From 6e65343895e1a9cdf31e51e25bc5540851fb4b1a Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Thu, 14 Sep 2023 11:37:49 +0200 Subject: [PATCH 1/5] - Fix authority zone answers for obscured DNAMEs and delegations. --- doc/Changelog | 3 ++ services/authzone.c | 11 ++-- testcode/unitauth.c | 128 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 138 insertions(+), 4 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index fb955f5a3..fef0a4c7c 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +14 September 2023: Wouter + - Fix authority zone answers for obscured DNAMEs and delegations. + 8 September 2023: Wouter - Fix send of udp retries when ENOBUFS is returned. It stops looping and also waits for the condition to go away. Reported by Florian diff --git a/services/authzone.c b/services/authzone.c index cd3ef8dbb..a1b3d2278 100644 --- a/services/authzone.c +++ b/services/authzone.c @@ -2475,6 +2475,7 @@ az_find_ce(struct auth_zone* z, struct query_info* qinfo, struct auth_rrset** rrset) { struct auth_data* n = node; + struct auth_rrset* lookrrset; *ce = NULL; *rrset = NULL; if(!node_exact) { @@ -2497,21 +2498,23 @@ az_find_ce(struct auth_zone* z, struct query_info* qinfo, /* see if the current candidate has issues */ /* not zone apex and has type NS */ if(n->namelen != z->namelen && - (*rrset=az_domain_rrset(n, LDNS_RR_TYPE_NS)) && + (lookrrset=az_domain_rrset(n, LDNS_RR_TYPE_NS)) && /* delegate here, but DS at exact the dp has notype */ (qinfo->qtype != LDNS_RR_TYPE_DS || n->namelen != qinfo->qname_len)) { /* referral */ /* this is ce and the lowernode is nonexisting */ *ce = n; - return 0; + *rrset = lookrrset; + node_exact = 0; } /* not equal to qname and has type DNAME */ if(n->namelen != qinfo->qname_len && - (*rrset=az_domain_rrset(n, LDNS_RR_TYPE_DNAME))) { + (lookrrset=az_domain_rrset(n, LDNS_RR_TYPE_DNAME))) { /* this is ce and the lowernode is nonexisting */ *ce = n; - return 0; + *rrset = lookrrset; + node_exact = 0; } if(*ce == NULL && !domain_has_only_nsec3(n)) { diff --git a/testcode/unitauth.c b/testcode/unitauth.c index d193526b8..11eeb43b2 100644 --- a/testcode/unitauth.c +++ b/testcode/unitauth.c @@ -76,10 +76,18 @@ static const char* zone_example_com = "out.example.com. 3600 IN CNAME www.example.com.\n" "plan.example.com. 3600 IN CNAME nonexist.example.com.\n" "redir.example.com. 3600 IN DNAME redir.example.org.\n" +"redir2.example.com. 3600 IN DNAME redir2.example.org.\n" +"obscured.redir2.example.com. 3600 IN A 10.0.0.12\n" +"under2.redir2.example.com. 3600 IN DNAME redir3.example.net.\n" +"doubleobscured.under2.redir2.example.com. 3600 IN A 10.0.0.13\n" "sub.example.com. 3600 IN NS ns1.sub.example.com.\n" "sub.example.com. 3600 IN NS ns2.sub.example.com.\n" "ns1.sub.example.com. 3600 IN A 10.0.0.6\n" "ns2.sub.example.com. 3600 IN AAAA 2001::7\n" +"sub2.example.com. 3600 IN NS ns1.sub.example.com.\n" +"obscured.sub2.example.com. 3600 IN A 10.0.0.10\n" +"under.sub2.example.com. 3600 IN NS ns.under.sub2.example.com.\n" +"doubleobscured.under.sub2.example.com. 3600 IN A 10.0.0.11\n" "*.wild.example.com. 3600 IN A 10.0.0.8\n" "*.wild2.example.com. 3600 IN CNAME www.example.com.\n" "*.wild3.example.com. 3600 IN A 10.0.0.8\n" @@ -281,6 +289,54 @@ static struct q_ans example_com_queries[] = { "foo.abc.redir.example.com. 0 IN CNAME foo.abc.redir.example.org.\n" }, + { "example.com", "redir2.example.com. DNAME", "", +";flags QR AA rcode NOERROR\n" +";answer section\n" +"redir2.example.com. 3600 IN DNAME redir2.example.org.\n" + }, + + { "example.com", "abc.redir2.example.com. A", "", +";flags QR AA rcode NOERROR\n" +";answer section\n" +"redir2.example.com. 3600 IN DNAME redir2.example.org.\n" +"abc.redir2.example.com. 0 IN CNAME abc.redir2.example.org.\n" + }, + + { "example.com", "obscured.redir2.example.com. A", "", +";flags QR AA rcode NOERROR\n" +";answer section\n" +"redir2.example.com. 3600 IN DNAME redir2.example.org.\n" +"obscured.redir2.example.com. 0 IN CNAME obscured.redir2.example.org.\n" + }, + + { "example.com", "under2.redir2.example.com. A", "", +";flags QR AA rcode NOERROR\n" +";answer section\n" +"redir2.example.com. 3600 IN DNAME redir2.example.org.\n" +"under2.redir2.example.com. 0 IN CNAME under2.redir2.example.org.\n" + }, + + { "example.com", "doubleobscured.under2.redir2.example.com. A", "", +";flags QR AA rcode NOERROR\n" +";answer section\n" +"redir2.example.com. 3600 IN DNAME redir2.example.org.\n" +"doubleobscured.under2.redir2.example.com. 0 IN CNAME doubleobscured.under2.redir2.example.org.\n" + }, + + { "example.com", "foo.doubleobscured.under2.redir2.example.com. A", "", +";flags QR AA rcode NOERROR\n" +";answer section\n" +"redir2.example.com. 3600 IN DNAME redir2.example.org.\n" +"foo.doubleobscured.under2.redir2.example.com. 0 IN CNAME foo.doubleobscured.under2.redir2.example.org.\n" + }, + + { "example.com", "foo.under2.redir2.example.com. A", "", +";flags QR AA rcode NOERROR\n" +";answer section\n" +"redir2.example.com. 3600 IN DNAME redir2.example.org.\n" +"foo.under2.redir2.example.com. 0 IN CNAME foo.under2.redir2.example.org.\n" + }, + { "example.com", "sub.example.com. NS", "", ";flags QR rcode NOERROR\n" ";authority section\n" @@ -357,6 +413,78 @@ static struct q_ans example_com_queries[] = { "ns2.sub.example.com. 3600 IN AAAA 2001::7\n" }, + { "example.com", "sub2.example.com. A", "", +";flags QR rcode NOERROR\n" +";authority section\n" +"sub2.example.com. 3600 IN NS ns1.sub.example.com.\n" +";additional section\n" +"ns1.sub.example.com. 3600 IN A 10.0.0.6\n" + }, + + { "example.com", "sub2.example.com. NS", "", +";flags QR rcode NOERROR\n" +";authority section\n" +"sub2.example.com. 3600 IN NS ns1.sub.example.com.\n" +";additional section\n" +"ns1.sub.example.com. 3600 IN A 10.0.0.6\n" + }, + + { "example.com", "obscured.sub2.example.com. A", "", +";flags QR rcode NOERROR\n" +";authority section\n" +"sub2.example.com. 3600 IN NS ns1.sub.example.com.\n" +";additional section\n" +"ns1.sub.example.com. 3600 IN A 10.0.0.6\n" + }, + + { "example.com", "abc.obscured.sub2.example.com. A", "", +";flags QR rcode NOERROR\n" +";authority section\n" +"sub2.example.com. 3600 IN NS ns1.sub.example.com.\n" +";additional section\n" +"ns1.sub.example.com. 3600 IN A 10.0.0.6\n" + }, + + { "example.com", "under.sub2.example.com. A", "", +";flags QR rcode NOERROR\n" +";authority section\n" +"sub2.example.com. 3600 IN NS ns1.sub.example.com.\n" +";additional section\n" +"ns1.sub.example.com. 3600 IN A 10.0.0.6\n" + }, + + { "example.com", "under.sub2.example.com. NS", "", +";flags QR rcode NOERROR\n" +";authority section\n" +"sub2.example.com. 3600 IN NS ns1.sub.example.com.\n" +";additional section\n" +"ns1.sub.example.com. 3600 IN A 10.0.0.6\n" + }, + + { "example.com", "abc.under.sub2.example.com. A", "", +";flags QR rcode NOERROR\n" +";authority section\n" +"sub2.example.com. 3600 IN NS ns1.sub.example.com.\n" +";additional section\n" +"ns1.sub.example.com. 3600 IN A 10.0.0.6\n" + }, + + { "example.com", "doubleobscured.under.sub2.example.com. A", "", +";flags QR rcode NOERROR\n" +";authority section\n" +"sub2.example.com. 3600 IN NS ns1.sub.example.com.\n" +";additional section\n" +"ns1.sub.example.com. 3600 IN A 10.0.0.6\n" + }, + + { "example.com", "abc.doubleobscured.under.sub2.example.com. A", "", +";flags QR rcode NOERROR\n" +";authority section\n" +"sub2.example.com. 3600 IN NS ns1.sub.example.com.\n" +";additional section\n" +"ns1.sub.example.com. 3600 IN A 10.0.0.6\n" + }, + { "example.com", "wild.example.com. A", "", ";flags QR AA rcode NOERROR\n" ";authority section\n" From 3abb32c3ba7886e0bbb892d045fed66371b7e083 Mon Sep 17 00:00:00 2001 From: Florian Obser Date: Fri, 15 Sep 2023 13:00:17 +0200 Subject: [PATCH 2/5] Check for c99 with autoconf versions prior to 2.70 --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index f6f5f21fc..9aa781a12 100644 --- a/configure.ac +++ b/configure.ac @@ -280,7 +280,7 @@ ACX_CHECK_COMPILER_FLAG(g, [CFLAGS="$CFLAGS -g"]) ACX_CHECK_COMPILER_FLAG(O2, [CFLAGS="$CFLAGS -O2"]) default_cflags=yes fi -AC_PROG_CC +m4_version_prereq([2.70], [AC_PROG_CC], [AC_PROG_CC_STDC]) ACX_DEPFLAG ACX_DETERMINE_EXT_FLAGS_UNBOUND From 6bdecdbc5a7a33ea412e6e0d3373bc4c4b79bdc7 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Fri, 15 Sep 2023 13:24:20 +0200 Subject: [PATCH 3/5] Changelog note and autoconf for #936 - Merge #936: Check for c99 with autoconf versions prior to 2.70. --- configure | 607 +++++++++++++++----------------------------------- doc/Changelog | 3 + 2 files changed, 183 insertions(+), 427 deletions(-) diff --git a/configure b/configure index 4521e0a6e..8324e9b34 100755 --- a/configure +++ b/configure @@ -4605,450 +4605,186 @@ fi default_cflags=yes fi -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu -if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. -set dummy ${ac_tool_prefix}gcc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : + case $ac_cv_prog_cc_stdc in #( + no) : + ac_cv_prog_cc_c99=no; ac_cv_prog_cc_c89=no ;; #( + *) : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C99" >&5 +$as_echo_n "checking for $CC option to accept ISO C99... " >&6; } +if ${ac_cv_prog_cc_c99+:} false; then : $as_echo_n "(cached) " >&6 else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_CC="${ac_tool_prefix}gcc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$ac_cv_prog_CC"; then - ac_ct_CC=$CC - # Extract the first word of "gcc", so it can be a program name with args. -set dummy gcc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ac_ct_CC"; then - ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_CC="gcc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_CC=$ac_cv_prog_ac_ct_CC -if test -n "$ac_ct_CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 -$as_echo "$ac_ct_CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - if test "x$ac_ct_CC" = x; then - CC="" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - CC=$ac_ct_CC - fi -else - CC="$ac_cv_prog_CC" -fi - -if test -z "$CC"; then - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. -set dummy ${ac_tool_prefix}cc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_CC="${ac_tool_prefix}cc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - fi -fi -if test -z "$CC"; then - # Extract the first word of "cc", so it can be a program name with args. -set dummy cc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else - ac_prog_rejected=no -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then - ac_prog_rejected=yes - continue - fi - ac_cv_prog_CC="cc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -if test $ac_prog_rejected = yes; then - # We found a bogon in the path, so make sure we never use it. - set dummy $ac_cv_prog_CC - shift - if test $# != 0; then - # We chose a different compiler from the bogus one. - # However, it has the same basename, so the bogon will be chosen - # first if we set CC to just the basename; use the full file name. - shift - ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" - fi -fi -fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$CC"; then - if test -n "$ac_tool_prefix"; then - for ac_prog in cl.exe - do - # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. -set dummy $ac_tool_prefix$ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_CC="$ac_tool_prefix$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$CC" && break - done -fi -if test -z "$CC"; then - ac_ct_CC=$CC - for ac_prog in cl.exe -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ac_ct_CC"; then - ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_CC="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_CC=$ac_cv_prog_ac_ct_CC -if test -n "$ac_ct_CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 -$as_echo "$ac_ct_CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$ac_ct_CC" && break -done - - if test "x$ac_ct_CC" = x; then - CC="" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - CC=$ac_ct_CC - fi -fi - -fi - - -test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "no acceptable C compiler found in \$PATH -See \`config.log' for more details" "$LINENO" 5; } - -# Provide some information about the compiler. -$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 -set X $ac_compile -ac_compiler=$2 -for ac_option in --version -v -V -qversion; do - { { ac_try="$ac_compiler $ac_option >&5" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_compiler $ac_option >&5") 2>conftest.err - ac_status=$? - if test -s conftest.err; then - sed '10a\ -... rest of stderr output deleted ... - 10q' conftest.err >conftest.er1 - cat conftest.er1 >&5 - fi - rm -f conftest.er1 conftest.err - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } -done - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 -$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } -if ${ac_cv_c_compiler_gnu+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + ac_cv_prog_cc_c99=no +ac_save_CC=$CC +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ +#include +#include +#include +#include +#include -int -main () +// Check varargs macros. These examples are taken from C99 6.10.3.5. +#define debug(...) fprintf (stderr, __VA_ARGS__) +#define showlist(...) puts (#__VA_ARGS__) +#define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__)) +static void +test_varargs_macros (void) { -#ifndef __GNUC__ - choke me + int x = 1234; + int y = 5678; + debug ("Flag"); + debug ("X = %d\n", x); + showlist (The first, second, and third items.); + report (x>y, "x is %d but y is %d", x, y); +} + +// Check long long types. +#define BIG64 18446744073709551615ull +#define BIG32 4294967295ul +#define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0) +#if !BIG_OK + your preprocessor is broken; #endif +#if BIG_OK +#else + your preprocessor is broken; +#endif +static long long int bignum = -9223372036854775807LL; +static unsigned long long int ubignum = BIG64; - ; +struct incomplete_array +{ + int datasize; + double data[]; +}; + +struct named_init { + int number; + const wchar_t *name; + double average; +}; + +typedef const char *ccp; + +static inline int +test_restrict (ccp restrict text) +{ + // See if C++-style comments work. + // Iterate through items via the restricted pointer. + // Also check for declarations in for loops. + for (unsigned int i = 0; *(text+i) != '\0'; ++i) + continue; return 0; } -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_compiler_gnu=yes -else - ac_compiler_gnu=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -ac_cv_c_compiler_gnu=$ac_compiler_gnu -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 -$as_echo "$ac_cv_c_compiler_gnu" >&6; } -if test $ac_compiler_gnu = yes; then - GCC=yes -else - GCC= -fi -ac_test_CFLAGS=${CFLAGS+set} -ac_save_CFLAGS=$CFLAGS -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 -$as_echo_n "checking whether $CC accepts -g... " >&6; } -if ${ac_cv_prog_cc_g+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_save_c_werror_flag=$ac_c_werror_flag - ac_c_werror_flag=yes - ac_cv_prog_cc_g=no - CFLAGS="-g" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ +// Check varargs and va_copy. +static void +test_varargs (const char *format, ...) +{ + va_list args; + va_start (args, format); + va_list args_copy; + va_copy (args_copy, args); + + const char *str; + int number; + float fnumber; + + while (*format) + { + switch (*format++) + { + case 's': // string + str = va_arg (args_copy, const char *); + break; + case 'd': // int + number = va_arg (args_copy, int); + break; + case 'f': // float + fnumber = va_arg (args_copy, double); + break; + default: + break; + } + } + va_end (args_copy); + va_end (args); +} int main () { - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_prog_cc_g=yes -else - CFLAGS="" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ + // Check bool. + _Bool success = false; -int -main () -{ + // Check restrict. + if (test_restrict ("String literal") == 0) + success = true; + char *restrict newvar = "Another string"; + + // Check varargs. + test_varargs ("s, d' f .", "string", 65, 34.234); + test_varargs_macros (); + + // Check flexible array members. + struct incomplete_array *ia = + malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10)); + ia->datasize = 10; + for (int i = 0; i < ia->datasize; ++i) + ia->data[i] = i * 1.234; + + // Check named initializers. + struct named_init ni = { + .number = 34, + .name = L"Test wide string", + .average = 543.34343, + }; + + ni.number = 58; + + int dynamic_array[ni.number]; + dynamic_array[ni.number - 1] = 543; + + // work around unused variable warnings + return (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == 'x' + || dynamic_array[ni.number - 1] != 543); ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +for ac_arg in '' -std=gnu99 -std=c99 -c99 -AC99 -D_STDC_C99= -qlanglvl=extc99 +do + CC="$ac_save_CC $ac_arg" + if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_c99=$ac_arg +fi +rm -f core conftest.err conftest.$ac_objext + test "x$ac_cv_prog_cc_c99" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC +fi +# AC_CACHE_VAL +case "x$ac_cv_prog_cc_c99" in + x) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +$as_echo "none needed" >&6; } ;; + xno) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +$as_echo "unsupported" >&6; } ;; + *) + CC="$CC $ac_cv_prog_cc_c99" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5 +$as_echo "$ac_cv_prog_cc_c99" >&6; } ;; +esac +if test "x$ac_cv_prog_cc_c99" != xno; then : + ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99 else - ac_c_werror_flag=$ac_save_c_werror_flag - CFLAGS="-g" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_prog_cc_g=yes -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - ac_c_werror_flag=$ac_save_c_werror_flag -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 -$as_echo "$ac_cv_prog_cc_g" >&6; } -if test "$ac_test_CFLAGS" = set; then - CFLAGS=$ac_save_CFLAGS -elif test $ac_cv_prog_cc_g = yes; then - if test "$GCC" = yes; then - CFLAGS="-g -O2" - else - CFLAGS="-g" - fi -else - if test "$GCC" = yes; then - CFLAGS="-O2" - else - CFLAGS= - fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 $as_echo_n "checking for $CC option to accept ISO C89... " >&6; } if ${ac_cv_prog_cc_c89+:} false; then : $as_echo_n "(cached) " >&6 @@ -5135,14 +4871,31 @@ $as_echo "unsupported" >&6; } ;; $as_echo "$ac_cv_prog_cc_c89" >&6; } ;; esac if test "x$ac_cv_prog_cc_c89" != xno; then : - + ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89 +else + ac_cv_prog_cc_stdc=no fi -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu +fi + ;; +esac + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO Standard C" >&5 +$as_echo_n "checking for $CC option to accept ISO Standard C... " >&6; } + if ${ac_cv_prog_cc_stdc+:} false; then : + $as_echo_n "(cached) " >&6 +fi + + case $ac_cv_prog_cc_stdc in #( + no) : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +$as_echo "unsupported" >&6; } ;; #( + '') : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +$as_echo "none needed" >&6; } ;; #( + *) : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_stdc" >&5 +$as_echo "$ac_cv_prog_cc_stdc" >&6; } ;; +esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking $CC dependency flag" >&5 diff --git a/doc/Changelog b/doc/Changelog index fef0a4c7c..edec31aca 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +15 September 2023: Wouter + - Merge #936: Check for c99 with autoconf versions prior to 2.70. + 14 September 2023: Wouter - Fix authority zone answers for obscured DNAMEs and delegations. From 31218166fcd2a56ccc65d359071d5831c16a18a2 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Fri, 15 Sep 2023 13:30:30 +0200 Subject: [PATCH 4/5] - Fix to remove two c99 notations. --- doc/Changelog | 1 + dynlibmod/dynlibmod.c | 3 ++- util/net_help.c | 3 ++- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index edec31aca..998b0d33c 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,5 +1,6 @@ 15 September 2023: Wouter - Merge #936: Check for c99 with autoconf versions prior to 2.70. + - Fix to remove two c99 notations. 14 September 2023: Wouter - Fix authority zone answers for obscured DNAMEs and delegations. diff --git a/dynlibmod/dynlibmod.c b/dynlibmod/dynlibmod.c index ffac7ff30..1e040a30e 100644 --- a/dynlibmod/dynlibmod.c +++ b/dynlibmod/dynlibmod.c @@ -75,6 +75,7 @@ int dynlibmod_init(struct module_env* env, int id) { struct config_strlist* cfg_item = env->cfg->dynlib_file; struct dynlibmod_env* de = (struct dynlibmod_env*)calloc(1, sizeof(struct dynlibmod_env)); __DYNMOD dynamic_library; + int i; if (!de) { log_err("dynlibmod[%d]: malloc failure", dynlib_mod_idx); @@ -84,7 +85,7 @@ int dynlibmod_init(struct module_env* env, int id) { env->modinfo[id] = (void*) de; de->fname = NULL; - for(int i = dynlib_mod_idx; + for(i = dynlib_mod_idx; i != 0 && cfg_item != NULL; i--, cfg_item = cfg_item->next) {} diff --git a/util/net_help.c b/util/net_help.c index e559c9b2f..dec46da20 100644 --- a/util/net_help.c +++ b/util/net_help.c @@ -809,6 +809,7 @@ addr_to_nat64(const struct sockaddr_storage* addr, struct sockaddr_in *sin = (struct sockaddr_in *)addr; struct sockaddr_in6 *sin6; uint8_t *v4_byte; + int i; /* This needs to be checked by the caller */ log_assert(addr->ss_family == AF_INET); @@ -826,7 +827,7 @@ addr_to_nat64(const struct sockaddr_storage* addr, nat64_prefixnet = nat64_prefixnet / 8; v4_byte = (uint8_t *)&sin->sin_addr.s_addr; - for(int i = 0; i < 4; i++) { + for(i = 0; i < 4; i++) { if(nat64_prefixnet == 8) { /* bits 64...71 are MBZ */ sin6->sin6_addr.s6_addr[nat64_prefixnet++] = 0; From bd5dc855af122de1274cf7cdd2b52563c064702e Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Mon, 18 Sep 2023 09:55:39 +0200 Subject: [PATCH 5/5] - Fix rpz tcp-only action with rpz triggers nsdname and nsip. --- doc/Changelog | 3 ++ services/mesh.c | 5 ++- services/rpz.c | 6 +-- testdata/rpz_nsdname.rpl | 81 ++++++++++++++++++++++++++++++++++++++++ util/module.h | 2 + 5 files changed, 92 insertions(+), 5 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index 998b0d33c..1ff496d82 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +18 September 2023: Wouter + - Fix rpz tcp-only action with rpz triggers nsdname and nsip. + 15 September 2023: Wouter - Merge #936: Check for c99 with autoconf versions prior to 2.70. - Fix to remove two c99 notations. diff --git a/services/mesh.c b/services/mesh.c index 52d14a2d1..be968e422 100644 --- a/services/mesh.c +++ b/services/mesh.c @@ -1224,11 +1224,12 @@ static inline int mesh_is_rpz_respip_tcponly_action(struct mesh_state const* m) { struct respip_action_info const* respip_info = m->s.respip_action_info; - return respip_info == NULL + return (respip_info == NULL ? 0 : (respip_info->rpz_used && !respip_info->rpz_disabled - && respip_info->action == respip_truncate); + && respip_info->action == respip_truncate)) + || m->s.tcp_required; } static inline int diff --git a/services/rpz.c b/services/rpz.c index 6ce83cb66..7f7a2fa9b 100644 --- a/services/rpz.c +++ b/services/rpz.c @@ -2162,7 +2162,7 @@ rpz_apply_nsip_trigger(struct module_qstate* ms, struct rpz* r, case RPZ_TCP_ONLY_ACTION: /* basically a passthru here but the tcp-only will be * honored before the query gets sent. */ - ms->respip_action_info->action = respip_truncate; + ms->tcp_required = 1; ret = NULL; break; case RPZ_DROP_ACTION: @@ -2217,7 +2217,7 @@ rpz_apply_nsdname_trigger(struct module_qstate* ms, struct rpz* r, case RPZ_TCP_ONLY_ACTION: /* basically a passthru here but the tcp-only will be * honored before the query gets sent. */ - ms->respip_action_info->action = respip_truncate; + ms->tcp_required = 1; ret = NULL; break; case RPZ_DROP_ACTION: @@ -2428,7 +2428,7 @@ struct dns_msg* rpz_callback_from_iterator_cname(struct module_qstate* ms, case RPZ_TCP_ONLY_ACTION: /* basically a passthru here but the tcp-only will be * honored before the query gets sent. */ - ms->respip_action_info->action = respip_truncate; + ms->tcp_required = 1; ret = NULL; break; case RPZ_DROP_ACTION: diff --git a/testdata/rpz_nsdname.rpl b/testdata/rpz_nsdname.rpl index 1c678cc13..a4e9bb31d 100644 --- a/testdata/rpz_nsdname.rpl +++ b/testdata/rpz_nsdname.rpl @@ -225,6 +225,36 @@ ENTRY_END RANGE_END +; dd. ------------------------------------------------------------------------ +RANGE_BEGIN 0 100 + ADDRESS 8.8.3.8 + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +dd. IN NS +SECTION ANSWER +dd. IN NS ns1.dd. +SECTION ADDITIONAL +ns1.dd. IN A 8.8.3.8 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +gotham.dd. IN A +SECTION AUTHORITY +gotham.dd. IN NS ns1.gotham.dd. +SECTION ADDITIONAL +ns1.gotham.dd. IN A 192.0.3.1 +ENTRY_END + +RANGE_END + ; ff. ------------------------------------------------------------------------ RANGE_BEGIN 0 100 ADDRESS 8.8.6.8 @@ -303,6 +333,22 @@ ENTRY_END RANGE_END +; ns1.gotham.dd. ------------------------------------------------------------- +RANGE_BEGIN 0 100 + ADDRESS 192.0.3.1 + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +gotham.dd. IN A +SECTION ANSWER +gotham.dd. IN A 192.0.3.2 +ENTRY_END + +RANGE_END + ; ns1.gotham.ff. ------------------------------------------------------------- RANGE_BEGIN 0 100 ADDRESS 192.0.5.1 @@ -387,4 +433,39 @@ SECTION ANSWER gotham.ff. IN A 127.0.0.1 ENTRY_END +STEP 40 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +gotham.dd. IN A +ENTRY_END + +; should come back truncated because TCP is required. +STEP 41 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA TC NOERROR +SECTION QUESTION +gotham.dd. IN A +SECTION ANSWER +ENTRY_END + +STEP 42 QUERY +ENTRY_BEGIN +MATCH TCP +REPLY RD +SECTION QUESTION +gotham.dd. IN A +ENTRY_END + +STEP 43 CHECK_ANSWER +ENTRY_BEGIN +MATCH all TCP +REPLY QR RD RA NOERROR +SECTION QUESTION +gotham.dd. IN A +SECTION ANSWER +gotham.dd. IN A 192.0.3.2 +ENTRY_END + SCENARIO_END diff --git a/util/module.h b/util/module.h index d25bebd15..8a9da3f93 100644 --- a/util/module.h +++ b/util/module.h @@ -691,6 +691,8 @@ struct module_qstate { struct respip_action_info* respip_action_info; /** if the query is rpz passthru, no further rpz processing for it */ int rpz_passthru; + /* Flag tcp required. */ + int tcp_required; /** whether the reply should be dropped */ int is_drop;