:
489 if (__glibc_unlikely (v_circuit)) {
490 /* Use VC; at most one attempt per server. */
491 try = statp->retry;
492 n = send_vc(statp, buf, buflen, buf2, buflen2,
493 &ans, &anssiz, &terrno,
494 ns, ansp, ansp2, nansp2, resplen2,
495 ansp2_malloced);
496 if (n < 0)
497 return (-1);
498 if (n == 0 && (buf2 == NULL || *resplen2 == 0))
499 goto next_ns;
500 } else {
501 /* Use datagrams. */
502 n = send_dg(statp, buf, buflen, buf2, buflen2,
503 &ans, &anssiz, &terrno,
504 ns, &v_circuit, &gotsomewhere, ansp,
505 ansp2, nansp2, resplen2, ansp2_malloced);
506 if (n < 0)
507 return (-1);
508 if (n == 0 && (buf2 == NULL || *resplen2 == 0))
509 goto next_ns;
510 if (v_circuit)
511 // XXX Check whether both requests failed or
512 // XXX whether one has been answered successfully
513 goto same_ns;
514 }
515
516 resplen = n;
517
518 /*
519 * If we have temporarily opened a virtual circuit,
520 * or if we haven't been asked to keep a socket open,
521 * close the socket.
522 */
523 if ((v_circuit && (statp->options & RES_USEVC) == 0) ||
524 (statp->options & RES_STAYOPEN) == 0) {
525 __res_iclose(statp, false);
526 }
527 return (resplen);
528 next_ns: ;
529 } /*foreach ns*/
530 } /*foreach retry*/
531 __res_iclose(statp, false);
532 if (!v_circuit) {
533 if (!gotsomewhere)
534 __set_errno (ECONNREFUSED); /* no nameservers found */
535 else
536 __set_errno (ETIMEDOUT); /* no answer obtained */
537 } else
538 __set_errno (terrno);
539 return (-1);
540}
541
542/* Common part of res_nsend and res_send. */
543static int
544context_send_common (struct resolv_context *ctx,
545 const unsigned char *buf, int buflen,
546 unsigned char *ans, int anssiz)
547{
548 if (ctx == NULL)
549 {
550 RES_SET_H_ERRNO (&_res, NETDB_INTERNAL);
551 return -1;
552 }
553 int result = __res_context_send (ctx, buf, buflen, NULL, 0, ans, anssiz,
554 NULL, NULL, NULL, NULL, NULL);
555 __resolv_context_put (ctx);
556 return result;
557}
558
559int
560res_nsend (res_state statp, const unsigned char *buf, int buflen,
561 unsigned char *ans, int anssiz)
562{
563 return context_send_common
564 (__resolv_context_get_override (statp), buf, buflen, ans, anssiz);
565}
566
567int
568res_send (const unsigned char *buf, int buflen, unsigned char *ans, int anssiz)
569{
570 return context_send_common
571 (__resolv_context_get (), buf, buflen, ans, anssiz);
572}
573
574/* Private */
575
576static struct sockaddr *
577get_nsaddr (res_state statp, unsigned int n)
578{
579 assert (n < statp->nscount);
580
581 if (statp->nsaddr_list[n].sin_family == 0 && EXT(statp).nsaddrs[n] != NULL)
582 /* EXT(statp).nsaddrs[n] holds an address that is larger than
583 struct sockaddr, and user code did not update
584 statp->nsaddr_list[n]. */
585 return (struct sockaddr *) EXT(statp).nsaddrs[n];
586 else
587 /* User code updated statp->nsaddr_list[n], or statp->nsaddr_list[n]
588 has the same content as EXT(statp).nsaddrs[n]. */
589 return (struct sockaddr *) (void *) &statp->nsaddr_list[n];
590}
591
592/* Close the resolver structure, assign zero to *RESPLEN2 if RESPLEN2
593 is not NULL, and return zero. */
594static int
595__attribute__ ((warn_unused_result))
596close_and_return_error (res_state statp, int *resplen2)
597{
598 __res_iclose(statp, false);
599 if (resplen2 != NULL)
600 *resplen2 = 0;
601 return 0;
602}
603
604/* The send_vc function is responsible for sending a DNS query over TCP
605 to the nameserver numbered NS from the res_state STATP i.e.
606 EXT(statp).nssocks[ns]. The function supports sending both IPv4 and
607 IPv6 queries at the same serially on the same socket.
608
609 Please note that for TCP there is no way to disable sending both
610 queries, unlike UDP, which honours RES_SNGLKUP and RES_SNGLKUPREOP
611 and sends the queries serially and waits for the result after each
612 sent query. This implementation should be corrected to honour these
613 options.
614
615 Please also note that for TCP we send both queries over the same
616 socket one after another. This technically violates best practice
617 since the server is allowed to read the first query, respond, and
618 then close the socket (to service another client). If the server
619 does this, then the remaining second query in the socket data buffer
620 will cause the server to send the client an RST which will arrive
621 asynchronously and the client's OS will likely tear down the socket
622 receive buffer resulting in a potentially short read and lost
623 response data. This will force the client to retry the query again,
624 and this process may repeat until all servers and connection resets
625 are exhausted and then the query will fail. It's not known if this
626 happens with any frequency in real DNS server implementations. This
627 implementation should be corrected to use two sockets by default for
628 parallel queries.
629
630 The query stored in BUF of BUFLEN length is sent first followed by
631 the query stored in BUF2 of BUFLEN2 length. Queries are sent
632 serially on the same socket.
633
634 Answers to the query are stored firstly in *ANSP up to a max of
635 *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP
636 is non-NULL (to indicate that modifying the answer buffer is allowed)
637 then malloc is used to allocate a new response buffer and ANSCP and
638 ANSP will both point to the new buffer. If more than *ANSSIZP bytes
639 are needed but ANSCP is NULL, then as much of the response as
640 possible is read into the buffer, but the results will be truncated.
641 When truncation happens because of a small answer buffer the DNS
642 packets header field TC will bet set to 1, indicating a truncated
643 message and the rest of the socket data will be read and discarded.
644
645 Answers to the query are stored secondly in *ANSP2 up to a max of
646 *ANSSIZP2 bytes, with the actual response length stored in
647 *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2
648 is non-NULL (required for a second query) then malloc is used to
649 allocate a new response buffer, *ANSSIZP2 is set to the new buffer
650 size and *ANSP2_MALLOCED is set to 1.
651
652 The ANSP2_MALLOCED argument will eventually be removed as the
653 change in buffer pointer can be used to detect the buffer has
654 changed and that the caller should use free on the new buffer.
655
656 Note that the answers may arrive in any order from the server and
657 therefore the first and second answer buffers may not correspond to
658 the first and second queries.
659
660 It is not supported to call this function with a non-NULL ANSP2
661 but a NULL ANSCP. Put another way, you can call send_vc with a
662 single unmodifiable buffer or two modifiable buffers, but no other
663 combination is supported.
664
665 It is the caller's responsibility to free the malloc allocated
666 buffers by detecting that the pointers have changed from their
667 original values i.e. *ANSCP or *ANSP2 has changed.
668
669 If errors are encountered then *TERRNO is set to an appropriate
670 errno value and a zero result is returned for a recoverable error,
671 and a less-than zero result is returned for a non-recoverable error.
672
673 If no errors are encountered then *TERRNO is left unmodified and
674 a the length of the first response in bytes is returned. */
675static int
676send_vc(res_state statp,
677 const u_char *buf, int buflen, const u_char *buf2, int buflen2,
678 u_char **ansp, int *anssizp,
679 int *terrno, int ns, u_char **anscp, u_char **ansp2, int *anssizp2,
680 int *resplen2, int *ansp2_malloced)
681{
682 const HEADER *hp = (HEADER *) buf;
683 const HEADER *hp2 = (HEADER *) buf2;
684 HEADER *anhp = (HEADER *) *ansp;
685 struct sockaddr *nsap = get_nsaddr (statp, ns);
686 int truncating, connreset, n;
687 /* On some architectures compiler might emit a warning indicating
688 'resplen' may be used uninitialized. However if buf2 == NULL
689 then this code won't be executed; if buf2 != NULL, then first
690 time round the loop recvresp1 and recvresp2 will be 0 so this
691 code won't be executed but "thisresplenp = &resplen;" followed
692 by "*thisresplenp = rlen;" will be executed so that subsequent
693 times round the loop resplen has been initialized. So this is
694 a false-positive.
695 */
696 DIAG_PUSH_NEEDS_COMMENT;
697 DIAG_IGNORE_NEEDS_COMMENT (5, "-Wmaybe-uninitialized");
698 int resplen;
699 DIAG_POP_NEEDS_COMMENT;
700 struct iovec iov[4];
701 u_short len;
702 u_short len2;
703 u_char *cp;
704
705 connreset = 0;
706 same_ns:
707 truncating = 0;
708
709 /* Are we still talking to whom we want to talk to? */
710 if (statp->_vcsock >= 0 && (statp->_flags & RES_F_VC) != 0) {
711 struct sockaddr_in6 peer;
712 socklen_t size = sizeof peer;
713
714 if (getpeername(statp->_vcsock,
715 (struct sockaddr *)&peer, &size) < 0 ||
716 !sock_eq(&peer, (struct sockaddr_in6 *) nsap)) {
717 __res_iclose(statp, false);
718 statp->_flags &= ~RES_F_VC;
719 }
720 }
721
722 if (statp->_vcsock < 0 || (statp->_flags & RES_F_VC) == 0) {
723 if (statp->_vcsock >= 0)
724 __res_iclose(statp, false);
725
726 statp->_vcsock = socket
727 (nsap->sa_family, SOCK_STREAM | SOCK_CLOEXEC, 0);
728 if (statp->_vcsock < 0) {
729 *terrno = errno;
730 if (resplen2 != NULL)
731 *resplen2 = 0;
732 return (-1);
733 }
734 __set_errno (0);
735 if (connect(statp->_vcsock, nsap,
736 nsap->sa_family == AF_INET
737 ? sizeof (struct sockaddr_in)
738 : sizeof (struct sockaddr_in6)) < 0) {
739 *terrno = errno;
740 return close_and_return_error (statp, resplen2);
741 }
742 statp->_flags |= RES_F_VC;
743 }
744
745 /*
746 * Send length & message
747 */
748 len = htons ((u_short) buflen);
749 evConsIovec(&len, INT16SZ, &iov[0]);
750 evConsIovec((void*)buf, buflen, &iov[1]);
751 int niov = 2;
752 ssize_t explen = INT16SZ + buflen;
753 if (buf2 != NULL) {
754 len2 = htons ((u_short) buflen2);
755 evConsIovec(&len2, INT16SZ, &iov[2]);
756 evConsIovec((void*)buf2, buflen2, &iov[3]);
757 niov = 4;
758 explen += INT16SZ + buflen2;
759 }
760 if (TEMP_FAILURE_RETRY (writev(statp->_vcsock, iov, niov)) != explen) {
761 *terrno = errno;
762 return close_and_return_error (statp, resplen2);
763 }
764 /*
765 * Receive length & response
766 */
767 int recvresp1 = 0;
768 /* Skip the second response if there is no second query.
769 To do that we mark the second response as received. */
770 int recvresp2 = buf2 == NULL;
771 uint16_t rlen16;
772 read_len:
773 cp = (u_char *)&rlen16;
774 len = sizeof(rlen16);
775 while ((n = TEMP_FAILURE_RETRY (read(statp->_vcsock, cp,
776 (int)len))) > 0) {
777 cp += n;
778 if ((len -= n) <= 0)
779 break;
780 }
781 if (n <= 0) {
782 *terrno = errno;
783 /*
784 * A long running process might get its TCP
785 * connection reset if the remote server was
786 * restarted. Requery the server instead of
787 * trying a new one. When there is only one
788 * server, this means that a query might work
789 * instead of failing. We only allow one reset
790 * per query to prevent looping.
791 */
792 if (*terrno == ECONNRESET && !connreset)
793 {
794 __res_iclose (statp, false);
795 connreset = 1;
796 goto same_ns;
797 }
798 return close_and_return_error (statp, resplen2);
799 }
800 int rlen = ntohs (rlen16);
801
802 int *thisanssizp;
803 u_char **thisansp;
804 int *thisresplenp;
805 if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) {
806 /* We have not received any responses
807 yet or we only have one response to
808 receive. */
809 thisanssizp = anssizp;
810 thisansp = anscp ?: ansp;
811 assert (anscp != NULL || ansp2 == NULL);
812 thisresplenp = &resplen;
813 } else {
814 thisanssizp = anssizp2;
815 thisansp = ansp2;
816 thisresplenp = resplen2;
817 }
818 anhp = (HEADER *) *thisansp;
819
820 *thisresplenp = rlen;
821 /* Is the answer buffer too small? */
822 if (*thisanssizp < rlen) {
823 /* If the current buffer is not the the static
824 user-supplied buffer then we can reallocate
825 it. */
826 if (thisansp != NULL && thisansp != ansp) {
827 /* Always allocate MAXPACKET, callers expect
828 this specific size. */
829 u_char *newp = malloc (MAXPACKET);
830 if (newp == NULL)
831 {
832 *terrno = ENOMEM;
833 return close_and_return_error (statp, resplen2);
834 }
835 *thisanssizp = MAXPACKET;
836 *thisansp = newp;
837 if (thisansp == ansp2)
838 *ansp2_malloced = 1;
839 anhp = (HEADER *) newp;
840 /* A uint16_t can't be larger than MAXPACKET
841 thus it's safe to allocate MAXPACKET but
842 read RLEN bytes instead. */
843 len = rlen;
844 } else {
845 truncating = 1;
846 len = *thisanssizp;
847 }
848 } else
849 len = rlen;
850
851 if (__glibc_unlikely (len < HFIXEDSZ)) {
852 /*
853 * Undersized message.
854 */
855 *terrno = EMSGSIZE;
856 return close_and_return_error (statp, resplen2);
857 }
858
859 cp = *thisansp;
860 while (len != 0 && (n = read(statp->_vcsock, (char *)cp, (int)len)) > 0){
861 cp += n;
862 len -= n;
863 }
864 if (__glibc_unlikely (n <= 0)) {
865 *terrno = errno;
866 return close_and_return_error (statp, resplen2);
867 }
868 if (__glibc_unlikely (truncating)) {
869 /*
870 * Flush rest of answer so connection stays in synch.
871 */
872 anhp->tc = 1;
873 len = rlen - *thisanssizp;
874 while (len != 0) {
875 char junk[PACKETSZ];
876
877 n = read(statp->_vcsock, junk,
878 (len > sizeof junk) ? sizeof junk : len);
879 if (n > 0)
880 len -= n;
881 else
882 break;
883 }
884 }
885 /*
886 * If the calling application has bailed out of
887 * a previous call and failed to arrange to have
888 * the circuit closed or the server has got
889 * itself confused, then drop the packet and
890 * wait for the correct one.
891 */
892 if ((recvresp1 || hp->id != anhp->id)
893 && (recvresp2 || hp2->id != anhp->id))
894 goto read_len;
895
896 /* Mark which reply we received. */
897 if (recvresp1 == 0 && hp->id == anhp->id)
898 recvresp1 = 1;
899 else
900 recvresp2 = 1;
901 /* Repeat waiting if we have a second answer to arrive. */
902 if ((recvresp1 & recvresp2) == 0)
903 goto read_len;
904
905 /*
906 * All is well, or the error is fatal. Signal that the
907 * next nameserver ought not be tried.
908 */
909 return resplen;
910}
911
912static int
913reopen (res_state statp, int *terrno, int ns)
914{
915 if (EXT(statp).nssocks[ns] == -1) {
916 struct sockaddr *nsap = get_nsaddr (statp, ns);
917 socklen_t slen;
918
919 /* only try IPv6 if IPv6 NS and if not failed before */
920 if (nsap->sa_family == AF_INET6 && !statp->ipv6_unavail) {
921 EXT(statp).nssocks[ns] = socket
922 (PF_INET6,
923 SOCK_DGRAM | SOCK_NONBLOCK | SOCK_CLOEXEC, 0);
924 if (EXT(statp).nssocks[ns] < 0)
925 statp->ipv6_unavail = errno == EAFNOSUPPORT;
926 slen = sizeof (struct sockaddr_in6);
927 } else if (nsap->sa_family == AF_INET) {
928 EXT(statp).nssocks[ns] = socket
929 (PF_INET,
930 SOCK_DGRAM | SOCK_NONBLOCK | SOCK_CLOEXEC, 0);
931 slen = sizeof (struct sockaddr_in);
932 }
933 if (EXT(statp).nssocks[ns] < 0) {
934 *terrno = errno;
935 return (-1);
936 }
937
938 /* Enable full ICMP error reporting for this
939 socket. */
940 if (__res_enable_icmp (nsap->sa_family,
941 EXT (statp).nssocks[ns]) < 0)
942 {
943 int saved_errno = errno;
944 __res_iclose (statp, false);
945 __set_errno (saved_errno);
946 *terrno = saved_errno;
947 return -1;
948 }
949
950 /*
951 * On a 4.3BSD+ machine (client and server,
952 * actually), sending to a nameserver datagram
953 * port with no nameserver will cause an
954 * ICMP port unreachable message to be returned.
955 * If our datagram socket is "connected" to the
956 * server, we get an ECONNREFUSED error on the next
957 * socket operation, and select returns if the
958 * error message is received. We can thus detect
959 * the absence of a nameserver without timing out.
960 */
961 /* With GCC 5.3 when compiling with -Os the compiler
962 emits a warning that slen may be used uninitialized,
963 but that is never true. Both slen and
964 EXT(statp).nssocks[ns] are initialized together or
965 the function return -1 before control flow reaches
966 the call to connect with slen. */
967 DIAG_PUSH_NEEDS_COMMENT;
968 DIAG_IGNORE_Os_NEEDS_COMMENT (5, "-Wmaybe-uninitialized");
969 if (connect(EXT(statp).nssocks[ns], nsap, slen) < 0) {
970 DIAG_POP_NEEDS_COMMENT;
971 __res_iclose(statp, false);
972 return (0);
973 }
974 }
975
976 return 1;
977}
978
979/* The send_dg function is responsible for sending a DNS query over UDP
980 to the nameserver numbered NS from the res_state STATP i.e.
981 EXT(statp).nssocks[ns]. The function supports IPv4 and IPv6 queries
982 along with the ability to send the query in parallel for both stacks
983 (default) or serially (RES_SINGLKUP). It also supports serial lookup
984 with a close and reopen of the socket used to talk to the server
985 (RES_SNGLKUPREOP) to work around broken name servers.
986
987 The query stored in BUF of BUFLEN length is sent first followed by
988 the query stored in BUF2 of BUFLEN2 length. Queries are sent
989 in parallel (default) or serially (RES_SINGLKUP or RES_SNGLKUPREOP).
990
991 Answers to the query are stored firstly in *ANSP up to a max of
992 *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP
993 is non-NULL (to indicate that modifying the answer buffer is allowed)
994 then malloc is used to allocate a new response buffer and ANSCP and
995 ANSP will both point to the new buffer. If more than *ANSSIZP bytes
996 are needed but ANSCP is NULL, then as much of the response as
997 possible is read into the buffer, but the results will be truncated.
998 When truncation happens because of a small answer buffer the DNS
999 packets header field TC will bet set to 1, indicating a truncated
1000 message, while the rest of the UDP packet is discarded.
1001
1002 Answers to the query are stored secondly in *ANSP2 up to a max of
1003 *ANSSIZP2 bytes, with the actual response length stored in
1004 *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2
1005 is non-NULL (required for a second query) then malloc is used to
1006 allocate a new response buffer, *ANSSIZP2 is set to the new buffer
1007 size and *ANSP2_MALLOCED is set to 1.
1008
1009 The ANSP2_MALLOCED argument will eventually be removed as the
1010 change in buffer pointer can be used to detect the buffer has
1011 changed and that the caller should use free on the new buffer.
1012
1013 Note that the answers may arrive in any order from the server and
1014 therefore the first and second answer buffers may not correspond to
1015 the first and second queries.
1016
1017 It is not supported to call this function with a non-NULL ANSP2
1018 but a NULL ANSCP. Put another way, you can call send_vc with a
1019 single unmodifiable buffer or two modifiable buffers, but no other
1020 combination is supported.
1021
1022 It is the caller's responsibility to free the malloc allocated
1023 buffers by detecting that the pointers have changed from their
1024 original values i.e. *ANSCP or *ANSP2 has changed.
1025
1026 If an answer is truncated because of UDP datagram DNS limits then
1027 *V_CIRCUIT is set to 1 and the return value non-zero to indicate to
1028 the caller to retry with TCP. The value *GOTSOMEWHERE is set to 1
1029 if any progress was made reading a response from the nameserver and
1030 is used by the caller to distinguish between ECONNREFUSED and
1031 ETIMEDOUT (the latter if *GOTSOMEWHERE is 1).
1032
1033 If errors are encountered then *TERRNO is set to an appropriate
1034 errno value and a zero result is returned for a recoverable error,
1035 and a less-than zero result is returned for a non-recoverable error.
1036
1037 If no errors are encountered then *TERRNO is left unmodified and
1038 a the length of the first response in bytes is returned. */
1039static int
1040send_dg(res_state statp,
1041 const u_char *buf, int buflen, const u_char *buf2, int buflen2,
1042 u_char **ansp, int *anssizp,
1043 int *terrno, int ns, int *v_circuit, int *gotsomewhere, u_char **anscp,
1044 u_char **ansp2, int *anssizp2, int *resplen2, int *ansp2_malloced)
1045{
1046 const HEADER *hp = (HEADER *) buf;
1047 const HEADER *hp2 = (HEADER *) buf2;
1048 struct timespec now, timeout, finish;
1049 struct pollfd pfd[1];
1050 int ptimeout;
1051 struct sockaddr_in6 from;
1052 int resplen = 0;
1053 int n;
1054
1055 /*
1056 * Compute time for the total operation.
1057 */
1058 int seconds = (statp->retrans << ns);
1059 if (ns > 0)
1060 seconds /= statp->nscount;
1061 if (seconds <= 0)
1062 seconds = 1;
1063 bool single_request_reopen = (statp->options & RES_SNGLKUPREOP) != 0;
1064 bool single_request = (((statp->options & RES_SNGLKUP) != 0)
1065 | single_request_reopen);
1066 int save_gotsomewhere = *gotsomewhere;
1067
1068 int retval;
1069 retry_reopen:
1070 retval = reopen (statp, terrno, ns);
1071 if (retval <= 0)
1072 {
1073 if (resplen2 != NULL)
1074 *resplen2 = 0;
1075 return retval;
1076 }
1077 retry:
1078 evNowTime(&now);
1079 evConsTime(&timeout, seconds, 0);
1080 evAddTime(&finish, &now, &timeout);
1081 int need_recompute = 0;
1082 int nwritten = 0;
1083 int recvresp1 = 0;
1084 /* Skip the second response if there is no second query.
1085 To do that we mark the second response as received. */
1086 int recvresp2 = buf2 == NULL;
1087 pfd[0].fd = EXT(statp).nssocks[ns];
1088 pfd[0].events = POLLOUT;
1089 wait:
1090 if (need_recompute) {
1091 recompute_resend:
1092 evNowTime(&now);
1093 if (evCmpTime(finish, now) <= 0) {
1094 poll_err_out:
1095 return close_and_return_error (statp, resplen2);
1096 }
1097 evSubTime(&timeout, &finish, &now);
1098 need_recompute = 0;
1099 }
1100 /* Convert struct timespec in milliseconds. */
1101 ptimeout = timeout.tv_sec * 1000 + timeout.tv_nsec / 1000000;
1102
1103 n = 0;
1104 if (nwritten == 0)
1105 n = __poll (pfd, 1, 0);
1106 if (__glibc_unlikely (n == 0)) {
1107 n = __poll (pfd, 1, ptimeout);
1108 need_recompute = 1;
1109 }
1110 if (n == 0) {
1111 if (resplen > 1 && (recvresp1 || (buf2 != NULL && recvresp2)))
1112 {
1113 /* There are quite a few broken name servers out
1114 there which don't handle two outstanding
1115 requests from the same source. There are also
1116 broken firewall settings. If we time out after
1117 having received one answer switch to the mode
1118 where we send the second request only once we
1119 have received the first answer. */
1120 if (!single_request)
1121 {
1122 statp->options |= RES_SNGLKUP;
1123 single_request = true;
1124 *gotsomewhere = save_gotsomewhere;
1125 goto retry;
1126 }
1127 else if (!single_request_reopen)
1128 {
1129 statp->options |= RES_SNGLKUPREOP;
1130 single_request_reopen = true;
1131 *gotsomewhere = save_gotsomewhere;
1132 __res_iclose (statp, false);
1133 goto retry_reopen;
1134 }
1135
1136 *resplen2 = 1;
1137 return resplen;
1138 }
1139
1140 *gotsomewhere = 1;
1141 if (resplen2 != NULL)
1142 *resplen2 = 0;
1143 return 0;
1144 }
1145 if (n < 0) {
1146 if (errno == EINTR)
1147 goto recompute_resend;
1148
1149 goto poll_err_out;
1150 }
1151 __set_errno (0);
1152 if (pfd[0].revents & POLLOUT) {
1153#ifndef __ASSUME_SENDMMSG
1154 static int have_sendmmsg;
1155#else
1156# define have_sendmmsg 1
1157#endif
1158 if (have_sendmmsg >= 0 && nwritten == 0 && buf2 != NULL
1159 && !single_request)
1160 {
1161 struct iovec iov =
1162 { .iov_base = (void *) buf, .iov_len = buflen };
1163 struct iovec iov2 =
1164 { .iov_base = (void *) buf2, .iov_len = buflen2 };
1165 struct mmsghdr reqs[2] =
1166 {
1167 {
1168 .msg_hdr =
1169 {
1170 .msg_iov = &iov,
1171 .msg_iovlen = 1,
1172 },
1173 },
1174 {
1175 .msg_hdr =
1176 {
1177 .msg_iov = &iov2,
1178 .msg_iovlen = 1,
1179 }
1180 },
1181 };
1182
1183 int ndg = __sendmmsg (pfd[0].fd, reqs, 2, MSG_NOSIGNAL);
1184 if (__glibc_likely (ndg == 2))
1185 {
1186 if (reqs[0].msg_len != buflen
1187 || reqs[1].msg_len != buflen2)
1188 goto fail_sendmmsg;
1189
1190 pfd[0].events = POLLIN;
1191 nwritten += 2;
1192 }
1193 else if (ndg == 1 && reqs[0].msg_len == buflen)
1194 goto just_one;
1195 else if (ndg < 0 && (errno == EINTR || errno == EAGAIN))
1196 goto recompute_resend;
1197 else
1198 {
1199#ifndef __ASSUME_SENDMMSG
1200 if (__glibc_unlikely (have_sendmmsg == 0))
1201 {
1202 if (ndg < 0 && errno == ENOSYS)
1203 {
1204 have_sendmmsg = -1;
1205 goto try_send;
1206 }
1207 have_sendmmsg = 1;
1208 }
1209#endif
1210
1211 fail_sendmmsg:
1212 return close_and_return_error (statp, resplen2);
1213 }
1214 }
1215 else
1216 {
1217 ssize_t sr;
1218#ifndef __ASSUME_SENDMMSG
1219 try_send:
1220#endif
1221 if (nwritten != 0)
1222 sr = send (pfd[0].fd, buf2, buflen2, MSG_NOSIGNAL);
1223 else
1224 sr = send (pfd[0].fd, buf, buflen, MSG_NOSIGNAL);
1225
1226 if (sr != (nwritten != 0 ? buflen2 : buflen)) {
1227 if (errno == EINTR || errno == EAGAIN)
1228 goto recompute_resend;
1229 return close_and_return_error (statp, resplen2);
1230 }
1231 just_one:
1232 if (nwritten != 0 || buf2 == NULL || single_request)
1233 pfd[0].events = POLLIN;
1234 else
1235 pfd[0].events = POLLIN | POLLOUT;
1236 ++nwritten;
1237 }
1238 goto wait;
1239 } else if (pfd[0].revents & POLLIN) {
1240 int *thisanssizp;
1241 u_char **thisansp;
1242 int *thisresplenp;
1243
1244 if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) {
1245 /* We have not received any responses
1246 yet or we only have one response to
1247 receive. */
1248 thisanssizp = anssizp;
1249 thisansp = anscp ?: ansp;
1250 assert (anscp != NULL || ansp2 == NULL);
1251 thisresplenp = &resplen;
1252 } else {
1253 thisanssizp = anssizp2;
1254 thisansp = ansp2;
1255 thisresplenp = resplen2;
1256 }
1257
1258 if (*thisanssizp < MAXPACKET
1259 /* If the current buffer is not the the static
1260 user-supplied buffer then we can reallocate
1261 it. */
1262 && (thisansp != NULL && thisansp != ansp)
1263#ifdef FIONREAD
1264 /* Is the size too small? */
1265 && (ioctl (pfd[0].fd, FIONREAD, thisresplenp) < 0
1266 || *thisanssizp < *thisresplenp)
1267#endif
1268 ) {
1269 /* Always allocate MAXPACKET, callers expect
1270 this specific size. */
1271 u_char *newp = malloc (MAXPACKET);
1272 if (newp != NULL) {
1273 *thisanssizp = MAXPACKET;
1274 *thisansp = newp;
1275 if (thisansp == ansp2)
1276 *ansp2_malloced = 1;
1277 }
1278 }
1279 /* We could end up with truncation if anscp was NULL
1280 (not allowed to change caller's buffer) and the
1281 response buffer size is too small. This isn't a
1282 reliable way to detect truncation because the ioctl
1283 may be an inaccurate report of the UDP message size.
1284 Therefore we use this only to issue debug output.
1285 To do truncation accurately with UDP we need
1286 MSG_TRUNC which is only available on Linux. We
1287 can abstract out the Linux-specific feature in the
1288 future to detect truncation. */
1289 HEADER *anhp = (HEADER *) *thisansp;
1290 socklen_t fromlen = sizeof(struct sockaddr_in6);
1291 assert (sizeof(from) <= fromlen);
1292 *thisresplenp = recvfrom(pfd[0].fd, (char*)*thisansp,
1293 *thisanssizp, 0,
1294 (struct sockaddr *)&from, &fromlen);
1295 if (__glibc_unlikely (*thisresplenp <= 0)) {
1296 if (errno == EINTR || errno == EAGAIN) {
1297 need_recompute = 1;
1298 goto wait;
1299 }
1300 return close_and_return_error (statp, resplen2);
1301 }
1302 *gotsomewhere = 1;
1303 if (__glibc_unlikely (*thisresplenp < HFIXEDSZ)) {
1304 /*
1305 * Undersized message.
1306 */
1307 *terrno = EMSGSIZE;
1308 return close_and_return_error (statp, resplen2);
1309 }
1310 if ((recvresp1 || hp->id != anhp->id)
1311 && (recvresp2 || hp2->id != anhp->id)) {
1312 /*
1313 * response from old query, ignore it.
1314 * XXX - potential security hazard could
1315 * be detected here.
1316 */
1317 goto wait;
1318 }
1319 if (!(statp->options & RES_INSECURE1) &&
1320 !res_ourserver_p(statp, &from)) {
1321 /*
1322 * response from wrong server? ignore it.
1323 * XXX - potential security hazard could
1324 * be detected here.
1325 */
1326 goto wait;
1327 }
1328 if (!(statp->options & RES_INSECURE2)
1329 && (recvresp1 || !res_queriesmatch(buf, buf + buflen,
1330 *thisansp,
1331 *thisansp
1332 + *thisanssizp))
1333 && (recvresp2 || !res_queriesmatch(buf2, buf2 + buflen2,
1334 *thisansp,
1335 *thisansp
1336 + *thisanssizp))) {
1337 /*
1338 * response contains wrong query? ignore it.
1339 * XXX - potential security hazard could
1340 * be detected here.
1341 */
1342 goto wait;
1343 }
1344 if (anhp->rcode == SERVFAIL ||
1345 anhp->rcode == NOTIMP ||
1346 anhp->rcode == REFUSED) {
1347 next_ns:
1348 if (recvresp1 || (buf2 != NULL && recvresp2)) {
1349 *resplen2 = 0;
1350 return resplen;
1351 }
1352 if (buf2 != NULL)
1353 {
1354 /* No data from the first reply. */
1355 resplen = 0;
1356 /* We are waiting for a possible second reply. */
1357 if (hp->id == anhp->id)
1358 recvresp1 = 1;
1359 else
1360 recvresp2 = 1;
1361
1362 goto wait;
1363 }
1364
1365 /* don't retry if called from dig */
1366 if (!statp->pfcode)
1367 return close_and_return_error (statp, resplen2);
1368 __res_iclose(statp, false);
1369 }
1370 if (anhp->rcode == NOERROR && anhp->ancount == 0
1371 && anhp->aa == 0 && anhp->ra == 0 && anhp->arcount == 0) {
1372 goto next_ns;
1373 }
1374 if (!(statp->options & RES_IGNTC) && anhp->tc) {
1375 /*
1376 * To get the rest of answer,
1377 * use TCP with same server.
1378 */
1379 *v_circuit = 1;
1380 __res_iclose(statp, false);
1381 // XXX if we have received one reply we could
1382 // XXX use it and not repeat it over TCP...
1383 if (resplen2 != NULL)
1384 *resplen2 = 0;
1385 return (1);
1386 }
1387 /* Mark which reply we received. */
1388 if (recvresp1 == 0 && hp->id == anhp->id)
1389 recvresp1 = 1;
1390 else
1391 recvresp2 = 1;
1392 /* Repeat waiting if we have a second answer to arrive. */
1393 if ((recvresp1 & recvresp2) == 0) {
1394 if (single_request) {
1395 pfd[0].events = POLLOUT;
1396 if (single_request_reopen) {
1397 __res_iclose (statp, false);
1398 retval = reopen (statp, terrno, ns);
1399 if (retval <= 0)
1400 {
1401 if (resplen2 != NULL)
1402 *resplen2 = 0;
1403 return retval;
1404 }
1405 pfd[0].fd = EXT(statp).nssocks[ns];
1406 }
1407 }
1408 goto wait;
1409 }
1410 /* All is well. We have received both responses (if
1411 two responses were requested). */
1412 return (resplen);
1413 } else if (pfd[0].revents & (POLLERR | POLLHUP | POLLNVAL))
1414 /* Something went wrong. We can stop trying. */
1415 return close_and_return_error (statp, resplen2);
1416 else {
1417 /* poll should not have returned > 0 in this case. */
1418 abort ();
1419 }
1420}
1421
1422static int
1423sock_eq(struct sockaddr_in6 *a1, struct sockaddr_in6 *a2) {
1424 if (a1->sin6_family == a2->sin6_family) {
1425 if (a1->sin6_family == AF_INET)
1426 return ((((struct sockaddr_in *)a1)->sin_port ==
1427 ((struct sockaddr_in *)a2)->sin_port) &&
1428 (((struct sockaddr_in *)a1)->sin_addr.s_addr ==
1429 ((struct sockaddr_in *)a2)->sin_addr.s_addr));
1430 else
1431 return ((a1->sin6_port == a2->sin6_port) &&
1432 !memcmp(&a1->sin6_addr, &a2->sin6_addr,
1433 sizeof (struct in6_addr)));
1434 }
1435 if (a1->sin6_family == AF_INET) {
1436 struct sockaddr_in6 *sap = a1;
1437 a1 = a2;
1438 a2 = sap;
1439 } /* assumes that AF_INET and AF_INET6 are the only possibilities */
1440 return ((a1->sin6_port == ((struct sockaddr_in *)a2)->sin_port) &&
1441 IN6_IS_ADDR_V4MAPPED(&a1->sin6_addr) &&
1442 (a1->sin6_addr.s6_addr32[3] ==
1443 ((struct sockaddr_in *)a2)->sin_addr.s_addr));
1444}
1445