1/* Copyright (C) 2016-2018 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3
4 The GNU C Library is free software; you can redistribute it and/or
5 modify it under the terms of the GNU Lesser General Public
6 License as published by the Free Software Foundation; either
7 version 2.1 of the License, or (at your option) any later version.
8
9 The GNU C Library is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 Lesser General Public License for more details.
13
14 You should have received a copy of the GNU Lesser General Public
15 License along with the GNU C Library; if not, see
16 <http://www.gnu.org/licenses/>. */
17
18/*
19 * Copyright (c) 1985, 1989, 1993
20 * The Regents of the University of California. All rights reserved.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the above copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 4. Neither the name of the University nor the names of its contributors
31 * may be used to endorse or promote products derived from this software
32 * without specific prior written permission.
33 *
34 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
35 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
36 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
37 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
38 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
39 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
40 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
41 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
42 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
43 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
44 * SUCH DAMAGE.
45 */
46
47/*
48 * Portions Copyright (c) 1993 by Digital Equipment Corporation.
49 *
50 * Permission to use, copy, modify, and distribute this software for any
51 * purpose with or without fee is hereby granted, provided that the above
52 * copyright notice and this permission notice appear in all copies, and that
53 * the name of Digital Equipment Corporation not be used in advertising or
54 * publicity pertaining to distribution of the document or software without
55 * specific, written prior permission.
56 *
57 * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
58 * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
59 * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
60 * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
61 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
62 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
63 * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
64 * SOFTWARE.
65 */
66
67/*
68 * Portions Copyright (c) 1996-1999 by Internet Software Consortium.
69 *
70 * Permission to use, copy, modify, and distribute this software for any
71 * purpose with or without fee is hereby granted, provided that the above
72 * copyright notice and this permission notice appear in all copies.
73 *
74 * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
75 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
76 * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
77 * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
78 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
79 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
80 * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
81 * SOFTWARE.
82 */
83
84/*
85 * Send query to name server and wait for reply.
86 */
87
88#include <assert.h>
89#include <sys/types.h>
90#include <sys/param.h>
91#include <sys/time.h>
92#include <sys/socket.h>
93#include <sys/uio.h>
94#include <sys/poll.h>
95
96#include <netinet/in.h>
97#include <arpa/nameser.h>
98#include <arpa/inet.h>
99#include <sys/ioctl.h>
100
101#include <errno.h>
102#include <fcntl.h>
103#include <netdb.h>
104#include <resolv/resolv-internal.h>
105#include <resolv/resolv_context.h>
106#include <signal.h>
107#include <stdlib.h>
108#include <string.h>
109#include <unistd.h>
110#include <kernel-features.h>
111#include <libc-diag.h>
112#include <hp-timing.h>
113
114#if PACKETSZ > 65536
115#define MAXPACKET PACKETSZ
116#else
117#define MAXPACKET 65536
118#endif
119
120/* From ev_streams.c. */
121
122static inline void
123__attribute ((always_inline))
124evConsIovec(void *buf, size_t cnt, struct iovec *vec) {
125 memset(vec, 0xf5, sizeof (*vec));
126 vec->iov_base = buf;
127 vec->iov_len = cnt;
128}
129
130/* From ev_timers.c. */
131
132#define BILLION 1000000000
133
134static inline void
135evConsTime(struct timespec *res, time_t sec, long nsec) {
136 res->tv_sec = sec;
137 res->tv_nsec = nsec;
138}
139
140static inline void
141evAddTime(struct timespec *res, const struct timespec *addend1,
142 const struct timespec *addend2) {
143 res->tv_sec = addend1->tv_sec + addend2->tv_sec;
144 res->tv_nsec = addend1->tv_nsec + addend2->tv_nsec;
145 if (res->tv_nsec >= BILLION) {
146 res->tv_sec++;
147 res->tv_nsec -= BILLION;
148 }
149}
150
151static inline void
152evSubTime(struct timespec *res, const struct timespec *minuend,
153 const struct timespec *subtrahend) {
154 res->tv_sec = minuend->tv_sec - subtrahend->tv_sec;
155 if (minuend->tv_nsec >= subtrahend->tv_nsec)
156 res->tv_nsec = minuend->tv_nsec - subtrahend->tv_nsec;
157 else {
158 res->tv_nsec = (BILLION
159 - subtrahend->tv_nsec + minuend->tv_nsec);
160 res->tv_sec--;
161 }
162}
163
164static int
165evCmpTime(struct timespec a, struct timespec b) {
166 long x = a.tv_sec - b.tv_sec;
167
168 if (x == 0L)
169 x = a.tv_nsec - b.tv_nsec;
170 return (x < 0L ? (-1) : x > 0L ? (1) : (0));
171}
172
173static void
174evNowTime(struct timespec *res) {
175 struct timeval now;
176
177 if (gettimeofday(&now, NULL) < 0)
178 evConsTime(res, 0, 0);
179 else
180 TIMEVAL_TO_TIMESPEC (&now, res);
181}
182
183
184#define EXT(res) ((res)->_u._ext)
185
186/* Forward. */
187
188static struct sockaddr *get_nsaddr (res_state, unsigned int);
189static int send_vc(res_state, const u_char *, int,
190 const u_char *, int,
191 u_char **, int *, int *, int, u_char **,
192 u_char **, int *, int *, int *);
193static int send_dg(res_state, const u_char *, int,
194 const u_char *, int,
195 u_char **, int *, int *, int,
196 int *, int *, u_char **,
197 u_char **, int *, int *, int *);
198static int sock_eq(struct sockaddr_in6 *, struct sockaddr_in6 *);
199
200/* Public. */
201
202/* int
203 * res_isourserver(ina)
204 * looks up "ina" in _res.ns_addr_list[]
205 * returns:
206 * 0 : not found
207 * >0 : found
208 * author:
209 * paul vixie, 29may94
210 */
211int
212res_ourserver_p(const res_state statp, const struct sockaddr_in6 *inp)
213{
214 int ns;
215
216 if (inp->sin6_family == AF_INET) {
217 struct sockaddr_in *in4p = (struct sockaddr_in *) inp;
218 in_port_t port = in4p->sin_port;
219 in_addr_t addr = in4p->sin_addr.s_addr;
220
221 for (ns = 0; ns < statp->nscount; ns++) {
222 const struct sockaddr_in *srv =
223 (struct sockaddr_in *) get_nsaddr (statp, ns);
224
225 if ((srv->sin_family == AF_INET) &&
226 (srv->sin_port == port) &&
227 (srv->sin_addr.s_addr == INADDR_ANY ||
228 srv->sin_addr.s_addr == addr))
229 return (1);
230 }
231 } else if (inp->sin6_family == AF_INET6) {
232 for (ns = 0; ns < statp->nscount; ns++) {
233 const struct sockaddr_in6 *srv
234 = (struct sockaddr_in6 *) get_nsaddr (statp, ns);
235 if ((srv->sin6_family == AF_INET6) &&
236 (srv->sin6_port == inp->sin6_port) &&
237 !(memcmp(&srv->sin6_addr, &in6addr_any,
238 sizeof (struct in6_addr)) &&
239 memcmp(&srv->sin6_addr, &inp->sin6_addr,
240 sizeof (struct in6_addr))))
241 return (1);
242 }
243 }
244 return (0);
245}
246
247int
248res_isourserver (const struct sockaddr_in *inp)
249{
250 return res_ourserver_p (&_res, (const struct sockaddr_in6 *) inp);
251}
252
253/* int
254 * res_nameinquery(name, type, class, buf, eom)
255 * look for (name,type,class) in the query section of packet (buf,eom)
256 * requires:
257 * buf + HFIXEDSZ <= eom
258 * returns:
259 * -1 : format error
260 * 0 : not found
261 * >0 : found
262 * author:
263 * paul vixie, 29may94
264 */
265int
266res_nameinquery(const char *name, int type, int class,
267 const u_char *buf, const u_char *eom)
268{
269 const u_char *cp = buf + HFIXEDSZ;
270 int qdcount = ntohs(((HEADER*)buf)->qdcount);
271
272 while (qdcount-- > 0) {
273 char tname[MAXDNAME+1];
274 int n, ttype, tclass;
275
276 n = dn_expand(buf, eom, cp, tname, sizeof tname);
277 if (n < 0)
278 return (-1);
279 cp += n;
280 if (cp + 2 * INT16SZ > eom)
281 return (-1);
282 NS_GET16(ttype, cp);
283 NS_GET16(tclass, cp);
284 if (ttype == type && tclass == class &&
285 ns_samename(tname, name) == 1)
286 return (1);
287 }
288 return (0);
289}
290libresolv_hidden_def (res_nameinquery)
291
292/* Returns a shift value for the name server index. Used to implement
293 RES_ROTATE. */
294static unsigned int
295nameserver_offset (struct __res_state *statp)
296{
297 /* If we only have one name server or rotation is disabled, return
298 offset 0 (no rotation). */
299 unsigned int nscount = statp->nscount;
300 if (nscount <= 1 || !(statp->options & RES_ROTATE))
301 return 0;
302
303 /* Global offset. The lowest bit indicates whether the offset has
304 been initialized with a random value. Use relaxed MO to access
305 global_offset because all we need is a sequence of roughly
306 sequential value. */
307 static unsigned int global_offset;
308 unsigned int offset = atomic_fetch_add_relaxed (&global_offset, 2);
309 if ((offset & 1) == 0)
310 {
311 /* Initialization is required. */
312#if HP_TIMING_AVAIL
313 uint64_t ticks;
314 HP_TIMING_NOW (ticks);
315 offset = ticks;
316#else
317 struct timeval tv;
318 __gettimeofday (&tv, NULL);
319 offset = ((tv.tv_sec << 8) ^ tv.tv_usec);
320#endif
321 /* The lowest bit is the most random. Preserve it. */
322 offset <<= 1;
323
324 /* Store the new starting value. atomic_fetch_add_relaxed
325 returns the old value, so emulate that by storing the new
326 (incremented) value. Concurrent initialization with
327 different random values is harmless. */
328 atomic_store_relaxed (&global_offset, (offset | 1) + 2);
329 }
330
331 /* Remove the initialization bit. */
332 offset >>= 1;
333
334 /* Avoid the division in the most common cases. */
335 switch (nscount)
336 {
337 case 2:
338 return offset & 1;
339 case 3:
340 return offset % 3;
341 case 4:
342 return offset & 3;
343 default:
344 return offset % nscount;
345 }
346}
347
348/* int
349 * res_queriesmatch(buf1, eom1, buf2, eom2)
350 * is there a 1:1 mapping of (name,type,class)
351 * in (buf1,eom1) and (buf2,eom2)?
352 * returns:
353 * -1 : format error
354 * 0 : not a 1:1 mapping
355 * >0 : is a 1:1 mapping
356 * author:
357 * paul vixie, 29may94
358 */
359int
360res_queriesmatch(const u_char *buf1, const u_char *eom1,
361 const u_char *buf2, const u_char *eom2)
362{
363 if (buf1 + HFIXEDSZ > eom1 || buf2 + HFIXEDSZ > eom2)
364 return (-1);
365
366 /*
367 * Only header section present in replies to
368 * dynamic update packets.
369 */
370 if ((((HEADER *)buf1)->opcode == ns_o_update) &&
371 (((HEADER *)buf2)->opcode == ns_o_update))
372 return (1);
373
374 /* Note that we initially do not convert QDCOUNT to the host byte
375 order. We can compare it with the second buffer's QDCOUNT
376 value without doing this. */
377 int qdcount = ((HEADER*)buf1)->qdcount;
378 if (qdcount != ((HEADER*)buf2)->qdcount)
379 return (0);
380
381 qdcount = htons (qdcount);
382 const u_char *cp = buf1 + HFIXEDSZ;
383
384 while (qdcount-- > 0) {
385 char tname[MAXDNAME+1];
386 int n, ttype, tclass;
387
388 n = dn_expand(buf1, eom1, cp, tname, sizeof tname);
389 if (n < 0)
390 return (-1);
391 cp += n;
392 if (cp + 2 * INT16SZ > eom1)
393 return (-1);
394 NS_GET16(ttype, cp);
395 NS_GET16(tclass, cp);
396 if (!res_nameinquery(tname, ttype, tclass, buf2, eom2))
397 return (0);
398 }
399 return (1);
400}
401libresolv_hidden_def (res_queriesmatch)
402
403int
404__res_context_send (struct resolv_context *ctx,
405 const unsigned char *buf, int buflen,
406 const unsigned char *buf2, int buflen2,
407 unsigned char *ans, int anssiz,
408 unsigned char **ansp, unsigned char **ansp2,
409 int *nansp2, int *resplen2, int *ansp2_malloced)
410{
411 struct __res_state *statp = ctx->resp;
412 int gotsomewhere, terrno, try, v_circuit, resplen, n;
413
414 if (statp->nscount == 0) {
415 __set_errno (ESRCH);
416 return (-1);
417 }
418
419 if (anssiz < (buf2 == NULL ? 1 : 2) * HFIXEDSZ) {
420 __set_errno (EINVAL);
421 return (-1);
422 }
423
424 v_circuit = ((statp->options & RES_USEVC)
425 || buflen > PACKETSZ
426 || buflen2 > PACKETSZ);
427 gotsomewhere = 0;
428 terrno = ETIMEDOUT;
429
430 /*
431 * If the ns_addr_list in the resolver context has changed, then
432 * invalidate our cached copy and the associated timing data.
433 */
434 if (EXT(statp).nscount != 0) {
435 int needclose = 0;
436
437 if (EXT(statp).nscount != statp->nscount)
438 needclose++;
439 else
440 for (unsigned int ns = 0; ns < statp->nscount; ns++) {
441 if (statp->nsaddr_list[ns].sin_family != 0
442 && !sock_eq((struct sockaddr_in6 *)
443 &statp->nsaddr_list[ns],
444 EXT(statp).nsaddrs[ns]))
445 {
446 needclose++;
447 break;
448 }
449 }
450 if (needclose) {
451 __res_iclose(statp, false);
452 EXT(statp).nscount = 0;
453 }
454 }
455
456 /*
457 * Maybe initialize our private copy of the ns_addr_list.
458 */
459 if (EXT(statp).nscount == 0) {
460 for (unsigned int ns = 0; ns < statp->nscount; ns++) {
461 EXT(statp).nssocks[ns] = -1;
462 if (statp->nsaddr_list[ns].sin_family == 0)
463 continue;
464 if (EXT(statp).nsaddrs[ns] == NULL)
465 EXT(statp).nsaddrs[ns] =
466 malloc(sizeof (struct sockaddr_in6));
467 if (EXT(statp).nsaddrs[ns] != NULL)
468 memset (mempcpy(EXT(statp).nsaddrs[ns],
469 &statp->nsaddr_list[ns],
470 sizeof (struct sockaddr_in)),
471 '\0',
472 sizeof (struct sockaddr_in6)
473 - sizeof (struct sockaddr_in));
474 else
475 return -1;
476 }
477 EXT(statp).nscount = statp->nscount;
478 }
479
480 /* Name server index offset. Used to implement
481 RES_ROTATE. */
482 unsigned int ns_offset = nameserver_offset (statp);
483
484 /*
485 * Send request, RETRY times, or until successful.
486 */
487 for (try = 0; try < statp->retry; try++) {
488 for (unsigned ns_shift = 0; ns_shift < statp->nscount; ns_shift++)
489 {
490 /* The actual name server index. This implements
491 RES_ROTATE. */
492 unsigned int ns = ns_shift + ns_offset;
493 if (ns >= statp->nscount)
494 ns -= statp->nscount;
495
496 same_ns:
497 if (__glibc_unlikely (v_circuit)) {
498 /* Use VC; at most one attempt per server. */
499 try = statp->retry;
500 n = send_vc(statp, buf, buflen, buf2, buflen2,
501 &ans, &anssiz, &terrno,
502 ns, ansp, ansp2, nansp2, resplen2,
503 ansp2_malloced);
504 if (n < 0)
505 return (-1);
506 if (n == 0 && (buf2 == NULL || *resplen2 == 0))
507 goto next_ns;
508 } else {
509 /* Use datagrams. */
510 n = send_dg(statp, buf, buflen, buf2, buflen2,
511 &ans, &anssiz, &terrno,
512 ns, &v_circuit, &gotsomewhere, ansp,
513 ansp2, nansp2, resplen2, ansp2_malloced);
514 if (n < 0)
515 return (-1);
516 if (n == 0 && (buf2 == NULL || *resplen2 == 0))
517 goto next_ns;
518 if (v_circuit)
519 // XXX Check whether both requests failed or
520 // XXX whether one has been answered successfully
521 goto same_ns;
522 }
523
524 resplen = n;
525
526 /*
527 * If we have temporarily opened a virtual circuit,
528 * or if we haven't been asked to keep a socket open,
529 * close the socket.
530 */
531 if ((v_circuit && (statp->options & RES_USEVC) == 0) ||
532 (statp->options & RES_STAYOPEN) == 0) {
533 __res_iclose(statp, false);
534 }
535 return (resplen);
536 next_ns: ;
537 } /*foreach ns*/
538 } /*foreach retry*/
539 __res_iclose(statp, false);
540 if (!v_circuit) {
541 if (!gotsomewhere)
542 __set_errno (ECONNREFUSED); /* no nameservers found */
543 else
544 __set_errno (ETIMEDOUT); /* no answer obtained */
545 } else
546 __set_errno (terrno);
547 return (-1);
548}
549
550/* Common part of res_nsend and res_send. */
551static int
552context_send_common (struct resolv_context *ctx,
553 const unsigned char *buf, int buflen,
554 unsigned char *ans, int anssiz)
555{
556 if (ctx == NULL)
557 {
558 RES_SET_H_ERRNO (&_res, NETDB_INTERNAL);
559 return -1;
560 }
561 int result = __res_context_send (ctx, buf, buflen, NULL, 0, ans, anssiz,
562 NULL, NULL, NULL, NULL, NULL);
563 __resolv_context_put (ctx);
564 return result;
565}
566
567int
568res_nsend (res_state statp, const unsigned char *buf, int buflen,
569 unsigned char *ans, int anssiz)
570{
571 return context_send_common
572 (__resolv_context_get_override (statp), buf, buflen, ans, anssiz);
573}
574
575int
576res_send (const unsigned char *buf, int buflen, unsigned char *ans, int anssiz)
577{
578 return context_send_common
579 (__resolv_context_get (), buf, buflen, ans, anssiz);
580}
581
582/* Private */
583
584static struct sockaddr *
585get_nsaddr (res_state statp, unsigned int n)
586{
587 assert (n < statp->nscount);
588
589 if (statp->nsaddr_list[n].sin_family == 0 && EXT(statp).nsaddrs[n] != NULL)
590 /* EXT(statp).nsaddrs[n] holds an address that is larger than
591 struct sockaddr, and user code did not update
592 statp->nsaddr_list[n]. */
593 return (struct sockaddr *) EXT(statp).nsaddrs[n];
594 else
595 /* User code updated statp->nsaddr_list[n], or statp->nsaddr_list[n]
596 has the same content as EXT(statp).nsaddrs[n]. */
597 return (struct sockaddr *) (void *) &statp->nsaddr_list[n];
598}
599
600/* Close the resolver structure, assign zero to *RESPLEN2 if RESPLEN2
601 is not NULL, and return zero. */
602static int
603__attribute__ ((warn_unused_result))
604close_and_return_error (res_state statp, int *resplen2)
605{
606 __res_iclose(statp, false);
607 if (resplen2 != NULL)
608 *resplen2 = 0;
609 return 0;
610}
611
612/* The send_vc function is responsible for sending a DNS query over TCP
613 to the nameserver numbered NS from the res_state STATP i.e.
614 EXT(statp).nssocks[ns]. The function supports sending both IPv4 and
615 IPv6 queries at the same serially on the same socket.
616
617 Please note that for TCP there is no way to disable sending both
618 queries, unlike UDP, which honours RES_SNGLKUP and RES_SNGLKUPREOP
619 and sends the queries serially and waits for the result after each
620 sent query. This implementation should be corrected to honour these
621 options.
622
623 Please also note that for TCP we send both queries over the same
624 socket one after another. This technically violates best practice
625 since the server is allowed to read the first query, respond, and
626 then close the socket (to service another client). If the server
627 does this, then the remaining second query in the socket data buffer
628 will cause the server to send the client an RST which will arrive
629 asynchronously and the client's OS will likely tear down the socket
630 receive buffer resulting in a potentially short read and lost
631 response data. This will force the client to retry the query again,
632 and this process may repeat until all servers and connection resets
633 are exhausted and then the query will fail. It's not known if this
634 happens with any frequency in real DNS server implementations. This
635 implementation should be corrected to use two sockets by default for
636 parallel queries.
637
638 The query stored in BUF of BUFLEN length is sent first followed by
639 the query stored in BUF2 of BUFLEN2 length. Queries are sent
640 serially on the same socket.
641
642 Answers to the query are stored firstly in *ANSP up to a max of
643 *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP
644 is non-NULL (to indicate that modifying the answer buffer is allowed)
645 then malloc is used to allocate a new response buffer and ANSCP and
646 ANSP will both point to the new buffer. If more than *ANSSIZP bytes
647 are needed but ANSCP is NULL, then as much of the response as
648 possible is read into the buffer, but the results will be truncated.
649 When truncation happens because of a small answer buffer the DNS
650 packets header field TC will bet set to 1, indicating a truncated
651 message and the rest of the socket data will be read and discarded.
652
653 Answers to the query are stored secondly in *ANSP2 up to a max of
654 *ANSSIZP2 bytes, with the actual response length stored in
655 *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2
656 is non-NULL (required for a second query) then malloc is used to
657 allocate a new response buffer, *ANSSIZP2 is set to the new buffer
658 size and *ANSP2_MALLOCED is set to 1.
659
660 The ANSP2_MALLOCED argument will eventually be removed as the
661 change in buffer pointer can be used to detect the buffer has
662 changed and that the caller should use free on the new buffer.
663
664 Note that the answers may arrive in any order from the server and
665 therefore the first and second answer buffers may not correspond to
666 the first and second queries.
667
668 It is not supported to call this function with a non-NULL ANSP2
669 but a NULL ANSCP. Put another way, you can call send_vc with a
670 single unmodifiable buffer or two modifiable buffers, but no other
671 combination is supported.
672
673 It is the caller's responsibility to free the malloc allocated
674 buffers by detecting that the pointers have changed from their
675 original values i.e. *ANSCP or *ANSP2 has changed.
676
677 If errors are encountered then *TERRNO is set to an appropriate
678 errno value and a zero result is returned for a recoverable error,
679 and a less-than zero result is returned for a non-recoverable error.
680
681 If no errors are encountered then *TERRNO is left unmodified and
682 a the length of the first response in bytes is returned. */
683static int
684send_vc(res_state statp,
685 const u_char *buf, int buflen, const u_char *buf2, int buflen2,
686 u_char **ansp, int *anssizp,
687 int *terrno, int ns, u_char **anscp, u_char **ansp2, int *anssizp2,
688 int *resplen2, int *ansp2_malloced)
689{
690 const HEADER *hp = (HEADER *) buf;
691 const HEADER *hp2 = (HEADER *) buf2;
692 HEADER *anhp = (HEADER *) *ansp;
693 struct sockaddr *nsap = get_nsaddr (statp, ns);
694 int truncating, connreset, n;
695 /* On some architectures compiler might emit a warning indicating
696 'resplen' may be used uninitialized. However if buf2 == NULL
697 then this code won't be executed; if buf2 != NULL, then first
698 time round the loop recvresp1 and recvresp2 will be 0 so this
699 code won't be executed but "thisresplenp = &resplen;" followed
700 by "*thisresplenp = rlen;" will be executed so that subsequent
701 times round the loop resplen has been initialized. So this is
702 a false-positive.
703 */
704 DIAG_PUSH_NEEDS_COMMENT;
705 DIAG_IGNORE_NEEDS_COMMENT (5, "-Wmaybe-uninitialized");
706 int resplen;
707 DIAG_POP_NEEDS_COMMENT;
708 struct iovec iov[4];
709 u_short len;
710 u_short len2;
711 u_char *cp;
712
713 connreset = 0;
714 same_ns:
715 truncating = 0;
716
717 /* Are we still talking to whom we want to talk to? */
718 if (statp->_vcsock >= 0 && (statp->_flags & RES_F_VC) != 0) {
719 struct sockaddr_in6 peer;
720 socklen_t size = sizeof peer;
721
722 if (getpeername(statp->_vcsock,
723 (struct sockaddr *)&peer, &size) < 0 ||
724 !sock_eq(&peer, (struct sockaddr_in6 *) nsap)) {
725 __res_iclose(statp, false);
726 statp->_flags &= ~RES_F_VC;
727 }
728 }
729
730 if (statp->_vcsock < 0 || (statp->_flags & RES_F_VC) == 0) {
731 if (statp->_vcsock >= 0)
732 __res_iclose(statp, false);
733
734 statp->_vcsock = socket
735 (nsap->sa_family, SOCK_STREAM | SOCK_CLOEXEC, 0);
736 if (statp->_vcsock < 0) {
737 *terrno = errno;
738 if (resplen2 != NULL)
739 *resplen2 = 0;
740 return (-1);
741 }
742 __set_errno (0);
743 if (connect(statp->_vcsock, nsap,
744 nsap->sa_family == AF_INET
745 ? sizeof (struct sockaddr_in)
746 : sizeof (struct sockaddr_in6)) < 0) {
747 *terrno = errno;
748 return close_and_return_error (statp, resplen2);
749 }
750 statp->_flags |= RES_F_VC;
751 }
752
753 /*
754 * Send length & message
755 */
756 len = htons ((u_short) buflen);
757 evConsIovec(&len, INT16SZ, &iov[0]);
758 evConsIovec((void*)buf, buflen, &iov[1]);
759 int niov = 2;
760 ssize_t explen = INT16SZ + buflen;
761 if (buf2 != NULL) {
762 len2 = htons ((u_short) buflen2);
763 evConsIovec(&len2, INT16SZ, &iov[2]);
764 evConsIovec((void*)buf2, buflen2, &iov[3]);
765 niov = 4;
766 explen += INT16SZ + buflen2;
767 }
768 if (TEMP_FAILURE_RETRY (writev(statp->_vcsock, iov, niov)) != explen) {
769 *terrno = errno;
770 return close_and_return_error (statp, resplen2);
771 }
772 /*
773 * Receive length & response
774 */
775 int recvresp1 = 0;
776 /* Skip the second response if there is no second query.
777 To do that we mark the second response as received. */
778 int recvresp2 = buf2 == NULL;
779 uint16_t rlen16;
780 read_len:
781 cp = (u_char *)&rlen16;
782 len = sizeof(rlen16);
783 while ((n = TEMP_FAILURE_RETRY (read(statp->_vcsock, cp,
784 (int)len))) > 0) {
785 cp += n;
786 if ((len -= n) <= 0)
787 break;
788 }
789 if (n <= 0) {
790 *terrno = errno;
791 /*
792 * A long running process might get its TCP
793 * connection reset if the remote server was
794 * restarted. Requery the server instead of
795 * trying a new one. When there is only one
796 * server, this means that a query might work
797 * instead of failing. We only allow one reset
798 * per query to prevent looping.
799 */
800 if (*terrno == ECONNRESET && !connreset)
801 {
802 __res_iclose (statp, false);
803 connreset = 1;
804 goto same_ns;
805 }
806 return close_and_return_error (statp, resplen2);
807 }
808 int rlen = ntohs (rlen16);
809
810 int *thisanssizp;
811 u_char **thisansp;
812 int *thisresplenp;
813 if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) {
814 /* We have not received any responses
815 yet or we only have one response to
816 receive. */
817 thisanssizp = anssizp;
818 thisansp = anscp ?: ansp;
819 assert (anscp != NULL || ansp2 == NULL);
820 thisresplenp = &resplen;
821 } else {
822 thisanssizp = anssizp2;
823 thisansp = ansp2;
824 thisresplenp = resplen2;
825 }
826 anhp = (HEADER *) *thisansp;
827
828 *thisresplenp = rlen;
829 /* Is the answer buffer too small? */
830 if (*thisanssizp < rlen) {
831 /* If the current buffer is not the the static
832 user-supplied buffer then we can reallocate
833 it. */
834 if (thisansp != NULL && thisansp != ansp) {
835 /* Always allocate MAXPACKET, callers expect
836 this specific size. */
837 u_char *newp = malloc (MAXPACKET);
838 if (newp == NULL)
839 {
840 *terrno = ENOMEM;
841 return close_and_return_error (statp, resplen2);
842 }
843 *thisanssizp = MAXPACKET;
844 *thisansp = newp;
845 if (thisansp == ansp2)
846 *ansp2_malloced = 1;
847 anhp = (HEADER *) newp;
848 /* A uint16_t can't be larger than MAXPACKET
849 thus it's safe to allocate MAXPACKET but
850 read RLEN bytes instead. */
851 len = rlen;
852 } else {
853 truncating = 1;
854 len = *thisanssizp;
855 }
856 } else
857 len = rlen;
858
859 if (__glibc_unlikely (len < HFIXEDSZ)) {
860 /*
861 * Undersized message.
862 */
863 *terrno = EMSGSIZE;
864 return close_and_return_error (statp, resplen2);
865 }
866
867 cp = *thisansp;
868 while (len != 0 && (n = read(statp->_vcsock, (char *)cp, (int)len)) > 0){
869 cp += n;
870 len -= n;
871 }
872 if (__glibc_unlikely (n <= 0)) {
873 *terrno = errno;
874 return close_and_return_error (statp, resplen2);
875 }
876 if (__glibc_unlikely (truncating)) {
877 /*
878 * Flush rest of answer so connection stays in synch.
879 */
880 anhp->tc = 1;
881 len = rlen - *thisanssizp;
882 while (len != 0) {
883 char junk[PACKETSZ];
884
885 n = read(statp->_vcsock, junk,
886 (len > sizeof junk) ? sizeof junk : len);
887 if (n > 0)
888 len -= n;
889 else
890 break;
891 }
892 }
893 /*
894 * If the calling application has bailed out of
895 * a previous call and failed to arrange to have
896 * the circuit closed or the server has got
897 * itself confused, then drop the packet and
898 * wait for the correct one.
899 */
900 if ((recvresp1 || hp->id != anhp->id)
901 && (recvresp2 || hp2->id != anhp->id))
902 goto read_len;
903
904 /* Mark which reply we received. */
905 if (recvresp1 == 0 && hp->id == anhp->id)
906 recvresp1 = 1;
907 else
908 recvresp2 = 1;
909 /* Repeat waiting if we have a second answer to arrive. */
910 if ((recvresp1 & recvresp2) == 0)
911 goto read_len;
912
913 /*
914 * All is well, or the error is fatal. Signal that the
915 * next nameserver ought not be tried.
916 */
917 return resplen;
918}
919
920static int
921reopen (res_state statp, int *terrno, int ns)
922{
923 if (EXT(statp).nssocks[ns] == -1) {
924 struct sockaddr *nsap = get_nsaddr (statp, ns);
925 socklen_t slen;
926
927 /* only try IPv6 if IPv6 NS and if not failed before */
928 if (nsap->sa_family == AF_INET6 && !statp->ipv6_unavail) {
929 EXT(statp).nssocks[ns] = socket
930 (PF_INET6,
931 SOCK_DGRAM | SOCK_NONBLOCK | SOCK_CLOEXEC, 0);
932 if (EXT(statp).nssocks[ns] < 0)
933 statp->ipv6_unavail = errno == EAFNOSUPPORT;
934 slen = sizeof (struct sockaddr_in6);
935 } else if (nsap->sa_family == AF_INET) {
936 EXT(statp).nssocks[ns] = socket
937 (PF_INET,
938 SOCK_DGRAM | SOCK_NONBLOCK | SOCK_CLOEXEC, 0);
939 slen = sizeof (struct sockaddr_in);
940 }
941 if (EXT(statp).nssocks[ns] < 0) {
942 *terrno = errno;
943 return (-1);
944 }
945
946 /*
947 * On a 4.3BSD+ machine (client and server,
948 * actually), sending to a nameserver datagram
949 * port with no nameserver will cause an
950 * ICMP port unreachable message to be returned.
951 * If our datagram socket is "connected" to the
952 * server, we get an ECONNREFUSED error on the next
953 * socket operation, and select returns if the
954 * error message is received. We can thus detect
955 * the absence of a nameserver without timing out.
956 */
957 /* With GCC 5.3 when compiling with -Os the compiler
958 emits a warning that slen may be used uninitialized,
959 but that is never true. Both slen and
960 EXT(statp).nssocks[ns] are initialized together or
961 the function return -1 before control flow reaches
962 the call to connect with slen. */
963 DIAG_PUSH_NEEDS_COMMENT;
964 DIAG_IGNORE_Os_NEEDS_COMMENT (5, "-Wmaybe-uninitialized");
965 if (connect(EXT(statp).nssocks[ns], nsap, slen) < 0) {
966 DIAG_POP_NEEDS_COMMENT;
967 __res_iclose(statp, false);
968 return (0);
969 }
970 }
971
972 return 1;
973}
974
975/* The send_dg function is responsible for sending a DNS query over UDP
976 to the nameserver numbered NS from the res_state STATP i.e.
977 EXT(statp).nssocks[ns]. The function supports IPv4 and IPv6 queries
978 along with the ability to send the query in parallel for both stacks
979 (default) or serially (RES_SINGLKUP). It also supports serial lookup
980 with a close and reopen of the socket used to talk to the server
981 (RES_SNGLKUPREOP) to work around broken name servers.
982
983 The query stored in BUF of BUFLEN length is sent first followed by
984 the query stored in BUF2 of BUFLEN2 length. Queries are sent
985 in parallel (default) or serially (RES_SINGLKUP or RES_SNGLKUPREOP).
986
987 Answers to the query are stored firstly in *ANSP up to a max of
988 *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP
989 is non-NULL (to indicate that modifying the answer buffer is allowed)
990 then malloc is used to allocate a new response buffer and ANSCP and
991 ANSP will both point to the new buffer. If more than *ANSSIZP bytes
992 are needed but ANSCP is NULL, then as much of the response as
993 possible is read into the buffer, but the results will be truncated.
994 When truncation happens because of a small answer buffer the DNS
995 packets header field TC will bet set to 1, indicating a truncated
996 message, while the rest of the UDP packet is discarded.
997
998 Answers to the query are stored secondly in *ANSP2 up to a max of
999 *ANSSIZP2 bytes, with the actual response length stored in
1000 *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2
1001 is non-NULL (required for a second query) then malloc is used to
1002 allocate a new response buffer, *ANSSIZP2 is set to the new buffer
1003 size and *ANSP2_MALLOCED is set to 1.
1004
1005 The ANSP2_MALLOCED argument will eventually be removed as the
1006 change in buffer pointer can be used to detect the buffer has
1007 changed and that the caller should use free on the new buffer.
1008
1009 Note that the answers may arrive in any order from the server and
1010 therefore the first and second answer buffers may not correspond to
1011 the first and second queries.
1012
1013 It is not supported to call this function with a non-NULL ANSP2
1014 but a NULL ANSCP. Put another way, you can call send_vc with a
1015 single unmodifiable buffer or two modifiable buffers, but no other
1016 combination is supported.
1017
1018 It is the caller's responsibility to free the malloc allocated
1019 buffers by detecting that the pointers have changed from their
1020 original values i.e. *ANSCP or *ANSP2 has changed.
1021
1022 If an answer is truncated because of UDP datagram DNS limits then
1023 *V_CIRCUIT is set to 1 and the return value non-zero to indicate to
1024 the caller to retry with TCP. The value *GOTSOMEWHERE is set to 1
1025 if any progress was made reading a response from the nameserver and
1026 is used by the caller to distinguish between ECONNREFUSED and
1027 ETIMEDOUT (the latter if *GOTSOMEWHERE is 1).
1028
1029 If errors are encountered then *TERRNO is set to an appropriate
1030 errno value and a zero result is returned for a recoverable error,
1031 and a less-than zero result is returned for a non-recoverable error.
1032
1033 If no errors are encountered then *TERRNO is left unmodified and
1034 a the length of the first response in bytes is returned. */
1035static int
1036send_dg(res_state statp,
1037 const u_char *buf, int buflen, const u_char *buf2, int buflen2,
1038 u_char **ansp, int *anssizp,
1039 int *terrno, int ns, int *v_circuit, int *gotsomewhere, u_char **anscp,
1040 u_char **ansp2, int *anssizp2, int *resplen2, int *ansp2_malloced)
1041{
1042 const HEADER *hp = (HEADER *) buf;
1043 const HEADER *hp2 = (HEADER *) buf2;
1044 struct timespec now, timeout, finish;
1045 struct pollfd pfd[1];
1046 int ptimeout;
1047 struct sockaddr_in6 from;
1048 int resplen = 0;
1049 int n;
1050
1051 /*
1052 * Compute time for the total operation.
1053 */
1054 int seconds = (statp->retrans << ns);
1055 if (ns > 0)
1056 seconds /= statp->nscount;
1057 if (seconds <= 0)
1058 seconds = 1;
1059 bool single_request_reopen = (statp->options & RES_SNGLKUPREOP) != 0;
1060 bool single_request = (((statp->options & RES_SNGLKUP) != 0)
1061 | single_request_reopen);
1062 int save_gotsomewhere = *gotsomewhere;
1063
1064 int retval;
1065 retry_reopen:
1066 retval = reopen (statp, terrno, ns);
1067 if (retval <= 0)
1068 {
1069 if (resplen2 != NULL)
1070 *resplen2 = 0;
1071 return retval;
1072 }
1073 retry:
1074 evNowTime(&now);
1075 evConsTime(&timeout, seconds, 0);
1076 evAddTime(&finish, &now, &timeout);
1077 int need_recompute = 0;
1078 int nwritten = 0;
1079 int recvresp1 = 0;
1080 /* Skip the second response if there is no second query.
1081 To do that we mark the second response as received. */
1082 int recvresp2 = buf2 == NULL;
1083 pfd[0].fd = EXT(statp).nssocks[ns];
1084 pfd[0].events = POLLOUT;
1085 wait:
1086 if (need_recompute) {
1087 recompute_resend:
1088 evNowTime(&now);
1089 if (evCmpTime(finish, now) <= 0) {
1090 poll_err_out:
1091 return close_and_return_error (statp, resplen2);
1092 }
1093 evSubTime(&timeout, &finish, &now);
1094 need_recompute = 0;
1095 }
1096 /* Convert struct timespec in milliseconds. */
1097 ptimeout = timeout.tv_sec * 1000 + timeout.tv_nsec / 1000000;
1098
1099 n = 0;
1100 if (nwritten == 0)
1101 n = __poll (pfd, 1, 0);
1102 if (__glibc_unlikely (n == 0)) {
1103 n = __poll (pfd, 1, ptimeout);
1104 need_recompute = 1;
1105 }
1106 if (n == 0) {
1107 if (resplen > 1 && (recvresp1 || (buf2 != NULL && recvresp2)))
1108 {
1109 /* There are quite a few broken name servers out
1110 there which don't handle two outstanding
1111 requests from the same source. There are also
1112 broken firewall settings. If we time out after
1113 having received one answer switch to the mode
1114 where we send the second request only once we
1115 have received the first answer. */
1116 if (!single_request)
1117 {
1118 statp->options |= RES_SNGLKUP;
1119 single_request = true;
1120 *gotsomewhere = save_gotsomewhere;
1121 goto retry;
1122 }
1123 else if (!single_request_reopen)
1124 {
1125 statp->options |= RES_SNGLKUPREOP;
1126 single_request_reopen = true;
1127 *gotsomewhere = save_gotsomewhere;
1128 __res_iclose (statp, false);
1129 goto retry_reopen;
1130 }
1131
1132 *resplen2 = 1;
1133 return resplen;
1134 }
1135
1136 *gotsomewhere = 1;
1137 if (resplen2 != NULL)
1138 *resplen2 = 0;
1139 return 0;
1140 }
1141 if (n < 0) {
1142 if (errno == EINTR)
1143 goto recompute_resend;
1144
1145 goto poll_err_out;
1146 }
1147 __set_errno (0);
1148 if (pfd[0].revents & POLLOUT) {
1149#ifndef __ASSUME_SENDMMSG
1150 static int have_sendmmsg;
1151#else
1152# define have_sendmmsg 1
1153#endif
1154 if (have_sendmmsg >= 0 && nwritten == 0 && buf2 != NULL
1155 && !single_request)
1156 {
1157 struct iovec iov =
1158 { .iov_base = (void *) buf, .iov_len = buflen };
1159 struct iovec iov2 =
1160 { .iov_base = (void *) buf2, .iov_len = buflen2 };
1161 struct mmsghdr reqs[2] =
1162 {
1163 {
1164 .msg_hdr =
1165 {
1166 .msg_iov = &iov,
1167 .msg_iovlen = 1,
1168 },
1169 },
1170 {
1171 .msg_hdr =
1172 {
1173 .msg_iov = &iov2,
1174 .msg_iovlen = 1,
1175 }
1176 },
1177 };
1178
1179 int ndg = __sendmmsg (pfd[0].fd, reqs, 2, MSG_NOSIGNAL);
1180 if (__glibc_likely (ndg == 2))
1181 {
1182 if (reqs[0].msg_len != buflen
1183 || reqs[1].msg_len != buflen2)
1184 goto fail_sendmmsg;
1185
1186 pfd[0].events = POLLIN;
1187 nwritten += 2;
1188 }
1189 else if (ndg == 1 && reqs[0].msg_len == buflen)
1190 goto just_one;
1191 else if (ndg < 0 && (errno == EINTR || errno == EAGAIN))
1192 goto recompute_resend;
1193 else
1194 {
1195#ifndef __ASSUME_SENDMMSG
1196 if (__glibc_unlikely (have_sendmmsg == 0))
1197 {
1198 if (ndg < 0 && errno == ENOSYS)
1199 {
1200 have_sendmmsg = -1;
1201 goto try_send;
1202 }
1203 have_sendmmsg = 1;
1204 }
1205#endif
1206
1207 fail_sendmmsg:
1208 return close_and_return_error (statp, resplen2);
1209 }
1210 }
1211 else
1212 {
1213 ssize_t sr;
1214#ifndef __ASSUME_SENDMMSG
1215 try_send:
1216#endif
1217 if (nwritten != 0)
1218 sr = send (pfd[0].fd, buf2, buflen2, MSG_NOSIGNAL);
1219 else
1220 sr = send (pfd[0].fd, buf, buflen, MSG_NOSIGNAL);
1221
1222 if (sr != (nwritten != 0 ? buflen2 : buflen)) {
1223 if (errno == EINTR || errno == EAGAIN)
1224 goto recompute_resend;
1225 return close_and_return_error (statp, resplen2);
1226 }
1227 just_one:
1228 if (nwritten != 0 || buf2 == NULL || single_request)
1229 pfd[0].events = POLLIN;
1230 else
1231 pfd[0].events = POLLIN | POLLOUT;
1232 ++nwritten;
1233 }
1234 goto wait;
1235 } else if (pfd[0].revents & POLLIN) {
1236 int *thisanssizp;
1237 u_char **thisansp;
1238 int *thisresplenp;
1239
1240 if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) {
1241 /* We have not received any responses
1242 yet or we only have one response to
1243 receive. */
1244 thisanssizp = anssizp;
1245 thisansp = anscp ?: ansp;
1246 assert (anscp != NULL || ansp2 == NULL);
1247 thisresplenp = &resplen;
1248 } else {
1249 thisanssizp = anssizp2;
1250 thisansp = ansp2;
1251 thisresplenp = resplen2;
1252 }
1253
1254 if (*thisanssizp < MAXPACKET
1255 /* If the current buffer is not the the static
1256 user-supplied buffer then we can reallocate
1257 it. */
1258 && (thisansp != NULL && thisansp != ansp)
1259#ifdef FIONREAD
1260 /* Is the size too small? */
1261 && (ioctl (pfd[0].fd, FIONREAD, thisresplenp) < 0
1262 || *thisanssizp < *thisresplenp)
1263#endif
1264 ) {
1265 /* Always allocate MAXPACKET, callers expect
1266 this specific size. */
1267 u_char *newp = malloc (MAXPACKET);
1268 if (newp != NULL) {
1269 *thisanssizp = MAXPACKET;
1270 *thisansp = newp;
1271 if (thisansp == ansp2)
1272 *ansp2_malloced = 1;
1273 }
1274 }
1275 /* We could end up with truncation if anscp was NULL
1276 (not allowed to change caller's buffer) and the
1277 response buffer size is too small. This isn't a
1278 reliable way to detect truncation because the ioctl
1279 may be an inaccurate report of the UDP message size.
1280 Therefore we use this only to issue debug output.
1281 To do truncation accurately with UDP we need
1282 MSG_TRUNC which is only available on Linux. We
1283 can abstract out the Linux-specific feature in the
1284 future to detect truncation. */
1285 HEADER *anhp = (HEADER *) *thisansp;
1286 socklen_t fromlen = sizeof(struct sockaddr_in6);
1287 assert (sizeof(from) <= fromlen);
1288 *thisresplenp = recvfrom(pfd[0].fd, (char*)*thisansp,
1289 *thisanssizp, 0,
1290 (struct sockaddr *)&from, &fromlen);
1291 if (__glibc_unlikely (*thisresplenp <= 0)) {
1292 if (errno == EINTR || errno == EAGAIN) {
1293 need_recompute = 1;
1294 goto wait;
1295 }
1296 return close_and_return_error (statp, resplen2);
1297 }
1298 *gotsomewhere = 1;
1299 if (__glibc_unlikely (*thisresplenp < HFIXEDSZ)) {
1300 /*
1301 * Undersized message.
1302 */
1303 *terrno = EMSGSIZE;
1304 return close_and_return_error (statp, resplen2);
1305 }
1306 if ((recvresp1 || hp->id != anhp->id)
1307 && (recvresp2 || hp2->id != anhp->id)) {
1308 /*
1309 * response from old query, ignore it.
1310 * XXX - potential security hazard could
1311 * be detected here.
1312 */
1313 goto wait;
1314 }
1315 if (!(statp->options & RES_INSECURE1) &&
1316 !res_ourserver_p(statp, &from)) {
1317 /*
1318 * response from wrong server? ignore it.
1319 * XXX - potential security hazard could
1320 * be detected here.
1321 */
1322 goto wait;
1323 }
1324 if (!(statp->options & RES_INSECURE2)
1325 && (recvresp1 || !res_queriesmatch(buf, buf + buflen,
1326 *thisansp,
1327 *thisansp
1328 + *thisanssizp))
1329 && (recvresp2 || !res_queriesmatch(buf2, buf2 + buflen2,
1330 *thisansp,
1331 *thisansp
1332 + *thisanssizp))) {
1333 /*
1334 * response contains wrong query? ignore it.
1335 * XXX - potential security hazard could
1336 * be detected here.
1337 */
1338 goto wait;
1339 }
1340 if (anhp->rcode == SERVFAIL ||
1341 anhp->rcode == NOTIMP ||
1342 anhp->rcode == REFUSED) {
1343 next_ns:
1344 if (recvresp1 || (buf2 != NULL && recvresp2)) {
1345 *resplen2 = 0;
1346 return resplen;
1347 }
1348 if (buf2 != NULL)
1349 {
1350 /* No data from the first reply. */
1351 resplen = 0;
1352 /* We are waiting for a possible second reply. */
1353 if (hp->id == anhp->id)
1354 recvresp1 = 1;
1355 else
1356 recvresp2 = 1;
1357
1358 goto wait;
1359 }
1360
1361 /* don't retry if called from dig */
1362 if (!statp->pfcode)
1363 return close_and_return_error (statp, resplen2);
1364 __res_iclose(statp, false);
1365 }
1366 if (anhp->rcode == NOERROR && anhp->ancount == 0
1367 && anhp->aa == 0 && anhp->ra == 0 && anhp->arcount == 0) {
1368 goto next_ns;
1369 }
1370 if (!(statp->options & RES_IGNTC) && anhp->tc) {
1371 /*
1372 * To get the rest of answer,
1373 * use TCP with same server.
1374 */
1375 *v_circuit = 1;
1376 __res_iclose(statp, false);
1377 // XXX if we have received one reply we could
1378 // XXX use it and not repeat it over TCP...
1379 if (resplen2 != NULL)
1380 *resplen2 = 0;
1381 return (1);
1382 }
1383 /* Mark which reply we received. */
1384 if (recvresp1 == 0 && hp->id == anhp->id)
1385 recvresp1 = 1;
1386 else
1387 recvresp2 = 1;
1388 /* Repeat waiting if we have a second answer to arrive. */
1389 if ((recvresp1 & recvresp2) == 0) {
1390 if (single_request) {
1391 pfd[0].events = POLLOUT;
1392 if (single_request_reopen) {
1393 __res_iclose (statp, false);
1394 retval = reopen (statp, terrno, ns);
1395 if (retval <= 0)
1396 {
1397 if (resplen2 != NULL)
1398 *resplen2 = 0;
1399 return retval;
1400 }
1401 pfd[0].fd = EXT(statp).nssocks[ns];
1402 }
1403 }
1404 goto wait;
1405 }
1406 /* All is well. We have received both responses (if
1407 two responses were requested). */
1408 return (resplen);
1409 } else if (pfd[0].revents & (POLLERR | POLLHUP | POLLNVAL))
1410 /* Something went wrong. We can stop trying. */
1411 return close_and_return_error (statp, resplen2);
1412 else {
1413 /* poll should not have returned > 0 in this case. */
1414 abort ();
1415 }
1416}
1417
1418static int
1419sock_eq(struct sockaddr_in6 *a1, struct sockaddr_in6 *a2) {
1420 if (a1->sin6_family == a2->sin6_family) {
1421 if (a1->sin6_family == AF_INET)
1422 return ((((struct sockaddr_in *)a1)->sin_port ==
1423 ((struct sockaddr_in *)a2)->sin_port) &&
1424 (((struct sockaddr_in *)a1)->sin_addr.s_addr ==
1425 ((struct sockaddr_in *)a2)->sin_addr.s_addr));
1426 else
1427 return ((a1->sin6_port == a2->sin6_port) &&
1428 !memcmp(&a1->sin6_addr, &a2->sin6_addr,
1429 sizeof (struct in6_addr)));
1430 }
1431 if (a1->sin6_family == AF_INET) {
1432 struct sockaddr_in6 *sap = a1;
1433 a1 = a2;
1434 a2 = sap;
1435 } /* assumes that AF_INET and AF_INET6 are the only possibilities */
1436 return ((a1->sin6_port == ((struct sockaddr_in *)a2)->sin_port) &&
1437 IN6_IS_ADDR_V4MAPPED(&a1->sin6_addr) &&
1438 (a1->sin6_addr.s6_addr32[3] ==
1439 ((struct sockaddr_in *)a2)->sin_addr.s_addr));
1440}
1441