diff options
author | Cy Schubert <cy@FreeBSD.org> | 2021-02-09 20:59:02 +0000 |
---|---|---|
committer | Cy Schubert <cy@FreeBSD.org> | 2021-02-09 20:59:02 +0000 |
commit | d60fa10fd872db7e3d8cb1e161cfdae026c43b14 (patch) | |
tree | e19b79c68276ce72fabece9595abbdd5e6378eb0 /smallapp | |
parent | 072fbfa38b24d202f4eac875ad2f93531dad7f7e (diff) | |
download | src-d60fa10fd872db7e3d8cb1e161cfdae026c43b14.tar.gz src-d60fa10fd872db7e3d8cb1e161cfdae026c43b14.zip |
Vendor import of Unbound 1.13.1.vendor/unbound/1.13.1
Includes numerous bugfixes documented at:
https://www.nlnetlabs.nl/projects/unbound/download/#unbound-1-13-1
Diffstat (limited to 'smallapp')
-rw-r--r-- | smallapp/unbound-anchor.c | 67 | ||||
-rw-r--r-- | smallapp/unbound-control.c | 105 | ||||
-rw-r--r-- | smallapp/worker_cb.c | 3 |
3 files changed, 130 insertions, 45 deletions
diff --git a/smallapp/unbound-anchor.c b/smallapp/unbound-anchor.c index a30523c76215..3e6fc6e6fca8 100644 --- a/smallapp/unbound-anchor.c +++ b/smallapp/unbound-anchor.c @@ -155,6 +155,36 @@ char* wsa_strerror(int err); #endif +static const char ICANN_UPDATE_CA[] = + /* The ICANN CA fetched at 24 Sep 2010. Valid to 2028 */ + "-----BEGIN CERTIFICATE-----\n" + "MIIDdzCCAl+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO\n" + "TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV\n" + "BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTA5MTIyMzA0MTkxMloX\n" + "DTI5MTIxODA0MTkxMlowXTEOMAwGA1UEChMFSUNBTk4xJjAkBgNVBAsTHUlDQU5O\n" + "IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRYwFAYDVQQDEw1JQ0FOTiBSb290IENB\n" + "MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDb\n" + "cLhPNNqc1NB+u+oVvOnJESofYS9qub0/PXagmgr37pNublVThIzyLPGCJ8gPms9S\n" + "G1TaKNIsMI7d+5IgMy3WyPEOECGIcfqEIktdR1YWfJufXcMReZwU4v/AdKzdOdfg\n" + "ONiwc6r70duEr1IiqPbVm5T05l1e6D+HkAvHGnf1LtOPGs4CHQdpIUcy2kauAEy2\n" + "paKcOcHASvbTHK7TbbvHGPB+7faAztABLoneErruEcumetcNfPMIjXKdv1V1E3C7\n" + "MSJKy+jAqqQJqjZoQGB0necZgUMiUv7JK1IPQRM2CXJllcyJrm9WFxY0c1KjBO29\n" + "iIKK69fcglKcBuFShUECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B\n" + "Af8EBAMCAf4wHQYDVR0OBBYEFLpS6UmDJIZSL8eZzfyNa2kITcBQMA0GCSqGSIb3\n" + "DQEBCwUAA4IBAQAP8emCogqHny2UYFqywEuhLys7R9UKmYY4suzGO4nkbgfPFMfH\n" + "6M+Zj6owwxlwueZt1j/IaCayoKU3QsrYYoDRolpILh+FPwx7wseUEV8ZKpWsoDoD\n" + "2JFbLg2cfB8u/OlE4RYmcxxFSmXBg0yQ8/IoQt/bxOcEEhhiQ168H2yE5rxJMt9h\n" + "15nu5JBSewrCkYqYYmaxyOC3WrVGfHZxVI7MpIFcGdvSb2a1uyuua8l0BKgk3ujF\n" + "0/wsHNeP22qNyVO+XVBzrM8fk8BSUFuiT/6tZTYXRtEt5aKQZgXbKU5dUF3jT9qg\n" + "j/Br5BZw3X/zd325TvnswzMC1+ljLzHnQGGk\n" + "-----END CERTIFICATE-----\n"; + +static const char DS_TRUST_ANCHOR[] = + /* The anchors must start on a new line with ". IN DS and end with \n"[;] + * because the makedist script greps on the source here */ + /* anchor 20326 is from 2017 */ +". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D\n"; + /** verbosity for this application */ static int verb = 0; @@ -213,48 +243,21 @@ usage(void) static const char* get_builtin_cert(void) { - return -/* The ICANN CA fetched at 24 Sep 2010. Valid to 2028 */ -"-----BEGIN CERTIFICATE-----\n" -"MIIDdzCCAl+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO\n" -"TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV\n" -"BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTA5MTIyMzA0MTkxMloX\n" -"DTI5MTIxODA0MTkxMlowXTEOMAwGA1UEChMFSUNBTk4xJjAkBgNVBAsTHUlDQU5O\n" -"IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRYwFAYDVQQDEw1JQ0FOTiBSb290IENB\n" -"MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDb\n" -"cLhPNNqc1NB+u+oVvOnJESofYS9qub0/PXagmgr37pNublVThIzyLPGCJ8gPms9S\n" -"G1TaKNIsMI7d+5IgMy3WyPEOECGIcfqEIktdR1YWfJufXcMReZwU4v/AdKzdOdfg\n" -"ONiwc6r70duEr1IiqPbVm5T05l1e6D+HkAvHGnf1LtOPGs4CHQdpIUcy2kauAEy2\n" -"paKcOcHASvbTHK7TbbvHGPB+7faAztABLoneErruEcumetcNfPMIjXKdv1V1E3C7\n" -"MSJKy+jAqqQJqjZoQGB0necZgUMiUv7JK1IPQRM2CXJllcyJrm9WFxY0c1KjBO29\n" -"iIKK69fcglKcBuFShUECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B\n" -"Af8EBAMCAf4wHQYDVR0OBBYEFLpS6UmDJIZSL8eZzfyNa2kITcBQMA0GCSqGSIb3\n" -"DQEBCwUAA4IBAQAP8emCogqHny2UYFqywEuhLys7R9UKmYY4suzGO4nkbgfPFMfH\n" -"6M+Zj6owwxlwueZt1j/IaCayoKU3QsrYYoDRolpILh+FPwx7wseUEV8ZKpWsoDoD\n" -"2JFbLg2cfB8u/OlE4RYmcxxFSmXBg0yQ8/IoQt/bxOcEEhhiQ168H2yE5rxJMt9h\n" -"15nu5JBSewrCkYqYYmaxyOC3WrVGfHZxVI7MpIFcGdvSb2a1uyuua8l0BKgk3ujF\n" -"0/wsHNeP22qNyVO+XVBzrM8fk8BSUFuiT/6tZTYXRtEt5aKQZgXbKU5dUF3jT9qg\n" -"j/Br5BZw3X/zd325TvnswzMC1+ljLzHnQGGk\n" -"-----END CERTIFICATE-----\n" - ; + return ICANN_UPDATE_CA; } /** return the built in root DS trust anchor */ static const char* get_builtin_ds(void) { - return -/* The anchors must start on a new line with ". IN DS and end with \n"[;] - * because the makedist script greps on the source here */ -/* anchor 20326 is from 2017 */ -". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D\n"; + return DS_TRUST_ANCHOR; } /** print hex data */ static void -print_data(const char* msg, const char* data, int len) +print_data(const char* msg, const char* data, size_t len) { - int i; + size_t i; printf("%s: ", msg); for(i=0; i<len; i++) { printf(" %2.2x", (unsigned char)data[i]); @@ -1110,7 +1113,7 @@ read_http_result(SSL* ssl) data = read_data_chunk(ssl, len); } if(!data) return NULL; - if(verb >= 4) print_data("read data", data, (int)len); + if(verb >= 4) print_data("read data", data, len); m = BIO_new(BIO_s_mem()); if(!m) { if(verb) printf("out of memory\n"); diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c index 842dbe0d85b9..d58f1b2f9493 100644 --- a/smallapp/unbound-control.c +++ b/smallapp/unbound-control.c @@ -82,6 +82,9 @@ static void usage(void) ATTR_NORETURN; static void ssl_err(const char* s) ATTR_NORETURN; static void ssl_path_err(const char* s, const char *path) ATTR_NORETURN; +/** timeout to wait for connection over stream, in msec */ +#define UNBOUND_CONTROL_CONNECT_TIMEOUT 5000 + /** Give unbound-control usage, and exit (1). */ static void usage(void) @@ -164,6 +167,9 @@ usage(void) printf(" view_local_data_remove view name remove local-data in view\n"); printf(" view_local_datas_remove view remove list of local-data from view\n"); printf(" one entry per line read from stdin\n"); + printf(" rpz_enable zone Enable the RPZ zone if it had previously\n"); + printf(" been disabled\n"); + printf(" rpz_disable zone Disable the RPZ zone\n"); printf("Version %s\n", PACKAGE_VERSION); printf("BSD licensed, see LICENSE in source package for details.\n"); printf("Report bugs to %s\n", PACKAGE_BUGREPORT); @@ -545,6 +551,30 @@ setup_ctx(struct config_file* cfg) return ctx; } +/** check connect error */ +static void +checkconnecterr(int err, const char* svr, struct sockaddr_storage* addr, + socklen_t addrlen, int statuscmd, int useport) +{ +#ifndef USE_WINSOCK + if(!useport) log_err("connect: %s for %s", strerror(err), svr); + else log_err_addr("connect", strerror(err), addr, addrlen); + if(err == ECONNREFUSED && statuscmd) { + printf("unbound is stopped\n"); + exit(3); + } +#else + int wsaerr = err; + if(!useport) log_err("connect: %s for %s", wsa_strerror(wsaerr), svr); + else log_err_addr("connect", wsa_strerror(wsaerr), addr, addrlen); + if(wsaerr == WSAECONNREFUSED && statuscmd) { + printf("unbound is stopped\n"); + exit(3); + } +#endif + exit(1); +} + /** contact the server with TCP connect */ static int contact_server(const char* svr, struct config_file* cfg, int statuscmd) @@ -598,26 +628,75 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd) if(fd == -1) { fatal_exit("socket: %s", sock_strerror(errno)); } + fd_set_nonblock(fd); if(connect(fd, (struct sockaddr*)&addr, addrlen) < 0) { #ifndef USE_WINSOCK - int err = errno; - if(!useport) log_err("connect: %s for %s", strerror(err), svr); - else log_err_addr("connect", strerror(err), &addr, addrlen); - if(err == ECONNREFUSED && statuscmd) { - printf("unbound is stopped\n"); - exit(3); +#ifdef EINPROGRESS + if(errno != EINPROGRESS) { + checkconnecterr(errno, svr, &addr, + addrlen, statuscmd, useport); } +#endif #else - int wsaerr = WSAGetLastError(); - if(!useport) log_err("connect: %s for %s", wsa_strerror(wsaerr), svr); - else log_err_addr("connect", wsa_strerror(wsaerr), &addr, addrlen); - if(wsaerr == WSAECONNREFUSED && statuscmd) { - printf("unbound is stopped\n"); - exit(3); + if(WSAGetLastError() != WSAEINPROGRESS && + WSAGetLastError() != WSAEWOULDBLOCK) { + checkconnecterr(WSAGetLastError(), svr, &addr, + addrlen, statuscmd, useport); } #endif - exit(1); } + while(1) { + fd_set rset, wset, eset; + struct timeval tv; + FD_ZERO(&rset); + FD_SET(FD_SET_T fd, &rset); + FD_ZERO(&wset); + FD_SET(FD_SET_T fd, &wset); + FD_ZERO(&eset); + FD_SET(FD_SET_T fd, &eset); + tv.tv_sec = UNBOUND_CONTROL_CONNECT_TIMEOUT/1000; + tv.tv_usec= (UNBOUND_CONTROL_CONNECT_TIMEOUT%1000)*1000; + if(select(fd+1, &rset, &wset, &eset, &tv) == -1) { + fatal_exit("select: %s", sock_strerror(errno)); + } + if(!FD_ISSET(fd, &rset) && !FD_ISSET(fd, &wset) && + !FD_ISSET(fd, &eset)) { + fatal_exit("timeout: could not connect to server"); + } else { + /* check nonblocking connect error */ + int error = 0; + socklen_t len = (socklen_t)sizeof(error); + if(getsockopt(fd, SOL_SOCKET, SO_ERROR, (void*)&error, + &len) < 0) { +#ifndef USE_WINSOCK + error = errno; /* on solaris errno is error */ +#else + error = WSAGetLastError(); +#endif + } + if(error != 0) { +#ifndef USE_WINSOCK +#ifdef EINPROGRESS + if(error == EINPROGRESS) + continue; /* try again later */ +#endif +#ifdef EWOULDBLOCK + if(error == EWOULDBLOCK) + continue; /* try again later */ +#endif +#else + if(error == WSAEINPROGRESS) + continue; /* try again later */ + if(error == WSAEWOULDBLOCK) + continue; /* try again later */ +#endif + checkconnecterr(error, svr, &addr, addrlen, + statuscmd, useport); + } + } + break; + } + fd_set_block(fd); return fd; } diff --git a/smallapp/worker_cb.c b/smallapp/worker_cb.c index 78d921a3c6e9..cdf855dc3659 100644 --- a/smallapp/worker_cb.c +++ b/smallapp/worker_cb.c @@ -46,6 +46,9 @@ #include "util/fptr_wlist.h" #include "util/log.h" #include "services/mesh.h" +#ifdef USE_DNSTAP +#include "dnstap/dtstream.h" +#endif void worker_handle_control_cmd(struct tube* ATTR_UNUSED(tube), uint8_t* ATTR_UNUSED(buffer), size_t ATTR_UNUSED(len), |