Attachment #150064 for bug #195551

View | Details | Raw Unified | Return to bug 195551
Collapse All | Expand All

Lines 184-191 addrinfo_unpack(const nvlist_t *nvl) Link Here

(-)lib/libcapsicum/libcapsicum_dns.c (-2 / +2 lines)
184	ai->ai_socktype = (int)nvlist_get_number(nvl, "ai_socktype");	184	ai->ai_socktype = (int)nvlist_get_number(nvl, "ai_socktype");
185	ai->ai_protocol = (int)nvlist_get_number(nvl, "ai_protocol");	185	ai->ai_protocol = (int)nvlist_get_number(nvl, "ai_protocol");
186	ai->ai_addrlen = (socklen_t)addrlen;	186	ai->ai_addrlen = (socklen_t)addrlen;
187	canonname = nvlist_get_string(nvl, "ai_canonname");	187	if (nvlist_exists_string(nvl, "ai_canonname")) {
188	if (canonname != NULL) {	188	canonname = nvlist_get_string(nvl, "ai_canonname");
189	ai->ai_canonname = strdup(canonname);	189	ai->ai_canonname = strdup(canonname);
190	if (ai->ai_canonname == NULL) {	190	if (ai->ai_canonname == NULL) {
191	free(ai);	191	free(ai);

Lines 259-265 addrinfo_pack(const struct addrinfo *ai) Link Here

(-)libexec/casper/dns/dns.c (-1 / +3 lines)
259	nvlist_add_number(nvl, "ai_socktype", (uint64_t)ai->ai_socktype);	259	nvlist_add_number(nvl, "ai_socktype", (uint64_t)ai->ai_socktype);
260	nvlist_add_number(nvl, "ai_protocol", (uint64_t)ai->ai_protocol);	260	nvlist_add_number(nvl, "ai_protocol", (uint64_t)ai->ai_protocol);
261	nvlist_add_binary(nvl, "ai_addr", ai->ai_addr, (size_t)ai->ai_addrlen);	261	nvlist_add_binary(nvl, "ai_addr", ai->ai_addr, (size_t)ai->ai_addrlen);
262	nvlist_add_string(nvl, "ai_canonname", ai->ai_canonname);	262	if (ai->ai_canonname != NULL)
		263	nvlist_add_string(nvl, "ai_canonname", ai->ai_canonname);
263		264
264	return (nvl);	265	return (nvl);
265	}	266	}
Lines 292-297 dns_getaddrinfo(const nvlist_t limits, const nvlist_t nvlin, nvlist_t *nvlout) Link Here
292	hints.ai_addrlen = 0;	293	hints.ai_addrlen = 0;
293	hints.ai_addr = NULL;	294	hints.ai_addr = NULL;
294	hints.ai_canonname = NULL;	295	hints.ai_canonname = NULL;
		296	hints.ai_next = NULL;
295	hintsp = &hints;	297	hintsp = &hints;
296	family = hints.ai_family;	298	family = hints.ai_family;
297	} else {	299	} else {




#define	GETHOSTBYNAME2_AF_INET6		0x04
#define	GETHOSTBYADDR_AF_INET		0x08
#define	GETHOSTBYADDR_AF_INET6		0x10
#define	GETADDRINFO_AF_UNSPEC		0x20
#define	GETADDRINFO_AF_INET		0x40
#define	GETADDRINFO_AF_INET6		0x80

static bool
addrinfo_compare(struct addrinfo *ai0, struct addrinfo *ai1)
{
	struct addrinfo *at0, *at1;

	if (ai0 == NULL && ai1 == NULL)
		return (true);
	if (ai0 == NULL || ai1 == NULL)
		return (false);

	at0 = ai0;
	at1 = ai1;
	while (true) {
		if ((at0->ai_flags == at1->ai_flags) &&
		    (at0->ai_family == at1->ai_family) &&
		    (at0->ai_socktype == at1->ai_socktype) &&
		    (at0->ai_protocol == at1->ai_protocol) &&
		    (at0->ai_addrlen == at1->ai_addrlen) &&
		    (memcmp(at0->ai_addr, at1->ai_addr,
			at0->ai_addrlen) == 0)) {
			if (at0->ai_canonname != NULL &&
			    at1->ai_canonname != NULL)
				if (strcmp(at0->ai_canonname,
				    at1->ai_canonname) != 0)
					return (false);

			if (at0->ai_canonname == NULL &&
			    at1->ai_canonname != NULL)
					return (false);
			if (at0->ai_canonname != NULL &&
			    at1->ai_canonname == NULL)
					return (false);

			if (at0->ai_next == NULL && at1->ai_next == NULL)
				return (true);
			if (at0->ai_next == NULL || at1->ai_next == NULL)
				return (false);

			at0 = at0->ai_next;
			at1 = at1->ai_next;
		} else
			return (false);
	}

	/* NOTREACHED */
	fprintf(stderr, "Dead code reached in addrinfo_compare()\n");
	exit(1);

}

static bool
hostent_aliases_compare(char **aliases0, char **aliases1)

runtest(cap_channel_t *capdns)
{
	unsigned int result;
	struct addrinfo *ais, *aic, hints, *hintsp;
	struct hostent *hps, *hpc;
	struct in_addr ip4;
	struct in6_addr ip6;

	if (hostent_compare(hps, hpc))
		result |= GETHOSTBYNAME2_AF_INET6;

	hints.ai_flags = 0;
	hints.ai_family = AF_UNSPEC;
	hints.ai_socktype = 0;
	hints.ai_protocol = 0;
	hints.ai_addrlen = 0;
	hints.ai_addr = NULL;
	hints.ai_canonname = NULL;
	hints.ai_next = NULL;

	hintsp = &hints;

	if (getaddrinfo("freebsd.org", "25", hintsp, &ais) != 0)
		fprintf(stderr, "Unable to issue [system] getaddrinfo() for "
		    "AF_UNSPEC: %s\n", gai_strerror(errno));
	if (cap_getaddrinfo(capdns, "freebsd.org", "25", hintsp, &aic) == 0) {
		if (addrinfo_compare(ais, aic))
			result |= GETADDRINFO_AF_UNSPEC;
		freeaddrinfo(ais);
		freeaddrinfo(aic);
	}

	hints.ai_family = AF_INET;
	if (getaddrinfo("freebsd.org", "25", hintsp, &ais) != 0)
		fprintf(stderr, "Unable to issue [system] getaddrinfo() for "
		    "AF_UNSPEC: %s\n", gai_strerror(errno));
	if (cap_getaddrinfo(capdns, "freebsd.org", "25", hintsp, &aic) == 0) {
		if (addrinfo_compare(ais, aic))
			result |= GETADDRINFO_AF_INET;
		freeaddrinfo(ais);
		freeaddrinfo(aic);
	}

	hints.ai_family = AF_INET6;
	if (getaddrinfo("freebsd.org", "25", hintsp, &ais) != 0)
		fprintf(stderr, "Unable to issue [system] getaddrinfo() for "
		    "AF_UNSPEC: %s\n", gai_strerror(errno));
	if (cap_getaddrinfo(capdns, "freebsd.org", "25", hintsp, &aic) == 0) {
		if (addrinfo_compare(ais, aic))
			result |= GETADDRINFO_AF_INET6;
		freeaddrinfo(ais);
		freeaddrinfo(aic);
	}

	/*
	 * 8.8.178.135 is IPv4 address of freefall.freebsd.org
	 * as of 27 October 2013.


	CHECK(runtest(capdns) ==
	    (GETHOSTBYNAME | GETHOSTBYNAME2_AF_INET | GETHOSTBYNAME2_AF_INET6 |
	     GETHOSTBYADDR_AF_INET | GETHOSTBYADDR_AF_INET6 |
	     GETADDRINFO_AF_UNSPEC | GETADDRINFO_AF_INET | GETADDRINFO_AF_INET6));

	/*
	 * Allow:


	CHECK(runtest(capdns) ==
	    (GETHOSTBYNAME | GETHOSTBYNAME2_AF_INET | GETHOSTBYNAME2_AF_INET6 |
	     GETHOSTBYADDR_AF_INET | GETHOSTBYADDR_AF_INET6 |
	     GETADDRINFO_AF_INET | GETADDRINFO_AF_INET6));

	cap_close(capdns);


	CHECK(cap_dns_family_limit(capdns, families, 2) == 0);

	CHECK(runtest(capdns) ==
	    (GETHOSTBYADDR_AF_INET | GETHOSTBYADDR_AF_INET6 |
	    GETADDRINFO_AF_INET | GETADDRINFO_AF_INET6));

	cap_close(capdns);


	    errno == ENOTCAPABLE);

	CHECK(runtest(capdns) ==
	    (GETHOSTBYNAME | GETHOSTBYNAME2_AF_INET | GETHOSTBYADDR_AF_INET |
	    GETADDRINFO_AF_INET));

	cap_close(capdns);


	    errno == ENOTCAPABLE);

	CHECK(runtest(capdns) ==
	    (GETHOSTBYNAME2_AF_INET6 | GETHOSTBYADDR_AF_INET6 |
	    GETADDRINFO_AF_INET6));

	cap_close(capdns);


	CHECK(cap_dns_family_limit(capdns, families, 1) == -1 &&
	    errno == ENOTCAPABLE);

	CHECK(runtest(capdns) == (GETHOSTBYADDR_AF_INET | GETADDRINFO_AF_INET));

	cap_close(capdns);


	CHECK(cap_dns_family_limit(capdns, families, 1) == -1 &&
	    errno == ENOTCAPABLE);

	CHECK(runtest(capdns) == (GETHOSTBYADDR_AF_INET6 |
	    GETADDRINFO_AF_INET6));

	cap_close(capdns);


	    errno == ENOTCAPABLE);

	/* Do the limits still hold? */
	CHECK(runtest(capdns) == (GETHOSTBYADDR_AF_INET6 |
	    GETADDRINFO_AF_INET6));

	cap_close(capdns);

- 

Return to bug 195551

Lines 72-77 static int ntest = 1; Link Here

(-)tools/regression/capsicum/libcapsicum/dns.c (-9 / +112 lines)
72	#define GETHOSTBYNAME2_AF_INET6 0x04	72	#define GETHOSTBYNAME2_AF_INET6 0x04
73	#define GETHOSTBYADDR_AF_INET 0x08	73	#define GETHOSTBYADDR_AF_INET 0x08
74	#define GETHOSTBYADDR_AF_INET6 0x10	74	#define GETHOSTBYADDR_AF_INET6 0x10
		75	#define GETADDRINFO_AF_UNSPEC 0x20
		76	#define GETADDRINFO_AF_INET 0x40
		77	#define GETADDRINFO_AF_INET6 0x80
		78
		79	static bool
		80	addrinfo_compare(struct addrinfo ai0, struct addrinfo ai1)
		81	{
		82	struct addrinfo at0, at1;
		83
		84	if (ai0 == NULL && ai1 == NULL)
		85	return (true);
		86	if (ai0 == NULL \|\| ai1 == NULL)
		87	return (false);
		88
		89	at0 = ai0;
		90	at1 = ai1;
		91	while (true) {
		92	if ((at0->ai_flags == at1->ai_flags) &&
		93	(at0->ai_family == at1->ai_family) &&
		94	(at0->ai_socktype == at1->ai_socktype) &&
		95	(at0->ai_protocol == at1->ai_protocol) &&
		96	(at0->ai_addrlen == at1->ai_addrlen) &&
		97	(memcmp(at0->ai_addr, at1->ai_addr,
		98	at0->ai_addrlen) == 0)) {
		99	if (at0->ai_canonname != NULL &&
		100	at1->ai_canonname != NULL)
		101	if (strcmp(at0->ai_canonname,
		102	at1->ai_canonname) != 0)
		103	return (false);
		104
		105	if (at0->ai_canonname == NULL &&
		106	at1->ai_canonname != NULL)
		107	return (false);
		108	if (at0->ai_canonname != NULL &&
		109	at1->ai_canonname == NULL)
		110	return (false);
		111
		112	if (at0->ai_next == NULL && at1->ai_next == NULL)
		113	return (true);
		114	if (at0->ai_next == NULL \|\| at1->ai_next == NULL)
		115	return (false);
		116
		117	at0 = at0->ai_next;
		118	at1 = at1->ai_next;
		119	} else
		120	return (false);
		121	}
		122
		123	/* NOTREACHED */
		124	fprintf(stderr, "Dead code reached in addrinfo_compare()\n");
		125	exit(1);
		126
		127	}
75		128
76	static bool	129	static bool
77	hostent_aliases_compare(char aliases0, char aliases1)	130	hostent_aliases_compare(char aliases0, char aliases1)
Lines 161-166 static unsigned int Link Here
161	runtest(cap_channel_t *capdns)	214	runtest(cap_channel_t *capdns)
162	{	215	{
163	unsigned int result;	216	unsigned int result;
		217	struct addrinfo ais, aic, hints, *hintsp;
164	struct hostent hps, hpc;	218	struct hostent hps, hpc;
165	struct in_addr ip4;	219	struct in_addr ip4;
166	struct in6_addr ip6;	220	struct in6_addr ip6;
Lines 188-193 runtest(cap_channel_t *capdns) Link Here
188	if (hostent_compare(hps, hpc))	242	if (hostent_compare(hps, hpc))
189	result \|= GETHOSTBYNAME2_AF_INET6;	243	result \|= GETHOSTBYNAME2_AF_INET6;
190		244
		245	hints.ai_flags = 0;
		246	hints.ai_family = AF_UNSPEC;
		247	hints.ai_socktype = 0;
		248	hints.ai_protocol = 0;
		249	hints.ai_addrlen = 0;
		250	hints.ai_addr = NULL;
		251	hints.ai_canonname = NULL;
		252	hints.ai_next = NULL;
		253
		254	hintsp = &hints;
		255
		256	if (getaddrinfo("freebsd.org", "25", hintsp, &ais) != 0)
		257	fprintf(stderr, "Unable to issue [system] getaddrinfo() for "
		258	"AF_UNSPEC: %s\n", gai_strerror(errno));
		259	if (cap_getaddrinfo(capdns, "freebsd.org", "25", hintsp, &aic) == 0) {
		260	if (addrinfo_compare(ais, aic))
		261	result \|= GETADDRINFO_AF_UNSPEC;
		262	freeaddrinfo(ais);
		263	freeaddrinfo(aic);
		264	}
		265
		266	hints.ai_family = AF_INET;
		267	if (getaddrinfo("freebsd.org", "25", hintsp, &ais) != 0)
		268	fprintf(stderr, "Unable to issue [system] getaddrinfo() for "
		269	"AF_UNSPEC: %s\n", gai_strerror(errno));
		270	if (cap_getaddrinfo(capdns, "freebsd.org", "25", hintsp, &aic) == 0) {
		271	if (addrinfo_compare(ais, aic))
		272	result \|= GETADDRINFO_AF_INET;
		273	freeaddrinfo(ais);
		274	freeaddrinfo(aic);
		275	}
		276
		277	hints.ai_family = AF_INET6;
		278	if (getaddrinfo("freebsd.org", "25", hintsp, &ais) != 0)
		279	fprintf(stderr, "Unable to issue [system] getaddrinfo() for "
		280	"AF_UNSPEC: %s\n", gai_strerror(errno));
		281	if (cap_getaddrinfo(capdns, "freebsd.org", "25", hintsp, &aic) == 0) {
		282	if (addrinfo_compare(ais, aic))
		283	result \|= GETADDRINFO_AF_INET6;
		284	freeaddrinfo(ais);
		285	freeaddrinfo(aic);
		286	}
		287
191	/*	288	/*
192	* 8.8.178.135 is IPv4 address of freefall.freebsd.org	289	* 8.8.178.135 is IPv4 address of freefall.freebsd.org
193	* as of 27 October 2013.	290	* as of 27 October 2013.
Lines 238-244 main(void) Link Here
238		335
239	CHECK(runtest(capdns) ==	336	CHECK(runtest(capdns) ==
240	(GETHOSTBYNAME \| GETHOSTBYNAME2_AF_INET \| GETHOSTBYNAME2_AF_INET6 \|	337	(GETHOSTBYNAME \| GETHOSTBYNAME2_AF_INET \| GETHOSTBYNAME2_AF_INET6 \|
241	GETHOSTBYADDR_AF_INET \| GETHOSTBYADDR_AF_INET6));	338	GETHOSTBYADDR_AF_INET \| GETHOSTBYADDR_AF_INET6 \|
		339	GETADDRINFO_AF_UNSPEC \| GETADDRINFO_AF_INET \| GETADDRINFO_AF_INET6));
242		340
243	/*	341	/*
244	* Allow:	342	* Allow:
Lines 258-264 main(void) Link Here
258		356
259	CHECK(runtest(capdns) ==	357	CHECK(runtest(capdns) ==
260	(GETHOSTBYNAME \| GETHOSTBYNAME2_AF_INET \| GETHOSTBYNAME2_AF_INET6 \|	358	(GETHOSTBYNAME \| GETHOSTBYNAME2_AF_INET \| GETHOSTBYNAME2_AF_INET6 \|
261	GETHOSTBYADDR_AF_INET \| GETHOSTBYADDR_AF_INET6));	359	GETHOSTBYADDR_AF_INET \| GETHOSTBYADDR_AF_INET6 \|
		360	GETADDRINFO_AF_INET \| GETADDRINFO_AF_INET6));
262		361
263	cap_close(capdns);	362	cap_close(capdns);
264		363
Lines 310-316 main(void) Link Here
310	CHECK(cap_dns_family_limit(capdns, families, 2) == 0);	409	CHECK(cap_dns_family_limit(capdns, families, 2) == 0);
311		410
312	CHECK(runtest(capdns) ==	411	CHECK(runtest(capdns) ==
313	(GETHOSTBYADDR_AF_INET \| GETHOSTBYADDR_AF_INET6));	412	(GETHOSTBYADDR_AF_INET \| GETHOSTBYADDR_AF_INET6 \|
		413	GETADDRINFO_AF_INET \| GETADDRINFO_AF_INET6));
314		414
315	cap_close(capdns);	415	cap_close(capdns);
316		416
Lines 336-342 main(void) Link Here
336	errno == ENOTCAPABLE);	436	errno == ENOTCAPABLE);
337		437
338	CHECK(runtest(capdns) ==	438	CHECK(runtest(capdns) ==
339	(GETHOSTBYNAME \| GETHOSTBYNAME2_AF_INET \| GETHOSTBYADDR_AF_INET));	439	(GETHOSTBYNAME \| GETHOSTBYNAME2_AF_INET \| GETHOSTBYADDR_AF_INET \|
		440	GETADDRINFO_AF_INET));
340		441
341	cap_close(capdns);	442	cap_close(capdns);
342		443
Lines 362-368 main(void) Link Here
362	errno == ENOTCAPABLE);	463	errno == ENOTCAPABLE);
363		464
364	CHECK(runtest(capdns) ==	465	CHECK(runtest(capdns) ==
365	(GETHOSTBYNAME2_AF_INET6 \| GETHOSTBYADDR_AF_INET6));	466	(GETHOSTBYNAME2_AF_INET6 \| GETHOSTBYADDR_AF_INET6 \|
		467	GETADDRINFO_AF_INET6));
366		468
367	cap_close(capdns);	469	cap_close(capdns);
368		470
Lines 472-478 main(void) Link Here
472	CHECK(cap_dns_family_limit(capdns, families, 1) == -1 &&	574	CHECK(cap_dns_family_limit(capdns, families, 1) == -1 &&
473	errno == ENOTCAPABLE);	575	errno == ENOTCAPABLE);
474		576
475	CHECK(runtest(capdns) == GETHOSTBYADDR_AF_INET);	577	CHECK(runtest(capdns) == (GETHOSTBYADDR_AF_INET \| GETADDRINFO_AF_INET));
476		578
477	cap_close(capdns);	579	cap_close(capdns);
478		580
Lines 508-514 main(void) Link Here
508	CHECK(cap_dns_family_limit(capdns, families, 1) == -1 &&	610	CHECK(cap_dns_family_limit(capdns, families, 1) == -1 &&
509	errno == ENOTCAPABLE);	611	errno == ENOTCAPABLE);
510		612
511	CHECK(runtest(capdns) == GETHOSTBYADDR_AF_INET6);	613	CHECK(runtest(capdns) == (GETHOSTBYADDR_AF_INET6 \|
		614	GETADDRINFO_AF_INET6));
512		615
513	cap_close(capdns);	616	cap_close(capdns);
514		617
Lines 578-584 main(void) Link Here
578	errno == ENOTCAPABLE);	681	errno == ENOTCAPABLE);
579		682
580	/* Do the limits still hold? */	683	/* Do the limits still hold? */
581	CHECK(runtest(capdns) == GETHOSTBYADDR_AF_INET6);	684	CHECK(runtest(capdns) == (GETHOSTBYADDR_AF_INET6 \|
		685	GETADDRINFO_AF_INET6));
582		686
583	cap_close(capdns);	687	cap_close(capdns);
584		688
585	-