FreeBSD Bugzilla – Attachment 150064 Details for
Bug 195551
[patch] cap_getaddrinfo() doesn't work
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch
0001-Fix-cap_getaddrinfo-and-add-regression-test-case.patch.txt (text/plain), 7.80 KB, created by
mp39590
on 2014-12-01 11:53:44 UTC
(
hide
)
Description:
patch
Filename:
MIME Type:
Creator:
mp39590
Created:
2014-12-01 11:53:44 UTC
Size:
7.80 KB
patch
obsolete
>From 476605c9fd28dec54cb607ab27409db9d6266c31 Mon Sep 17 00:00:00 2001 >From: Mikhail <mp39590@gmail.com> >Date: Sat, 22 Nov 2014 20:04:12 +0300 >Subject: [PATCH] Fix cap_getaddrinfo() and add regression test case > >--- > lib/libcapsicum/libcapsicum_dns.c | 4 +- > libexec/casper/dns/dns.c | 4 +- > tools/regression/capsicum/libcapsicum/dns.c | 120 ++++++++++++++++++++++++++-- > 3 files changed, 117 insertions(+), 11 deletions(-) > >diff --git lib/libcapsicum/libcapsicum_dns.c lib/libcapsicum/libcapsicum_dns.c >index 113f8dc..d6b4a06 100644 >--- lib/libcapsicum/libcapsicum_dns.c >+++ lib/libcapsicum/libcapsicum_dns.c >@@ -184,8 +184,8 @@ addrinfo_unpack(const nvlist_t *nvl) > ai->ai_socktype = (int)nvlist_get_number(nvl, "ai_socktype"); > ai->ai_protocol = (int)nvlist_get_number(nvl, "ai_protocol"); > ai->ai_addrlen = (socklen_t)addrlen; >- canonname = nvlist_get_string(nvl, "ai_canonname"); >- if (canonname != NULL) { >+ if (nvlist_exists_string(nvl, "ai_canonname")) { >+ canonname = nvlist_get_string(nvl, "ai_canonname"); > ai->ai_canonname = strdup(canonname); > if (ai->ai_canonname == NULL) { > free(ai); >diff --git libexec/casper/dns/dns.c libexec/casper/dns/dns.c >index 6be022a..08f7560 100644 >--- libexec/casper/dns/dns.c >+++ libexec/casper/dns/dns.c >@@ -259,7 +259,8 @@ addrinfo_pack(const struct addrinfo *ai) > nvlist_add_number(nvl, "ai_socktype", (uint64_t)ai->ai_socktype); > nvlist_add_number(nvl, "ai_protocol", (uint64_t)ai->ai_protocol); > nvlist_add_binary(nvl, "ai_addr", ai->ai_addr, (size_t)ai->ai_addrlen); >- nvlist_add_string(nvl, "ai_canonname", ai->ai_canonname); >+ if (ai->ai_canonname != NULL) >+ nvlist_add_string(nvl, "ai_canonname", ai->ai_canonname); > > return (nvl); > } >@@ -292,6 +293,7 @@ dns_getaddrinfo(const nvlist_t *limits, const nvlist_t *nvlin, nvlist_t *nvlout) > hints.ai_addrlen = 0; > hints.ai_addr = NULL; > hints.ai_canonname = NULL; >+ hints.ai_next = NULL; > hintsp = &hints; > family = hints.ai_family; > } else { >diff --git tools/regression/capsicum/libcapsicum/dns.c tools/regression/capsicum/libcapsicum/dns.c >index 4426bf3..a133366 100644 >--- tools/regression/capsicum/libcapsicum/dns.c >+++ tools/regression/capsicum/libcapsicum/dns.c >@@ -72,6 +72,59 @@ static int ntest = 1; > #define GETHOSTBYNAME2_AF_INET6 0x04 > #define GETHOSTBYADDR_AF_INET 0x08 > #define GETHOSTBYADDR_AF_INET6 0x10 >+#define GETADDRINFO_AF_UNSPEC 0x20 >+#define GETADDRINFO_AF_INET 0x40 >+#define GETADDRINFO_AF_INET6 0x80 >+ >+static bool >+addrinfo_compare(struct addrinfo *ai0, struct addrinfo *ai1) >+{ >+ struct addrinfo *at0, *at1; >+ >+ if (ai0 == NULL && ai1 == NULL) >+ return (true); >+ if (ai0 == NULL || ai1 == NULL) >+ return (false); >+ >+ at0 = ai0; >+ at1 = ai1; >+ while (true) { >+ if ((at0->ai_flags == at1->ai_flags) && >+ (at0->ai_family == at1->ai_family) && >+ (at0->ai_socktype == at1->ai_socktype) && >+ (at0->ai_protocol == at1->ai_protocol) && >+ (at0->ai_addrlen == at1->ai_addrlen) && >+ (memcmp(at0->ai_addr, at1->ai_addr, >+ at0->ai_addrlen) == 0)) { >+ if (at0->ai_canonname != NULL && >+ at1->ai_canonname != NULL) >+ if (strcmp(at0->ai_canonname, >+ at1->ai_canonname) != 0) >+ return (false); >+ >+ if (at0->ai_canonname == NULL && >+ at1->ai_canonname != NULL) >+ return (false); >+ if (at0->ai_canonname != NULL && >+ at1->ai_canonname == NULL) >+ return (false); >+ >+ if (at0->ai_next == NULL && at1->ai_next == NULL) >+ return (true); >+ if (at0->ai_next == NULL || at1->ai_next == NULL) >+ return (false); >+ >+ at0 = at0->ai_next; >+ at1 = at1->ai_next; >+ } else >+ return (false); >+ } >+ >+ /* NOTREACHED */ >+ fprintf(stderr, "Dead code reached in addrinfo_compare()\n"); >+ exit(1); >+ >+} > > static bool > hostent_aliases_compare(char **aliases0, char **aliases1) >@@ -161,6 +214,7 @@ static unsigned int > runtest(cap_channel_t *capdns) > { > unsigned int result; >+ struct addrinfo *ais, *aic, hints, *hintsp; > struct hostent *hps, *hpc; > struct in_addr ip4; > struct in6_addr ip6; >@@ -188,6 +242,49 @@ runtest(cap_channel_t *capdns) > if (hostent_compare(hps, hpc)) > result |= GETHOSTBYNAME2_AF_INET6; > >+ hints.ai_flags = 0; >+ hints.ai_family = AF_UNSPEC; >+ hints.ai_socktype = 0; >+ hints.ai_protocol = 0; >+ hints.ai_addrlen = 0; >+ hints.ai_addr = NULL; >+ hints.ai_canonname = NULL; >+ hints.ai_next = NULL; >+ >+ hintsp = &hints; >+ >+ if (getaddrinfo("freebsd.org", "25", hintsp, &ais) != 0) >+ fprintf(stderr, "Unable to issue [system] getaddrinfo() for " >+ "AF_UNSPEC: %s\n", gai_strerror(errno)); >+ if (cap_getaddrinfo(capdns, "freebsd.org", "25", hintsp, &aic) == 0) { >+ if (addrinfo_compare(ais, aic)) >+ result |= GETADDRINFO_AF_UNSPEC; >+ freeaddrinfo(ais); >+ freeaddrinfo(aic); >+ } >+ >+ hints.ai_family = AF_INET; >+ if (getaddrinfo("freebsd.org", "25", hintsp, &ais) != 0) >+ fprintf(stderr, "Unable to issue [system] getaddrinfo() for " >+ "AF_UNSPEC: %s\n", gai_strerror(errno)); >+ if (cap_getaddrinfo(capdns, "freebsd.org", "25", hintsp, &aic) == 0) { >+ if (addrinfo_compare(ais, aic)) >+ result |= GETADDRINFO_AF_INET; >+ freeaddrinfo(ais); >+ freeaddrinfo(aic); >+ } >+ >+ hints.ai_family = AF_INET6; >+ if (getaddrinfo("freebsd.org", "25", hintsp, &ais) != 0) >+ fprintf(stderr, "Unable to issue [system] getaddrinfo() for " >+ "AF_UNSPEC: %s\n", gai_strerror(errno)); >+ if (cap_getaddrinfo(capdns, "freebsd.org", "25", hintsp, &aic) == 0) { >+ if (addrinfo_compare(ais, aic)) >+ result |= GETADDRINFO_AF_INET6; >+ freeaddrinfo(ais); >+ freeaddrinfo(aic); >+ } >+ > /* > * 8.8.178.135 is IPv4 address of freefall.freebsd.org > * as of 27 October 2013. >@@ -238,7 +335,8 @@ main(void) > > CHECK(runtest(capdns) == > (GETHOSTBYNAME | GETHOSTBYNAME2_AF_INET | GETHOSTBYNAME2_AF_INET6 | >- GETHOSTBYADDR_AF_INET | GETHOSTBYADDR_AF_INET6)); >+ GETHOSTBYADDR_AF_INET | GETHOSTBYADDR_AF_INET6 | >+ GETADDRINFO_AF_UNSPEC | GETADDRINFO_AF_INET | GETADDRINFO_AF_INET6)); > > /* > * Allow: >@@ -258,7 +356,8 @@ main(void) > > CHECK(runtest(capdns) == > (GETHOSTBYNAME | GETHOSTBYNAME2_AF_INET | GETHOSTBYNAME2_AF_INET6 | >- GETHOSTBYADDR_AF_INET | GETHOSTBYADDR_AF_INET6)); >+ GETHOSTBYADDR_AF_INET | GETHOSTBYADDR_AF_INET6 | >+ GETADDRINFO_AF_INET | GETADDRINFO_AF_INET6)); > > cap_close(capdns); > >@@ -310,7 +409,8 @@ main(void) > CHECK(cap_dns_family_limit(capdns, families, 2) == 0); > > CHECK(runtest(capdns) == >- (GETHOSTBYADDR_AF_INET | GETHOSTBYADDR_AF_INET6)); >+ (GETHOSTBYADDR_AF_INET | GETHOSTBYADDR_AF_INET6 | >+ GETADDRINFO_AF_INET | GETADDRINFO_AF_INET6)); > > cap_close(capdns); > >@@ -336,7 +436,8 @@ main(void) > errno == ENOTCAPABLE); > > CHECK(runtest(capdns) == >- (GETHOSTBYNAME | GETHOSTBYNAME2_AF_INET | GETHOSTBYADDR_AF_INET)); >+ (GETHOSTBYNAME | GETHOSTBYNAME2_AF_INET | GETHOSTBYADDR_AF_INET | >+ GETADDRINFO_AF_INET)); > > cap_close(capdns); > >@@ -362,7 +463,8 @@ main(void) > errno == ENOTCAPABLE); > > CHECK(runtest(capdns) == >- (GETHOSTBYNAME2_AF_INET6 | GETHOSTBYADDR_AF_INET6)); >+ (GETHOSTBYNAME2_AF_INET6 | GETHOSTBYADDR_AF_INET6 | >+ GETADDRINFO_AF_INET6)); > > cap_close(capdns); > >@@ -472,7 +574,7 @@ main(void) > CHECK(cap_dns_family_limit(capdns, families, 1) == -1 && > errno == ENOTCAPABLE); > >- CHECK(runtest(capdns) == GETHOSTBYADDR_AF_INET); >+ CHECK(runtest(capdns) == (GETHOSTBYADDR_AF_INET | GETADDRINFO_AF_INET)); > > cap_close(capdns); > >@@ -508,7 +610,8 @@ main(void) > CHECK(cap_dns_family_limit(capdns, families, 1) == -1 && > errno == ENOTCAPABLE); > >- CHECK(runtest(capdns) == GETHOSTBYADDR_AF_INET6); >+ CHECK(runtest(capdns) == (GETHOSTBYADDR_AF_INET6 | >+ GETADDRINFO_AF_INET6)); > > cap_close(capdns); > >@@ -578,7 +681,8 @@ main(void) > errno == ENOTCAPABLE); > > /* Do the limits still hold? */ >- CHECK(runtest(capdns) == GETHOSTBYADDR_AF_INET6); >+ CHECK(runtest(capdns) == (GETHOSTBYADDR_AF_INET6 | >+ GETADDRINFO_AF_INET6)); > > cap_close(capdns); > >-- >2.1.2 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=150064">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 195551
: 150064