Change 75830fb836 to fix _nres
initialization to be thread safe accidentally introduced a behavior
change whereby res_init() became a no-op. It also failed to remove all
direct accesses to _nres.
Move the file over to C++ so we can let RAII ensure we're always holding
a lock while using the global state, make all callers access the global
state via this class, and restore the previous behavior of res_init().
Test: atest DnsResolverTest
Bug: 166235340
Change-Id: Ib390a7eac063bc0ff5eeba755e8c74ef1383004e
Currently, the initialization of _nres is not thread-saferes_mkquery is not thread-safe,
which might cause memory double free problem if caller ran under multithread.
To fix it, only initialize _nres once.
Also remove the redundant code.
Test: atest DnsResolverTest
Bug: 166235340
Change-Id: I9caa6eab37cb530fc60dae9bcca9650973a4536a
The remote server specifies resplen, the length of the response it
intends to send. anssiz represents the size of the destination buffer.
If the reported resplen is larger than the anssiz, the code correctly
only reads up to anssiz bytes, but returns resplen. so later functions
will access far out of bounds.
The fix ensures that the length of send_vc return does not exceed the
buffer size.
Bug: 161362564
Test: build, flash, boot
Test: atest netd_integration_test
Merged-In: Id4b5df1be4652e4623847b0b0bad0af65b80fdd5
Change-Id: Id4b5df1be4652e4623847b0b0bad0af65b80fdd5
The shadowing of `ai` meant that the freeaddrinfo() call outside the
loop would never see anything but NULL.
Bug: https://issuetracker.google.com/143928781
Test: treehugger
Change-Id: I1bf137f7933201eb8024603bfd569ff7bbc7f9b7
In ns_name_skip of ns_name.c, there is a possible out of bounds read due to
a missing bounds check. This could lead to remote denial of service with no
additional execution privileges needed. User interaction is not needed for
exploitation.
Bug: 137346580
Test: built, flashed, booted
Test: ns_parserr_fuzzer test
Change-Id: Ib023bd9b2ae97795d64195de9922a6a32d7b2f37
remove android_open_proxy and use dns_open_proxy instead of it.
dns_open_proxy is in libnetd_client and
it does the same thing as android_open_proxy except return value.
It returns fd directly now.
Test: build, dns works fine
Change-Id: I984743fb50b23eeb9a7d24e9fc347832acfe2afe
Memory leak happen when Android data framework updates identical DNS
information to netd.
(cherrypick of c466fe95dc641d879683700aea4233ffd42bc762.)
Bug: 115595601
Test: netd_unit_test, netd_integration_test
Change-Id: Idcc0956729286563603f482258f488a1ccd75e6a
Memory leak happen when Android data framework updates identical DNS
information to netd.
Bug: 115595601
Test: netd_unit_test, netd_integration_test
Change-Id: Idcc0956729286563603f482258f488a1ccd75e6a
Currently, getnameinfo() will never issue a reverse DNS lookup if the first
byte of the IPv6 address is 0x00. This means it is not possible to do a
reverse DNS lookup for a NAT64 address if the NAT64 prefix is the well-known
prefix. Make this possible by treating the well-known prefix specially. This
is not needed for unicast NAT64 prefixes because they do not start with 0x00.
Bug: 78545619
Test: netd_{unit,integration}_test pass
Test: bionic-unit-tests --gtest_filter='net*' pass
Change-Id: I176d30dcf411a5ffe1eec110db99cd73b48e956f
This is currently a non-functional change, because base_timeout_msec is
never set to a non-default value (other than in unit tests).
Test: netd_unit_test --gtest_filter='ResolverTest.*'
Change-Id: I21989bab5cc9f55ee1392e30965eb405d720a28e
The primary motivation is speeding up tests for non-responsive
nameservers. It's also base infrastructure for future work to compute
retry timeouts dynamically.
Using default timeouts (RES_TIMEOUT = 5 seconds):
ResolverTest.GetAddrInfoV6_nonresponsive (45141 ms)
With base_timeout_msec=100:
ResolverTest.GetAddrInfoV6_nonresponsive (1264 ms)
Test: executed unsubmitted test from aosp/713993
Change-Id: Id902089ca69ca8d28032180ba51e8937262ef490
Currently DNS lookups are all sent as UID 0. In N we added an
AID_DNS user, but we never used it. A separate UID allows us to
account for and route DNS traffic differently from other UID 0
traffic such as kernel-originated traffic.
(cherry picked from commit 5f02720c88)
Fix: 29420831
Bug: 70673901
Test: DNS lookups continue to work
Test: netd_{unit,integration}_test pass
Change-Id: Ife3ca7df45de51b92437d2cfe627fb4703b672fb
Merged-In: I1c76fac51bdd4804620fe8a8567c9a650b8734d9
Currently DNS lookups are all sent as UID 0. In N we added an
AID_DNS user, but we never used it. A separate UID allows us to
account for and route DNS traffic differently from other UID 0
traffic such as kernel-originated traffic.
Bug: 70673901
Test: DNS lookups continue to work
Test: netd_{unit,integration}_test pass
Change-Id: Ife3ca7df45de51b92437d2cfe627fb4703b672fb
Behavior is compliant with
https://tools.ietf.org/html/draft-ietf-dprive-padding-policy-04
EDNS0 is only enabled when the netcontext requests it, i.e. in DNS-over-TLS
mode.
Bug: 69623036
Bug: 64133961
Test: Wireshark verified. Integration tests echo padding and pass.
Merged-In: Ie5439b0ad505ebf393a83c87845fd02549afc4a2
Merged-In: I274d659782870818274526d23d3a3c4640cad92d
Change-Id: I5ef600e02a572d281441e890cc981614f150629b
(cherry picked from commit 23e4081009bb58d9c09e615186208b77749e72de)
Behavior is compliant with
https://tools.ietf.org/html/draft-ietf-dprive-padding-policy-04
EDNS0 is only enabled when the netcontext requests it, i.e. in DNS-over-TLS
mode.
Bug: 69623036
Bug: 64133961
Test: Wireshark verified. Integration tests echo padding and pass.
Change-Id: I5ef600e02a572d281441e890cc981614f150629b
System libc talks to out-of-process daemon thus it's better to not
duplicate that functionality in native bridge.
Bug: 67993967
Test: make
Change-Id: Iabc887a94082806d048bc98bf8d3b21c7531d60d
(cherry picked from commit 5956847acc)
This effectively enables these features only in TLS mode
Test: Integration tests pass
Bug: 69623036
Bug: 64133961
Merged-In: Idbfbc0343e21ad713d9b4204fc48d63fb5b8dcd4
Merged-In: Ie3ae2390f01dbdcccf55fdd4e87b8a258702cfbc
Change-Id: I153a259b0c07717f664ee268b43da867a9b42152
(cherry picked from commit e7190ce3f2)
This effectively enables these features only in TLS mode
Test: Integration tests pass
Bug:69623036
Change-Id: I153a259b0c07717f664ee268b43da867a9b42152
This change does not enable EDNS0, so it should not
result in any behavior change. However, enabling EDNS0
should now be possible with only a small additional change
to "flip the switch".
This change has also landed in NetBSD upstream
(http://gnats.netbsd.org/52578) so this change reduces
divergence from upstream.
Most of the code in this change is for caching of queries that contain
an additional section.
Bug: 15132200
Bug: 64133961
Test: Added integration tests for fallback to the netd suite.
Merged-In: I9b0abc6e4f3ff7f9c23a5cb921d392d2d3065d99
Merged-In: I9c06bbaf1883de4bdebd822f9a052901bf3efc04
Merged-In: Ie438b77bc1aeea0b0c700a90998cec31ac9a0015
Change-Id: Ic64bed0754e1d529dc0c0ab6a5e2f1ea201ff0d5
(cherry picked from commit 6eed8e1bb6)
System libc talks to out-of-process daemon thus it's better to not
duplicate that functionality in native bridge.
Bug: 67993967
Test: make
Change-Id: Iabc887a94082806d048bc98bf8d3b21c7531d60d
This is for passing additional instructions through stages of the
DNS resolution pipeling.
Test: as follows
- builds, flashes, boots
- system/netd/tests/runtests.sh passes
Bug: 34953048
Bug: 64133961
Bug: 70694619
Bug: 72345192
Merged-In: I81c49586d675160b66dc2c51b76ad183cc418213
Merged-In: Ie8a8ee5784407d4ec304b3f40a6b234ebeaf6376
Merged-In: Icdec53cf5b210db5ad833dd3b64fa3d8ae74100a
Change-Id: I5a86cc5192e6cfa09c375ac9f5810102da3aba20
(cherry picked from commit 391143e51b)
This is for passing additional instructions through stages of the
DNS resolution pipeling.
Test: as follows
- builds, flashes, boots
- system/netd/tests/runtests.sh passes
Bug: 34953048
Bug: 70694619
Bug: 72345192
Change-Id: I5a86cc5192e6cfa09c375ac9f5810102da3aba20
No reasonable response is larger than about 4K, and this should reduce the ability of misbehaving DNS servers to waste system resources.
Test: Integration tests pass
Change-Id: I43da94f57f9b376d08a1b176e0aedb6720148833
This change does not enable EDNS0, so it should not
result in any behavior change. However, enabling EDNS0
should now be possible with only a small additional change
to "flip the switch".
This change has also landed in NetBSD upstream
(http://gnats.netbsd.org/52578) so this change reduces
divergence from upstream.
Most of the code in this change is for caching of queries that contain
an additional section.
Bug: 15132200
Test: Added integration tests for fallback to the netd suite.
Change-Id: Ic64bed0754e1d529dc0c0ab6a5e2f1ea201ff0d5
And add more tests.
Bug: N/A (but I'm here because a recent test broke existing tests)
Test: ran tests
Change-Id: Ib78430f179b43484a49bb50ff447ea6870c1ee3a
Add all the missing <netdb.h> functions.
Also fix getservbyport to handle a null protocol correctly.
Also fix getservbyname/getservbyport to not interfere with getservent.
Also fix endservent to reset getservent iteration.
Also reduce unnecessary differences from upstream NetBSD sethostent.c.
The servent implementation is still horrific, and we should
probably support protoent too so that debugging tools can use
getprotobyname/getprotobynumber.
Bug: N/A
Test: ran tests
Change-Id: I639108c46df0a768af297cf3bbce857cb1bef9d9
This change
- adds a query hook to android_net_context
- exposes relevant definitions to netd
- corrects a bug in query hooks' interaction with the cache
This change does not introduce any code to read the query hook
from the net context or make use of it.
Bug: 34953048
Test: Netd test suite passes
Change-Id: Ie091980e22ce9da07a3c4d387b371e544379d762
This library is used by a number of different libraries in the system.
Make it easy for platform libraries to use this library and create
an actual exported include file.
Change the names of the functions to reflect the new name of the library.
Run clang_format on the async_safe_log.cpp file since the formatting is
all over the place.
Bug: 31919199
Test: Compiled for angler/bullhead, and booted.
Test: Ran bionic unit tests.
Test: Ran the malloc debug tests.
Change-Id: I8071bf690c17b0ea3bc8dc5749cdd5b6ad58478a
For security reasons, when a binary is executed which causes a security
transition (eg, a setuid binary, setgid binary, filesystem capabilities,
or SELinux domain transition), the AT_SECURE flag is set. This causes
certain blacklisted environment variables to be stripped before the
process is executed. The list of blacklisted environment variables is
stored in UNSAFE_VARIABLE_NAMES. Generally speaking, most environment
variables used internally by libc show up in this list.
Add ANDROID_DNS_MODE to the list of unsafe variables.
Similar to RESOLV_HOST_CONF and RES_OPTIONS (which are already
blacklisted), this variable controls how name resolution requests are
handled. Allowing ANDROID_DNS_MODE to be set across a security
boundary could induce resolution failures or otherwise impact
name resolution.
Remove BIONIC_DNSCACHE. This does not appear to be used, and setting
this variable across a security boundary could cause name resolution
problems.
Test: Android compiles and runs with no obvious problems.
Change-Id: I835a7b42d6afbc9c67866594c7951cfd9b355d81
Bug: http://b/31532493
These internal API structures are never actually used anywhere that
would change behavior because it is "packed", so it is safe to remove.
Test: Builds correctly with the latest toolchain.
Change-Id: I5431992d840777605be75ab91dc21158d6d22c26