commit: a28f282c916409fa07de88716d221a93c83cf976 Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Fri Jan 19 07:09:58 2024 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Fri Jan 19 07:10:26 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a28f282c
net-dns/c-ares: backport RR sanity check fix Signed-off-by: Sam James <sam <AT> gentoo.org> net-dns/c-ares/c-ares-1.25.0-r1.ebuild | 96 ++++++++++++ .../files/c-ares-1.25.0-fix-sanity-check-rr.patch | 166 +++++++++++++++++++++ 2 files changed, 262 insertions(+) diff --git a/net-dns/c-ares/c-ares-1.25.0-r1.ebuild b/net-dns/c-ares/c-ares-1.25.0-r1.ebuild new file mode 100644 index 000000000000..f765378e9adf --- /dev/null +++ b/net-dns/c-ares/c-ares-1.25.0-r1.ebuild @@ -0,0 +1,96 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc +inherit edo multilib-minimal verify-sig + +DESCRIPTION="C library that resolves names asynchronously" +HOMEPAGE="https://c-ares.org/"; +SRC_URI=" + https://c-ares.org/download/${P}.tar.gz + verify-sig? ( https://c-ares.org/download/${P}.tar.gz.asc ) +" + +# ISC for lib/{bitncmp.c,inet_ntop.c,inet_net_pton.c} (bug #912405) +LICENSE="MIT ISC" +# Subslot = SONAME of libcares.so.2 +SLOT="0/2" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +IUSE="static-libs test" +RESTRICT="!test? ( test )" + +BDEPEND=" + test? ( dev-cpp/gtest ) + verify-sig? ( sec-keys/openpgp-keys-danielstenberg ) +" + +DOCS=( AUTHORS CHANGES NEWS README.md RELEASE-NOTES TODO ) + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/ares_build.h +) + +A__QA_CONFIG_IMPL_DECL_SKIP=( + # Checking for obsolete headers + malloc + calloc + free + + # Non-existent on Linux + closesocket + CloseSocket + ioctlsocket + bitncmp + ConvertInterfaceIndexToLuid + ConvertInterfaceLuidToNameA +) + +PATCHES=( + "${FILESDIR}"/${P}-fix-sanity-check-rr.patch +) + +multilib_src_configure() { + local myeconfargs=( + --enable-symbol-hiding + $(use_enable static-libs static) + $(use_enable test tests) + ) + + # Needed for running unit tests only + # Violates sandbox and tests pass fine without + export ax_cv_uts_namespace=no + export ax_cv_user_namespace=no + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" +} + +multilib_src_test() { + cd "${BUILD_DIR}"/test || die + + # We're skipping the "real" network tests with the filter + # see https://github.com/c-ares/c-ares/tree/main/test + local network_tests=( + # Most live tests have Live in the name + *Live* + # These don't but are still in ares-test-live.cc => live + *GetTCPSock* + *TimeoutValue* + *GetSock* + *GetSock_virtualized* + *VerifySocketFunctionCallback* + # Seems flaky, even run manually + # https://github.com/c-ares/c-ares/commit/9e542a8839f81c990bb0dff14beeaf9aa6bcc18d + *MockUDPMaxQueriesTest.GetHostByNameParallelLookups* + ) + + # The format for disabling test1, test2, and test3 looks like: + # -test1:test2:test3 + edo ./arestest --gtest_filter=-$(echo $(IFS=:; echo "${network_tests[*]}")) +} + +multilib_src_install_all() { + einstalldocs + + find "${ED}" -name "*.la" -delete || die +} diff --git a/net-dns/c-ares/files/c-ares-1.25.0-fix-sanity-check-rr.patch b/net-dns/c-ares/files/c-ares-1.25.0-fix-sanity-check-rr.patch new file mode 100644 index 000000000000..9b494ebfe8fe --- /dev/null +++ b/net-dns/c-ares/files/c-ares-1.25.0-fix-sanity-check-rr.patch @@ -0,0 +1,166 @@ +https://github.com/c-ares/c-ares/issues/683 +https://github.com/c-ares/c-ares/commit/626dcb155b4daf3360e4251c64ce052e7e520b34 + +From 626dcb155b4daf3360e4251c64ce052e7e520b34 Mon Sep 17 00:00:00 2001 +From: Brad House <[email protected]> +Date: Fri, 12 Jan 2024 09:55:42 -0500 +Subject: [PATCH] Do not sanity check RR Name vs Question (#685) + +It appears as though we should never sanity check the RR name vs the question name as some DNS servers may return results for alias records. + +Fixes Bug: #683 +Fix By: Brad House (@bradh352) +--- a/src/lib/ares__parse_into_addrinfo.c ++++ b/src/lib/ares__parse_into_addrinfo.c +@@ -81,7 +81,6 @@ ares_status_t ares__parse_into_addrinfo(const unsigned char *abuf, size_t alen, + } + + for (i = 0; i < ancount; i++) { +- const char *rname = NULL; + ares_dns_rec_type_t rtype; + const ares_dns_rr_t *rr = + ares_dns_record_rr_get(dnsrec, ARES_SECTION_ANSWER, i); +@@ -91,13 +90,18 @@ ares_status_t ares__parse_into_addrinfo(const unsigned char *abuf, size_t alen, + } + + rtype = ares_dns_rr_get_type(rr); +- rname = ares_dns_rr_get_name(rr); + +- /* Old code did this hostname sanity check */ +- if ((rtype == ARES_REC_TYPE_A || rtype == ARES_REC_TYPE_AAAA) && +- strcasecmp(rname, hostname) != 0) { +- continue; +- } ++ /* Issue #683 ++ * Old code did this hostname sanity check, however it appears this is ++ * flawed logic. Other resolvers don't do this sanity check. Leaving ++ * this code commented out for future reference. ++ * ++ * rname = ares_dns_rr_get_name(rr); ++ * if ((rtype == ARES_REC_TYPE_A || rtype == ARES_REC_TYPE_AAAA) && ++ * strcasecmp(rname, hostname) != 0) { ++ * continue; ++ * } ++ */ + + if (rtype == ARES_REC_TYPE_CNAME) { + struct ares_addrinfo_cname *cname; +--- a/src/lib/ares_parse_ptr_reply.c ++++ b/src/lib/ares_parse_ptr_reply.c +@@ -113,7 +113,6 @@ int ares_parse_ptr_reply(const unsigned char *abuf, int alen_int, + + /* Cycle through answers */ + for (i = 0; i < ancount; i++) { +- const char *rname = NULL; + const ares_dns_rr_t *rr = + ares_dns_record_rr_get(dnsrec, ARES_SECTION_ANSWER, i); + +@@ -141,17 +140,20 @@ int ares_parse_ptr_reply(const unsigned char *abuf, int alen_int, + continue; + } + +- /* Old code compared the name in the rr to the ptrname, so we'll do that +- * check here, but I'm not sure its necessary */ +- rname = ares_dns_rr_get_name(rr); +- if (rname == NULL) { +- /* Shouldn't be possible */ +- status = ARES_EBADRESP; +- goto done; +- } +- if (strcasecmp(ptrname, rname) != 0) { +- continue; +- } ++ /* Issue #683 ++ * Old code compared the name in the rr to the ptrname, but I think this ++ * is wrong since it was proven wrong for A & AAAA records. Leaving ++ * this code commented out for future reference ++ * ++ * rname = ares_dns_rr_get_name(rr); ++ * if (rname == NULL) { ++ * status = ARES_EBADRESP; ++ * goto done; ++ * } ++ * if (strcasecmp(ptrname, rname) != 0) { ++ * continue; ++ * } ++ */ + + /* Save most recent PTR record as the hostname */ + hostname = ares_dns_rr_get_str(rr, ARES_RR_PTR_DNAME); +--- a/test/ares-test-parse-a.cc ++++ b/test/ares-test-parse-a.cc +@@ -312,13 +312,19 @@ TEST_F(LibraryTest, ParseAReplyErrors) { + EXPECT_EQ(nullptr, host); + pkt.add_question(new DNSQuestion("example.com", T_A)); + +- // Question != answer ++ // Question != answer, this is ok as of Issue #683 + pkt.questions_.clear(); + pkt.add_question(new DNSQuestion("Axample.com", T_A)); + data = pkt.data(); +- EXPECT_EQ(ARES_ENODATA, ares_parse_a_reply(data.data(), (int)data.size(), ++ EXPECT_EQ(ARES_SUCCESS, ares_parse_a_reply(data.data(), (int)data.size(), + &host, info, &count)); +- EXPECT_EQ(nullptr, host); ++ ASSERT_NE(nullptr, host); ++ std::stringstream ss; ++ ss << HostEnt(host); ++ EXPECT_EQ("{'Axample.com' aliases=[] addrs=[2.3.4.5]}", ss.str()); ++ ares_free_hostent(host); ++ host = nullptr; ++ + pkt.questions_.clear(); + pkt.add_question(new DNSQuestion("example.com", T_A)); + +--- a/test/ares-test-parse-aaaa.cc ++++ b/test/ares-test-parse-aaaa.cc +@@ -139,13 +139,19 @@ TEST_F(LibraryTest, ParseAaaaReplyErrors) { + EXPECT_EQ(nullptr, host); + pkt.add_question(new DNSQuestion("example.com", T_AAAA)); + +- // Question != answer ++ // Question != answer, this is ok as of Issue #683 + pkt.questions_.clear(); + pkt.add_question(new DNSQuestion("Axample.com", T_AAAA)); + data = pkt.data(); +- EXPECT_EQ(ARES_ENODATA, ares_parse_aaaa_reply(data.data(), (int)data.size(), ++ EXPECT_EQ(ARES_SUCCESS, ares_parse_aaaa_reply(data.data(), (int)data.size(), + &host, info, &count)); +- EXPECT_EQ(nullptr, host); ++ ASSERT_NE(nullptr, host); ++ std::stringstream ss; ++ ss << HostEnt(host); ++ EXPECT_EQ("{'Axample.com' aliases=[] addrs=[0101:0101:0202:0202:0303:0303:0404:0404]}", ss.str()); ++ ares_free_hostent(host); ++ ++ host = nullptr; + pkt.questions_.clear(); + pkt.add_question(new DNSQuestion("example.com", T_AAAA)); + +--- a/test/ares-test-parse-ptr.cc ++++ b/test/ares-test-parse-ptr.cc +@@ -163,13 +163,20 @@ TEST_F(LibraryTest, ParsePtrReplyErrors) { + addrv4, sizeof(addrv4), AF_INET, &host)); + pkt.add_question(new DNSQuestion("64.48.32.16.in-addr.arpa", T_PTR)); + +- // Question != answer ++ // Question != answer, ok after #683 ++ host = nullptr; + pkt.questions_.clear(); + pkt.add_question(new DNSQuestion("99.48.32.16.in-addr.arpa", T_PTR)); + data = pkt.data(); +- EXPECT_EQ(ARES_ENODATA, ares_parse_ptr_reply(data.data(), (int)data.size(), ++ EXPECT_EQ(ARES_SUCCESS, ares_parse_ptr_reply(data.data(), (int)data.size(), + addrv4, sizeof(addrv4), AF_INET, &host)); +- EXPECT_EQ(nullptr, host); ++ ASSERT_NE(nullptr, host); ++ std::stringstream ss; ++ ss << HostEnt(host); ++ EXPECT_EQ("{'other.com' aliases=[other.com] addrs=[16.32.48.64]}", ss.str()); ++ ares_free_hostent(host); ++ ++ host = nullptr; + pkt.questions_.clear(); + pkt.add_question(new DNSQuestion("64.48.32.16.in-addr.arpa", T_PTR)); + +
