Commit Diff
Diff:
f6f615304abcf1ddd9b4c03a5a38cafe2deb6140
51915c1ddf7026ebee8e00d882e947b9c2e75e4c
Commit:
51915c1ddf7026ebee8e00d882e947b9c2e75e4c
Tree:
f330c8eb657fa1b7efa684ab81d1cfdc5a9a428d
Author:
pjp <pjp@delphinusdns.org>
Committer:
pjp <pjp@delphinusdns.org>
Date:
Mon Jun 29 16:22:05 2020 UTC
Message:
take struct recurses out of struct sreply adjust build_reply() fix axfr.c, this potentially fixes a possible overflow, I think I said somewhere that the AXFR should be firewalled to the replicants, either way there is still the axfr-for "" {} whitelist that should only allow authenticated servers.
blob - 2df19182ff070044cdcad2d1553701b0574c1457
blob + b9e43a8a3aca04bb8bad0544696292c06562fe98
--- axfr.c
+++ axfr.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2011-2019 Peter J. Philipp
+ * Copyright (c) 2011-2020 Peter J. Philipp
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -27,7 +27,7 @@
*/
/*
- * $Id: axfr.c,v 1.43 2020/06/25 10:01:10 pjp Exp $
+ * $Id: axfr.c,v 1.44 2020/06/29 16:22:05 pjp Exp $
*/
#include <sys/types.h>
@@ -114,7 +114,7 @@ extern struct question *build_fake_question(char *, in
extern struct question *build_question(char *, int, int, char *);
extern int free_question(struct question *);
extern void dolog(int, char *, ...);
-extern void build_reply(struct sreply *, int, char *, int, struct question *, struct sockaddr *, socklen_t, struct rbtree *, struct rbtree *, u_int8_t, int, int, struct recurses *);
+extern void build_reply(struct sreply *, int, char *, int, struct question *, struct sockaddr *, socklen_t, struct rbtree *, struct rbtree *, u_int8_t, int, int, char *);
extern struct rbtree * find_rrset(ddDB *db, char *name, int len);
extern struct rrset * find_rr(struct rbtree *rbt, u_int16_t rrtype);
@@ -842,9 +842,9 @@ axfr_connection(int so, char *address, int is_ipv6, dd
char tsigkey[512];
char *p = &buf[0];
char *q;
- char *reply;
+ char *reply, *replybuf;
- int len, dnslen;
+ int len, dnslen = 0;
int offset = 0;
int qlen;
int outlen;
@@ -864,6 +864,13 @@ axfr_connection(int so, char *address, int is_ipv6, dd
ddDBT key, data;
HMAC_CTX *tsigctx = NULL;
+ if ((replybuf = calloc(1, 0xffff + 3)) == NULL) {
+ dolog(LOG_ERR, "calloc: %s\n", strerror(errno));
+ close(so);
+ exit(1);
+ }
+
+
if (packetlen > sizeof(buf)) {
dolog(LOG_ERR, "buffer size of buf is smaller than given packet, drop\n");
close(so);
@@ -895,8 +902,9 @@ axfr_connection(int so, char *address, int is_ipv6, dd
offset += len;
continue;
}
- if (dnslen + 2 != offset + len) {
- offset += len;
+
+ /* sanity check around dnslen */
+ if (dnslen > 0 && (dnslen + 2) != (offset + len)) {
continue;
}
@@ -913,7 +921,7 @@ axfr_connection(int so, char *address, int is_ipv6, dd
if (ntohs(dh->question) != 1) {
dolog(LOG_INFO, "AXFR dns packet does not have a question count of 1 (RFC 5936, page 9), reply fmterror\n");
- build_reply(&sreply, so, (p + 2), dnslen, NULL, NULL, 0, NULL, NULL, 0xff, 1, 0, NULL);
+ build_reply(&sreply, so, (p + 2), dnslen, NULL, NULL, 0, NULL, NULL, 0xff, 1, 0, replybuf);
reply_fmterror(&sreply, NULL);
goto drop;
@@ -965,7 +973,7 @@ axfr_connection(int so, char *address, int is_ipv6, dd
dolog(LOG_INFO, "internal error: %s\n", strerror(errno));
goto drop;
}
- build_reply(&sreply, so, (p + 2), dnslen, question, NULL, 0, rbt2, NULL, 0xff, 1, 0, NULL);
+ build_reply(&sreply, so, (p + 2), dnslen, question, NULL, 0, rbt2, NULL, 0xff, 1, 0, replybuf);
reply_nxdomain(&sreply, NULL);
dolog(LOG_INFO, "AXFR request for zone %s, no db entry, nxdomain -> drop\n", question->converted_name);
goto drop;
@@ -981,7 +989,7 @@ axfr_connection(int so, char *address, int is_ipv6, dd
dolog(LOG_INFO, "internal error: %s\n", strerror(errno));
goto drop;
}
- build_reply(&sreply, so, (p + 2), dnslen, question, NULL, 0, rbt2, NULL, 0xff, 1, 0, NULL);
+ build_reply(&sreply, so, (p + 2), dnslen, question, NULL, 0, rbt2, NULL, 0xff, 1, 0, replybuf);
reply_nxdomain(&sreply, NULL);
dolog(LOG_INFO, "AXFR request for zone %s, which has no SOA for the zone, nxdomain -> drop\n", question->converted_name);
@@ -1063,7 +1071,7 @@ axfr_connection(int so, char *address, int is_ipv6, dd
if (checklabel(db, rbt, soa, question)) {
fq = build_fake_question(rbt->zone, rbt->zonelen, 0, NULL, 0);
- build_reply(&sreply, so, (p + 2), dnslen, fq, NULL, 0, rbt, NULL, 0xff, 1, 0, NULL);
+ build_reply(&sreply, so, (p + 2), dnslen, fq, NULL, 0, rbt, NULL, 0xff, 1, 0, replybuf);
outlen = create_anyreply(&sreply, (reply + 2), 65535, outlen, 0);
free_question(fq);
@@ -1080,7 +1088,7 @@ axfr_connection(int so, char *address, int is_ipv6, dd
continue;
}
- build_reply(&sreply, so, (p + 2), dnslen, fq, NULL, 0, rbt2, NULL, 0xff, 1, 0, NULL);
+ build_reply(&sreply, so, (p + 2), dnslen, fq, NULL, 0, rbt2, NULL, 0xff, 1, 0, replybuf);
outlen = create_anyreply(&sreply, (reply + 2), 65535, outlen, 0);
if (rbt2) {
free(rbt2);
blob - 70692ed9845ba3e8976e8b38d3f526c3292003cd
blob + 567b789a7a16aacb3fc1f107958fcfea9701dc8d
--- ddd-db.h
+++ ddd-db.h
@@ -27,7 +27,7 @@
*/
/*
- * $Id: ddd-db.h,v 1.33 2020/06/25 10:01:10 pjp Exp $
+ * $Id: ddd-db.h,v 1.34 2020/06/29 16:22:05 pjp Exp $
*/
#ifndef _DB_H
@@ -249,7 +249,6 @@ struct sreply {
u_int8_t region; /* region of question */
int istcp; /* when set it's tcp */
int wildcard; /* wildcarding boolean */
- struct recurses *sr; /* recurses struct for raw sockets */
char *replybuf; /* reply buffer */
};
blob - 936deff90a1846d8a32c92e1531ab627deb3e114
blob + ec24ccf9cca63443b89ecb5f70655b42cd36db45
--- delphinusdnsd.c
+++ delphinusdnsd.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: delphinusdnsd.c,v 1.103 2020/06/26 11:50:56 pjp Exp $
+ * $Id: delphinusdnsd.c,v 1.104 2020/06/29 16:22:05 pjp Exp $
*/
@@ -173,7 +173,7 @@ extern struct rbtree * get_ns(ddDB *, struct rbtree *,
struct question *convert_question(struct parsequestion *);
-void build_reply(struct sreply *, int, char *, int, struct question *, struct sockaddr *, socklen_t, struct rbtree *, struct rbtree *, u_int8_t, int, int, void *, char *);
+void build_reply(struct sreply *, int, char *, int, struct question *, struct sockaddr *, socklen_t, struct rbtree *, struct rbtree *, u_int8_t, int, int, char *);
int compress_label(u_char *, u_int16_t, int);
int determine_glue(ddDB *db);
void mainloop(struct cfg *, struct imsgbuf *);
@@ -1666,7 +1666,7 @@ axfrentry:
if (filter && require_tsig == 0) {
- build_reply(&sreply, so, buf, len, NULL, from, fromlen, NULL, NULL, aregion, istcp, 0, NULL, replybuf);
+ build_reply(&sreply, so, buf, len, NULL, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
slen = reply_refused(&sreply, NULL);
dolog(LOG_INFO, "UDP connection refused on descriptor %u interface \"%s\" from %s (ttl=%d, region=%d) replying REFUSED, filter policy\n", so, cfg->ident[i], address, received_ttl, aregion);
@@ -1675,7 +1675,7 @@ axfrentry:
if (whitelist && blacklist == 0) {
- build_reply(&sreply, so, buf, len, NULL, from, fromlen, NULL, NULL, aregion, istcp, 0, NULL, replybuf);
+ build_reply(&sreply, so, buf, len, NULL, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
slen = reply_refused(&sreply, NULL);
dolog(LOG_INFO, "UDP connection refused on descriptor %u interface \"%s\" from %s (ttl=%d, region=%d) replying REFUSED, whitelist policy\n", so, cfg->ident[i], address, received_ttl, aregion);
@@ -1751,7 +1751,7 @@ axfrentry:
case PARSE_RETURN_NOQUESTION:
dolog(LOG_INFO, "on descriptor %u interface \"%s\" header from %s has no question, drop\n", so, cfg->ident[i], address);
/* format error */
- build_reply(&sreply, so, buf, len, NULL, from, fromlen, NULL, NULL, aregion, istcp, 0, NULL, replybuf);
+ build_reply(&sreply, so, buf, len, NULL, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
slen = reply_fmterror(&sreply, NULL);
dolog(LOG_INFO, "question on descriptor %d interface \"%s\" from %s, did not have question of 1 replying format error\n", so, cfg->ident[i], address);
imsg_free(&imsg);
@@ -1767,7 +1767,7 @@ axfrentry:
case PARSE_RETURN_NOTAUTH:
/* we didn't see a tsig header */
if (filter && pq.tsig.have_tsig == 0) {
- build_reply(&sreply, so, buf, len, NULL, from, fromlen, NULL, NULL, aregion, istcp, 0, NULL, replybuf);
+ build_reply(&sreply, so, buf, len, NULL, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
slen = reply_refused(&sreply, NULL);
dolog(LOG_INFO, "UDP connection refused on descriptor %u interface \"%s\" from %s (ttl=%d, region=%d) replying REFUSED, not a tsig\n", so, cfg->ident[i], address, received_ttl, aregion);
imsg_free(&imsg);
@@ -1801,7 +1801,7 @@ axfrentry:
question->tsig.tsigverified == 1) {
dolog(LOG_INFO, "on descriptor %u interface \"%s\" authenticated dns NOTIFY packet from %s, replying NOTIFY\n", so, cfg->ident[i], address);
snprintf(replystring, DNS_MAXNAME, "NOTIFY");
- build_reply(&sreply, so, buf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, NULL, replybuf);
+ build_reply(&sreply, so, buf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
slen = reply_notify(&sreply, NULL);
/* send notify to replicant process */
@@ -1814,7 +1814,7 @@ axfrentry:
} else if (question->tsig.have_tsig && question->tsig.tsigerrorcode != 0) {
dolog(LOG_INFO, "on descriptor %u interface \"%s\" not authenticated dns NOTIFY packet (code = %d) from %s, replying notauth\n", so, cfg->ident[i], question->tsig.tsigerrorcode, address);
snprintf(replystring, DNS_MAXNAME, "NOTAUTH");
- build_reply(&sreply, so, buf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, NULL, replybuf);
+ build_reply(&sreply, so, buf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
slen = reply_notauth(&sreply, NULL);
goto udpout;
}
@@ -1822,7 +1822,7 @@ axfrentry:
if (notifysource(question, (struct sockaddr_storage *)from)) {
dolog(LOG_INFO, "on descriptor %u interface \"%s\" dns NOTIFY packet from %s, replying NOTIFY\n", so, cfg->ident[i], address);
snprintf(replystring, DNS_MAXNAME, "NOTIFY");
- build_reply(&sreply, so, buf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, NULL, replybuf);
+ build_reply(&sreply, so, buf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
slen = reply_notify(&sreply, NULL);
/* send notify to replicant process */
idata = (pid_t)question->hdr->namelen;
@@ -1834,7 +1834,7 @@ axfrentry:
/* RFC 1996 - 3.10 is probably broken reply REFUSED */
dolog(LOG_INFO, "on descriptor %u interface \"%s\" dns NOTIFY packet from %s, NOT in our list of MASTER servers replying REFUSED\n", so, cfg->ident[i], address);
snprintf(replystring, DNS_MAXNAME, "REFUSED");
- build_reply(&sreply, so, buf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, NULL, replybuf);
+ build_reply(&sreply, so, buf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
slen = reply_refused(&sreply, NULL);
goto udpout;
@@ -1844,13 +1844,13 @@ axfrentry:
if (question->tsig.have_tsig && question->tsig.tsigerrorcode != 0) {
dolog(LOG_INFO, "on descriptor %u interface \"%s\" not authenticated dns packet (code = %d) from %s, replying notauth\n", so, cfg->ident[i], question->tsig.tsigerrorcode, address);
snprintf(replystring, DNS_MAXNAME, "NOTAUTH");
- build_reply(&sreply, so, buf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, NULL, replybuf);
+ build_reply(&sreply, so, buf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
slen = reply_notauth(&sreply, NULL);
goto udpout;
}
/* hack around whether we're edns version 0 */
if (question->ednsversion != 0) {
- build_reply(&sreply, so, buf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, NULL, replybuf);
+ build_reply(&sreply, so, buf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
slen = reply_badvers(&sreply, NULL);
dolog(LOG_INFO, "on TCP descriptor %u interface \"%s\" edns version is %u from %s, replying badvers\n", so, cfg->ident[i], question->ednsversion, address);
@@ -1863,7 +1863,7 @@ axfrentry:
ntohs(question->hdr->qtype) == DNS_TYPE_TXT &&
strcasecmp(question->converted_name, "version.bind.") == 0) {
snprintf(replystring, DNS_MAXNAME, "VERSION");
- build_reply(&sreply, so, buf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, NULL, replybuf);
+ build_reply(&sreply, so, buf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
slen = reply_version(&sreply, NULL);
goto udpout;
}
@@ -1883,7 +1883,7 @@ axfrentry:
case ERR_REFUSED:
snprintf(replystring, DNS_MAXNAME, "REFUSED");
- build_reply(&sreply, so, buf, len, question, from, fromlen, rbt0, NULL, aregion, istcp, 0, NULL, replybuf);
+ build_reply(&sreply, so, buf, len, question, from, fromlen, rbt0, NULL, aregion, istcp, 0, replybuf);
slen = reply_refused(&sreply, NULL);
goto udpout;
break;
@@ -1901,7 +1901,7 @@ axfrentry:
if (rbt0 != NULL) {
build_reply(&sreply, so, buf, len, question, from, \
fromlen, rbt0, NULL, aregion, istcp, \
- 0, NULL, replybuf);
+ 0, replybuf);
slen = reply_nxdomain(&sreply, cfg->db);
}
@@ -1917,10 +1917,10 @@ axfrentry:
rbt1 = get_soa(cfg->db, question);
if (rbt1 != NULL) {
snprintf(replystring, DNS_MAXNAME, "NODATA");
- build_reply(&sreply, so, buf, len, question, from, fromlen, rbt1, rbt0, aregion, istcp, 0, NULL, replybuf);
+ build_reply(&sreply, so, buf, len, question, from, fromlen, rbt1, rbt0, aregion, istcp, 0, replybuf);
slen = reply_nodata(&sreply, cfg->db);
} else {
- build_reply(&sreply, so, buf, len, question, from, fromlen, rbt1, rbt0, aregion, istcp, 0, NULL, replybuf);
+ build_reply(&sreply, so, buf, len, question, from, fromlen, rbt1, rbt0, aregion, istcp, 0, replybuf);
slen = reply_refused(&sreply, cfg->db);
snprintf(replystring, DNS_MAXNAME, "REFUSED");
}
@@ -1947,7 +1947,7 @@ axfrentry:
if (rbt0 != NULL) {
build_reply(&sreply, so, buf, len, question, from, \
fromlen, rbt0, NULL, aregion, istcp, 0,
- NULL, replybuf);
+ replybuf);
slen = reply_noerror(&sreply, cfg->db);
@@ -1962,7 +1962,7 @@ axfrentry:
if (rbt0 != NULL) {
build_reply(&sreply, so, buf, len, question, from, \
fromlen, rbt0, NULL, aregion, istcp, \
- 0, NULL, replybuf);
+ 0, replybuf);
slen = reply_ns(&sreply, cfg->db);
} else {
@@ -2015,7 +2015,7 @@ axfrentry:
default:
build_reply(&sreply, so, buf, len, question, from, \
fromlen, NULL, NULL, aregion, istcp, 0, \
- NULL, replybuf);
+ replybuf);
slen = reply_notimpl(&sreply, NULL);
snprintf(replystring, DNS_MAXNAME, "NOTIMPL");
@@ -2029,12 +2029,12 @@ axfrentry:
case BUILD_CNAME:
build_reply(&sreply, so, buf, len, question,
from, fromlen, rbt0, ((type1 > 0) ? rbt1 :
- NULL), aregion, istcp, 0, NULL, replybuf);
+ NULL), aregion, istcp, 0, replybuf);
break;
case BUILD_OTHER:
build_reply(&sreply, so, buf, len, question,
from, fromlen, rbt0, NULL, aregion, istcp,
- 0, NULL, replybuf);
+ 0, replybuf);
break;
}
} else {
@@ -2058,7 +2058,7 @@ axfrentry:
build_reply(&sreply, so, buf, len, question, from, \
fromlen, rbt0, NULL, aregion, istcp, 0, \
- NULL, replybuf);
+ replybuf);
slen = reply_ns(&sreply, cfg->db);
} else {
@@ -2066,7 +2066,7 @@ axfrentry:
build_reply(&sreply, so, buf, len, question, from, \
fromlen, NULL, NULL, aregion, istcp, 0, \
- NULL, replybuf);
+ replybuf);
slen = reply_notimpl(&sreply, NULL);
snprintf(replystring, DNS_MAXNAME, "NOTIMPL");
@@ -2123,7 +2123,7 @@ axfrentry:
*/
void
-build_reply(struct sreply *reply, int so, char *buf, int len, struct question *q, struct sockaddr *sa, socklen_t slen, struct rbtree *rbt1, struct rbtree *rbt2, u_int8_t region, int istcp, int deprecated0, void *sr, char *replybuf)
+build_reply(struct sreply *reply, int so, char *buf, int len, struct question *q, struct sockaddr *sa, socklen_t slen, struct rbtree *rbt1, struct rbtree *rbt2, u_int8_t region, int istcp, int deprecated0, char *replybuf)
{
reply->so = so;
reply->buf = buf;
@@ -2136,7 +2136,6 @@ build_reply(struct sreply *reply, int so, char *buf, i
reply->region = region;
reply->istcp = istcp;
reply->wildcard = 0;
- reply->sr = NULL;
reply->replybuf = replybuf;
return;
@@ -2544,7 +2543,7 @@ tcploop(struct cfg *cfg, struct imsgbuf *ibuf)
if (filter && require_tsig == 0) {
dolog(LOG_INFO, "TCP connection refused on descriptor %u interface \"%s\" from %s, filter policy, drop\n", so, cfg->ident[i], address);
#if 0
- build_reply(&sreply, so, pbuf, len, NULL, from, fromlen, NULL, NULL, aregion, istcp, 0, NULL, replybuf);
+ build_reply(&sreply, so, pbuf, len, NULL, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
slen = reply_refused(&sreply, NULL);
#endif
close(so);
@@ -2716,7 +2715,7 @@ tcploop(struct cfg *cfg, struct imsgbuf *ibuf)
case PARSE_RETURN_NOQUESTION:
dolog(LOG_INFO, "TCP packet on descriptor %u interface \"%s\" header from %s has no question, drop\n", so, cfg->ident[tcpnp->intidx], tcpnp->address);
/* format error */
- build_reply(&sreply, so, pbuf, len, NULL, from, fromlen, NULL, NULL, aregion, istcp, 0, NULL, replybuf);
+ build_reply(&sreply, so, pbuf, len, NULL, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
slen = reply_fmterror(&sreply, NULL);
dolog(LOG_INFO, "TCP question on descriptor %d interface \"%s\" from %s, did not have question of 1 replying format error\n", so, cfg->ident[tcpnp->intidx], tcpnp->address);
imsg_free(&imsg);
@@ -2731,7 +2730,7 @@ tcploop(struct cfg *cfg, struct imsgbuf *ibuf)
goto drop;
case PARSE_RETURN_NOTAUTH:
if (filter && pq.tsig.have_tsig == 0) {
- build_reply(&sreply, so, pbuf, len, NULL, from, fromlen, NULL, NULL, aregion, istcp, 0, NULL, replybuf);
+ build_reply(&sreply, so, pbuf, len, NULL, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
slen = reply_refused(&sreply, NULL);
dolog(LOG_INFO, "TCP connection refused on descriptor %u interface \"%s\" from %s (ttl=TCP, region=%d) replying REFUSED, not a tsig\n", so, cfg->ident[tcpnp->intidx], tcpnp->address, aregion);
imsg_free(&imsg);
@@ -2763,7 +2762,7 @@ tcploop(struct cfg *cfg, struct imsgbuf *ibuf)
question->tsig.tsigverified == 1) {
dolog(LOG_INFO, "on TCP descriptor %u interface \"%s\" authenticated dns NOTIFY packet from %s, replying NOTIFY\n", so, cfg->ident[tcpnp->intidx], tcpnp->address);
snprintf(replystring, DNS_MAXNAME, "NOTIFY");
- build_reply(&sreply, so, pbuf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, NULL, replybuf);
+ build_reply(&sreply, so, pbuf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
slen = reply_notify(&sreply, NULL);
/* send notify to replicant process */
idata = (pid_t)question->hdr->namelen;
@@ -2775,7 +2774,7 @@ tcploop(struct cfg *cfg, struct imsgbuf *ibuf)
} else if (question->tsig.have_tsig && question->tsig.tsigerrorcode != 0) {
dolog(LOG_INFO, "on TCP descriptor %u interface \"%s\" not authenticated dns NOTIFY packet (code = %d) from %s, replying notauth\n", so, cfg->ident[tcpnp->intidx], question->tsig.tsigerrorcode, tcpnp->address);
snprintf(replystring, DNS_MAXNAME, "NOTAUTH");
- build_reply(&sreply, so, pbuf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, NULL, replybuf);
+ build_reply(&sreply, so, pbuf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
slen = reply_notauth(&sreply, NULL);
goto tcpout;
}
@@ -2783,7 +2782,7 @@ tcploop(struct cfg *cfg, struct imsgbuf *ibuf)
if (notifysource(question, (struct sockaddr_storage *)from)) {
dolog(LOG_INFO, "on TCP descriptor %u interface \"%s\" dns NOTIFY packet from %s, replying NOTIFY\n", so, cfg->ident[tcpnp->intidx], tcpnp->address);
snprintf(replystring, DNS_MAXNAME, "NOTIFY");
- build_reply(&sreply, so, pbuf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, NULL, replybuf);
+ build_reply(&sreply, so, pbuf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
slen = reply_notify(&sreply, NULL);
/* send notify to replicant process */
idata = (pid_t)question->hdr->namelen;
@@ -2795,7 +2794,7 @@ tcploop(struct cfg *cfg, struct imsgbuf *ibuf)
/* RFC 1996 - 3.10 is probably broken, replying REFUSED */
dolog(LOG_INFO, "on TCP descriptor %u interface \"%s\" dns NOTIFY packet from %s, NOT in our list of MASTER servers replying REFUSED\n", so, cfg->ident[tcpnp->intidx], tcpnp->address);
snprintf(replystring, DNS_MAXNAME, "REFUSED");
- build_reply(&sreply, so, pbuf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, NULL, replybuf);
+ build_reply(&sreply, so, pbuf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
slen = reply_refused(&sreply, NULL);
goto tcpout;
@@ -2805,7 +2804,7 @@ tcploop(struct cfg *cfg, struct imsgbuf *ibuf)
if (question->tsig.have_tsig && question->tsig.tsigerrorcode != 0) {
dolog(LOG_INFO, "on TCP descriptor %u interface \"%s\" not authenticated dns packet (code = %d) from %s, replying notauth\n", so, cfg->ident[tcpnp->intidx], question->tsig.tsigerrorcode, tcpnp->address);
snprintf(replystring, DNS_MAXNAME, "NOTAUTH");
- build_reply(&sreply, so, pbuf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, NULL, replybuf);
+ build_reply(&sreply, so, pbuf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
slen = reply_notauth(&sreply, NULL);
goto tcpout;
}
@@ -2835,7 +2834,7 @@ tcploop(struct cfg *cfg, struct imsgbuf *ibuf)
ntohs(question->hdr->qtype) == DNS_TYPE_TXT &&
strcasecmp(question->converted_name, "version.bind.") == 0) {
snprintf(replystring, DNS_MAXNAME, "VERSION");
- build_reply(&sreply, so, pbuf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, NULL, replybuf);
+ build_reply(&sreply, so, pbuf, len, question, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
slen = reply_version(&sreply, NULL);
goto tcpout;
}
@@ -2854,7 +2853,7 @@ tcploop(struct cfg *cfg, struct imsgbuf *ibuf)
case ERR_REFUSED:
snprintf(replystring, DNS_MAXNAME, "REFUSED");
- build_reply(&sreply, so, pbuf, len, question, from, fromlen, rbt0, NULL, aregion, istcp, 0, NULL, replybuf);
+ build_reply(&sreply, so, pbuf, len, question, from, fromlen, rbt0, NULL, aregion, istcp, 0, replybuf);
slen = reply_refused(&sreply, NULL);
goto tcpout;
break;
@@ -2867,11 +2866,11 @@ tcploop(struct cfg *cfg, struct imsgbuf *ibuf)
rbt0 = get_soa(cfg->db, question);
if (rbt0 != NULL) {
snprintf(replystring, DNS_MAXNAME, "NODATA");
- build_reply(&sreply, so, pbuf, len, question, from, fromlen, rbt0, NULL, aregion, istcp, 0, NULL, replybuf);
+ build_reply(&sreply, so, pbuf, len, question, from, fromlen, rbt0, NULL, aregion, istcp, 0, replybuf);
slen = reply_nodata(&sreply, cfg->db);
} else {
snprintf(replystring, DNS_MAXNAME, "REFUSED");
- build_reply(&sreply, so, pbuf, len, question, from, fromlen, rbt0, NULL, aregion, istcp, 0, NULL, replybuf);
+ build_reply(&sreply, so, pbuf, len, question, from, fromlen, rbt0, NULL, aregion, istcp, 0, replybuf);
slen = reply_refused(&sreply, cfg->db);
}
@@ -2888,8 +2887,7 @@ tcploop(struct cfg *cfg, struct imsgbuf *ibuf)
build_reply( &sreply, so, pbuf, len, question,
from, fromlen, rbt0, NULL,
- aregion, istcp, 0, NULL,
- replybuf);
+ aregion, istcp, 0, replybuf);
slen = reply_nxdomain(&sreply, cfg->db);
}
@@ -2916,7 +2914,7 @@ tcploop(struct cfg *cfg, struct imsgbuf *ibuf)
build_reply( &sreply, so, pbuf, len,
question, from, fromlen,
rbt0, NULL, aregion, istcp,
- 0, NULL, replybuf);
+ 0, replybuf);
slen = reply_noerror(&sreply, cfg->db);
@@ -2932,8 +2930,7 @@ tcploop(struct cfg *cfg, struct imsgbuf *ibuf)
build_reply( &sreply, so, pbuf, len, question,
from, fromlen, rbt0, NULL,
- aregion, istcp, 0, NULL,
- replybuf);
+ aregion, istcp, 0, replybuf);
slen = reply_ns(&sreply, cfg->db);
} else {
@@ -2985,7 +2982,7 @@ tcploop(struct cfg *cfg, struct imsgbuf *ibuf)
default:
build_reply( &sreply, so, pbuf, len, question,
from, fromlen, NULL, NULL, aregion,
- istcp, 0, NULL, replybuf);
+ istcp, 0, replybuf);
slen = reply_notimpl(&sreply, NULL);
snprintf(replystring, DNS_MAXNAME, "NOTIMPL");
@@ -3018,12 +3015,12 @@ tcploop(struct cfg *cfg, struct imsgbuf *ibuf)
case BUILD_CNAME:
build_reply(&sreply, so, pbuf, len, question,
from, fromlen, rbt0, ((type1 > 0) ? rbt1 :
- NULL), aregion, istcp, 0, NULL, replybuf);
+ NULL), aregion, istcp, 0, replybuf);
break;
case BUILD_OTHER:
build_reply(&sreply, so, pbuf, len, question,
from, fromlen, rbt0, NULL, aregion, istcp,
- 0, NULL, replybuf);
+ 0, replybuf);
break;
}
} else {
@@ -3047,7 +3044,7 @@ tcploop(struct cfg *cfg, struct imsgbuf *ibuf)
if (type0 == DNS_TYPE_NS) {
build_reply(&sreply, so, pbuf, len, question, from, \
fromlen, rbt0, NULL, aregion, istcp,
- 0, NULL, replybuf);
+ 0, replybuf);
slen = reply_ns(&sreply, cfg->db);
@@ -3055,7 +3052,7 @@ tcploop(struct cfg *cfg, struct imsgbuf *ibuf)
build_reply(&sreply, so, pbuf, len, question, from, \
fromlen, NULL, NULL, aregion, istcp,
- 0, NULL, replybuf);
+ 0, replybuf);
slen = reply_notimpl(&sreply, NULL);
snprintf(replystring, DNS_MAXNAME, "NOTIMPL");
repomaster@centroid.eu