Change 75830fb836 to fix _nres
initialization to be thread safe accidentally introduced a behavior
change whereby res_init() became a no-op. It also failed to remove all
direct accesses to _nres.
Move the file over to C++ so we can let RAII ensure we're always holding
a lock while using the global state, make all callers access the global
state via this class, and restore the previous behavior of res_init().
Test: atest DnsResolverTest
Bug: 166235340
Change-Id: Ib390a7eac063bc0ff5eeba755e8c74ef1383004e
Currently, the initialization of _nres is not thread-saferes_mkquery is not thread-safe,
which might cause memory double free problem if caller ran under multithread.
To fix it, only initialize _nres once.
Also remove the redundant code.
Test: atest DnsResolverTest
Bug: 166235340
Change-Id: I9caa6eab37cb530fc60dae9bcca9650973a4536a
The remote server specifies resplen, the length of the response it
intends to send. anssiz represents the size of the destination buffer.
If the reported resplen is larger than the anssiz, the code correctly
only reads up to anssiz bytes, but returns resplen. so later functions
will access far out of bounds.
The fix ensures that the length of send_vc return does not exceed the
buffer size.
Bug: 161362564
Test: build, flash, boot
Test: atest netd_integration_test
Merged-In: Id4b5df1be4652e4623847b0b0bad0af65b80fdd5
Change-Id: Id4b5df1be4652e4623847b0b0bad0af65b80fdd5
Memory leak happen when Android data framework updates identical DNS
information to netd.
Bug: 115595601
Test: netd_unit_test, netd_integration_test
Change-Id: Idcc0956729286563603f482258f488a1ccd75e6a
This is currently a non-functional change, because base_timeout_msec is
never set to a non-default value (other than in unit tests).
Test: netd_unit_test --gtest_filter='ResolverTest.*'
Change-Id: I21989bab5cc9f55ee1392e30965eb405d720a28e
The primary motivation is speeding up tests for non-responsive
nameservers. It's also base infrastructure for future work to compute
retry timeouts dynamically.
Using default timeouts (RES_TIMEOUT = 5 seconds):
ResolverTest.GetAddrInfoV6_nonresponsive (45141 ms)
With base_timeout_msec=100:
ResolverTest.GetAddrInfoV6_nonresponsive (1264 ms)
Test: executed unsubmitted test from aosp/713993
Change-Id: Id902089ca69ca8d28032180ba51e8937262ef490
Currently DNS lookups are all sent as UID 0. In N we added an
AID_DNS user, but we never used it. A separate UID allows us to
account for and route DNS traffic differently from other UID 0
traffic such as kernel-originated traffic.
(cherry picked from commit 5f02720c88)
Fix: 29420831
Bug: 70673901
Test: DNS lookups continue to work
Test: netd_{unit,integration}_test pass
Change-Id: Ife3ca7df45de51b92437d2cfe627fb4703b672fb
Merged-In: I1c76fac51bdd4804620fe8a8567c9a650b8734d9
Currently DNS lookups are all sent as UID 0. In N we added an
AID_DNS user, but we never used it. A separate UID allows us to
account for and route DNS traffic differently from other UID 0
traffic such as kernel-originated traffic.
Bug: 70673901
Test: DNS lookups continue to work
Test: netd_{unit,integration}_test pass
Change-Id: Ife3ca7df45de51b92437d2cfe627fb4703b672fb
Behavior is compliant with
https://tools.ietf.org/html/draft-ietf-dprive-padding-policy-04
EDNS0 is only enabled when the netcontext requests it, i.e. in DNS-over-TLS
mode.
Bug: 69623036
Bug: 64133961
Test: Wireshark verified. Integration tests echo padding and pass.
Merged-In: Ie5439b0ad505ebf393a83c87845fd02549afc4a2
Merged-In: I274d659782870818274526d23d3a3c4640cad92d
Change-Id: I5ef600e02a572d281441e890cc981614f150629b
(cherry picked from commit 23e4081009bb58d9c09e615186208b77749e72de)
Behavior is compliant with
https://tools.ietf.org/html/draft-ietf-dprive-padding-policy-04
EDNS0 is only enabled when the netcontext requests it, i.e. in DNS-over-TLS
mode.
Bug: 69623036
Bug: 64133961
Test: Wireshark verified. Integration tests echo padding and pass.
Change-Id: I5ef600e02a572d281441e890cc981614f150629b
This effectively enables these features only in TLS mode
Test: Integration tests pass
Bug: 69623036
Bug: 64133961
Merged-In: Idbfbc0343e21ad713d9b4204fc48d63fb5b8dcd4
Merged-In: Ie3ae2390f01dbdcccf55fdd4e87b8a258702cfbc
Change-Id: I153a259b0c07717f664ee268b43da867a9b42152
(cherry picked from commit e7190ce3f2)
This effectively enables these features only in TLS mode
Test: Integration tests pass
Bug:69623036
Change-Id: I153a259b0c07717f664ee268b43da867a9b42152
This change does not enable EDNS0, so it should not
result in any behavior change. However, enabling EDNS0
should now be possible with only a small additional change
to "flip the switch".
This change has also landed in NetBSD upstream
(http://gnats.netbsd.org/52578) so this change reduces
divergence from upstream.
Most of the code in this change is for caching of queries that contain
an additional section.
Bug: 15132200
Bug: 64133961
Test: Added integration tests for fallback to the netd suite.
Merged-In: I9b0abc6e4f3ff7f9c23a5cb921d392d2d3065d99
Merged-In: I9c06bbaf1883de4bdebd822f9a052901bf3efc04
Merged-In: Ie438b77bc1aeea0b0c700a90998cec31ac9a0015
Change-Id: Ic64bed0754e1d529dc0c0ab6a5e2f1ea201ff0d5
(cherry picked from commit 6eed8e1bb6)
This change does not enable EDNS0, so it should not
result in any behavior change. However, enabling EDNS0
should now be possible with only a small additional change
to "flip the switch".
This change has also landed in NetBSD upstream
(http://gnats.netbsd.org/52578) so this change reduces
divergence from upstream.
Most of the code in this change is for caching of queries that contain
an additional section.
Bug: 15132200
Test: Added integration tests for fallback to the netd suite.
Change-Id: Ic64bed0754e1d529dc0c0ab6a5e2f1ea201ff0d5
This change
- adds a query hook to android_net_context
- exposes relevant definitions to netd
- corrects a bug in query hooks' interaction with the cache
This change does not introduce any code to read the query hook
from the net context or make use of it.
Bug: 34953048
Test: Netd test suite passes
Change-Id: Ie091980e22ce9da07a3c4d387b371e544379d762
This library is used by a number of different libraries in the system.
Make it easy for platform libraries to use this library and create
an actual exported include file.
Change the names of the functions to reflect the new name of the library.
Run clang_format on the async_safe_log.cpp file since the formatting is
all over the place.
Bug: 31919199
Test: Compiled for angler/bullhead, and booted.
Test: Ran bionic unit tests.
Test: Ran the malloc debug tests.
Change-Id: I8071bf690c17b0ea3bc8dc5749cdd5b6ad58478a
For security reasons, when a binary is executed which causes a security
transition (eg, a setuid binary, setgid binary, filesystem capabilities,
or SELinux domain transition), the AT_SECURE flag is set. This causes
certain blacklisted environment variables to be stripped before the
process is executed. The list of blacklisted environment variables is
stored in UNSAFE_VARIABLE_NAMES. Generally speaking, most environment
variables used internally by libc show up in this list.
Add ANDROID_DNS_MODE to the list of unsafe variables.
Similar to RESOLV_HOST_CONF and RES_OPTIONS (which are already
blacklisted), this variable controls how name resolution requests are
handled. Allowing ANDROID_DNS_MODE to be set across a security
boundary could induce resolution failures or otherwise impact
name resolution.
Remove BIONIC_DNSCACHE. This does not appear to be used, and setting
this variable across a security boundary could cause name resolution
problems.
Test: Android compiles and runs with no obvious problems.
Change-Id: I835a7b42d6afbc9c67866594c7951cfd9b355d81
Regenerating the NOTICE file the other day left me scratching my head at
various "how do they differ?" cases, resolved by this patch.
Test: N/A
Change-Id: I4230bfa1d7ec842a4b9fb8c73dd3b39443d74054
We need to make a clearer distinction for bionic on the host. This patch
doesn't fully address things like "should host bionic try to talk to netd?"
for now, but is a step in the right direction.
Bug: http://b/31559095
Test: bionic tests.
Change-Id: I49812f8b75d9d78c4fd8a8ddf5df1201d63771d6
_resolv_set_nameservers_for_net() so far did not update the search
paths, unless the servers changed as well.
BUG: 28437641
Change-Id: Id31f2d97c173e00357fb2ba95908afb4572c0fc1
Fix the resolver information returned by
android_net_res_stats_get_info_for_net,
erroneously included MAXDNSRCH empty results if no search path was set.
BUG: 25731675
Change-Id: I97ef5d2d47dc62ca403a3323c7f14902e47b29b6
android_net_res_stats_get_info_for_net returns the current name servers, search
domains, parameters and stats for the given network ID.
android_net_res_stats_aggregate provides statistics such as errors counts from
the raw stats data reported by android_net_res_stats_get_info_for_net.
android_net_res_stats_get_usable_servers uses the data returned by
android_net_res_stats_aggregate to determine which of the servers are
considered valid or broken by the resolver.
BUG: 25731675
Change-Id: I6059b68e5e8b809027a4d3135f6081588bee8a7d
Instead of keeping a sentinel after nameservers[], nsaddrinfo[] and
nstats[], store the server count in the structure, freeing up memory and
eliminating the need to enumerate the server count every time
_resolv_is_nameservers_equal_locked() is invoked.
Also increase MAXNS from 3 to 4.
BUG: 28153323
Change-Id: I11a7257af695157c9e32019cd00c67b535b63c75
Collect statistics about DNS query success state and delay. Ignore
servers that have been tried at least five times and have a success rate
of < 0.25. Retry these servers once every 180s.
Bug: 25731675
Change-Id: I78e24f43e388dca82fb81835e1796f4c7dce8da3
The DNS search string contains zeros as domain separator. The resolver
code erroneously used strlcpy(), which resulted in only the first domain
to be copied. The code uses pointers into this string to access the
individual domains. Since the structure is zero-initialized, this bug only
resulted in zero-length domains instead of accessing unitialized memory.
BUG: 27312811
Change-Id: Ia9d066c405dfcc5e82d6766d93ead2ce574e7b0d
Our FORTIFY _chk functions' implementations were very repetitive and verbose
but not very helpful. We'd also screwed up and put the SSIZE_MAX checks where
they would never fire unless you actually had a buffer as large as half your
address space, which probably doesn't happen very often.
Factor out the duplication and take the opportunity to actually show details
like how big the overrun buffer was, or by how much it was overrun.
Also remove the obsolete FORTIFY event logging.
Also remove the unused __libc_fatal_no_abort.
This change doesn't improve the diagnostics from the optimized assembler
implementations.
Change-Id: I176a90701395404d50975b547a00bd2c654e1252
Interestingly, this mostly involves cleaning up our implementation of
various <string.h> functions.
Change-Id: Ifaef49b5cb997134f7bc0cc31bdac844bdb9e089
The code now compiles with all combinations of DEBUG and
DEBUG_DATA except DEBUG_DATA=1, DEBUG=0, which is unsupported.
Change-Id: I9035a65c649df73092f1fc0864ae1cdd9a14aa3b
(cherrypick of 79a49c9857f3949fc13373eeb179f27b6ecdca81.)
Change-Id: I7bb44fd1fe3ef2ddfc115247f328eccfceeb5352
Signed-off-by: Patrick Tjin <pattjin@google.com>
