From e6a179e27af95d4fb7eb9ce2e710317d2456636d Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 22 Oct 2019 10:32:37 +0200 Subject: [PATCH 001/123] - drop-tld.diff: adds option drop-tld: yesno that drops 2 label queries, to stop random floods. Apply with patch -p1 < contrib/drop-tld.diff and compile. From Saksham Manchanda (Secure64). Please note that we think this will drop DNSKEY and DS lookups for tlds and hence break DNSSEC lookups for downstream clients. --- contrib/README | 5 +++ contrib/drop-tld.diff | 82 +++++++++++++++++++++++++++++++++++++++++++ doc/Changelog | 8 +++++ 3 files changed, 95 insertions(+) create mode 100644 contrib/drop-tld.diff diff --git a/contrib/README b/contrib/README index 262ccc7db..988b59435 100644 --- a/contrib/README +++ b/contrib/README @@ -40,3 +40,8 @@ distribution but may be helpful. redis backend) redis Python modules. * unbound-fuzzme.patch: adds unbound-fuzzme program that parses a packet from stdin. Used with fuzzers, patch from Jacob Hoffman-Andrews. +* drop-tld.diff: adds option drop-tld: yesno that drops 2 label queries, + to stop random floods. Apply with patch -p1 < contrib/drop-tld.diff and + compile. From Saksham Manchanda (Secure64). Please note that we think + this will drop DNSKEY and DS lookups for tlds and hence break DNSSEC + lookups for downstream clients. diff --git a/contrib/drop-tld.diff b/contrib/drop-tld.diff new file mode 100644 index 000000000..173825b37 --- /dev/null +++ b/contrib/drop-tld.diff @@ -0,0 +1,82 @@ +diff --git a/daemon/worker.c b/daemon/worker.c +index 263fcdd..f787b70 100644 +--- a/daemon/worker.c ++++ b/daemon/worker.c +@@ -1213,6 +1213,15 @@ worker_handle_request(struct comm_point* c, void* arg, int error, + addr_to_str(&repinfo->addr, repinfo->addrlen, ip, sizeof(ip)); + log_query_in(ip, qinfo.qname, qinfo.qtype, qinfo.qclass); + } ++ ++ if(worker->env.cfg->drop_tld) { ++ int lab = dname_count_labels(qinfo.qname); ++ if (lab == 2) { ++ comm_point_drop_reply(repinfo); ++ verbose(VERB_ALGO, "Dropping one label query."); ++ return 0; ++ } ++ } + if(qinfo.qtype == LDNS_RR_TYPE_AXFR || + qinfo.qtype == LDNS_RR_TYPE_IXFR) { + verbose(VERB_ALGO, "worker request: refused zone transfer."); +diff --git a/util/config_file.h b/util/config_file.h +index b3ef930..2791541 100644 +--- a/util/config_file.h ++++ b/util/config_file.h +@@ -274,6 +274,8 @@ struct config_file { + int prefetch_key; + /** deny queries of type ANY with an empty answer */ + int deny_any; ++ /** Drop TLD queries from clients **/ ++ int drop_tld; + + /** chrootdir, if not "" or chroot will be done */ + char* chrootdir; +diff --git a/util/configlexer.lex b/util/configlexer.lex +index a86ddf5..9bbedbb 100644 +--- a/util/configlexer.lex ++++ b/util/configlexer.lex +@@ -299,6 +299,7 @@ private-domain{COLON} { YDVAR(1, VAR_PRIVATE_DOMAIN) } + prefetch-key{COLON} { YDVAR(1, VAR_PREFETCH_KEY) } + prefetch{COLON} { YDVAR(1, VAR_PREFETCH) } + deny-any{COLON} { YDVAR(1, VAR_DENY_ANY) } ++drop-tld{COLON} { YDVAR(1, VAR_DROP_TLD) } + stub-zone{COLON} { YDVAR(0, VAR_STUB_ZONE) } + name{COLON} { YDVAR(1, VAR_NAME) } + stub-addr{COLON} { YDVAR(1, VAR_STUB_ADDR) } +diff --git a/util/configparser.y b/util/configparser.y +index 10227a2..567d68e 100644 +--- a/util/configparser.y ++++ b/util/configparser.y +@@ -164,6 +164,7 @@ extern struct config_parser_state* cfg_parser; + %token VAR_FAST_SERVER_PERMIL VAR_FAST_SERVER_NUM + %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT VAR_TCP_CONNECTION_LIMIT + %token VAR_FORWARD_NO_CACHE VAR_STUB_NO_CACHE VAR_LOG_SERVFAIL VAR_DENY_ANY ++%token VAR_DROP_TLD + %token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY + %token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES + %token VAR_TLS_SESSION_TICKET_KEYS +@@ -266,6 +267,7 @@ content_server: server_num_threads | server_verbosity | server_port | + server_tls_cert_bundle | server_tls_additional_port | server_low_rtt | + server_fast_server_permil | server_fast_server_num | server_tls_win_cert | + server_tcp_connection_limit | server_log_servfail | server_deny_any | ++ server_drop_tld | + server_unknown_server_time_limit | server_log_tag_queryreply | + server_stream_wait_size | server_tls_ciphers | + server_tls_ciphersuites | server_tls_session_ticket_keys +@@ -1466,6 +1468,16 @@ server_deny_any: VAR_DENY_ANY STRING_ARG + free($2); + } + ; ++ ++server_drop_tld: VAR_DROP_TLD STRING_ARG ++ { ++ OUTYY(("P(server_drop_tld:%s)\n", $2)); ++ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) ++ yyerror("expected yes or no."); ++ else cfg_parser->cfg->drop_tld = (strcmp($2, "yes")==0); ++ free($2); ++ } ++ ; + server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG + { + OUTYY(("P(server_unwanted_reply_threshold:%s)\n", $2)); diff --git a/doc/Changelog b/doc/Changelog index a87776c6b..2581f333e 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,11 @@ +22 October 2019: Wouter + - drop-tld.diff: adds option drop-tld: yesno that drops 2 label + queries, to stop random floods. Apply with + patch -p1 < contrib/drop-tld.diff and compile. + From Saksham Manchanda (Secure64). Please note that we think this + will drop DNSKEY and DS lookups for tlds and hence break DNSSEC + lookups for downstream clients. + 7 October 2019: Wouter - Add doxygen comments to unbound-anchor source address code, in #86. From e8b8d42f8bee7445eb67226b7bc758ee2e1267a8 Mon Sep 17 00:00:00 2001 From: Dionysis Grigoropoulos Date: Wed, 23 Oct 2019 00:35:49 +0300 Subject: [PATCH 002/123] manpage: Add missing word on unbound.conf --- doc/unbound.conf.5.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index b7ff72326..4bdfcd56b 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -949,7 +949,7 @@ Default is "", or no trust anchor file. .TP .B auto\-trust\-anchor\-file: \fI File with trust anchor for one zone, which is tracked with RFC5011 probes. -The probes are several times per month, thus the machine must be online +The probes are run several times per month, thus the machine must be online frequently. The initial file can be one with contents as described in \fBtrust\-anchor\-file\fR. The file is written to when the anchor is updated, so the unbound user must have write permission. Write permission to the file, From 21472c2393328723a8888f50aad6798e610d813b Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 23 Oct 2019 07:56:17 +0200 Subject: [PATCH 003/123] Changelog note for #97. - Merge #97: manpage: Add missing word on unbound.conf, from Erethon. --- doc/Changelog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/Changelog b/doc/Changelog index 2581f333e..30073dfb8 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,7 @@ +23 October 2019: Wouter + - Merge #97: manpage: Add missing word on unbound.conf, + from Erethon. + 22 October 2019: Wouter - drop-tld.diff: adds option drop-tld: yesno that drops 2 label queries, to stop random floods. Apply with From 941b324187708f6d79dec3aef5c5a0c6426fb82e Mon Sep 17 00:00:00 2001 From: George Thessalonikefs Date: Wed, 23 Oct 2019 14:40:24 +0200 Subject: [PATCH 004/123] Add new configure option `--enable-fully-static` to enable full static build if requested; in relation to #91. --- configure | 25 +++++++++++++++++++++++-- configure.ac | 21 +++++++++++++++++++-- doc/Changelog | 4 ++++ 3 files changed, 46 insertions(+), 4 deletions(-) diff --git a/configure b/configure index 4e222879e..76909d289 100755 --- a/configure +++ b/configure @@ -872,6 +872,7 @@ with_libevent with_libexpat with_libhiredis enable_static_exe +enable_fully_static enable_lock_checks enable_allsymbols enable_dnstap @@ -1559,7 +1560,8 @@ Optional Features: --enable-tfo-client Enable TCP Fast Open for client mode --enable-tfo-server Enable TCP Fast Open for server mode --enable-static-exe enable to compile executables statically against - (event) libs, for debug purposes + (event) uninstalled libs, for debug purposes + --enable-fully-static enable to compile fully static --enable-lock-checks enable to check lock and unlock calls, for debug purposes --enable-allsymbols export all symbols from libunbound and link binaries @@ -19394,7 +19396,7 @@ _ACEOF fi -# set static linking if requested +# set static linking for uninstalled libraries if requested staticexe="" # Check whether --enable-static-exe was given. @@ -19416,6 +19418,25 @@ if test x_$enable_static_exe = x_yes; then fi fi +# set full static linking if requested +# Check whether --enable-fully-static was given. +if test "${enable_fully_static+set}" = set; then : + enableval=$enable_fully_static; +fi + +if test x_$enable_fully_static = x_yes; then + staticexe="-all-static" + if test "$on_mingw" = yes; then + # for static compile, include gdi32 and zlib here. + if echo $LIBS | grep 'lgdi32' >/dev/null; then + : + else + LIBS="$LIBS -lgdi32" + fi + LIBS="$LIBS -lz" + fi +fi + # set lock checking if requested # Check whether --enable-lock_checks was given. if test "${enable_lock_checks+set}" = set; then : diff --git a/configure.ac b/configure.ac index 216a78c65..c23ba244e 100644 --- a/configure.ac +++ b/configure.ac @@ -1299,11 +1299,11 @@ if test x_$withval = x_yes -o x_$withval != x_no; then ]) fi -# set static linking if requested +# set static linking for uninstalled libraries if requested AC_SUBST(staticexe) staticexe="" AC_ARG_ENABLE(static-exe, AC_HELP_STRING([--enable-static-exe], - [ enable to compile executables statically against (event) libs, for debug purposes ]), + [ enable to compile executables statically against (event) uninstalled libs, for debug purposes ]), , ) if test x_$enable_static_exe = x_yes; then staticexe="-static" @@ -1319,6 +1319,23 @@ if test x_$enable_static_exe = x_yes; then fi fi +# set full static linking if requested +AC_ARG_ENABLE(fully-static, AC_HELP_STRING([--enable-fully-static], + [ enable to compile fully static ]), + , ) +if test x_$enable_fully_static = x_yes; then + staticexe="-all-static" + if test "$on_mingw" = yes; then + # for static compile, include gdi32 and zlib here. + if echo $LIBS | grep 'lgdi32' >/dev/null; then + : + else + LIBS="$LIBS -lgdi32" + fi + LIBS="$LIBS -lz" + fi +fi + # set lock checking if requested AC_ARG_ENABLE(lock_checks, AC_HELP_STRING([--enable-lock-checks], [ enable to check lock and unlock calls, for debug purposes ]), diff --git a/doc/Changelog b/doc/Changelog index 30073dfb8..11f59f42f 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,7 @@ +23 October 2019: George + - Add new configure option `--enable-fully-static` to enable full static + build if requested; in relation to #91. + 23 October 2019: Wouter - Merge #97: manpage: Add missing word on unbound.conf, from Erethon. From 7dfbcdf276e7a1070978209d2533b3b8cc504f86 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Thu, 24 Oct 2019 09:58:45 +0200 Subject: [PATCH 005/123] - Fix #99: Memory leak in ub_ctx (event_base will never be freed). --- doc/Changelog | 3 +++ libunbound/context.h | 3 +++ libunbound/libunbound.c | 3 +++ 3 files changed, 9 insertions(+) diff --git a/doc/Changelog b/doc/Changelog index 11f59f42f..3a00c686e 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +24 October 2019: Wouter + - Fix #99: Memory leak in ub_ctx (event_base will never be freed). + 23 October 2019: George - Add new configure option `--enable-fully-static` to enable full static build if requested; in relation to #91. diff --git a/libunbound/context.h b/libunbound/context.h index c3900154f..78f8731e2 100644 --- a/libunbound/context.h +++ b/libunbound/context.h @@ -119,6 +119,9 @@ struct ub_ctx { /** event base for event oriented interface */ struct ub_event_base* event_base; + /** true if the event_base is a pluggable base that is malloced + * with a user event base inside, if so, clean up the pluggable alloc*/ + int event_base_malloced; /** libworker for event based interface */ struct libworker* event_worker; diff --git a/libunbound/libunbound.c b/libunbound/libunbound.c index 63770cc02..f86f56835 100644 --- a/libunbound/libunbound.c +++ b/libunbound/libunbound.c @@ -226,6 +226,7 @@ ub_ctx_create_event(struct event_base* eb) ub_ctx_delete(ctx); return NULL; } + ctx->event_base_malloced = 1; return ctx; } @@ -336,6 +337,8 @@ ub_ctx_delete(struct ub_ctx* ctx) log_file(NULL); ctx_logfile_overridden = 0; } + if(ctx->event_base_malloced) + free(ctx->event_base); free(ctx); #ifdef USE_WINSOCK WSACleanup(); From 9b310f4084f044defa4cb274d08a3972d7b7c1dd Mon Sep 17 00:00:00 2001 From: James Clarke Date: Sat, 2 Nov 2019 18:08:23 +0000 Subject: [PATCH 006/123] Add getentropy emulation for FreeBSD --- Makefile.in | 3 +- compat/getentropy_freebsd.c | 62 +++++++++++++++++++++++++++++++++++++ configure.ac | 3 ++ 3 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 compat/getentropy_freebsd.c diff --git a/Makefile.in b/Makefile.in index d9d4fe7ad..9660c49aa 100644 --- a/Makefile.in +++ b/Makefile.in @@ -148,7 +148,7 @@ COMMON_OBJ_ALL_SYMBOLS=@COMMON_OBJ_ALL_SYMBOLS@ COMPAT_SRC=compat/ctime_r.c compat/fake-rfc2553.c compat/gmtime_r.c \ compat/inet_aton.c compat/inet_ntop.c compat/inet_pton.c compat/malloc.c \ compat/memcmp.c compat/memmove.c compat/snprintf.c compat/strlcat.c \ -compat/strlcpy.c compat/strptime.c compat/getentropy_linux.c \ +compat/strlcpy.c compat/strptime.c compat/getentropy_freebsd.c compat/getentropy_linux.c \ compat/getentropy_osx.c compat/getentropy_solaris.c compat/getentropy_win.c \ compat/explicit_bzero.c compat/arc4random.c compat/arc4random_uniform.c \ compat/arc4_lock.c compat/sha512.c compat/reallocarray.c compat/isblank.c \ @@ -1482,6 +1482,7 @@ snprintf.lo snprintf.o: $(srcdir)/compat/snprintf.c config.h strlcat.lo strlcat.o: $(srcdir)/compat/strlcat.c config.h strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h strptime.lo strptime.o: $(srcdir)/compat/strptime.c config.h +getentropy_freebsd.lo getentropy_freebsd.o: $(srcdir)/compat/getentropy_freebsd.c config.h getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h \ getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c config.h diff --git a/compat/getentropy_freebsd.c b/compat/getentropy_freebsd.c new file mode 100644 index 000000000..30cd68e97 --- /dev/null +++ b/compat/getentropy_freebsd.c @@ -0,0 +1,62 @@ +/* $OpenBSD: getentropy_freebsd.c,v 1.3 2016/08/07 03:27:21 tb Exp $ */ + +/* + * Copyright (c) 2014 Pawel Jakub Dawidek + * Copyright (c) 2014 Brent Cook + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Emulation of getentropy(2) as documented at: + * http://man.openbsd.org/getentropy.2 + */ + +#include +#include + +#include +#include + +/* + * Derived from lib/libc/gen/arc4random.c from FreeBSD. + */ +static size_t +getentropy_sysctl(u_char *buf, size_t size) +{ + int mib[2]; + size_t len, done; + + mib[0] = CTL_KERN; + mib[1] = KERN_ARND; + done = 0; + + do { + len = size; + if (sysctl(mib, 2, buf, &len, NULL, 0) == -1) + return (done); + done += len; + buf += len; + size -= len; + } while (size > 0); + + return (done); +} + +int +getentropy(void *buf, size_t len) +{ + if (len <= 256 && getentropy_sysctl(buf, len) == len) + return (0); + + errno = EIO; + return (-1); +} diff --git a/configure.ac b/configure.ac index c23ba244e..d8a1ac95b 100644 --- a/configure.ac +++ b/configure.ac @@ -1528,6 +1528,9 @@ if test "$USE_NSS" = "no"; then fi AC_SEARCH_LIBS([clock_gettime], [rt]) ;; + *freebsd*|*FreeBSD) + AC_LIBOBJ(getentropy_freebsd) + ;; *linux*|Linux|*) AC_LIBOBJ(getentropy_linux) AC_CHECK_FUNCS([SHA512_Update],,[ From 29b90c6e58e953bd014fe5fb7c211b6a06a6c4b4 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Mon, 11 Nov 2019 12:02:51 +0100 Subject: [PATCH 007/123] - Fix #109: check number of arguments for stdin-pipes in unbound-control and fail if too many arguments. --- doc/Changelog | 4 ++++ smallapp/unbound-control.c | 22 ++++++++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/doc/Changelog b/doc/Changelog index 3a00c686e..a1981c931 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,7 @@ +11 November 2019: Wouter + - Fix #109: check number of arguments for stdin-pipes in + unbound-control and fail if too many arguments. + 24 October 2019: Wouter - Fix #99: Memory leak in ub_ctx (event_base will never be freed). diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c index 01e2385fa..ebaa70559 100644 --- a/smallapp/unbound-control.c +++ b/smallapp/unbound-control.c @@ -690,6 +690,27 @@ remote_write(SSL* ssl, int fd, const char* buf, size_t len) } } +/** check args, to see if too many args. Because when a file is sent it + * would wait for the terminal, and we can check for too many arguments, + * eg. user put arguments on the commandline. */ +static void +check_args_for_listcmd(int argc, char* argv[]) +{ + if(argc >= 1 && (strcmp(argv[0], "local_zones") == 0 || + strcmp(argv[0], "local_zones_remove") == 0 || + strcmp(argv[0], "local_datas") == 0 || + strcmp(argv[0], "local_datas_remove") == 0) && + argc >= 2) { + fatal_exit("too many arguments for command '%s', " + "content is piped in from stdin", argv[0]); + } + if(argc >= 1 && strcmp(argv[0], "view_local_datas") == 0 && + argc >= 3) { + fatal_exit("too many arguments for command '%s', " + "content is piped in from stdin", argv[0]); + } +} + /** send stdin to server */ static void send_file(SSL* ssl, int fd, FILE* in, char* buf, size_t sz) @@ -853,6 +874,7 @@ int main(int argc, char* argv[]) print_stats_shm(cfgfile); return 0; } + check_args_for_listcmd(argc, argv); #ifdef USE_WINSOCK if((r = WSAStartup(MAKEWORD(2,2), &wsa_data)) != 0) From f759fc58398f25ba2195bd29e14f5c49c25e8930 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Mon, 11 Nov 2019 14:46:24 +0100 Subject: [PATCH 008/123] Changelog note and configure autoconf generated. - Merge #102 from jrtc27: Add getentropy emulation for FreeBSD. --- configure | 8 ++++++++ doc/Changelog | 1 + 2 files changed, 9 insertions(+) diff --git a/configure b/configure index 76909d289..ae025fdb7 100755 --- a/configure +++ b/configure @@ -20411,6 +20411,14 @@ if test "$ac_res" != no; then : fi + ;; + *freebsd*|*FreeBSD) + case " $LIBOBJS " in + *" getentropy_freebsd.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS getentropy_freebsd.$ac_objext" + ;; +esac + ;; *linux*|Linux|*) case " $LIBOBJS " in diff --git a/doc/Changelog b/doc/Changelog index a1981c931..0e0f1bd1f 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,7 @@ 11 November 2019: Wouter - Fix #109: check number of arguments for stdin-pipes in unbound-control and fail if too many arguments. + - Merge #102 from jrtc27: Add getentropy emulation for FreeBSD. 24 October 2019: Wouter - Fix #99: Memory leak in ub_ctx (event_base will never be freed). From 5ac9bf3f9bd3a012312e3b8502588504903f2338 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 13 Nov 2019 11:37:06 +0100 Subject: [PATCH 009/123] - iana portlist updated. --- doc/Changelog | 3 +++ util/iana_ports.inc | 2 -- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index 0e0f1bd1f..0b6a813c4 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +13 November 2019: Wouter + - iana portlist updated. + 11 November 2019: Wouter - Fix #109: check number of arguments for stdin-pipes in unbound-control and fail if too many arguments. diff --git a/util/iana_ports.inc b/util/iana_ports.inc index 8577073c8..3e6f3e6be 100644 --- a/util/iana_ports.inc +++ b/util/iana_ports.inc @@ -960,8 +960,6 @@ 1298, 1299, 1300, -1301, -1302, 1303, 1304, 1305, From d4c904d091586a23418ad0aed0fd8fe9ff4849b7 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 13 Nov 2019 11:40:56 +0100 Subject: [PATCH 010/123] - contrib/fastrpz.patch updated to apply for current code. --- contrib/fastrpz.patch | 44 +++++++++++++++++++++---------------------- doc/Changelog | 1 + 2 files changed, 23 insertions(+), 22 deletions(-) diff --git a/contrib/fastrpz.patch b/contrib/fastrpz.patch index 3b1b07885..2bd01f2ee 100644 --- a/contrib/fastrpz.patch +++ b/contrib/fastrpz.patch @@ -2,7 +2,7 @@ Description: based on the included patch contrib/fastrpz.patch Author: fastrpz@farsightsecurity.com --- diff --git a/Makefile.in b/Makefile.in -index e9042712..870d503b 100644 +index 9660c49a..8b078201 100644 --- a/Makefile.in +++ b/Makefile.in @@ -23,6 +23,8 @@ CHECKLOCK_SRC=testcode/checklocks.c @@ -45,10 +45,10 @@ index e9042712..870d503b 100644 pythonmod.lo pythonmod.o: $(srcdir)/pythonmod/pythonmod.c config.h \ pythonmod/interface.h \ diff --git a/config.h.in b/config.h.in -index 1bfe4426..0136421d 100644 +index d8ec50a6..bf6dc973 100644 --- a/config.h.in +++ b/config.h.in -@@ -1315,4 +1315,11 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, +@@ -1319,4 +1319,11 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, /** the version of unbound-control that this software implements */ #define UNBOUND_CONTROL_VERSION 1 @@ -62,7 +62,7 @@ index 1bfe4426..0136421d 100644 +/** turn on fastrpz response policy zones */ +#undef ENABLE_FASTRPZ diff --git a/configure.ac b/configure.ac -index 811ad007..a8346f11 100644 +index d8a1ac95..4f1106a0 100644 --- a/configure.ac +++ b/configure.ac @@ -6,6 +6,7 @@ sinclude(ax_pthread.m4) @@ -73,7 +73,7 @@ index 811ad007..a8346f11 100644 sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing -@@ -1649,6 +1650,9 @@ case "$enable_ipset" in +@@ -1684,6 +1685,9 @@ case "$enable_ipset" in ;; esac @@ -84,7 +84,7 @@ index 811ad007..a8346f11 100644 # on openBSD, the implicit rule make $< work. # on Solaris, it does not work ($? is changed sources, $^ lists dependencies). diff --git a/daemon/daemon.c b/daemon/daemon.c -index 96cc443e..d08b2e56 100644 +index e09138cb..efad0532 100644 --- a/daemon/daemon.c +++ b/daemon/daemon.c @@ -91,6 +91,9 @@ @@ -267,7 +267,7 @@ index 263fcddf..e6bc84bd 100644 } verbose(VERB_ALGO, "answer norec from cache -- " diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in -index b1d8c790..10c0aa58 100644 +index 4bdfcd56..69e70627 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -1801,6 +1801,81 @@ List domain for which the AAAA records are ignored and the A record is @@ -2888,7 +2888,7 @@ index 00000000..21235355 + fi +]) diff --git a/iterator/iterator.c b/iterator/iterator.c -index c906c271..55bf2180 100644 +index 1e0113a8..2fcbf547 100644 --- a/iterator/iterator.c +++ b/iterator/iterator.c @@ -68,6 +68,9 @@ @@ -2901,7 +2901,7 @@ index c906c271..55bf2180 100644 /* in msec */ int UNKNOWN_SERVER_NICENESS = 376; -@@ -551,6 +554,23 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, +@@ -555,6 +558,23 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, if(ntohs(r->rk.type) == LDNS_RR_TYPE_CNAME && query_dname_compare(*mname, r->rk.dname) == 0 && !iter_find_rrset_in_prepend_answer(iq, r)) { @@ -2925,7 +2925,7 @@ index c906c271..55bf2180 100644 /* Add this relevant CNAME rrset to the prepend list.*/ if(!iter_add_prepend_answer(qstate, iq, r)) return 0; -@@ -559,6 +579,9 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, +@@ -563,6 +583,9 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, /* Other rrsets in the section are ignored. */ } @@ -2935,7 +2935,7 @@ index c906c271..55bf2180 100644 /* add authority rrsets to authority prepend, for wildcarded CNAMEs */ for(i=msg->rep->an_numrrsets; irep->an_numrrsets + msg->rep->ns_numrrsets; i++) { -@@ -1195,6 +1218,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, +@@ -1199,6 +1222,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, uint8_t* delname; size_t delnamelen; struct dns_msg* msg = NULL; @@ -2943,7 +2943,7 @@ index c906c271..55bf2180 100644 log_query_info(VERB_DETAIL, "resolving", &qstate->qinfo); /* check effort */ -@@ -1281,8 +1305,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, +@@ -1285,8 +1309,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, } if(msg) { /* handle positive cache response */ @@ -2953,7 +2953,7 @@ index c906c271..55bf2180 100644 if(verbosity >= VERB_ALGO) { log_dns_msg("msg from cache lookup", &msg->qinfo, msg->rep); -@@ -1290,7 +1313,22 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, +@@ -1294,7 +1317,22 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, (int)msg->rep->ttl, (int)msg->rep->prefetch_ttl); } @@ -2976,7 +2976,7 @@ index c906c271..55bf2180 100644 if(type == RESPONSE_TYPE_CNAME) { uint8_t* sname = 0; size_t slen = 0; -@@ -2714,6 +2752,62 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, +@@ -2718,6 +2756,62 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, sock_list_insert(&qstate->reply_origin, &qstate->reply->addr, qstate->reply->addrlen, qstate->region); @@ -3039,7 +3039,7 @@ index c906c271..55bf2180 100644 if(iq->minimisation_state != DONOT_MINIMISE_STATE && !(iq->chase_flags & BIT_RD)) { if(FLAGS_GET_RCODE(iq->response->rep->flags) != -@@ -3467,12 +3561,44 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq, +@@ -3471,12 +3565,44 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq, * but only if we did recursion. The nonrecursion referral * from cache does not need to be stored in the msg cache. */ if(!qstate->no_cache_store && qstate->query_flags&BIT_RD) { @@ -3201,10 +3201,10 @@ index b3ef930a..56173b80 100644 int ip_ratelimit; /** number of slabs for ip_ratelimit cache */ diff --git a/util/configlexer.lex b/util/configlexer.lex -index 7a972908..2d03ffc7 100644 +index a86ddf55..b56bcfb4 100644 --- a/util/configlexer.lex +++ b/util/configlexer.lex -@@ -439,6 +439,10 @@ dnstap-log-forwarder-query-messages{COLON} { +@@ -438,6 +438,10 @@ dnstap-log-forwarder-query-messages{COLON} { YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } dnstap-log-forwarder-response-messages{COLON} { YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } @@ -3216,7 +3216,7 @@ index 7a972908..2d03ffc7 100644 ip-ratelimit{COLON} { YDVAR(1, VAR_IP_RATELIMIT) } ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) } diff --git a/util/configparser.y b/util/configparser.y -index 10227a2f..a519fcc7 100644 +index 10227a2f..cdbcf7cd 100644 --- a/util/configparser.y +++ b/util/configparser.y @@ -125,6 +125,7 @@ extern struct config_parser_state* cfg_parser; @@ -3384,7 +3384,7 @@ index 3a5335dd..20113217 100644 /** diff --git a/util/netevent.c b/util/netevent.c -index 9e2ba92b..06ede4e6 100644 +index c54c570f..c45699d5 100644 --- a/util/netevent.c +++ b/util/netevent.c @@ -57,6 +57,9 @@ @@ -3427,7 +3427,7 @@ index 9e2ba92b..06ede4e6 100644 if(!rep.c || rep.c->fd != fd) /* commpoint closed to -1 or reused for another UDP port. Note rep.c cannot be reused with TCP fd. */ break; -@@ -3152,6 +3164,9 @@ comm_point_send_reply(struct comm_reply *repinfo) +@@ -3184,6 +3196,9 @@ comm_point_send_reply(struct comm_reply *repinfo) repinfo->c->tcp_timeout_msec); } } @@ -3437,7 +3437,7 @@ index 9e2ba92b..06ede4e6 100644 } void -@@ -3161,6 +3176,9 @@ comm_point_drop_reply(struct comm_reply* repinfo) +@@ -3193,6 +3208,9 @@ comm_point_drop_reply(struct comm_reply* repinfo) return; log_assert(repinfo && repinfo->c); log_assert(repinfo->c->type != comm_tcp_accept); @@ -3447,7 +3447,7 @@ index 9e2ba92b..06ede4e6 100644 if(repinfo->c->type == comm_udp) return; if(repinfo->c->tcp_req_info) -@@ -3182,6 +3200,9 @@ comm_point_start_listening(struct comm_point* c, int newfd, int msec) +@@ -3214,6 +3232,9 @@ comm_point_start_listening(struct comm_point* c, int newfd, int msec) { verbose(VERB_ALGO, "comm point start listening %d (%d msec)", c->fd==-1?newfd:c->fd, msec); diff --git a/doc/Changelog b/doc/Changelog index 0b6a813c4..8e74e9b11 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,5 +1,6 @@ 13 November 2019: Wouter - iana portlist updated. + - contrib/fastrpz.patch updated to apply for current code. 11 November 2019: Wouter - Fix #109: check number of arguments for stdin-pipes in From d05d6b959a5a2a1c161951e029d4d933e2cb3e85 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 13 Nov 2019 15:16:27 +0100 Subject: [PATCH 011/123] - fixes for splint cleanliness, long vs int in SSL set_mode. --- daemon/daemon.c | 2 ++ daemon/remote.c | 2 +- doc/Changelog | 1 + services/authzone.c | 8 ++++---- smallapp/unbound-anchor.c | 4 +++- smallapp/unbound-control.c | 4 +++- smallapp/unbound-host.c | 2 ++ testcode/asynclook.c | 2 ++ testcode/petal.c | 4 +++- testcode/streamtcp.c | 2 ++ util/net_help.c | 4 ++-- util/netevent.c | 2 +- validator/autotrust.c | 4 ++++ validator/val_secalgo.c | 2 ++ 14 files changed, 32 insertions(+), 11 deletions(-) diff --git a/daemon/daemon.c b/daemon/daemon.c index e09138cb1..65c1900d6 100644 --- a/daemon/daemon.c +++ b/daemon/daemon.c @@ -221,7 +221,9 @@ daemon_init(void) (void)sldns_key_EVP_load_gost_id(); # endif # if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) +# ifndef S_SPLINT_S OpenSSL_add_all_algorithms(); +# endif # else OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS diff --git a/daemon/remote.c b/daemon/remote.c index 1689154f5..1b67a3444 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -499,7 +499,7 @@ int remote_accept_callback(struct comm_point* c, void* arg, int err, goto close_exit; } SSL_set_accept_state(n->ssl); - (void)SSL_set_mode(n->ssl, SSL_MODE_AUTO_RETRY); + (void)SSL_set_mode(n->ssl, (long)SSL_MODE_AUTO_RETRY); if(!SSL_set_fd(n->ssl, newfd)) { log_crypto_err("could not SSL_set_fd"); SSL_free(n->ssl); diff --git a/doc/Changelog b/doc/Changelog index 8e74e9b11..c4b3781c4 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,7 @@ 13 November 2019: Wouter - iana portlist updated. - contrib/fastrpz.patch updated to apply for current code. + - fixes for splint cleanliness, long vs int in SSL set_mode. 11 November 2019: Wouter - Fix #109: check number of arguments for stdin-pipes in diff --git a/services/authzone.c b/services/authzone.c index 792dc2049..585f86505 100644 --- a/services/authzone.c +++ b/services/authzone.c @@ -5971,15 +5971,15 @@ xfr_probe_send_probe(struct auth_xfer* xfr, struct module_env* env, } if (auth_name != NULL) { if (addr.ss_family == AF_INET - && ntohs(((struct sockaddr_in *)&addr)->sin_port) + && (int)ntohs(((struct sockaddr_in *)&addr)->sin_port) == env->cfg->ssl_port) ((struct sockaddr_in *)&addr)->sin_port - = htons(env->cfg->port); + = htons((uint16_t)env->cfg->port); else if (addr.ss_family == AF_INET6 - && ntohs(((struct sockaddr_in6 *)&addr)->sin6_port) + && (int)ntohs(((struct sockaddr_in6 *)&addr)->sin6_port) == env->cfg->ssl_port) ((struct sockaddr_in6 *)&addr)->sin6_port - = htons(env->cfg->port); + = htons((uint16_t)env->cfg->port); } } diff --git a/smallapp/unbound-anchor.c b/smallapp/unbound-anchor.c index b3b25bda4..817cf6927 100644 --- a/smallapp/unbound-anchor.c +++ b/smallapp/unbound-anchor.c @@ -782,7 +782,7 @@ TLS_initiate(SSL_CTX* sslctx, int fd) return NULL; } SSL_set_connect_state(ssl); - (void)SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); + (void)SSL_set_mode(ssl, (long)SSL_MODE_AUTO_RETRY); if(!SSL_set_fd(ssl, fd)) { if(verb) printf("SSL_set_fd error\n"); SSL_free(ssl); @@ -2379,7 +2379,9 @@ int main(int argc, char* argv[]) ERR_load_SSL_strings(); #endif #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) +# ifndef S_SPLINT_S OpenSSL_add_all_algorithms(); +# endif #else OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c index ebaa70559..20b4575c0 100644 --- a/smallapp/unbound-control.c +++ b/smallapp/unbound-control.c @@ -615,7 +615,7 @@ setup_ssl(SSL_CTX* ctx, int fd) if(!ssl) ssl_err("could not SSL_new"); SSL_set_connect_state(ssl); - (void)SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); + (void)SSL_set_mode(ssl, (long)SSL_MODE_AUTO_RETRY); if(!SSL_set_fd(ssl, fd)) ssl_err("could not SSL_set_fd"); while(1) { @@ -888,7 +888,9 @@ int main(int argc, char* argv[]) ERR_load_SSL_strings(); #endif #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) +# ifndef S_SPLINT_S OpenSSL_add_all_algorithms(); +# endif #else OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS diff --git a/smallapp/unbound-host.c b/smallapp/unbound-host.c index f02511fe5..c34f012fb 100644 --- a/smallapp/unbound-host.c +++ b/smallapp/unbound-host.c @@ -505,7 +505,9 @@ int main(int argc, char* argv[]) ERR_load_SSL_strings(); #endif #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) +# ifndef S_SPLINT_S OpenSSL_add_all_algorithms(); +# endif #else OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS diff --git a/testcode/asynclook.c b/testcode/asynclook.c index f82c6dcab..660f72a7d 100644 --- a/testcode/asynclook.c +++ b/testcode/asynclook.c @@ -482,7 +482,9 @@ int main(int argc, char** argv) ERR_load_SSL_strings(); #endif #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) +# ifndef S_SPLINT_S OpenSSL_add_all_algorithms(); +# endif #else OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS diff --git a/testcode/petal.c b/testcode/petal.c index a733017a4..dcc31fdc5 100644 --- a/testcode/petal.c +++ b/testcode/petal.c @@ -301,7 +301,7 @@ setup_ssl(int s, SSL_CTX* ctx) SSL* ssl = SSL_new(ctx); if(!ssl) return NULL; SSL_set_accept_state(ssl); - (void)SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); + (void)SSL_set_mode(ssl, (long)SSL_MODE_AUTO_RETRY); if(!SSL_set_fd(ssl, s)) { SSL_free(ssl); return NULL; @@ -657,7 +657,9 @@ int main(int argc, char* argv[]) ERR_load_SSL_strings(); #endif #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) +# ifndef S_SPLINT_S OpenSSL_add_all_algorithms(); +# endif #else OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS diff --git a/testcode/streamtcp.c b/testcode/streamtcp.c index 668d6360b..64a169f8b 100644 --- a/testcode/streamtcp.c +++ b/testcode/streamtcp.c @@ -485,7 +485,9 @@ int main(int argc, char** argv) ERR_load_SSL_strings(); #endif #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) +# ifndef S_SPLINT_S OpenSSL_add_all_algorithms(); +# endif #else OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS diff --git a/util/net_help.c b/util/net_help.c index 4f382077e..f2fe6a6dd 100644 --- a/util/net_help.c +++ b/util/net_help.c @@ -1045,7 +1045,7 @@ void* incoming_ssl_fd(void* sslctx, int fd) return NULL; } SSL_set_accept_state(ssl); - (void)SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); + (void)SSL_set_mode(ssl, (long)SSL_MODE_AUTO_RETRY); if(!SSL_set_fd(ssl, fd)) { log_crypto_err("could not SSL_set_fd"); SSL_free(ssl); @@ -1067,7 +1067,7 @@ void* outgoing_ssl_fd(void* sslctx, int fd) return NULL; } SSL_set_connect_state(ssl); - (void)SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); + (void)SSL_set_mode(ssl, (long)SSL_MODE_AUTO_RETRY); if(!SSL_set_fd(ssl, fd)) { log_crypto_err("could not SSL_set_fd"); SSL_free(ssl); diff --git a/util/netevent.c b/util/netevent.c index c54c570f6..a2e39dffc 100644 --- a/util/netevent.c +++ b/util/netevent.c @@ -1309,7 +1309,7 @@ ssl_handle_write(struct comm_point* c) return 1; } /* ignore return, if fails we may simply block */ - (void)SSL_set_mode(c->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE); + (void)SSL_set_mode(c->ssl, (long)SSL_MODE_ENABLE_PARTIAL_WRITE); if(c->tcp_byte_count < sizeof(uint16_t)) { uint16_t len = htons(sldns_buffer_limit(c->buffer)); ERR_clear_error(); diff --git a/validator/autotrust.c b/validator/autotrust.c index fba14ff7c..be7830fb8 100644 --- a/validator/autotrust.c +++ b/validator/autotrust.c @@ -1175,7 +1175,9 @@ void autr_write_file(struct module_env* env, struct trust_anchor* tp) { FILE* out; char* fname = tp->autr->file; +#ifndef S_SPLINT_S long long llvalue; +#endif char tempf[2048]; log_assert(tp->autr); if(!env) { @@ -1184,6 +1186,7 @@ void autr_write_file(struct module_env* env, struct trust_anchor* tp) } /* unique name with pid number, thread number, and struct pointer * (the pointer uniquifies for multiple libunbound contexts) */ +#ifndef S_SPLINT_S #if defined(SIZE_MAX) && defined(UINT32_MAX) && (UINT32_MAX == SIZE_MAX || INT32_MAX == SIZE_MAX) /* avoid warning about upcast on 32bit systems */ llvalue = (unsigned long)tp; @@ -1197,6 +1200,7 @@ void autr_write_file(struct module_env* env, struct trust_anchor* tp) snprintf(tempf, sizeof(tempf), "%s.%d-%d-%I64x", fname, (int)getpid(), env->worker?*(int*)env->worker:0, llvalue); #endif +#endif /* S_SPLINT_S */ verbose(VERB_ALGO, "autotrust: write to disk: %s", tempf); out = fopen(tempf, "w"); if(!out) { diff --git a/validator/val_secalgo.c b/validator/val_secalgo.c index ff7739bcf..5e02f6bdb 100644 --- a/validator/val_secalgo.c +++ b/validator/val_secalgo.c @@ -326,8 +326,10 @@ setup_dsa_sig(unsigned char** sig, unsigned int* len) #ifdef HAVE_DSA_SIG_SET0 if(!DSA_SIG_set0(dsasig, R, S)) return 0; #else +# ifndef S_SPLINT_S dsasig->r = R; dsasig->s = S; +# endif /* S_SPLINT_S */ #endif *sig = NULL; newlen = i2d_DSA_SIG(dsasig, sig); From 57f258279018ed0ca0898a8b500432b5fc77618f Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Mon, 18 Nov 2019 10:45:47 +0100 Subject: [PATCH 012/123] - In unbound-host use separate variable for get_option to please code checkers. --- doc/Changelog | 4 ++++ smallapp/unbound-host.c | 7 ++++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index c4b3781c4..eb51ec447 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,7 @@ +18 November 2019: Wouter + - In unbound-host use separate variable for get_option to please + code checkers. + 13 November 2019: Wouter - iana portlist updated. - contrib/fastrpz.patch updated to apply for current code. diff --git a/smallapp/unbound-host.c b/smallapp/unbound-host.c index c34f012fb..1ae2d8521 100644 --- a/smallapp/unbound-host.c +++ b/smallapp/unbound-host.c @@ -426,6 +426,7 @@ int main(int argc, char* argv[]) int c; char* qclass = NULL; char* qtype = NULL; + char* use_syslog = NULL; struct ub_ctx* ctx = NULL; int debuglevel = 0; @@ -486,11 +487,11 @@ int main(int argc, char* argv[]) } if(debuglevel != 0) /* set after possible -C options */ check_ub_res(ub_ctx_debuglevel(ctx, debuglevel)); - if(ub_ctx_get_option(ctx, "use-syslog", &optarg) == 0) { - if(strcmp(optarg, "yes") == 0) /* disable use-syslog */ + if(ub_ctx_get_option(ctx, "use-syslog", &use_syslog) == 0) { + if(strcmp(use_syslog, "yes") == 0) /* disable use-syslog */ check_ub_res(ub_ctx_set_option(ctx, "use-syslog:", "no")); - free(optarg); + free(use_syslog); } argc -= optind; argv += optind; From 253d95a8ef01ce49cd5ae011d57e026aa32c7ef5 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Mon, 18 Nov 2019 10:50:54 +0100 Subject: [PATCH 013/123] - update to bison output of 3.4.1 in code repository. --- doc/Changelog | 1 + util/configparser.c | 1291 ++++++++++++++++++++++--------------------- util/configparser.h | 15 +- 3 files changed, 660 insertions(+), 647 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index eb51ec447..cd396f832 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,7 @@ 18 November 2019: Wouter - In unbound-host use separate variable for get_option to please code checkers. + - update to bison output of 3.4.1 in code repository. 13 November 2019: Wouter - iana portlist updated. diff --git a/util/configparser.c b/util/configparser.c index f85f3b3b4..29d86e472 100644 --- a/util/configparser.c +++ b/util/configparser.c @@ -1,8 +1,9 @@ -/* A Bison parser, made by GNU Bison 3.0.5. */ +/* A Bison parser, made by GNU Bison 3.4.1. */ /* Bison implementation for Yacc-like parsers in C - Copyright (C) 1984, 1989-1990, 2000-2015, 2018 Free Software Foundation, Inc. + Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2019 Free Software Foundation, + Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -40,11 +41,14 @@ define necessary library symbols; they are noted "INFRINGES ON USER NAME SPACE" below. */ +/* Undocumented macros, especially those whose name start with YY_, + are private implementation details. Do not rely on them. */ + /* Identify Bison output. */ #define YYBISON 1 /* Bison version. */ -#define YYBISON_VERSION "3.0.5" +#define YYBISON_VERSION "3.4.1" /* Skeleton name. */ #define YYSKELETON_NAME "yacc.c" @@ -61,8 +65,8 @@ -/* Copy the first part of user declarations. */ -#line 38 "./util/configparser.y" /* yacc.c:339 */ +/* First part of user prologue. */ +#line 38 "./util/configparser.y" #include "config.h" @@ -91,13 +95,17 @@ extern struct config_parser_state* cfg_parser; #endif -#line 95 "util/configparser.c" /* yacc.c:339 */ +#line 99 "util/configparser.c" # ifndef YY_NULLPTR -# if defined __cplusplus && 201103L <= __cplusplus -# define YY_NULLPTR nullptr +# if defined __cplusplus +# if 201103L <= __cplusplus +# define YY_NULLPTR nullptr +# else +# define YY_NULLPTR 0 +# endif # else -# define YY_NULLPTR 0 +# define YY_NULLPTR ((void*)0) # endif # endif @@ -109,8 +117,8 @@ extern struct config_parser_state* cfg_parser; # define YYERROR_VERBOSE 0 #endif -/* In a future release of Bison, this section will be replaced - by #include "configparser.h". */ +/* Use api.header.include to #include this header + instead of duplicating it here. */ #ifndef YY_YY_UTIL_CONFIGPARSER_H_INCLUDED # define YY_YY_UTIL_CONFIGPARSER_H_INCLUDED /* Debug traces. */ @@ -666,16 +674,15 @@ extern int yydebug; /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED - union YYSTYPE { -#line 66 "./util/configparser.y" /* yacc.c:355 */ +#line 66 "./util/configparser.y" char* str; -#line 677 "util/configparser.c" /* yacc.c:355 */ -}; +#line 684 "util/configparser.c" +}; typedef union YYSTYPE YYSTYPE; # define YYSTYPE_IS_TRIVIAL 1 # define YYSTYPE_IS_DECLARED 1 @@ -688,9 +695,7 @@ int yyparse (void); #endif /* !YY_YY_UTIL_CONFIGPARSER_H_INCLUDED */ -/* Copy the second part of user declarations. */ -#line 694 "util/configparser.c" /* yacc.c:358 */ #ifdef short # undef short @@ -711,13 +716,13 @@ typedef signed char yytype_int8; #ifdef YYTYPE_UINT16 typedef YYTYPE_UINT16 yytype_uint16; #else -typedef unsigned short int yytype_uint16; +typedef unsigned short yytype_uint16; #endif #ifdef YYTYPE_INT16 typedef YYTYPE_INT16 yytype_int16; #else -typedef short int yytype_int16; +typedef short yytype_int16; #endif #ifndef YYSIZE_T @@ -729,7 +734,7 @@ typedef short int yytype_int16; # include /* INFRINGES ON USER NAME SPACE */ # define YYSIZE_T size_t # else -# define YYSIZE_T unsigned int +# define YYSIZE_T unsigned # endif #endif @@ -765,15 +770,6 @@ typedef short int yytype_int16; # define YY_ATTRIBUTE_UNUSED YY_ATTRIBUTE ((__unused__)) #endif -#if !defined _Noreturn \ - && (!defined __STDC_VERSION__ || __STDC_VERSION__ < 201112) -# if defined _MSC_VER && 1200 <= _MSC_VER -# define _Noreturn __declspec (noreturn) -# else -# define _Noreturn YY_ATTRIBUTE ((__noreturn__)) -# endif -#endif - /* Suppress unused-variable warnings by "using" E. */ #if ! defined lint || defined __GNUC__ # define YYUSE(E) ((void) (E)) @@ -781,7 +777,7 @@ typedef short int yytype_int16; # define YYUSE(E) /* empty */ #endif -#if defined __GNUC__ && 407 <= __GNUC__ * 100 + __GNUC_MINOR__ +#if defined __GNUC__ && ! defined __ICC && 407 <= __GNUC__ * 100 + __GNUC_MINOR__ /* Suppress an incorrect diagnostic about yylval being uninitialized. */ # define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN \ _Pragma ("GCC diagnostic push") \ @@ -801,6 +797,8 @@ typedef short int yytype_int16; #endif +#define YY_ASSERT(E) ((void) (0 && (E))) + #if ! defined yyoverflow || YYERROR_VERBOSE /* The parser invokes alloca or malloc; define the necessary symbols. */ @@ -943,16 +941,16 @@ union yyalloc /* YYNSTATES -- Number of states. */ #define YYNSTATES 833 -/* YYTRANSLATE[YYX] -- Symbol number corresponding to YYX as returned - by yylex, with out-of-bounds checking. */ #define YYUNDEFTOK 2 #define YYMAXUTOK 524 +/* YYTRANSLATE(TOKEN-NUM) -- Symbol number corresponding to TOKEN-NUM + as returned by yylex, with out-of-bounds checking. */ #define YYTRANSLATE(YYX) \ - ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) + ((unsigned) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) /* YYTRANSLATE[TOKEN-NUM] -- Symbol number corresponding to TOKEN-NUM - as returned by yylex, without out-of-bounds checking. */ + as returned by yylex. */ static const yytype_uint16 yytranslate[] = { 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, @@ -1941,22 +1939,22 @@ static const yytype_uint8 yyr2[] = #define YYRECOVERING() (!!yyerrstatus) -#define YYBACKUP(Token, Value) \ -do \ - if (yychar == YYEMPTY) \ - { \ - yychar = (Token); \ - yylval = (Value); \ - YYPOPSTACK (yylen); \ - yystate = *yyssp; \ - goto yybackup; \ - } \ - else \ - { \ - yyerror (YY_("syntax error: cannot back up")); \ - YYERROR; \ - } \ -while (0) +#define YYBACKUP(Token, Value) \ + do \ + if (yychar == YYEMPTY) \ + { \ + yychar = (Token); \ + yylval = (Value); \ + YYPOPSTACK (yylen); \ + yystate = *yyssp; \ + goto yybackup; \ + } \ + else \ + { \ + yyerror (YY_("syntax error: cannot back up")); \ + YYERROR; \ + } \ + while (0) /* Error token number */ #define YYTERROR 1 @@ -1996,37 +1994,37 @@ do { \ } while (0) -/*----------------------------------------. -| Print this symbol's value on YYOUTPUT. | -`----------------------------------------*/ +/*-----------------------------------. +| Print this symbol's value on YYO. | +`-----------------------------------*/ static void -yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep) +yy_symbol_value_print (FILE *yyo, int yytype, YYSTYPE const * const yyvaluep) { - FILE *yyo = yyoutput; - YYUSE (yyo); + FILE *yyoutput = yyo; + YYUSE (yyoutput); if (!yyvaluep) return; # ifdef YYPRINT if (yytype < YYNTOKENS) - YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep); + YYPRINT (yyo, yytoknum[yytype], *yyvaluep); # endif YYUSE (yytype); } -/*--------------------------------. -| Print this symbol on YYOUTPUT. | -`--------------------------------*/ +/*---------------------------. +| Print this symbol on YYO. | +`---------------------------*/ static void -yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep) +yy_symbol_print (FILE *yyo, int yytype, YYSTYPE const * const yyvaluep) { - YYFPRINTF (yyoutput, "%s %s (", + YYFPRINTF (yyo, "%s %s (", yytype < YYNTOKENS ? "token" : "nterm", yytname[yytype]); - yy_symbol_value_print (yyoutput, yytype, yyvaluep); - YYFPRINTF (yyoutput, ")"); + yy_symbol_value_print (yyo, yytype, yyvaluep); + YYFPRINTF (yyo, ")"); } /*------------------------------------------------------------------. @@ -2060,7 +2058,7 @@ do { \ static void yy_reduce_print (yytype_int16 *yyssp, YYSTYPE *yyvsp, int yyrule) { - unsigned long int yylno = yyrline[yyrule]; + unsigned long yylno = yyrline[yyrule]; int yynrhs = yyr2[yyrule]; int yyi; YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n", @@ -2071,7 +2069,7 @@ yy_reduce_print (yytype_int16 *yyssp, YYSTYPE *yyvsp, int yyrule) YYFPRINTF (stderr, " $%d = ", yyi + 1); yy_symbol_print (stderr, yystos[yyssp[yyi + 1 - yynrhs]], - &(yyvsp[(yyi + 1) - (yynrhs)]) + &yyvsp[(yyi + 1) - (yynrhs)] ); YYFPRINTF (stderr, "\n"); } @@ -2175,7 +2173,10 @@ yytnamerr (char *yyres, const char *yystr) case '\\': if (*++yyp != '\\') goto do_not_strip_quotes; - /* Fall through. */ + else + goto append; + + append: default: if (yyres) yyres[yyn] = *yyp; @@ -2193,7 +2194,7 @@ yytnamerr (char *yyres, const char *yystr) if (! yyres) return yystrlen (yystr); - return yystpcpy (yyres, yystr) - yyres; + return (YYSIZE_T) (yystpcpy (yyres, yystr) - yyres); } # endif @@ -2271,10 +2272,10 @@ yysyntax_error (YYSIZE_T *yymsg_alloc, char **yymsg, yyarg[yycount++] = yytname[yyx]; { YYSIZE_T yysize1 = yysize + yytnamerr (YY_NULLPTR, yytname[yyx]); - if (! (yysize <= yysize1 - && yysize1 <= YYSTACK_ALLOC_MAXIMUM)) + if (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM) + yysize = yysize1; + else return 2; - yysize = yysize1; } } } @@ -2298,9 +2299,10 @@ yysyntax_error (YYSIZE_T *yymsg_alloc, char **yymsg, { YYSIZE_T yysize1 = yysize + yystrlen (yyformat); - if (! (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM)) + if (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM) + yysize = yysize1; + else return 2; - yysize = yysize1; } if (*yymsg_alloc < yysize) @@ -2426,23 +2428,33 @@ yyparse (void) yychar = YYEMPTY; /* Cause a token to be read. */ goto yysetstate; + /*------------------------------------------------------------. -| yynewstate -- Push a new state, which is found in yystate. | +| yynewstate -- push a new state, which is found in yystate. | `------------------------------------------------------------*/ - yynewstate: +yynewstate: /* In all cases, when you get here, the value and location stacks have just been pushed. So pushing a state here evens the stacks. */ yyssp++; - yysetstate: - *yyssp = yystate; + +/*--------------------------------------------------------------------. +| yynewstate -- set current state (the top of the stack) to yystate. | +`--------------------------------------------------------------------*/ +yysetstate: + YYDPRINTF ((stderr, "Entering state %d\n", yystate)); + YY_ASSERT (0 <= yystate && yystate < YYNSTATES); + *yyssp = (yytype_int16) yystate; if (yyss + yystacksize - 1 <= yyssp) +#if !defined yyoverflow && !defined YYSTACK_RELOCATE + goto yyexhaustedlab; +#else { /* Get the current used size of the three stacks, in elements. */ - YYSIZE_T yysize = yyssp - yyss + 1; + YYSIZE_T yysize = (YYSIZE_T) (yyssp - yyss + 1); -#ifdef yyoverflow +# if defined yyoverflow { /* Give user a chance to reallocate the stack. Use copies of these so that the &'s don't force the real ones into @@ -2458,14 +2470,10 @@ yyparse (void) &yyss1, yysize * sizeof (*yyssp), &yyvs1, yysize * sizeof (*yyvsp), &yystacksize); - yyss = yyss1; yyvs = yyvs1; } -#else /* no yyoverflow */ -# ifndef YYSTACK_RELOCATE - goto yyexhaustedlab; -# else +# else /* defined YYSTACK_RELOCATE */ /* Extend the stack our own way. */ if (YYMAXDEPTH <= yystacksize) goto yyexhaustedlab; @@ -2481,35 +2489,33 @@ yyparse (void) goto yyexhaustedlab; YYSTACK_RELOCATE (yyss_alloc, yyss); YYSTACK_RELOCATE (yyvs_alloc, yyvs); -# undef YYSTACK_RELOCATE +# undef YYSTACK_RELOCATE if (yyss1 != yyssa) YYSTACK_FREE (yyss1); } # endif -#endif /* no yyoverflow */ yyssp = yyss + yysize - 1; yyvsp = yyvs + yysize - 1; YYDPRINTF ((stderr, "Stack size increased to %lu\n", - (unsigned long int) yystacksize)); + (unsigned long) yystacksize)); if (yyss + yystacksize - 1 <= yyssp) YYABORT; } - - YYDPRINTF ((stderr, "Entering state %d\n", yystate)); +#endif /* !defined yyoverflow && !defined YYSTACK_RELOCATE */ if (yystate == YYFINAL) YYACCEPT; goto yybackup; + /*-----------. | yybackup. | `-----------*/ yybackup: - /* Do appropriate processing given the current state. Read a lookahead token if we need one and don't already have one. */ @@ -2567,7 +2573,6 @@ yybackup: YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN *++yyvsp = yylval; YY_IGNORE_MAYBE_UNINITIALIZED_END - goto yynewstate; @@ -2582,7 +2587,7 @@ yydefault: /*-----------------------------. -| yyreduce -- Do a reduction. | +| yyreduce -- do a reduction. | `-----------------------------*/ yyreduce: /* yyn is the number of a rule to reduce with. */ @@ -2602,16 +2607,16 @@ yyreduce: YY_REDUCE_PRINT (yyn); switch (yyn) { - case 15: -#line 183 "./util/configparser.y" /* yacc.c:1648 */ + case 15: +#line 183 "./util/configparser.y" { OUTYY(("\nP(server:)\n")); } -#line 2611 "util/configparser.c" /* yacc.c:1648 */ +#line 2616 "util/configparser.c" break; case 207: -#line 274 "./util/configparser.y" /* yacc.c:1648 */ +#line 274 "./util/configparser.y" { struct config_stub* s; OUTYY(("\nP(stub_zone:)\n")); @@ -2622,11 +2627,11 @@ yyreduce: } else yyerror("out of memory"); } -#line 2626 "util/configparser.c" /* yacc.c:1648 */ +#line 2631 "util/configparser.c" break; case 217: -#line 291 "./util/configparser.y" /* yacc.c:1648 */ +#line 291 "./util/configparser.y" { struct config_stub* s; OUTYY(("\nP(forward_zone:)\n")); @@ -2637,11 +2642,11 @@ yyreduce: } else yyerror("out of memory"); } -#line 2641 "util/configparser.c" /* yacc.c:1648 */ +#line 2646 "util/configparser.c" break; case 226: -#line 308 "./util/configparser.y" /* yacc.c:1648 */ +#line 308 "./util/configparser.y" { struct config_view* s; OUTYY(("\nP(view:)\n")); @@ -2654,11 +2659,11 @@ yyreduce: } else yyerror("out of memory"); } -#line 2658 "util/configparser.c" /* yacc.c:1648 */ +#line 2663 "util/configparser.c" break; case 236: -#line 327 "./util/configparser.y" /* yacc.c:1648 */ +#line 327 "./util/configparser.y" { struct config_auth* s; OUTYY(("\nP(auth_zone:)\n")); @@ -2673,11 +2678,11 @@ yyreduce: } else yyerror("out of memory"); } -#line 2677 "util/configparser.c" /* yacc.c:1648 */ +#line 2682 "util/configparser.c" break; case 247: -#line 349 "./util/configparser.y" /* yacc.c:1648 */ +#line 349 "./util/configparser.y" { OUTYY(("P(server_num_threads:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -2685,11 +2690,11 @@ yyreduce: else cfg_parser->cfg->num_threads = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2689 "util/configparser.c" /* yacc.c:1648 */ +#line 2694 "util/configparser.c" break; case 248: -#line 358 "./util/configparser.y" /* yacc.c:1648 */ +#line 358 "./util/configparser.y" { OUTYY(("P(server_verbosity:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -2697,11 +2702,11 @@ yyreduce: else cfg_parser->cfg->verbosity = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2701 "util/configparser.c" /* yacc.c:1648 */ +#line 2706 "util/configparser.c" break; case 249: -#line 367 "./util/configparser.y" /* yacc.c:1648 */ +#line 367 "./util/configparser.y" { OUTYY(("P(server_statistics_interval:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "") == 0 || strcmp((yyvsp[0].str), "0") == 0) @@ -2711,11 +2716,11 @@ yyreduce: else cfg_parser->cfg->stat_interval = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2715 "util/configparser.c" /* yacc.c:1648 */ +#line 2720 "util/configparser.c" break; case 250: -#line 378 "./util/configparser.y" /* yacc.c:1648 */ +#line 378 "./util/configparser.y" { OUTYY(("P(server_statistics_cumulative:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2723,11 +2728,11 @@ yyreduce: else cfg_parser->cfg->stat_cumulative = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2727 "util/configparser.c" /* yacc.c:1648 */ +#line 2732 "util/configparser.c" break; case 251: -#line 387 "./util/configparser.y" /* yacc.c:1648 */ +#line 387 "./util/configparser.y" { OUTYY(("P(server_extended_statistics:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2735,11 +2740,11 @@ yyreduce: else cfg_parser->cfg->stat_extended = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2739 "util/configparser.c" /* yacc.c:1648 */ +#line 2744 "util/configparser.c" break; case 252: -#line 396 "./util/configparser.y" /* yacc.c:1648 */ +#line 396 "./util/configparser.y" { OUTYY(("P(server_shm_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2747,11 +2752,11 @@ yyreduce: else cfg_parser->cfg->shm_enable = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2751 "util/configparser.c" /* yacc.c:1648 */ +#line 2756 "util/configparser.c" break; case 253: -#line 405 "./util/configparser.y" /* yacc.c:1648 */ +#line 405 "./util/configparser.y" { OUTYY(("P(server_shm_key:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "") == 0 || strcmp((yyvsp[0].str), "0") == 0) @@ -2761,11 +2766,11 @@ yyreduce: else cfg_parser->cfg->shm_key = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2765 "util/configparser.c" /* yacc.c:1648 */ +#line 2770 "util/configparser.c" break; case 254: -#line 416 "./util/configparser.y" /* yacc.c:1648 */ +#line 416 "./util/configparser.y" { OUTYY(("P(server_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -2773,11 +2778,11 @@ yyreduce: else cfg_parser->cfg->port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2777 "util/configparser.c" /* yacc.c:1648 */ +#line 2782 "util/configparser.c" break; case 255: -#line 425 "./util/configparser.y" /* yacc.c:1648 */ +#line 425 "./util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(server_send_client_subnet:%s)\n", (yyvsp[0].str))); @@ -2787,11 +2792,11 @@ yyreduce: OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); #endif } -#line 2791 "util/configparser.c" /* yacc.c:1648 */ +#line 2796 "util/configparser.c" break; case 256: -#line 436 "./util/configparser.y" /* yacc.c:1648 */ +#line 436 "./util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(server_client_subnet_zone:%s)\n", (yyvsp[0].str))); @@ -2802,11 +2807,11 @@ yyreduce: OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); #endif } -#line 2806 "util/configparser.c" /* yacc.c:1648 */ +#line 2811 "util/configparser.c" break; case 257: -#line 449 "./util/configparser.y" /* yacc.c:1648 */ +#line 449 "./util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(server_client_subnet_always_forward:%s)\n", (yyvsp[0].str))); @@ -2820,11 +2825,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 2824 "util/configparser.c" /* yacc.c:1648 */ +#line 2829 "util/configparser.c" break; case 258: -#line 464 "./util/configparser.y" /* yacc.c:1648 */ +#line 464 "./util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(client_subnet_opcode:%s)\n", (yyvsp[0].str))); @@ -2834,11 +2839,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 2838 "util/configparser.c" /* yacc.c:1648 */ +#line 2843 "util/configparser.c" break; case 259: -#line 475 "./util/configparser.y" /* yacc.c:1648 */ +#line 475 "./util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(max_client_subnet_ipv4:%s)\n", (yyvsp[0].str))); @@ -2854,11 +2859,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 2858 "util/configparser.c" /* yacc.c:1648 */ +#line 2863 "util/configparser.c" break; case 260: -#line 492 "./util/configparser.y" /* yacc.c:1648 */ +#line 492 "./util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(max_client_subnet_ipv6:%s)\n", (yyvsp[0].str))); @@ -2874,11 +2879,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 2878 "util/configparser.c" /* yacc.c:1648 */ +#line 2883 "util/configparser.c" break; case 261: -#line 509 "./util/configparser.y" /* yacc.c:1648 */ +#line 509 "./util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(min_client_subnet_ipv4:%s)\n", (yyvsp[0].str))); @@ -2894,11 +2899,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 2898 "util/configparser.c" /* yacc.c:1648 */ +#line 2903 "util/configparser.c" break; case 262: -#line 526 "./util/configparser.y" /* yacc.c:1648 */ +#line 526 "./util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(min_client_subnet_ipv6:%s)\n", (yyvsp[0].str))); @@ -2914,11 +2919,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 2918 "util/configparser.c" /* yacc.c:1648 */ +#line 2923 "util/configparser.c" break; case 263: -#line 543 "./util/configparser.y" /* yacc.c:1648 */ +#line 543 "./util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", (yyvsp[0].str))); @@ -2932,11 +2937,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 2936 "util/configparser.c" /* yacc.c:1648 */ +#line 2941 "util/configparser.c" break; case 264: -#line 558 "./util/configparser.y" /* yacc.c:1648 */ +#line 558 "./util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", (yyvsp[0].str))); @@ -2950,11 +2955,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 2954 "util/configparser.c" /* yacc.c:1648 */ +#line 2959 "util/configparser.c" break; case 265: -#line 573 "./util/configparser.y" /* yacc.c:1648 */ +#line 573 "./util/configparser.y" { OUTYY(("P(server_interface:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->num_ifs == 0) @@ -2966,11 +2971,11 @@ yyreduce: else cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = (yyvsp[0].str); } -#line 2970 "util/configparser.c" /* yacc.c:1648 */ +#line 2975 "util/configparser.c" break; case 266: -#line 586 "./util/configparser.y" /* yacc.c:1648 */ +#line 586 "./util/configparser.y" { OUTYY(("P(server_outgoing_interface:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->num_out_ifs == 0) @@ -2984,11 +2989,11 @@ yyreduce: cfg_parser->cfg->out_ifs[ cfg_parser->cfg->num_out_ifs++] = (yyvsp[0].str); } -#line 2988 "util/configparser.c" /* yacc.c:1648 */ +#line 2993 "util/configparser.c" break; case 267: -#line 601 "./util/configparser.y" /* yacc.c:1648 */ +#line 601 "./util/configparser.y" { OUTYY(("P(server_outgoing_range:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -2996,11 +3001,11 @@ yyreduce: else cfg_parser->cfg->outgoing_num_ports = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3000 "util/configparser.c" /* yacc.c:1648 */ +#line 3005 "util/configparser.c" break; case 268: -#line 610 "./util/configparser.y" /* yacc.c:1648 */ +#line 610 "./util/configparser.y" { OUTYY(("P(server_outgoing_port_permit:%s)\n", (yyvsp[0].str))); if(!cfg_mark_ports((yyvsp[0].str), 1, @@ -3008,11 +3013,11 @@ yyreduce: yyerror("port number or range (\"low-high\") expected"); free((yyvsp[0].str)); } -#line 3012 "util/configparser.c" /* yacc.c:1648 */ +#line 3017 "util/configparser.c" break; case 269: -#line 619 "./util/configparser.y" /* yacc.c:1648 */ +#line 619 "./util/configparser.y" { OUTYY(("P(server_outgoing_port_avoid:%s)\n", (yyvsp[0].str))); if(!cfg_mark_ports((yyvsp[0].str), 0, @@ -3020,11 +3025,11 @@ yyreduce: yyerror("port number or range (\"low-high\") expected"); free((yyvsp[0].str)); } -#line 3024 "util/configparser.c" /* yacc.c:1648 */ +#line 3029 "util/configparser.c" break; case 270: -#line 628 "./util/configparser.y" /* yacc.c:1648 */ +#line 628 "./util/configparser.y" { OUTYY(("P(server_outgoing_num_tcp:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3032,11 +3037,11 @@ yyreduce: else cfg_parser->cfg->outgoing_num_tcp = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3036 "util/configparser.c" /* yacc.c:1648 */ +#line 3041 "util/configparser.c" break; case 271: -#line 637 "./util/configparser.y" /* yacc.c:1648 */ +#line 637 "./util/configparser.y" { OUTYY(("P(server_incoming_num_tcp:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3044,11 +3049,11 @@ yyreduce: else cfg_parser->cfg->incoming_num_tcp = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3048 "util/configparser.c" /* yacc.c:1648 */ +#line 3053 "util/configparser.c" break; case 272: -#line 646 "./util/configparser.y" /* yacc.c:1648 */ +#line 646 "./util/configparser.y" { OUTYY(("P(server_interface_automatic:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3056,11 +3061,11 @@ yyreduce: else cfg_parser->cfg->if_automatic = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3060 "util/configparser.c" /* yacc.c:1648 */ +#line 3065 "util/configparser.c" break; case 273: -#line 655 "./util/configparser.y" /* yacc.c:1648 */ +#line 655 "./util/configparser.y" { OUTYY(("P(server_do_ip4:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3068,11 +3073,11 @@ yyreduce: else cfg_parser->cfg->do_ip4 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3072 "util/configparser.c" /* yacc.c:1648 */ +#line 3077 "util/configparser.c" break; case 274: -#line 664 "./util/configparser.y" /* yacc.c:1648 */ +#line 664 "./util/configparser.y" { OUTYY(("P(server_do_ip6:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3080,11 +3085,11 @@ yyreduce: else cfg_parser->cfg->do_ip6 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3084 "util/configparser.c" /* yacc.c:1648 */ +#line 3089 "util/configparser.c" break; case 275: -#line 673 "./util/configparser.y" /* yacc.c:1648 */ +#line 673 "./util/configparser.y" { OUTYY(("P(server_do_udp:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3092,11 +3097,11 @@ yyreduce: else cfg_parser->cfg->do_udp = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3096 "util/configparser.c" /* yacc.c:1648 */ +#line 3101 "util/configparser.c" break; case 276: -#line 682 "./util/configparser.y" /* yacc.c:1648 */ +#line 682 "./util/configparser.y" { OUTYY(("P(server_do_tcp:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3104,11 +3109,11 @@ yyreduce: else cfg_parser->cfg->do_tcp = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3108 "util/configparser.c" /* yacc.c:1648 */ +#line 3113 "util/configparser.c" break; case 277: -#line 691 "./util/configparser.y" /* yacc.c:1648 */ +#line 691 "./util/configparser.y" { OUTYY(("P(server_prefer_ip6:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3116,11 +3121,11 @@ yyreduce: else cfg_parser->cfg->prefer_ip6 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3120 "util/configparser.c" /* yacc.c:1648 */ +#line 3125 "util/configparser.c" break; case 278: -#line 700 "./util/configparser.y" /* yacc.c:1648 */ +#line 700 "./util/configparser.y" { OUTYY(("P(server_tcp_mss:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3128,11 +3133,11 @@ yyreduce: else cfg_parser->cfg->tcp_mss = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3132 "util/configparser.c" /* yacc.c:1648 */ +#line 3137 "util/configparser.c" break; case 279: -#line 709 "./util/configparser.y" /* yacc.c:1648 */ +#line 709 "./util/configparser.y" { OUTYY(("P(server_outgoing_tcp_mss:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3140,11 +3145,11 @@ yyreduce: else cfg_parser->cfg->outgoing_tcp_mss = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3144 "util/configparser.c" /* yacc.c:1648 */ +#line 3149 "util/configparser.c" break; case 280: -#line 718 "./util/configparser.y" /* yacc.c:1648 */ +#line 718 "./util/configparser.y" { OUTYY(("P(server_tcp_idle_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3156,11 +3161,11 @@ yyreduce: else cfg_parser->cfg->tcp_idle_timeout = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3160 "util/configparser.c" /* yacc.c:1648 */ +#line 3165 "util/configparser.c" break; case 281: -#line 731 "./util/configparser.y" /* yacc.c:1648 */ +#line 731 "./util/configparser.y" { OUTYY(("P(server_tcp_keepalive:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3168,11 +3173,11 @@ yyreduce: else cfg_parser->cfg->do_tcp_keepalive = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3172 "util/configparser.c" /* yacc.c:1648 */ +#line 3177 "util/configparser.c" break; case 282: -#line 740 "./util/configparser.y" /* yacc.c:1648 */ +#line 740 "./util/configparser.y" { OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3184,11 +3189,11 @@ yyreduce: else cfg_parser->cfg->tcp_keepalive_timeout = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3188 "util/configparser.c" /* yacc.c:1648 */ +#line 3193 "util/configparser.c" break; case 283: -#line 753 "./util/configparser.y" /* yacc.c:1648 */ +#line 753 "./util/configparser.y" { OUTYY(("P(server_tcp_upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3196,11 +3201,11 @@ yyreduce: else cfg_parser->cfg->tcp_upstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3200 "util/configparser.c" /* yacc.c:1648 */ +#line 3205 "util/configparser.c" break; case 284: -#line 762 "./util/configparser.y" /* yacc.c:1648 */ +#line 762 "./util/configparser.y" { OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3208,11 +3213,11 @@ yyreduce: else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3212 "util/configparser.c" /* yacc.c:1648 */ +#line 3217 "util/configparser.c" break; case 285: -#line 771 "./util/configparser.y" /* yacc.c:1648 */ +#line 771 "./util/configparser.y" { OUTYY(("P(server_ssl_upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3220,31 +3225,31 @@ yyreduce: else cfg_parser->cfg->ssl_upstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3224 "util/configparser.c" /* yacc.c:1648 */ +#line 3229 "util/configparser.c" break; case 286: -#line 780 "./util/configparser.y" /* yacc.c:1648 */ +#line 780 "./util/configparser.y" { OUTYY(("P(server_ssl_service_key:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->ssl_service_key); cfg_parser->cfg->ssl_service_key = (yyvsp[0].str); } -#line 3234 "util/configparser.c" /* yacc.c:1648 */ +#line 3239 "util/configparser.c" break; case 287: -#line 787 "./util/configparser.y" /* yacc.c:1648 */ +#line 787 "./util/configparser.y" { OUTYY(("P(server_ssl_service_pem:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->ssl_service_pem); cfg_parser->cfg->ssl_service_pem = (yyvsp[0].str); } -#line 3244 "util/configparser.c" /* yacc.c:1648 */ +#line 3249 "util/configparser.c" break; case 288: -#line 794 "./util/configparser.y" /* yacc.c:1648 */ +#line 794 "./util/configparser.y" { OUTYY(("P(server_ssl_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3252,21 +3257,21 @@ yyreduce: else cfg_parser->cfg->ssl_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3256 "util/configparser.c" /* yacc.c:1648 */ +#line 3261 "util/configparser.c" break; case 289: -#line 803 "./util/configparser.y" /* yacc.c:1648 */ +#line 803 "./util/configparser.y" { OUTYY(("P(server_tls_cert_bundle:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->tls_cert_bundle); cfg_parser->cfg->tls_cert_bundle = (yyvsp[0].str); } -#line 3266 "util/configparser.c" /* yacc.c:1648 */ +#line 3271 "util/configparser.c" break; case 290: -#line 810 "./util/configparser.y" /* yacc.c:1648 */ +#line 810 "./util/configparser.y" { OUTYY(("P(server_tls_win_cert:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3274,53 +3279,53 @@ yyreduce: else cfg_parser->cfg->tls_win_cert = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3278 "util/configparser.c" /* yacc.c:1648 */ +#line 3283 "util/configparser.c" break; case 291: -#line 819 "./util/configparser.y" /* yacc.c:1648 */ +#line 819 "./util/configparser.y" { OUTYY(("P(server_tls_additional_port:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3289 "util/configparser.c" /* yacc.c:1648 */ +#line 3294 "util/configparser.c" break; case 292: -#line 827 "./util/configparser.y" /* yacc.c:1648 */ +#line 827 "./util/configparser.y" { OUTYY(("P(server_tls_ciphers:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->tls_ciphers); cfg_parser->cfg->tls_ciphers = (yyvsp[0].str); } -#line 3299 "util/configparser.c" /* yacc.c:1648 */ +#line 3304 "util/configparser.c" break; case 293: -#line 834 "./util/configparser.y" /* yacc.c:1648 */ +#line 834 "./util/configparser.y" { OUTYY(("P(server_tls_ciphersuites:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->tls_ciphersuites); cfg_parser->cfg->tls_ciphersuites = (yyvsp[0].str); } -#line 3309 "util/configparser.c" /* yacc.c:1648 */ +#line 3314 "util/configparser.c" break; case 294: -#line 841 "./util/configparser.y" /* yacc.c:1648 */ +#line 841 "./util/configparser.y" { OUTYY(("P(server_tls_session_ticket_keys:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3320 "util/configparser.c" /* yacc.c:1648 */ +#line 3325 "util/configparser.c" break; case 295: -#line 849 "./util/configparser.y" /* yacc.c:1648 */ +#line 849 "./util/configparser.y" { OUTYY(("P(server_use_systemd:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3328,11 +3333,11 @@ yyreduce: else cfg_parser->cfg->use_systemd = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3332 "util/configparser.c" /* yacc.c:1648 */ +#line 3337 "util/configparser.c" break; case 296: -#line 858 "./util/configparser.y" /* yacc.c:1648 */ +#line 858 "./util/configparser.y" { OUTYY(("P(server_do_daemonize:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3340,11 +3345,11 @@ yyreduce: else cfg_parser->cfg->do_daemonize = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3344 "util/configparser.c" /* yacc.c:1648 */ +#line 3349 "util/configparser.c" break; case 297: -#line 867 "./util/configparser.y" /* yacc.c:1648 */ +#line 867 "./util/configparser.y" { OUTYY(("P(server_use_syslog:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3357,11 +3362,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3361 "util/configparser.c" /* yacc.c:1648 */ +#line 3366 "util/configparser.c" break; case 298: -#line 881 "./util/configparser.y" /* yacc.c:1648 */ +#line 881 "./util/configparser.y" { OUTYY(("P(server_log_time_ascii:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3369,11 +3374,11 @@ yyreduce: else cfg_parser->cfg->log_time_ascii = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3373 "util/configparser.c" /* yacc.c:1648 */ +#line 3378 "util/configparser.c" break; case 299: -#line 890 "./util/configparser.y" /* yacc.c:1648 */ +#line 890 "./util/configparser.y" { OUTYY(("P(server_log_queries:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3381,11 +3386,11 @@ yyreduce: else cfg_parser->cfg->log_queries = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3385 "util/configparser.c" /* yacc.c:1648 */ +#line 3390 "util/configparser.c" break; case 300: -#line 899 "./util/configparser.y" /* yacc.c:1648 */ +#line 899 "./util/configparser.y" { OUTYY(("P(server_log_replies:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3393,11 +3398,11 @@ yyreduce: else cfg_parser->cfg->log_replies = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3397 "util/configparser.c" /* yacc.c:1648 */ +#line 3402 "util/configparser.c" break; case 301: -#line 908 "./util/configparser.y" /* yacc.c:1648 */ +#line 908 "./util/configparser.y" { OUTYY(("P(server_log_tag_queryreply:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3405,11 +3410,11 @@ yyreduce: else cfg_parser->cfg->log_tag_queryreply = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3409 "util/configparser.c" /* yacc.c:1648 */ +#line 3414 "util/configparser.c" break; case 302: -#line 917 "./util/configparser.y" /* yacc.c:1648 */ +#line 917 "./util/configparser.y" { OUTYY(("P(server_log_servfail:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3417,11 +3422,11 @@ yyreduce: else cfg_parser->cfg->log_servfail = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3421 "util/configparser.c" /* yacc.c:1648 */ +#line 3426 "util/configparser.c" break; case 303: -#line 926 "./util/configparser.y" /* yacc.c:1648 */ +#line 926 "./util/configparser.y" { OUTYY(("P(server_log_local_actions:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3429,31 +3434,31 @@ yyreduce: else cfg_parser->cfg->log_local_actions = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3433 "util/configparser.c" /* yacc.c:1648 */ +#line 3438 "util/configparser.c" break; case 304: -#line 935 "./util/configparser.y" /* yacc.c:1648 */ +#line 935 "./util/configparser.y" { OUTYY(("P(server_chroot:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->chrootdir); cfg_parser->cfg->chrootdir = (yyvsp[0].str); } -#line 3443 "util/configparser.c" /* yacc.c:1648 */ +#line 3448 "util/configparser.c" break; case 305: -#line 942 "./util/configparser.y" /* yacc.c:1648 */ +#line 942 "./util/configparser.y" { OUTYY(("P(server_username:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->username); cfg_parser->cfg->username = (yyvsp[0].str); } -#line 3453 "util/configparser.c" /* yacc.c:1648 */ +#line 3458 "util/configparser.c" break; case 306: -#line 949 "./util/configparser.y" /* yacc.c:1648 */ +#line 949 "./util/configparser.y" { OUTYY(("P(server_directory:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->directory); @@ -3478,105 +3483,105 @@ yyreduce: } } } -#line 3482 "util/configparser.c" /* yacc.c:1648 */ +#line 3487 "util/configparser.c" break; case 307: -#line 975 "./util/configparser.y" /* yacc.c:1648 */ +#line 975 "./util/configparser.y" { OUTYY(("P(server_logfile:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->logfile); cfg_parser->cfg->logfile = (yyvsp[0].str); cfg_parser->cfg->use_syslog = 0; } -#line 3493 "util/configparser.c" /* yacc.c:1648 */ +#line 3498 "util/configparser.c" break; case 308: -#line 983 "./util/configparser.y" /* yacc.c:1648 */ +#line 983 "./util/configparser.y" { OUTYY(("P(server_pidfile:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->pidfile); cfg_parser->cfg->pidfile = (yyvsp[0].str); } -#line 3503 "util/configparser.c" /* yacc.c:1648 */ +#line 3508 "util/configparser.c" break; case 309: -#line 990 "./util/configparser.y" /* yacc.c:1648 */ +#line 990 "./util/configparser.y" { OUTYY(("P(server_root_hints:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3513 "util/configparser.c" /* yacc.c:1648 */ +#line 3518 "util/configparser.c" break; case 310: -#line 997 "./util/configparser.y" /* yacc.c:1648 */ +#line 997 "./util/configparser.y" { OUTYY(("P(server_dlv_anchor_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dlv_anchor_file); cfg_parser->cfg->dlv_anchor_file = (yyvsp[0].str); } -#line 3523 "util/configparser.c" /* yacc.c:1648 */ +#line 3528 "util/configparser.c" break; case 311: -#line 1004 "./util/configparser.y" /* yacc.c:1648 */ +#line 1004 "./util/configparser.y" { OUTYY(("P(server_dlv_anchor:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->dlv_anchor_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3533 "util/configparser.c" /* yacc.c:1648 */ +#line 3538 "util/configparser.c" break; case 312: -#line 1011 "./util/configparser.y" /* yacc.c:1648 */ +#line 1011 "./util/configparser.y" { OUTYY(("P(server_auto_trust_anchor_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> auto_trust_anchor_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3544 "util/configparser.c" /* yacc.c:1648 */ +#line 3549 "util/configparser.c" break; case 313: -#line 1019 "./util/configparser.y" /* yacc.c:1648 */ +#line 1019 "./util/configparser.y" { OUTYY(("P(server_trust_anchor_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> trust_anchor_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3555 "util/configparser.c" /* yacc.c:1648 */ +#line 3560 "util/configparser.c" break; case 314: -#line 1027 "./util/configparser.y" /* yacc.c:1648 */ +#line 1027 "./util/configparser.y" { OUTYY(("P(server_trusted_keys_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> trusted_keys_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3566 "util/configparser.c" /* yacc.c:1648 */ +#line 3571 "util/configparser.c" break; case 315: -#line 1035 "./util/configparser.y" /* yacc.c:1648 */ +#line 1035 "./util/configparser.y" { OUTYY(("P(server_trust_anchor:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3576 "util/configparser.c" /* yacc.c:1648 */ +#line 3581 "util/configparser.c" break; case 316: -#line 1042 "./util/configparser.y" /* yacc.c:1648 */ +#line 1042 "./util/configparser.y" { OUTYY(("P(server_trust_anchor_signaling:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3586,11 +3591,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3590 "util/configparser.c" /* yacc.c:1648 */ +#line 3595 "util/configparser.c" break; case 317: -#line 1053 "./util/configparser.y" /* yacc.c:1648 */ +#line 1053 "./util/configparser.y" { OUTYY(("P(server_root_key_sentinel:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3600,21 +3605,21 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3604 "util/configparser.c" /* yacc.c:1648 */ +#line 3609 "util/configparser.c" break; case 318: -#line 1064 "./util/configparser.y" /* yacc.c:1648 */ +#line 1064 "./util/configparser.y" { OUTYY(("P(server_domain_insecure:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3614 "util/configparser.c" /* yacc.c:1648 */ +#line 3619 "util/configparser.c" break; case 319: -#line 1071 "./util/configparser.y" /* yacc.c:1648 */ +#line 1071 "./util/configparser.y" { OUTYY(("P(server_hide_identity:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3622,11 +3627,11 @@ yyreduce: else cfg_parser->cfg->hide_identity = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3626 "util/configparser.c" /* yacc.c:1648 */ +#line 3631 "util/configparser.c" break; case 320: -#line 1080 "./util/configparser.y" /* yacc.c:1648 */ +#line 1080 "./util/configparser.y" { OUTYY(("P(server_hide_version:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3634,11 +3639,11 @@ yyreduce: else cfg_parser->cfg->hide_version = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3638 "util/configparser.c" /* yacc.c:1648 */ +#line 3643 "util/configparser.c" break; case 321: -#line 1089 "./util/configparser.y" /* yacc.c:1648 */ +#line 1089 "./util/configparser.y" { OUTYY(("P(server_hide_trustanchor:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3646,53 +3651,53 @@ yyreduce: else cfg_parser->cfg->hide_trustanchor = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3650 "util/configparser.c" /* yacc.c:1648 */ +#line 3655 "util/configparser.c" break; case 322: -#line 1098 "./util/configparser.y" /* yacc.c:1648 */ +#line 1098 "./util/configparser.y" { OUTYY(("P(server_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->identity); cfg_parser->cfg->identity = (yyvsp[0].str); } -#line 3660 "util/configparser.c" /* yacc.c:1648 */ +#line 3665 "util/configparser.c" break; case 323: -#line 1105 "./util/configparser.y" /* yacc.c:1648 */ +#line 1105 "./util/configparser.y" { OUTYY(("P(server_version:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->version); cfg_parser->cfg->version = (yyvsp[0].str); } -#line 3670 "util/configparser.c" /* yacc.c:1648 */ +#line 3675 "util/configparser.c" break; case 324: -#line 1112 "./util/configparser.y" /* yacc.c:1648 */ +#line 1112 "./util/configparser.y" { OUTYY(("P(server_so_rcvbuf:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_rcvbuf)) yyerror("buffer size expected"); free((yyvsp[0].str)); } -#line 3681 "util/configparser.c" /* yacc.c:1648 */ +#line 3686 "util/configparser.c" break; case 325: -#line 1120 "./util/configparser.y" /* yacc.c:1648 */ +#line 1120 "./util/configparser.y" { OUTYY(("P(server_so_sndbuf:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_sndbuf)) yyerror("buffer size expected"); free((yyvsp[0].str)); } -#line 3692 "util/configparser.c" /* yacc.c:1648 */ +#line 3697 "util/configparser.c" break; case 326: -#line 1128 "./util/configparser.y" /* yacc.c:1648 */ +#line 1128 "./util/configparser.y" { OUTYY(("P(server_so_reuseport:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3701,11 +3706,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3705 "util/configparser.c" /* yacc.c:1648 */ +#line 3710 "util/configparser.c" break; case 327: -#line 1138 "./util/configparser.y" /* yacc.c:1648 */ +#line 1138 "./util/configparser.y" { OUTYY(("P(server_ip_transparent:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3714,11 +3719,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3718 "util/configparser.c" /* yacc.c:1648 */ +#line 3723 "util/configparser.c" break; case 328: -#line 1148 "./util/configparser.y" /* yacc.c:1648 */ +#line 1148 "./util/configparser.y" { OUTYY(("P(server_ip_freebind:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3727,22 +3732,22 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3731 "util/configparser.c" /* yacc.c:1648 */ +#line 3736 "util/configparser.c" break; case 329: -#line 1158 "./util/configparser.y" /* yacc.c:1648 */ +#line 1158 "./util/configparser.y" { OUTYY(("P(server_stream_wait_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->stream_wait_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 3742 "util/configparser.c" /* yacc.c:1648 */ +#line 3747 "util/configparser.c" break; case 330: -#line 1166 "./util/configparser.y" /* yacc.c:1648 */ +#line 1166 "./util/configparser.y" { OUTYY(("P(server_edns_buffer_size:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3754,11 +3759,11 @@ yyreduce: else cfg_parser->cfg->edns_buffer_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3758 "util/configparser.c" /* yacc.c:1648 */ +#line 3763 "util/configparser.c" break; case 331: -#line 1179 "./util/configparser.y" /* yacc.c:1648 */ +#line 1179 "./util/configparser.y" { OUTYY(("P(server_msg_buffer_size:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3768,22 +3773,22 @@ yyreduce: else cfg_parser->cfg->msg_buffer_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3772 "util/configparser.c" /* yacc.c:1648 */ +#line 3777 "util/configparser.c" break; case 332: -#line 1190 "./util/configparser.y" /* yacc.c:1648 */ +#line 1190 "./util/configparser.y" { OUTYY(("P(server_msg_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->msg_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 3783 "util/configparser.c" /* yacc.c:1648 */ +#line 3788 "util/configparser.c" break; case 333: -#line 1198 "./util/configparser.y" /* yacc.c:1648 */ +#line 1198 "./util/configparser.y" { OUTYY(("P(server_msg_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3795,11 +3800,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 3799 "util/configparser.c" /* yacc.c:1648 */ +#line 3804 "util/configparser.c" break; case 334: -#line 1211 "./util/configparser.y" /* yacc.c:1648 */ +#line 1211 "./util/configparser.y" { OUTYY(("P(server_num_queries_per_thread:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3807,11 +3812,11 @@ yyreduce: else cfg_parser->cfg->num_queries_per_thread = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3811 "util/configparser.c" /* yacc.c:1648 */ +#line 3816 "util/configparser.c" break; case 335: -#line 1220 "./util/configparser.y" /* yacc.c:1648 */ +#line 1220 "./util/configparser.y" { OUTYY(("P(server_jostle_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3819,11 +3824,11 @@ yyreduce: else cfg_parser->cfg->jostle_time = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3823 "util/configparser.c" /* yacc.c:1648 */ +#line 3828 "util/configparser.c" break; case 336: -#line 1229 "./util/configparser.y" /* yacc.c:1648 */ +#line 1229 "./util/configparser.y" { OUTYY(("P(server_delay_close:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3831,11 +3836,11 @@ yyreduce: else cfg_parser->cfg->delay_close = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3835 "util/configparser.c" /* yacc.c:1648 */ +#line 3840 "util/configparser.c" break; case 337: -#line 1238 "./util/configparser.y" /* yacc.c:1648 */ +#line 1238 "./util/configparser.y" { OUTYY(("P(server_unblock_lan_zones:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3844,11 +3849,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3848 "util/configparser.c" /* yacc.c:1648 */ +#line 3853 "util/configparser.c" break; case 338: -#line 1248 "./util/configparser.y" /* yacc.c:1648 */ +#line 1248 "./util/configparser.y" { OUTYY(("P(server_insecure_lan_zones:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3857,22 +3862,22 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3861 "util/configparser.c" /* yacc.c:1648 */ +#line 3866 "util/configparser.c" break; case 339: -#line 1258 "./util/configparser.y" /* yacc.c:1648 */ +#line 1258 "./util/configparser.y" { OUTYY(("P(server_rrset_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->rrset_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 3872 "util/configparser.c" /* yacc.c:1648 */ +#line 3877 "util/configparser.c" break; case 340: -#line 1266 "./util/configparser.y" /* yacc.c:1648 */ +#line 1266 "./util/configparser.y" { OUTYY(("P(server_rrset_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3884,11 +3889,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 3888 "util/configparser.c" /* yacc.c:1648 */ +#line 3893 "util/configparser.c" break; case 341: -#line 1279 "./util/configparser.y" /* yacc.c:1648 */ +#line 1279 "./util/configparser.y" { OUTYY(("P(server_infra_host_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3896,22 +3901,22 @@ yyreduce: else cfg_parser->cfg->host_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3900 "util/configparser.c" /* yacc.c:1648 */ +#line 3905 "util/configparser.c" break; case 342: -#line 1288 "./util/configparser.y" /* yacc.c:1648 */ +#line 1288 "./util/configparser.y" { OUTYY(("P(server_infra_lame_ttl:%s)\n", (yyvsp[0].str))); verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option " "removed, use infra-host-ttl)", (yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3911 "util/configparser.c" /* yacc.c:1648 */ +#line 3916 "util/configparser.c" break; case 343: -#line 1296 "./util/configparser.y" /* yacc.c:1648 */ +#line 1296 "./util/configparser.y" { OUTYY(("P(server_infra_cache_numhosts:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3919,22 +3924,22 @@ yyreduce: else cfg_parser->cfg->infra_cache_numhosts = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3923 "util/configparser.c" /* yacc.c:1648 */ +#line 3928 "util/configparser.c" break; case 344: -#line 1305 "./util/configparser.y" /* yacc.c:1648 */ +#line 1305 "./util/configparser.y" { OUTYY(("P(server_infra_cache_lame_size:%s)\n", (yyvsp[0].str))); verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s " "(option removed, use infra-cache-numhosts)", (yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3934 "util/configparser.c" /* yacc.c:1648 */ +#line 3939 "util/configparser.c" break; case 345: -#line 1313 "./util/configparser.y" /* yacc.c:1648 */ +#line 1313 "./util/configparser.y" { OUTYY(("P(server_infra_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3946,11 +3951,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 3950 "util/configparser.c" /* yacc.c:1648 */ +#line 3955 "util/configparser.c" break; case 346: -#line 1326 "./util/configparser.y" /* yacc.c:1648 */ +#line 1326 "./util/configparser.y" { OUTYY(("P(server_infra_cache_min_rtt:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3958,21 +3963,21 @@ yyreduce: else cfg_parser->cfg->infra_cache_min_rtt = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3962 "util/configparser.c" /* yacc.c:1648 */ +#line 3967 "util/configparser.c" break; case 347: -#line 1335 "./util/configparser.y" /* yacc.c:1648 */ +#line 1335 "./util/configparser.y" { OUTYY(("P(server_target_fetch_policy:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->target_fetch_policy); cfg_parser->cfg->target_fetch_policy = (yyvsp[0].str); } -#line 3972 "util/configparser.c" /* yacc.c:1648 */ +#line 3977 "util/configparser.c" break; case 348: -#line 1342 "./util/configparser.y" /* yacc.c:1648 */ +#line 1342 "./util/configparser.y" { OUTYY(("P(server_harden_short_bufsize:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3981,11 +3986,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3985 "util/configparser.c" /* yacc.c:1648 */ +#line 3990 "util/configparser.c" break; case 349: -#line 1352 "./util/configparser.y" /* yacc.c:1648 */ +#line 1352 "./util/configparser.y" { OUTYY(("P(server_harden_large_queries:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3994,11 +3999,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3998 "util/configparser.c" /* yacc.c:1648 */ +#line 4003 "util/configparser.c" break; case 350: -#line 1362 "./util/configparser.y" /* yacc.c:1648 */ +#line 1362 "./util/configparser.y" { OUTYY(("P(server_harden_glue:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4007,11 +4012,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4011 "util/configparser.c" /* yacc.c:1648 */ +#line 4016 "util/configparser.c" break; case 351: -#line 1372 "./util/configparser.y" /* yacc.c:1648 */ +#line 1372 "./util/configparser.y" { OUTYY(("P(server_harden_dnssec_stripped:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4020,11 +4025,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4024 "util/configparser.c" /* yacc.c:1648 */ +#line 4029 "util/configparser.c" break; case 352: -#line 1382 "./util/configparser.y" /* yacc.c:1648 */ +#line 1382 "./util/configparser.y" { OUTYY(("P(server_harden_below_nxdomain:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4033,11 +4038,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4037 "util/configparser.c" /* yacc.c:1648 */ +#line 4042 "util/configparser.c" break; case 353: -#line 1392 "./util/configparser.y" /* yacc.c:1648 */ +#line 1392 "./util/configparser.y" { OUTYY(("P(server_harden_referral_path:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4046,11 +4051,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4050 "util/configparser.c" /* yacc.c:1648 */ +#line 4055 "util/configparser.c" break; case 354: -#line 1402 "./util/configparser.y" /* yacc.c:1648 */ +#line 1402 "./util/configparser.y" { OUTYY(("P(server_harden_algo_downgrade:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4059,11 +4064,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4063 "util/configparser.c" /* yacc.c:1648 */ +#line 4068 "util/configparser.c" break; case 355: -#line 1412 "./util/configparser.y" /* yacc.c:1648 */ +#line 1412 "./util/configparser.y" { OUTYY(("P(server_use_caps_for_id:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4072,41 +4077,41 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4076 "util/configparser.c" /* yacc.c:1648 */ +#line 4081 "util/configparser.c" break; case 356: -#line 1422 "./util/configparser.y" /* yacc.c:1648 */ +#line 1422 "./util/configparser.y" { OUTYY(("P(server_caps_whitelist:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4086 "util/configparser.c" /* yacc.c:1648 */ +#line 4091 "util/configparser.c" break; case 357: -#line 1429 "./util/configparser.y" /* yacc.c:1648 */ +#line 1429 "./util/configparser.y" { OUTYY(("P(server_private_address:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4096 "util/configparser.c" /* yacc.c:1648 */ +#line 4101 "util/configparser.c" break; case 358: -#line 1436 "./util/configparser.y" /* yacc.c:1648 */ +#line 1436 "./util/configparser.y" { OUTYY(("P(server_private_domain:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4106 "util/configparser.c" /* yacc.c:1648 */ +#line 4111 "util/configparser.c" break; case 359: -#line 1443 "./util/configparser.y" /* yacc.c:1648 */ +#line 1443 "./util/configparser.y" { OUTYY(("P(server_prefetch:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4114,11 +4119,11 @@ yyreduce: else cfg_parser->cfg->prefetch = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4118 "util/configparser.c" /* yacc.c:1648 */ +#line 4123 "util/configparser.c" break; case 360: -#line 1452 "./util/configparser.y" /* yacc.c:1648 */ +#line 1452 "./util/configparser.y" { OUTYY(("P(server_prefetch_key:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4126,11 +4131,11 @@ yyreduce: else cfg_parser->cfg->prefetch_key = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4130 "util/configparser.c" /* yacc.c:1648 */ +#line 4135 "util/configparser.c" break; case 361: -#line 1461 "./util/configparser.y" /* yacc.c:1648 */ +#line 1461 "./util/configparser.y" { OUTYY(("P(server_deny_any:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4138,11 +4143,11 @@ yyreduce: else cfg_parser->cfg->deny_any = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4142 "util/configparser.c" /* yacc.c:1648 */ +#line 4147 "util/configparser.c" break; case 362: -#line 1470 "./util/configparser.y" /* yacc.c:1648 */ +#line 1470 "./util/configparser.y" { OUTYY(("P(server_unwanted_reply_threshold:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4150,21 +4155,21 @@ yyreduce: else cfg_parser->cfg->unwanted_threshold = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4154 "util/configparser.c" /* yacc.c:1648 */ +#line 4159 "util/configparser.c" break; case 363: -#line 1479 "./util/configparser.y" /* yacc.c:1648 */ +#line 1479 "./util/configparser.y" { OUTYY(("P(server_do_not_query_address:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4164 "util/configparser.c" /* yacc.c:1648 */ +#line 4169 "util/configparser.c" break; case 364: -#line 1486 "./util/configparser.y" /* yacc.c:1648 */ +#line 1486 "./util/configparser.y" { OUTYY(("P(server_do_not_query_localhost:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4173,11 +4178,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4177 "util/configparser.c" /* yacc.c:1648 */ +#line 4182 "util/configparser.c" break; case 365: -#line 1496 "./util/configparser.y" /* yacc.c:1648 */ +#line 1496 "./util/configparser.y" { OUTYY(("P(server_access_control:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "deny")!=0 && strcmp((yyvsp[0].str), "refuse")!=0 && @@ -4196,21 +4201,21 @@ yyreduce: fatal_exit("out of memory adding acl"); } } -#line 4200 "util/configparser.c" /* yacc.c:1648 */ +#line 4205 "util/configparser.c" break; case 366: -#line 1516 "./util/configparser.y" /* yacc.c:1648 */ +#line 1516 "./util/configparser.y" { OUTYY(("P(server_module_conf:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->module_conf); cfg_parser->cfg->module_conf = (yyvsp[0].str); } -#line 4210 "util/configparser.c" /* yacc.c:1648 */ +#line 4215 "util/configparser.c" break; case 367: -#line 1523 "./util/configparser.y" /* yacc.c:1648 */ +#line 1523 "./util/configparser.y" { OUTYY(("P(server_val_override_date:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { @@ -4227,11 +4232,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4231 "util/configparser.c" /* yacc.c:1648 */ +#line 4236 "util/configparser.c" break; case 368: -#line 1541 "./util/configparser.y" /* yacc.c:1648 */ +#line 1541 "./util/configparser.y" { OUTYY(("P(server_val_sig_skew_min:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { @@ -4243,11 +4248,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4247 "util/configparser.c" /* yacc.c:1648 */ +#line 4252 "util/configparser.c" break; case 369: -#line 1554 "./util/configparser.y" /* yacc.c:1648 */ +#line 1554 "./util/configparser.y" { OUTYY(("P(server_val_sig_skew_max:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { @@ -4259,11 +4264,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4263 "util/configparser.c" /* yacc.c:1648 */ +#line 4268 "util/configparser.c" break; case 370: -#line 1567 "./util/configparser.y" /* yacc.c:1648 */ +#line 1567 "./util/configparser.y" { OUTYY(("P(server_cache_max_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4271,11 +4276,11 @@ yyreduce: else cfg_parser->cfg->max_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4275 "util/configparser.c" /* yacc.c:1648 */ +#line 4280 "util/configparser.c" break; case 371: -#line 1576 "./util/configparser.y" /* yacc.c:1648 */ +#line 1576 "./util/configparser.y" { OUTYY(("P(server_cache_max_negative_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4283,11 +4288,11 @@ yyreduce: else cfg_parser->cfg->max_negative_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4287 "util/configparser.c" /* yacc.c:1648 */ +#line 4292 "util/configparser.c" break; case 372: -#line 1585 "./util/configparser.y" /* yacc.c:1648 */ +#line 1585 "./util/configparser.y" { OUTYY(("P(server_cache_min_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4295,11 +4300,11 @@ yyreduce: else cfg_parser->cfg->min_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4299 "util/configparser.c" /* yacc.c:1648 */ +#line 4304 "util/configparser.c" break; case 373: -#line 1594 "./util/configparser.y" /* yacc.c:1648 */ +#line 1594 "./util/configparser.y" { OUTYY(("P(server_bogus_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4307,11 +4312,11 @@ yyreduce: else cfg_parser->cfg->bogus_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4311 "util/configparser.c" /* yacc.c:1648 */ +#line 4316 "util/configparser.c" break; case 374: -#line 1603 "./util/configparser.y" /* yacc.c:1648 */ +#line 1603 "./util/configparser.y" { OUTYY(("P(server_val_clean_additional:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4320,11 +4325,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4324 "util/configparser.c" /* yacc.c:1648 */ +#line 4329 "util/configparser.c" break; case 375: -#line 1613 "./util/configparser.y" /* yacc.c:1648 */ +#line 1613 "./util/configparser.y" { OUTYY(("P(server_val_permissive_mode:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4333,11 +4338,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4337 "util/configparser.c" /* yacc.c:1648 */ +#line 4342 "util/configparser.c" break; case 376: -#line 1623 "./util/configparser.y" /* yacc.c:1648 */ +#line 1623 "./util/configparser.y" { OUTYY(("P(server_aggressive_nsec:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4347,11 +4352,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4351 "util/configparser.c" /* yacc.c:1648 */ +#line 4356 "util/configparser.c" break; case 377: -#line 1634 "./util/configparser.y" /* yacc.c:1648 */ +#line 1634 "./util/configparser.y" { OUTYY(("P(server_ignore_cd_flag:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4359,11 +4364,11 @@ yyreduce: else cfg_parser->cfg->ignore_cd = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4363 "util/configparser.c" /* yacc.c:1648 */ +#line 4368 "util/configparser.c" break; case 378: -#line 1643 "./util/configparser.y" /* yacc.c:1648 */ +#line 1643 "./util/configparser.y" { OUTYY(("P(server_serve_expired:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4371,11 +4376,11 @@ yyreduce: else cfg_parser->cfg->serve_expired = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4375 "util/configparser.c" /* yacc.c:1648 */ +#line 4380 "util/configparser.c" break; case 379: -#line 1652 "./util/configparser.y" /* yacc.c:1648 */ +#line 1652 "./util/configparser.y" { OUTYY(("P(server_serve_expired_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4383,11 +4388,11 @@ yyreduce: else cfg_parser->cfg->serve_expired_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4387 "util/configparser.c" /* yacc.c:1648 */ +#line 4392 "util/configparser.c" break; case 380: -#line 1661 "./util/configparser.y" /* yacc.c:1648 */ +#line 1661 "./util/configparser.y" { OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4395,11 +4400,11 @@ yyreduce: else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4399 "util/configparser.c" /* yacc.c:1648 */ +#line 4404 "util/configparser.c" break; case 381: -#line 1670 "./util/configparser.y" /* yacc.c:1648 */ +#line 1670 "./util/configparser.y" { OUTYY(("P(server_fake_dsa:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4411,11 +4416,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 4415 "util/configparser.c" /* yacc.c:1648 */ +#line 4420 "util/configparser.c" break; case 382: -#line 1683 "./util/configparser.y" /* yacc.c:1648 */ +#line 1683 "./util/configparser.y" { OUTYY(("P(server_fake_sha1:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4427,11 +4432,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 4431 "util/configparser.c" /* yacc.c:1648 */ +#line 4436 "util/configparser.c" break; case 383: -#line 1696 "./util/configparser.y" /* yacc.c:1648 */ +#line 1696 "./util/configparser.y" { OUTYY(("P(server_val_log_level:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4439,21 +4444,21 @@ yyreduce: else cfg_parser->cfg->val_log_level = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4443 "util/configparser.c" /* yacc.c:1648 */ +#line 4448 "util/configparser.c" break; case 384: -#line 1705 "./util/configparser.y" /* yacc.c:1648 */ +#line 1705 "./util/configparser.y" { OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->val_nsec3_key_iterations); cfg_parser->cfg->val_nsec3_key_iterations = (yyvsp[0].str); } -#line 4453 "util/configparser.c" /* yacc.c:1648 */ +#line 4458 "util/configparser.c" break; case 385: -#line 1712 "./util/configparser.y" /* yacc.c:1648 */ +#line 1712 "./util/configparser.y" { OUTYY(("P(server_add_holddown:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4461,11 +4466,11 @@ yyreduce: else cfg_parser->cfg->add_holddown = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4465 "util/configparser.c" /* yacc.c:1648 */ +#line 4470 "util/configparser.c" break; case 386: -#line 1721 "./util/configparser.y" /* yacc.c:1648 */ +#line 1721 "./util/configparser.y" { OUTYY(("P(server_del_holddown:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4473,11 +4478,11 @@ yyreduce: else cfg_parser->cfg->del_holddown = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4477 "util/configparser.c" /* yacc.c:1648 */ +#line 4482 "util/configparser.c" break; case 387: -#line 1730 "./util/configparser.y" /* yacc.c:1648 */ +#line 1730 "./util/configparser.y" { OUTYY(("P(server_keep_missing:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4485,11 +4490,11 @@ yyreduce: else cfg_parser->cfg->keep_missing = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4489 "util/configparser.c" /* yacc.c:1648 */ +#line 4494 "util/configparser.c" break; case 388: -#line 1739 "./util/configparser.y" /* yacc.c:1648 */ +#line 1739 "./util/configparser.y" { OUTYY(("P(server_permit_small_holddown:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4498,22 +4503,22 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4502 "util/configparser.c" /* yacc.c:1648 */ +#line 4507 "util/configparser.c" break; case 389: -#line 1748 "./util/configparser.y" /* yacc.c:1648 */ +#line 1748 "./util/configparser.y" { OUTYY(("P(server_key_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->key_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4513 "util/configparser.c" /* yacc.c:1648 */ +#line 4518 "util/configparser.c" break; case 390: -#line 1756 "./util/configparser.y" /* yacc.c:1648 */ +#line 1756 "./util/configparser.y" { OUTYY(("P(server_key_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4525,22 +4530,22 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4529 "util/configparser.c" /* yacc.c:1648 */ +#line 4534 "util/configparser.c" break; case 391: -#line 1769 "./util/configparser.y" /* yacc.c:1648 */ +#line 1769 "./util/configparser.y" { OUTYY(("P(server_neg_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->neg_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4540 "util/configparser.c" /* yacc.c:1648 */ +#line 4545 "util/configparser.c" break; case 392: -#line 1777 "./util/configparser.y" /* yacc.c:1648 */ +#line 1777 "./util/configparser.y" { OUTYY(("P(server_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 && @@ -4580,21 +4585,21 @@ yyreduce: fatal_exit("out of memory adding local-zone"); } } -#line 4584 "util/configparser.c" /* yacc.c:1648 */ +#line 4589 "util/configparser.c" break; case 393: -#line 1818 "./util/configparser.y" /* yacc.c:1648 */ +#line 1818 "./util/configparser.y" { OUTYY(("P(server_local_data:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, (yyvsp[0].str))) fatal_exit("out of memory adding local-data"); } -#line 4594 "util/configparser.c" /* yacc.c:1648 */ +#line 4599 "util/configparser.c" break; case 394: -#line 1825 "./util/configparser.y" /* yacc.c:1648 */ +#line 1825 "./util/configparser.y" { char* ptr; OUTYY(("P(server_local_data_ptr:%s)\n", (yyvsp[0].str))); @@ -4608,11 +4613,11 @@ yyreduce: yyerror("local-data-ptr could not be reversed"); } } -#line 4612 "util/configparser.c" /* yacc.c:1648 */ +#line 4617 "util/configparser.c" break; case 395: -#line 1840 "./util/configparser.y" /* yacc.c:1648 */ +#line 1840 "./util/configparser.y" { OUTYY(("P(server_minimal_responses:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4621,11 +4626,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4625 "util/configparser.c" /* yacc.c:1648 */ +#line 4630 "util/configparser.c" break; case 396: -#line 1850 "./util/configparser.y" /* yacc.c:1648 */ +#line 1850 "./util/configparser.y" { OUTYY(("P(server_rrset_roundrobin:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4634,41 +4639,41 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4638 "util/configparser.c" /* yacc.c:1648 */ +#line 4643 "util/configparser.c" break; case 397: -#line 1860 "./util/configparser.y" /* yacc.c:1648 */ +#line 1860 "./util/configparser.y" { OUTYY(("P(server_unknown_server_time_limit:%s)\n", (yyvsp[0].str))); cfg_parser->cfg->unknown_server_time_limit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4648 "util/configparser.c" /* yacc.c:1648 */ +#line 4653 "util/configparser.c" break; case 398: -#line 1867 "./util/configparser.y" /* yacc.c:1648 */ +#line 1867 "./util/configparser.y" { OUTYY(("P(server_max_udp_size:%s)\n", (yyvsp[0].str))); cfg_parser->cfg->max_udp_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4658 "util/configparser.c" /* yacc.c:1648 */ +#line 4663 "util/configparser.c" break; case 399: -#line 1874 "./util/configparser.y" /* yacc.c:1648 */ +#line 1874 "./util/configparser.y" { OUTYY(("P(dns64_prefix:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dns64_prefix); cfg_parser->cfg->dns64_prefix = (yyvsp[0].str); } -#line 4668 "util/configparser.c" /* yacc.c:1648 */ +#line 4673 "util/configparser.c" break; case 400: -#line 1881 "./util/configparser.y" /* yacc.c:1648 */ +#line 1881 "./util/configparser.y" { OUTYY(("P(server_dns64_synthall:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4676,22 +4681,22 @@ yyreduce: else cfg_parser->cfg->dns64_synthall = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4680 "util/configparser.c" /* yacc.c:1648 */ +#line 4685 "util/configparser.c" break; case 401: -#line 1890 "./util/configparser.y" /* yacc.c:1648 */ +#line 1890 "./util/configparser.y" { OUTYY(("P(dns64_ignore_aaaa:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa, (yyvsp[0].str))) fatal_exit("out of memory adding dns64-ignore-aaaa"); } -#line 4691 "util/configparser.c" /* yacc.c:1648 */ +#line 4696 "util/configparser.c" break; case 402: -#line 1898 "./util/configparser.y" /* yacc.c:1648 */ +#line 1898 "./util/configparser.y" { char* p, *s = (yyvsp[0].str); OUTYY(("P(server_define_tag:%s)\n", (yyvsp[0].str))); @@ -4704,11 +4709,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4708 "util/configparser.c" /* yacc.c:1648 */ +#line 4713 "util/configparser.c" break; case 403: -#line 1912 "./util/configparser.y" /* yacc.c:1648 */ +#line 1912 "./util/configparser.y" { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), @@ -4728,11 +4733,11 @@ yyreduce: } } } -#line 4732 "util/configparser.c" /* yacc.c:1648 */ +#line 4737 "util/configparser.c" break; case 404: -#line 1933 "./util/configparser.y" /* yacc.c:1648 */ +#line 1933 "./util/configparser.y" { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), @@ -4752,11 +4757,11 @@ yyreduce: } } } -#line 4756 "util/configparser.c" /* yacc.c:1648 */ +#line 4761 "util/configparser.c" break; case 405: -#line 1954 "./util/configparser.y" /* yacc.c:1648 */ +#line 1954 "./util/configparser.y" { OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions, @@ -4767,11 +4772,11 @@ yyreduce: free((yyvsp[0].str)); } } -#line 4771 "util/configparser.c" /* yacc.c:1648 */ +#line 4776 "util/configparser.c" break; case 406: -#line 1966 "./util/configparser.y" /* yacc.c:1648 */ +#line 1966 "./util/configparser.y" { OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas, @@ -4782,11 +4787,11 @@ yyreduce: free((yyvsp[0].str)); } } -#line 4786 "util/configparser.c" /* yacc.c:1648 */ +#line 4791 "util/configparser.c" break; case 407: -#line 1978 "./util/configparser.y" /* yacc.c:1648 */ +#line 1978 "./util/configparser.y" { OUTYY(("P(server_local_zone_override:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides, @@ -4797,11 +4802,11 @@ yyreduce: free((yyvsp[0].str)); } } -#line 4801 "util/configparser.c" /* yacc.c:1648 */ +#line 4806 "util/configparser.c" break; case 408: -#line 1990 "./util/configparser.y" /* yacc.c:1648 */ +#line 1990 "./util/configparser.y" { OUTYY(("P(server_access_control_view:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view, @@ -4809,11 +4814,11 @@ yyreduce: yyerror("out of memory"); } } -#line 4813 "util/configparser.c" /* yacc.c:1648 */ +#line 4818 "util/configparser.c" break; case 409: -#line 1999 "./util/configparser.y" /* yacc.c:1648 */ +#line 1999 "./util/configparser.y" { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), @@ -4833,11 +4838,11 @@ yyreduce: } } } -#line 4837 "util/configparser.c" /* yacc.c:1648 */ +#line 4842 "util/configparser.c" break; case 410: -#line 2020 "./util/configparser.y" /* yacc.c:1648 */ +#line 2020 "./util/configparser.y" { OUTYY(("P(server_ip_ratelimit:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4845,11 +4850,11 @@ yyreduce: else cfg_parser->cfg->ip_ratelimit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4849 "util/configparser.c" /* yacc.c:1648 */ +#line 4854 "util/configparser.c" break; case 411: -#line 2030 "./util/configparser.y" /* yacc.c:1648 */ +#line 2030 "./util/configparser.y" { OUTYY(("P(server_ratelimit:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4857,33 +4862,33 @@ yyreduce: else cfg_parser->cfg->ratelimit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4861 "util/configparser.c" /* yacc.c:1648 */ +#line 4866 "util/configparser.c" break; case 412: -#line 2039 "./util/configparser.y" /* yacc.c:1648 */ +#line 2039 "./util/configparser.y" { OUTYY(("P(server_ip_ratelimit_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ip_ratelimit_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4872 "util/configparser.c" /* yacc.c:1648 */ +#line 4877 "util/configparser.c" break; case 413: -#line 2047 "./util/configparser.y" /* yacc.c:1648 */ +#line 2047 "./util/configparser.y" { OUTYY(("P(server_ratelimit_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ratelimit_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4883 "util/configparser.c" /* yacc.c:1648 */ +#line 4888 "util/configparser.c" break; case 414: -#line 2055 "./util/configparser.y" /* yacc.c:1648 */ +#line 2055 "./util/configparser.y" { OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4895,11 +4900,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4899 "util/configparser.c" /* yacc.c:1648 */ +#line 4904 "util/configparser.c" break; case 415: -#line 2068 "./util/configparser.y" /* yacc.c:1648 */ +#line 2068 "./util/configparser.y" { OUTYY(("P(server_ratelimit_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4911,11 +4916,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4915 "util/configparser.c" /* yacc.c:1648 */ +#line 4920 "util/configparser.c" break; case 416: -#line 2081 "./util/configparser.y" /* yacc.c:1648 */ +#line 2081 "./util/configparser.y" { OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { @@ -4929,11 +4934,11 @@ yyreduce: "ratelimit-for-domain"); } } -#line 4933 "util/configparser.c" /* yacc.c:1648 */ +#line 4938 "util/configparser.c" break; case 417: -#line 2096 "./util/configparser.y" /* yacc.c:1648 */ +#line 2096 "./util/configparser.y" { OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { @@ -4947,11 +4952,11 @@ yyreduce: "ratelimit-below-domain"); } } -#line 4951 "util/configparser.c" /* yacc.c:1648 */ +#line 4956 "util/configparser.c" break; case 418: -#line 2111 "./util/configparser.y" /* yacc.c:1648 */ +#line 2111 "./util/configparser.y" { OUTYY(("P(server_ip_ratelimit_factor:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4959,11 +4964,11 @@ yyreduce: else cfg_parser->cfg->ip_ratelimit_factor = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4963 "util/configparser.c" /* yacc.c:1648 */ +#line 4968 "util/configparser.c" break; case 419: -#line 2120 "./util/configparser.y" /* yacc.c:1648 */ +#line 2120 "./util/configparser.y" { OUTYY(("P(server_ratelimit_factor:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4971,20 +4976,20 @@ yyreduce: else cfg_parser->cfg->ratelimit_factor = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4975 "util/configparser.c" /* yacc.c:1648 */ +#line 4980 "util/configparser.c" break; case 420: -#line 2129 "./util/configparser.y" /* yacc.c:1648 */ +#line 2129 "./util/configparser.y" { OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n")); free((yyvsp[0].str)); } -#line 4984 "util/configparser.c" /* yacc.c:1648 */ +#line 4989 "util/configparser.c" break; case 421: -#line 2135 "./util/configparser.y" /* yacc.c:1648 */ +#line 2135 "./util/configparser.y" { OUTYY(("P(server_fast_server_num:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) <= 0) @@ -4992,11 +4997,11 @@ yyreduce: else cfg_parser->cfg->fast_server_num = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4996 "util/configparser.c" /* yacc.c:1648 */ +#line 5001 "util/configparser.c" break; case 422: -#line 2144 "./util/configparser.y" /* yacc.c:1648 */ +#line 2144 "./util/configparser.y" { OUTYY(("P(server_fast_server_permil:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5004,11 +5009,11 @@ yyreduce: else cfg_parser->cfg->fast_server_permil = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5008 "util/configparser.c" /* yacc.c:1648 */ +#line 5013 "util/configparser.c" break; case 423: -#line 2153 "./util/configparser.y" /* yacc.c:1648 */ +#line 2153 "./util/configparser.y" { OUTYY(("P(server_qname_minimisation:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5017,11 +5022,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5021 "util/configparser.c" /* yacc.c:1648 */ +#line 5026 "util/configparser.c" break; case 424: -#line 2163 "./util/configparser.y" /* yacc.c:1648 */ +#line 2163 "./util/configparser.y" { OUTYY(("P(server_qname_minimisation_strict:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5030,11 +5035,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5034 "util/configparser.c" /* yacc.c:1648 */ +#line 5039 "util/configparser.c" break; case 425: -#line 2173 "./util/configparser.y" /* yacc.c:1648 */ +#line 2173 "./util/configparser.y" { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_enabled:%s)\n", (yyvsp[0].str))); @@ -5046,11 +5051,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 5050 "util/configparser.c" /* yacc.c:1648 */ +#line 5055 "util/configparser.c" break; case 426: -#line 2186 "./util/configparser.y" /* yacc.c:1648 */ +#line 2186 "./util/configparser.y" { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", (yyvsp[0].str))); @@ -5062,11 +5067,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 5066 "util/configparser.c" /* yacc.c:1648 */ +#line 5071 "util/configparser.c" break; case 427: -#line 2199 "./util/configparser.y" /* yacc.c:1648 */ +#line 2199 "./util/configparser.y" { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_hook:%s)\n", (yyvsp[0].str))); @@ -5077,11 +5082,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5081 "util/configparser.c" /* yacc.c:1648 */ +#line 5086 "util/configparser.c" break; case 428: -#line 2211 "./util/configparser.y" /* yacc.c:1648 */ +#line 2211 "./util/configparser.y" { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", (yyvsp[0].str))); @@ -5094,11 +5099,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5098 "util/configparser.c" /* yacc.c:1648 */ +#line 5103 "util/configparser.c" break; case 429: -#line 2225 "./util/configparser.y" /* yacc.c:1648 */ +#line 2225 "./util/configparser.y" { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_whitelist:%s)\n", (yyvsp[0].str))); @@ -5109,11 +5114,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5113 "util/configparser.c" /* yacc.c:1648 */ +#line 5118 "util/configparser.c" break; case 430: -#line 2237 "./util/configparser.y" /* yacc.c:1648 */ +#line 2237 "./util/configparser.y" { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_strict:%s)\n", (yyvsp[0].str))); @@ -5126,11 +5131,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5130 "util/configparser.c" /* yacc.c:1648 */ +#line 5135 "util/configparser.c" break; case 431: -#line 2251 "./util/configparser.y" /* yacc.c:1648 */ +#line 2251 "./util/configparser.y" { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->stubs->name) @@ -5139,31 +5144,31 @@ yyreduce: free(cfg_parser->cfg->stubs->name); cfg_parser->cfg->stubs->name = (yyvsp[0].str); } -#line 5143 "util/configparser.c" /* yacc.c:1648 */ +#line 5148 "util/configparser.c" break; case 432: -#line 2261 "./util/configparser.y" /* yacc.c:1648 */ +#line 2261 "./util/configparser.y" { OUTYY(("P(stub-host:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5153 "util/configparser.c" /* yacc.c:1648 */ +#line 5158 "util/configparser.c" break; case 433: -#line 2268 "./util/configparser.y" /* yacc.c:1648 */ +#line 2268 "./util/configparser.y" { OUTYY(("P(stub-addr:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5163 "util/configparser.c" /* yacc.c:1648 */ +#line 5168 "util/configparser.c" break; case 434: -#line 2275 "./util/configparser.y" /* yacc.c:1648 */ +#line 2275 "./util/configparser.y" { OUTYY(("P(stub-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5171,11 +5176,11 @@ yyreduce: else cfg_parser->cfg->stubs->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5175 "util/configparser.c" /* yacc.c:1648 */ +#line 5180 "util/configparser.c" break; case 435: -#line 2284 "./util/configparser.y" /* yacc.c:1648 */ +#line 2284 "./util/configparser.y" { OUTYY(("P(stub-no-cache:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5183,11 +5188,11 @@ yyreduce: else cfg_parser->cfg->stubs->no_cache=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5187 "util/configparser.c" /* yacc.c:1648 */ +#line 5192 "util/configparser.c" break; case 436: -#line 2293 "./util/configparser.y" /* yacc.c:1648 */ +#line 2293 "./util/configparser.y" { OUTYY(("P(stub-ssl-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5196,11 +5201,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5200 "util/configparser.c" /* yacc.c:1648 */ +#line 5205 "util/configparser.c" break; case 437: -#line 2303 "./util/configparser.y" /* yacc.c:1648 */ +#line 2303 "./util/configparser.y" { OUTYY(("P(stub-prime:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5209,11 +5214,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5213 "util/configparser.c" /* yacc.c:1648 */ +#line 5218 "util/configparser.c" break; case 438: -#line 2313 "./util/configparser.y" /* yacc.c:1648 */ +#line 2313 "./util/configparser.y" { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->forwards->name) @@ -5222,31 +5227,31 @@ yyreduce: free(cfg_parser->cfg->forwards->name); cfg_parser->cfg->forwards->name = (yyvsp[0].str); } -#line 5226 "util/configparser.c" /* yacc.c:1648 */ +#line 5231 "util/configparser.c" break; case 439: -#line 2323 "./util/configparser.y" /* yacc.c:1648 */ +#line 2323 "./util/configparser.y" { OUTYY(("P(forward-host:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5236 "util/configparser.c" /* yacc.c:1648 */ +#line 5241 "util/configparser.c" break; case 440: -#line 2330 "./util/configparser.y" /* yacc.c:1648 */ +#line 2330 "./util/configparser.y" { OUTYY(("P(forward-addr:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5246 "util/configparser.c" /* yacc.c:1648 */ +#line 5251 "util/configparser.c" break; case 441: -#line 2337 "./util/configparser.y" /* yacc.c:1648 */ +#line 2337 "./util/configparser.y" { OUTYY(("P(forward-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5254,11 +5259,11 @@ yyreduce: else cfg_parser->cfg->forwards->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5258 "util/configparser.c" /* yacc.c:1648 */ +#line 5263 "util/configparser.c" break; case 442: -#line 2346 "./util/configparser.y" /* yacc.c:1648 */ +#line 2346 "./util/configparser.y" { OUTYY(("P(forward-no-cache:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5266,11 +5271,11 @@ yyreduce: else cfg_parser->cfg->forwards->no_cache=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5270 "util/configparser.c" /* yacc.c:1648 */ +#line 5275 "util/configparser.c" break; case 443: -#line 2355 "./util/configparser.y" /* yacc.c:1648 */ +#line 2355 "./util/configparser.y" { OUTYY(("P(forward-ssl-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5279,11 +5284,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5283 "util/configparser.c" /* yacc.c:1648 */ +#line 5288 "util/configparser.c" break; case 444: -#line 2365 "./util/configparser.y" /* yacc.c:1648 */ +#line 2365 "./util/configparser.y" { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->auths->name) @@ -5292,52 +5297,52 @@ yyreduce: free(cfg_parser->cfg->auths->name); cfg_parser->cfg->auths->name = (yyvsp[0].str); } -#line 5296 "util/configparser.c" /* yacc.c:1648 */ +#line 5301 "util/configparser.c" break; case 445: -#line 2375 "./util/configparser.y" /* yacc.c:1648 */ +#line 2375 "./util/configparser.y" { OUTYY(("P(zonefile:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->auths->zonefile); cfg_parser->cfg->auths->zonefile = (yyvsp[0].str); } -#line 5306 "util/configparser.c" /* yacc.c:1648 */ +#line 5311 "util/configparser.c" break; case 446: -#line 2382 "./util/configparser.y" /* yacc.c:1648 */ +#line 2382 "./util/configparser.y" { OUTYY(("P(master:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5316 "util/configparser.c" /* yacc.c:1648 */ +#line 5321 "util/configparser.c" break; case 447: -#line 2389 "./util/configparser.y" /* yacc.c:1648 */ +#line 2389 "./util/configparser.y" { OUTYY(("P(url:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5326 "util/configparser.c" /* yacc.c:1648 */ +#line 5331 "util/configparser.c" break; case 448: -#line 2396 "./util/configparser.y" /* yacc.c:1648 */ +#line 2396 "./util/configparser.y" { OUTYY(("P(allow-notify:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5337 "util/configparser.c" /* yacc.c:1648 */ +#line 5342 "util/configparser.c" break; case 449: -#line 2404 "./util/configparser.y" /* yacc.c:1648 */ +#line 2404 "./util/configparser.y" { OUTYY(("P(for-downstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5346,11 +5351,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5350 "util/configparser.c" /* yacc.c:1648 */ +#line 5355 "util/configparser.c" break; case 450: -#line 2414 "./util/configparser.y" /* yacc.c:1648 */ +#line 2414 "./util/configparser.y" { OUTYY(("P(for-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5359,11 +5364,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5363 "util/configparser.c" /* yacc.c:1648 */ +#line 5368 "util/configparser.c" break; case 451: -#line 2424 "./util/configparser.y" /* yacc.c:1648 */ +#line 2424 "./util/configparser.y" { OUTYY(("P(fallback-enabled:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5372,11 +5377,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5376 "util/configparser.c" /* yacc.c:1648 */ +#line 5381 "util/configparser.c" break; case 452: -#line 2434 "./util/configparser.y" /* yacc.c:1648 */ +#line 2434 "./util/configparser.y" { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->views->name) @@ -5385,11 +5390,11 @@ yyreduce: free(cfg_parser->cfg->views->name); cfg_parser->cfg->views->name = (yyvsp[0].str); } -#line 5389 "util/configparser.c" /* yacc.c:1648 */ +#line 5394 "util/configparser.c" break; case 453: -#line 2444 "./util/configparser.y" /* yacc.c:1648 */ +#line 2444 "./util/configparser.y" { OUTYY(("P(view_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 && @@ -5427,11 +5432,11 @@ yyreduce: fatal_exit("out of memory adding local-zone"); } } -#line 5431 "util/configparser.c" /* yacc.c:1648 */ +#line 5436 "util/configparser.c" break; case 454: -#line 2483 "./util/configparser.y" /* yacc.c:1648 */ +#line 2483 "./util/configparser.y" { OUTYY(("P(view_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); validate_respip_action((yyvsp[0].str)); @@ -5440,33 +5445,33 @@ yyreduce: fatal_exit("out of memory adding per-view " "response-ip action"); } -#line 5444 "util/configparser.c" /* yacc.c:1648 */ +#line 5449 "util/configparser.c" break; case 455: -#line 2493 "./util/configparser.y" /* yacc.c:1648 */ +#line 2493 "./util/configparser.y" { OUTYY(("P(view_response_ip_data:%s)\n", (yyvsp[-1].str))); if(!cfg_str2list_insert( &cfg_parser->cfg->views->respip_data, (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding response-ip-data"); } -#line 5455 "util/configparser.c" /* yacc.c:1648 */ +#line 5460 "util/configparser.c" break; case 456: -#line 2501 "./util/configparser.y" /* yacc.c:1648 */ +#line 2501 "./util/configparser.y" { OUTYY(("P(view_local_data:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, (yyvsp[0].str))) { fatal_exit("out of memory adding local-data"); } } -#line 5466 "util/configparser.c" /* yacc.c:1648 */ +#line 5471 "util/configparser.c" break; case 457: -#line 2509 "./util/configparser.y" /* yacc.c:1648 */ +#line 2509 "./util/configparser.y" { char* ptr; OUTYY(("P(view_local_data_ptr:%s)\n", (yyvsp[0].str))); @@ -5480,11 +5485,11 @@ yyreduce: yyerror("local-data-ptr could not be reversed"); } } -#line 5484 "util/configparser.c" /* yacc.c:1648 */ +#line 5489 "util/configparser.c" break; case 458: -#line 2524 "./util/configparser.y" /* yacc.c:1648 */ +#line 2524 "./util/configparser.y" { OUTYY(("P(view-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5492,19 +5497,19 @@ yyreduce: else cfg_parser->cfg->views->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5496 "util/configparser.c" /* yacc.c:1648 */ +#line 5501 "util/configparser.c" break; case 459: -#line 2533 "./util/configparser.y" /* yacc.c:1648 */ +#line 2533 "./util/configparser.y" { OUTYY(("\nP(remote-control:)\n")); } -#line 5504 "util/configparser.c" /* yacc.c:1648 */ +#line 5509 "util/configparser.c" break; case 470: -#line 2544 "./util/configparser.y" /* yacc.c:1648 */ +#line 2544 "./util/configparser.y" { OUTYY(("P(control_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5513,11 +5518,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5517 "util/configparser.c" /* yacc.c:1648 */ +#line 5522 "util/configparser.c" break; case 471: -#line 2554 "./util/configparser.y" /* yacc.c:1648 */ +#line 2554 "./util/configparser.y" { OUTYY(("P(control_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -5525,79 +5530,79 @@ yyreduce: else cfg_parser->cfg->control_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5529 "util/configparser.c" /* yacc.c:1648 */ +#line 5534 "util/configparser.c" break; case 472: -#line 2563 "./util/configparser.y" /* yacc.c:1648 */ +#line 2563 "./util/configparser.y" { OUTYY(("P(control_interface:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5539 "util/configparser.c" /* yacc.c:1648 */ +#line 5544 "util/configparser.c" break; case 473: -#line 2570 "./util/configparser.y" /* yacc.c:1648 */ +#line 2570 "./util/configparser.y" { OUTYY(("P(control_use_cert:%s)\n", (yyvsp[0].str))); cfg_parser->cfg->control_use_cert = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5549 "util/configparser.c" /* yacc.c:1648 */ +#line 5554 "util/configparser.c" break; case 474: -#line 2577 "./util/configparser.y" /* yacc.c:1648 */ +#line 2577 "./util/configparser.y" { OUTYY(("P(rc_server_key_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->server_key_file); cfg_parser->cfg->server_key_file = (yyvsp[0].str); } -#line 5559 "util/configparser.c" /* yacc.c:1648 */ +#line 5564 "util/configparser.c" break; case 475: -#line 2584 "./util/configparser.y" /* yacc.c:1648 */ +#line 2584 "./util/configparser.y" { OUTYY(("P(rc_server_cert_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->server_cert_file); cfg_parser->cfg->server_cert_file = (yyvsp[0].str); } -#line 5569 "util/configparser.c" /* yacc.c:1648 */ +#line 5574 "util/configparser.c" break; case 476: -#line 2591 "./util/configparser.y" /* yacc.c:1648 */ +#line 2591 "./util/configparser.y" { OUTYY(("P(rc_control_key_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->control_key_file); cfg_parser->cfg->control_key_file = (yyvsp[0].str); } -#line 5579 "util/configparser.c" /* yacc.c:1648 */ +#line 5584 "util/configparser.c" break; case 477: -#line 2598 "./util/configparser.y" /* yacc.c:1648 */ +#line 2598 "./util/configparser.y" { OUTYY(("P(rc_control_cert_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->control_cert_file); cfg_parser->cfg->control_cert_file = (yyvsp[0].str); } -#line 5589 "util/configparser.c" /* yacc.c:1648 */ +#line 5594 "util/configparser.c" break; case 478: -#line 2605 "./util/configparser.y" /* yacc.c:1648 */ +#line 2605 "./util/configparser.y" { OUTYY(("\nP(dnstap:)\n")); } -#line 5597 "util/configparser.c" /* yacc.c:1648 */ +#line 5602 "util/configparser.c" break; case 493: -#line 2622 "./util/configparser.y" /* yacc.c:1648 */ +#line 2622 "./util/configparser.y" { OUTYY(("P(dt_dnstap_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5605,21 +5610,21 @@ yyreduce: else cfg_parser->cfg->dnstap = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5609 "util/configparser.c" /* yacc.c:1648 */ +#line 5614 "util/configparser.c" break; case 494: -#line 2631 "./util/configparser.y" /* yacc.c:1648 */ +#line 2631 "./util/configparser.y" { OUTYY(("P(dt_dnstap_socket_path:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_socket_path); cfg_parser->cfg->dnstap_socket_path = (yyvsp[0].str); } -#line 5619 "util/configparser.c" /* yacc.c:1648 */ +#line 5624 "util/configparser.c" break; case 495: -#line 2638 "./util/configparser.y" /* yacc.c:1648 */ +#line 2638 "./util/configparser.y" { OUTYY(("P(dt_dnstap_send_identity:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5627,11 +5632,11 @@ yyreduce: else cfg_parser->cfg->dnstap_send_identity = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5631 "util/configparser.c" /* yacc.c:1648 */ +#line 5636 "util/configparser.c" break; case 496: -#line 2647 "./util/configparser.y" /* yacc.c:1648 */ +#line 2647 "./util/configparser.y" { OUTYY(("P(dt_dnstap_send_version:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5639,31 +5644,31 @@ yyreduce: else cfg_parser->cfg->dnstap_send_version = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5643 "util/configparser.c" /* yacc.c:1648 */ +#line 5648 "util/configparser.c" break; case 497: -#line 2656 "./util/configparser.y" /* yacc.c:1648 */ +#line 2656 "./util/configparser.y" { OUTYY(("P(dt_dnstap_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_identity); cfg_parser->cfg->dnstap_identity = (yyvsp[0].str); } -#line 5653 "util/configparser.c" /* yacc.c:1648 */ +#line 5658 "util/configparser.c" break; case 498: -#line 2663 "./util/configparser.y" /* yacc.c:1648 */ +#line 2663 "./util/configparser.y" { OUTYY(("P(dt_dnstap_version:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_version); cfg_parser->cfg->dnstap_version = (yyvsp[0].str); } -#line 5663 "util/configparser.c" /* yacc.c:1648 */ +#line 5668 "util/configparser.c" break; case 499: -#line 2670 "./util/configparser.y" /* yacc.c:1648 */ +#line 2670 "./util/configparser.y" { OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5672,11 +5677,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5676 "util/configparser.c" /* yacc.c:1648 */ +#line 5681 "util/configparser.c" break; case 500: -#line 2680 "./util/configparser.y" /* yacc.c:1648 */ +#line 2680 "./util/configparser.y" { OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5685,11 +5690,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5689 "util/configparser.c" /* yacc.c:1648 */ +#line 5694 "util/configparser.c" break; case 501: -#line 2690 "./util/configparser.y" /* yacc.c:1648 */ +#line 2690 "./util/configparser.y" { OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5698,11 +5703,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5702 "util/configparser.c" /* yacc.c:1648 */ +#line 5707 "util/configparser.c" break; case 502: -#line 2700 "./util/configparser.y" /* yacc.c:1648 */ +#line 2700 "./util/configparser.y" { OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5711,11 +5716,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5715 "util/configparser.c" /* yacc.c:1648 */ +#line 5720 "util/configparser.c" break; case 503: -#line 2710 "./util/configparser.y" /* yacc.c:1648 */ +#line 2710 "./util/configparser.y" { OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5724,11 +5729,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5728 "util/configparser.c" /* yacc.c:1648 */ +#line 5733 "util/configparser.c" break; case 504: -#line 2720 "./util/configparser.y" /* yacc.c:1648 */ +#line 2720 "./util/configparser.y" { OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5737,29 +5742,29 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5741 "util/configparser.c" /* yacc.c:1648 */ +#line 5746 "util/configparser.c" break; case 505: -#line 2730 "./util/configparser.y" /* yacc.c:1648 */ +#line 2730 "./util/configparser.y" { OUTYY(("\nP(python:)\n")); } -#line 5749 "util/configparser.c" /* yacc.c:1648 */ +#line 5754 "util/configparser.c" break; case 509: -#line 2739 "./util/configparser.y" /* yacc.c:1648 */ +#line 2739 "./util/configparser.y" { OUTYY(("P(python-script:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5759 "util/configparser.c" /* yacc.c:1648 */ +#line 5764 "util/configparser.c" break; case 510: -#line 2745 "./util/configparser.y" /* yacc.c:1648 */ +#line 2745 "./util/configparser.y" { OUTYY(("P(disable_dnssec_lame_check:%s)\n", (yyvsp[0].str))); if (strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5768,21 +5773,21 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5772 "util/configparser.c" /* yacc.c:1648 */ +#line 5777 "util/configparser.c" break; case 511: -#line 2755 "./util/configparser.y" /* yacc.c:1648 */ +#line 2755 "./util/configparser.y" { OUTYY(("P(server_log_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->log_identity); cfg_parser->cfg->log_identity = (yyvsp[0].str); } -#line 5782 "util/configparser.c" /* yacc.c:1648 */ +#line 5787 "util/configparser.c" break; case 512: -#line 2762 "./util/configparser.y" /* yacc.c:1648 */ +#line 2762 "./util/configparser.y" { OUTYY(("P(server_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); validate_respip_action((yyvsp[0].str)); @@ -5790,30 +5795,30 @@ yyreduce: (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding response-ip"); } -#line 5794 "util/configparser.c" /* yacc.c:1648 */ +#line 5799 "util/configparser.c" break; case 513: -#line 2771 "./util/configparser.y" /* yacc.c:1648 */ +#line 2771 "./util/configparser.y" { OUTYY(("P(server_response_ip_data:%s)\n", (yyvsp[-1].str))); if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data, (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding response-ip-data"); } -#line 5805 "util/configparser.c" /* yacc.c:1648 */ +#line 5810 "util/configparser.c" break; case 514: -#line 2779 "./util/configparser.y" /* yacc.c:1648 */ +#line 2779 "./util/configparser.y" { OUTYY(("\nP(dnscrypt:)\n")); } -#line 5813 "util/configparser.c" /* yacc.c:1648 */ +#line 5818 "util/configparser.c" break; case 527: -#line 2795 "./util/configparser.y" /* yacc.c:1648 */ +#line 2795 "./util/configparser.y" { OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5821,11 +5826,11 @@ yyreduce: else cfg_parser->cfg->dnscrypt = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5825 "util/configparser.c" /* yacc.c:1648 */ +#line 5830 "util/configparser.c" break; case 528: -#line 2805 "./util/configparser.y" /* yacc.c:1648 */ +#line 2805 "./util/configparser.y" { OUTYY(("P(dnsc_dnscrypt_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -5833,21 +5838,21 @@ yyreduce: else cfg_parser->cfg->dnscrypt_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5837 "util/configparser.c" /* yacc.c:1648 */ +#line 5842 "util/configparser.c" break; case 529: -#line 2814 "./util/configparser.y" /* yacc.c:1648 */ +#line 2814 "./util/configparser.y" { OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnscrypt_provider); cfg_parser->cfg->dnscrypt_provider = (yyvsp[0].str); } -#line 5847 "util/configparser.c" /* yacc.c:1648 */ +#line 5852 "util/configparser.c" break; case 530: -#line 2821 "./util/configparser.y" /* yacc.c:1648 */ +#line 2821 "./util/configparser.y" { OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", (yyvsp[0].str))); if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str))) @@ -5855,21 +5860,21 @@ yyreduce: if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str))) fatal_exit("out of memory adding dnscrypt-provider-cert"); } -#line 5859 "util/configparser.c" /* yacc.c:1648 */ +#line 5864 "util/configparser.c" break; case 531: -#line 2830 "./util/configparser.y" /* yacc.c:1648 */ +#line 2830 "./util/configparser.y" { OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, (yyvsp[0].str))) fatal_exit("out of memory adding dnscrypt-provider-cert-rotated"); } -#line 5869 "util/configparser.c" /* yacc.c:1648 */ +#line 5874 "util/configparser.c" break; case 532: -#line 2837 "./util/configparser.y" /* yacc.c:1648 */ +#line 2837 "./util/configparser.y" { OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", (yyvsp[0].str))); if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str))) @@ -5877,22 +5882,22 @@ yyreduce: if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str))) fatal_exit("out of memory adding dnscrypt-secret-key"); } -#line 5881 "util/configparser.c" /* yacc.c:1648 */ +#line 5886 "util/configparser.c" break; case 533: -#line 2846 "./util/configparser.y" /* yacc.c:1648 */ +#line 2846 "./util/configparser.y" { OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_shared_secret_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 5892 "util/configparser.c" /* yacc.c:1648 */ +#line 5897 "util/configparser.c" break; case 534: -#line 2854 "./util/configparser.y" /* yacc.c:1648 */ +#line 2854 "./util/configparser.y" { OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -5904,22 +5909,22 @@ yyreduce: } free((yyvsp[0].str)); } -#line 5908 "util/configparser.c" /* yacc.c:1648 */ +#line 5913 "util/configparser.c" break; case 535: -#line 2867 "./util/configparser.y" /* yacc.c:1648 */ +#line 2867 "./util/configparser.y" { OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_nonce_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 5919 "util/configparser.c" /* yacc.c:1648 */ +#line 5924 "util/configparser.c" break; case 536: -#line 2875 "./util/configparser.y" /* yacc.c:1648 */ +#line 2875 "./util/configparser.y" { OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -5931,19 +5936,19 @@ yyreduce: } free((yyvsp[0].str)); } -#line 5935 "util/configparser.c" /* yacc.c:1648 */ +#line 5940 "util/configparser.c" break; case 537: -#line 2888 "./util/configparser.y" /* yacc.c:1648 */ +#line 2888 "./util/configparser.y" { OUTYY(("\nP(cachedb:)\n")); } -#line 5943 "util/configparser.c" /* yacc.c:1648 */ +#line 5948 "util/configparser.c" break; case 545: -#line 2898 "./util/configparser.y" /* yacc.c:1648 */ +#line 2898 "./util/configparser.y" { #ifdef USE_CACHEDB OUTYY(("P(backend:%s)\n", (yyvsp[0].str))); @@ -5957,11 +5962,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5961 "util/configparser.c" /* yacc.c:1648 */ +#line 5966 "util/configparser.c" break; case 546: -#line 2913 "./util/configparser.y" /* yacc.c:1648 */ +#line 2913 "./util/configparser.y" { #ifdef USE_CACHEDB OUTYY(("P(secret-seed:%s)\n", (yyvsp[0].str))); @@ -5975,11 +5980,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5979 "util/configparser.c" /* yacc.c:1648 */ +#line 5984 "util/configparser.c" break; case 547: -#line 2928 "./util/configparser.y" /* yacc.c:1648 */ +#line 2928 "./util/configparser.y" { #if defined(USE_CACHEDB) && defined(USE_REDIS) OUTYY(("P(redis_server_host:%s)\n", (yyvsp[0].str))); @@ -5990,11 +5995,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5994 "util/configparser.c" /* yacc.c:1648 */ +#line 5999 "util/configparser.c" break; case 548: -#line 2940 "./util/configparser.y" /* yacc.c:1648 */ +#line 2940 "./util/configparser.y" { #if defined(USE_CACHEDB) && defined(USE_REDIS) int port; @@ -6008,11 +6013,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 6012 "util/configparser.c" /* yacc.c:1648 */ +#line 6017 "util/configparser.c" break; case 549: -#line 2955 "./util/configparser.y" /* yacc.c:1648 */ +#line 2955 "./util/configparser.y" { #if defined(USE_CACHEDB) && defined(USE_REDIS) OUTYY(("P(redis_timeout:%s)\n", (yyvsp[0].str))); @@ -6024,11 +6029,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 6028 "util/configparser.c" /* yacc.c:1648 */ +#line 6033 "util/configparser.c" break; case 550: -#line 2968 "./util/configparser.y" /* yacc.c:1648 */ +#line 2968 "./util/configparser.y" { OUTYY(("P(server_tcp_connection_limit:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if (atoi((yyvsp[0].str)) < 0) @@ -6038,19 +6043,19 @@ yyreduce: fatal_exit("out of memory adding tcp connection limit"); } } -#line 6042 "util/configparser.c" /* yacc.c:1648 */ +#line 6047 "util/configparser.c" break; case 551: -#line 2979 "./util/configparser.y" /* yacc.c:1648 */ +#line 2979 "./util/configparser.y" { OUTYY(("\nP(ipset:)\n")); } -#line 6050 "util/configparser.c" /* yacc.c:1648 */ +#line 6055 "util/configparser.c" break; case 556: -#line 2988 "./util/configparser.y" /* yacc.c:1648 */ +#line 2988 "./util/configparser.y" { #ifdef USE_IPSET OUTYY(("P(name-v4:%s)\n", (yyvsp[0].str))); @@ -6064,11 +6069,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 6068 "util/configparser.c" /* yacc.c:1648 */ +#line 6073 "util/configparser.c" break; case 557: -#line 3003 "./util/configparser.y" /* yacc.c:1648 */ +#line 3003 "./util/configparser.y" { #ifdef USE_IPSET OUTYY(("P(name-v6:%s)\n", (yyvsp[0].str))); @@ -6082,11 +6087,12 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 6086 "util/configparser.c" /* yacc.c:1648 */ +#line 6091 "util/configparser.c" break; -#line 6090 "util/configparser.c" /* yacc.c:1648 */ +#line 6095 "util/configparser.c" + default: break; } /* User semantic actions sometimes alter yychar, and that requires @@ -6111,14 +6117,13 @@ yyreduce: /* Now 'shift' the result of the reduction. Determine what state that goes to, based on the state we popped back to and the rule number reduced by. */ - - yyn = yyr1[yyn]; - - yystate = yypgoto[yyn - YYNTOKENS] + *yyssp; - if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp) - yystate = yytable[yystate]; - else - yystate = yydefgoto[yyn - YYNTOKENS]; + { + const int yylhs = yyr1[yyn] - YYNTOKENS; + const int yyi = yypgoto[yylhs] + *yyssp; + yystate = (0 <= yyi && yyi <= YYLAST && yycheck[yyi] == *yyssp + ? yytable[yyi] + : yydefgoto[yylhs]); + } goto yynewstate; @@ -6201,12 +6206,10 @@ yyerrlab: | yyerrorlab -- error raised explicitly by YYERROR. | `---------------------------------------------------*/ yyerrorlab: - - /* Pacify compilers like GCC when the user code never invokes - YYERROR and the label yyerrorlab therefore never appears in user - code. */ - if (/*CONSTCOND*/ 0) - goto yyerrorlab; + /* Pacify compilers when the user code never invokes YYERROR and the + label yyerrorlab therefore never appears in user code. */ + if (0) + YYERROR; /* Do not reclaim the symbols of the rule whose action triggered this YYERROR. */ @@ -6268,6 +6271,7 @@ yyacceptlab: yyresult = 0; goto yyreturn; + /*-----------------------------------. | yyabortlab -- YYABORT comes here. | `-----------------------------------*/ @@ -6275,6 +6279,7 @@ yyabortlab: yyresult = 1; goto yyreturn; + #if !defined yyoverflow || YYERROR_VERBOSE /*-------------------------------------------------. | yyexhaustedlab -- memory exhaustion comes here. | @@ -6285,6 +6290,10 @@ yyexhaustedlab: /* Fall through. */ #endif + +/*-----------------------------------------------------. +| yyreturn -- parsing is finished, return the result. | +`-----------------------------------------------------*/ yyreturn: if (yychar != YYEMPTY) { @@ -6314,7 +6323,7 @@ yyreturn: #endif return yyresult; } -#line 3017 "./util/configparser.y" /* yacc.c:1907 */ +#line 3017 "./util/configparser.y" /* parse helper routines could be here */ diff --git a/util/configparser.h b/util/configparser.h index 9a82ef13e..86ee8e58a 100644 --- a/util/configparser.h +++ b/util/configparser.h @@ -1,8 +1,9 @@ -/* A Bison parser, made by GNU Bison 3.0.5. */ +/* A Bison parser, made by GNU Bison 3.4.1. */ /* Bison interface for Yacc-like parsers in C - Copyright (C) 1984, 1989-1990, 2000-2015, 2018 Free Software Foundation, Inc. + Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2019 Free Software Foundation, + Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -30,6 +31,9 @@ This special exception was added by the Free Software Foundation in version 2.2 of Bison. */ +/* Undocumented macros, especially those whose name start with YY_, + are private implementation details. Do not rely on them. */ + #ifndef YY_YY_UTIL_CONFIGPARSER_H_INCLUDED # define YY_YY_UTIL_CONFIGPARSER_H_INCLUDED /* Debug traces. */ @@ -585,16 +589,15 @@ extern int yydebug; /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED - union YYSTYPE { -#line 66 "./util/configparser.y" /* yacc.c:1910 */ +#line 66 "./util/configparser.y" char* str; -#line 596 "util/configparser.h" /* yacc.c:1910 */ -}; +#line 599 "util/configparser.h" +}; typedef union YYSTYPE YYSTYPE; # define YYSTYPE_IS_TRIVIAL 1 # define YYSTYPE_IS_DECLARED 1 From af6f5a3f5408e005f80acae9680a01394cdec0bf Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Mon, 18 Nov 2019 13:52:17 +0100 Subject: [PATCH 014/123] - Provide a prototype for compat malloc to remove compile warning. --- compat/malloc.c | 5 +++++ doc/Changelog | 1 + 2 files changed, 6 insertions(+) diff --git a/compat/malloc.c b/compat/malloc.c index 559aa100d..d8097b13e 100644 --- a/compat/malloc.c +++ b/compat/malloc.c @@ -5,7 +5,12 @@ #undef malloc #include +#ifndef USE_WINSOCK void *malloc (); +#else +/* provide a prototype */ +void *malloc (size_t n); +#endif /* Allocate an N-byte block of memory from the heap. If N is zero, allocate a 1-byte block. */ diff --git a/doc/Changelog b/doc/Changelog index cd396f832..baef547ca 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -2,6 +2,7 @@ - In unbound-host use separate variable for get_option to please code checkers. - update to bison output of 3.4.1 in code repository. + - Provide a prototype for compat malloc to remove compile warning. 13 November 2019: Wouter - iana portlist updated. From 442e95620ee7583c84ec935cfb34cf4c5434ec87 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Mon, 18 Nov 2019 15:53:47 +0100 Subject: [PATCH 015/123] - Portable grep usage for reuseport configure test. - Check return type of HMAC_Init_ex for openssl 0.9.8. --- config.h.in | 3 +++ configure | 59 ++++++++++++++++++++++++++++++++++++++++++++++++- configure.ac | 38 ++++++++++++++++++++++++++++++- doc/Changelog | 2 ++ util/net_help.c | 8 +++++++ 5 files changed, 108 insertions(+), 2 deletions(-) diff --git a/config.h.in b/config.h.in index d8ec50a6d..3bec6c4fa 100644 --- a/config.h.in +++ b/config.h.in @@ -620,6 +620,9 @@ /* Define to 1 if you have the `_beginthreadex' function. */ #undef HAVE__BEGINTHREADEX +/* If HMAC_Init_ex() returns void */ +#undef HMAC_INIT_EX_RETURNS_VOID + /* if lex has yylex_destroy */ #undef LEX_HAS_YYLEX_DESTROY diff --git a/configure b/configure index ae025fdb7..60127ca33 100755 --- a/configure +++ b/configure @@ -16116,7 +16116,7 @@ done # check if we can use SO_REUSEPORT -if echo "$host" | grep -i -e linux -e dragonfly >/dev/null; then +if echo "$host" | $GREP -i -e linux -e dragonfly >/dev/null; then $as_echo "#define REUSEPORT_DEFAULT 1" >>confdefs.h @@ -18341,6 +18341,63 @@ cat >>confdefs.h <<_ACEOF #define HAVE_DECL_SSL_CTX_SET_ECDH_AUTO $ac_have_decl _ACEOF + +if test "$ac_cv_func_HMAC_Init_ex" = "yes"; then +# check function return type. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the return type of HMAC_Init_ex" >&5 +$as_echo_n "checking the return type of HMAC_Init_ex... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#ifdef HAVE_OPENSSL_ERR_H +#include +#endif + +#ifdef HAVE_OPENSSL_RAND_H +#include +#endif + +#ifdef HAVE_OPENSSL_CONF_H +#include +#endif + +#ifdef HAVE_OPENSSL_ENGINE_H +#include +#endif +#include +#include + +int +main () +{ + + HMAC_CTX* hmac_ctx = NULL; + void* hmac_key = NULL; + const EVP_MD* digest = NULL; + int x = HMAC_Init_ex(hmac_ctx, hmac_key, 32, digest, NULL); + (void)x; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: int" >&5 +$as_echo "int" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: void" >&5 +$as_echo "void" >&6; } + +$as_echo "#define HMAC_INIT_EX_RETURNS_VOID 1" >>confdefs.h + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + fi diff --git a/configure.ac b/configure.ac index d8a1ac95b..e30b16f9f 100644 --- a/configure.ac +++ b/configure.ac @@ -476,7 +476,7 @@ ACX_MKDIR_ONE_ARG AC_CHECK_FUNCS([strptime],[AC_CHECK_STRPTIME_WORKS],[AC_LIBOBJ([strptime])]) # check if we can use SO_REUSEPORT -if echo "$host" | grep -i -e linux -e dragonfly >/dev/null; then +if echo "$host" | $GREP -i -e linux -e dragonfly >/dev/null; then AC_DEFINE(REUSEPORT_DEFAULT, 1, [if REUSEPORT is enabled by default]) else AC_DEFINE(REUSEPORT_DEFAULT, 0, [if REUSEPORT is enabled by default]) @@ -835,6 +835,42 @@ AC_INCLUDES_DEFAULT #include #include ]) + +if test "$ac_cv_func_HMAC_Init_ex" = "yes"; then +# check function return type. +AC_MSG_CHECKING(the return type of HMAC_Init_ex) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ +#ifdef HAVE_OPENSSL_ERR_H +#include +#endif + +#ifdef HAVE_OPENSSL_RAND_H +#include +#endif + +#ifdef HAVE_OPENSSL_CONF_H +#include +#endif + +#ifdef HAVE_OPENSSL_ENGINE_H +#include +#endif +#include +#include +], [ + HMAC_CTX* hmac_ctx = NULL; + void* hmac_key = NULL; + const EVP_MD* digest = NULL; + int x = HMAC_Init_ex(hmac_ctx, hmac_key, 32, digest, NULL); + (void)x; +])], [ + AC_MSG_RESULT(int) +], [ + AC_MSG_RESULT(void) + AC_DEFINE([HMAC_INIT_EX_RETURNS_VOID], 1, [If HMAC_Init_ex() returns void]) +]) +fi + fi AC_SUBST(SSLLIB) diff --git a/doc/Changelog b/doc/Changelog index baef547ca..0d28dc31e 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -3,6 +3,8 @@ code checkers. - update to bison output of 3.4.1 in code repository. - Provide a prototype for compat malloc to remove compile warning. + - Portable grep usage for reuseport configure test. + - Check return type of HMAC_Init_ex for openssl 0.9.8. 13 November 2019: Wouter - iana portlist updated. diff --git a/util/net_help.c b/util/net_help.c index f2fe6a6dd..9747b5d55 100644 --- a/util/net_help.c +++ b/util/net_help.c @@ -1223,10 +1223,14 @@ int tls_session_ticket_key_cb(void *ATTR_UNUSED(sslctx), unsigned char* key_name verbose(VERB_CLIENT, "EVP_EncryptInit_ex failed"); return -1; } +#ifndef HMAC_INIT_EX_RETURNS_VOID if (HMAC_Init_ex(hmac_ctx, ticket_keys->hmac_key, 32, digest, NULL) != 1) { verbose(VERB_CLIENT, "HMAC_Init_ex failed"); return -1; } +#else + HMAC_Init_ex(hmac_ctx, ticket_keys->hmac_key, 32, digest, NULL); +#endif return 1; } else if (enc == 0) { /* decrypt */ @@ -1243,10 +1247,14 @@ int tls_session_ticket_key_cb(void *ATTR_UNUSED(sslctx), unsigned char* key_name return 0; } +#ifndef HMAC_INIT_EX_RETURNS_VOID if (HMAC_Init_ex(hmac_ctx, key->hmac_key, 32, digest, NULL) != 1) { verbose(VERB_CLIENT, "HMAC_Init_ex failed"); return -1; } +#else + HMAC_Init_ex(hmac_ctx, key->hmac_key, 32, digest, NULL); +#endif if (EVP_DecryptInit_ex(evp_sctx, cipher, NULL, key->aes_key, iv) != 1) { log_err("EVP_DecryptInit_ex failed"); return -1; From cb8374cce5aecf7e5c585e492d2a3b4142a82161 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Mon, 18 Nov 2019 15:58:19 +0100 Subject: [PATCH 016/123] - gitignore .source tempfile used for compatible make. --- .gitignore | 1 + doc/Changelog | 1 + 2 files changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 93de1c215..22fedf0d7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,7 @@ *.lo *.o /.libs/ +/.source /Makefile /autom4te.cache/ /config.h diff --git a/doc/Changelog b/doc/Changelog index 0d28dc31e..20aecf66f 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -5,6 +5,7 @@ - Provide a prototype for compat malloc to remove compile warning. - Portable grep usage for reuseport configure test. - Check return type of HMAC_Init_ex for openssl 0.9.8. + - gitignore .source tempfile used for compatible make. 13 November 2019: Wouter - iana portlist updated. From 09845779d5f2c96e3064ff398cad65c08357cfbf Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 19 Nov 2019 10:05:18 +0100 Subject: [PATCH 017/123] - Fix CVE-2019-18934, shell execution in ipsecmod. --- doc/Changelog | 3 + ipsecmod/ipsecmod.c | 147 ++++++++++++++++++++++++++++++++++++-------- 2 files changed, 123 insertions(+), 27 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index 20aecf66f..1f6592004 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +19 November 2019: Wouter + - Fix CVE-2019-18934, shell execution in ipsecmod. + 18 November 2019: Wouter - In unbound-host use separate variable for get_option to please code checkers. diff --git a/ipsecmod/ipsecmod.c b/ipsecmod/ipsecmod.c index c8400c633..9e916d604 100644 --- a/ipsecmod/ipsecmod.c +++ b/ipsecmod/ipsecmod.c @@ -161,6 +161,71 @@ generate_request(struct module_qstate* qstate, int id, uint8_t* name, return 1; } +/** + * Check if the string passed is a valid domain name with safe characters to + * pass to a shell. + * This will only allow: + * - digits + * - alphas + * - hyphen (not at the start) + * - dot (not at the start, or the only character) + * - underscore + * @param s: pointer to the string. + * @param slen: string's length. + * @return true if s only contains safe characters; false otherwise. + */ +static int +domainname_has_safe_characters(char* s, size_t slen) { + size_t i; + for(i = 0; i < slen; i++) { + if(s[i] == '\0') return 1; + if((s[i] == '-' && i != 0) + || (s[i] == '.' && (i != 0 || s[1] == '\0')) + || (s[i] == '_') || (s[i] >= '0' && s[i] <= '9') + || (s[i] >= 'A' && s[i] <= 'Z') + || (s[i] >= 'a' && s[i] <= 'z')) { + continue; + } + return 0; + } + return 1; +} + +/** + * Check if the stringified IPSECKEY RDATA contains safe characters to pass to + * a shell. + * This is only relevant for checking the gateway when the gateway type is 3 + * (domainname). + * @param s: pointer to the string. + * @param slen: string's length. + * @return true if s contains only safe characters; false otherwise. + */ +static int +ipseckey_has_safe_characters(char* s, size_t slen) { + int precedence, gateway_type, algorithm; + char* gateway; + gateway = (char*)calloc(slen, sizeof(char)); + if(!gateway) { + log_err("ipsecmod: out of memory when calling the hook"); + return 0; + } + if(sscanf(s, "%d %d %d %s ", + &precedence, &gateway_type, &algorithm, gateway) != 4) { + free(gateway); + return 0; + } + if(gateway_type != 3) { + free(gateway); + return 1; + } + if(domainname_has_safe_characters(gateway, slen)) { + free(gateway); + return 1; + } + free(gateway); + return 0; +} + /** * Prepare the data and call the hook. * @@ -175,7 +240,7 @@ call_hook(struct module_qstate* qstate, struct ipsecmod_qstate* iq, { size_t slen, tempdata_len, tempstring_len, i; char str[65535], *s, *tempstring; - int w; + int w = 0, w_temp, qtype; struct ub_packed_rrset_key* rrset_key; struct packed_rrset_data* rrset_data; uint8_t *tempdata; @@ -192,9 +257,9 @@ call_hook(struct module_qstate* qstate, struct ipsecmod_qstate* iq, memset(s, 0, slen); /* Copy the hook into the buffer. */ - sldns_str_print(&s, &slen, "%s", qstate->env->cfg->ipsecmod_hook); + w += sldns_str_print(&s, &slen, "%s", qstate->env->cfg->ipsecmod_hook); /* Put space into the buffer. */ - sldns_str_print(&s, &slen, " "); + w += sldns_str_print(&s, &slen, " "); /* Copy the qname into the buffer. */ tempstring = sldns_wire2str_dname(qstate->qinfo.qname, qstate->qinfo.qname_len); @@ -202,68 +267,96 @@ call_hook(struct module_qstate* qstate, struct ipsecmod_qstate* iq, log_err("ipsecmod: out of memory when calling the hook"); return 0; } - sldns_str_print(&s, &slen, "\"%s\"", tempstring); + if(!domainname_has_safe_characters(tempstring, strlen(tempstring))) { + log_err("ipsecmod: qname has unsafe characters"); + free(tempstring); + return 0; + } + w += sldns_str_print(&s, &slen, "\"%s\"", tempstring); free(tempstring); /* Put space into the buffer. */ - sldns_str_print(&s, &slen, " "); + w += sldns_str_print(&s, &slen, " "); /* Copy the IPSECKEY TTL into the buffer. */ rrset_data = (struct packed_rrset_data*)iq->ipseckey_rrset->entry.data; - sldns_str_print(&s, &slen, "\"%ld\"", (long)rrset_data->ttl); + w += sldns_str_print(&s, &slen, "\"%ld\"", (long)rrset_data->ttl); /* Put space into the buffer. */ - sldns_str_print(&s, &slen, " "); - /* Copy the A/AAAA record(s) into the buffer. Start and end this section - * with a double quote. */ + w += sldns_str_print(&s, &slen, " "); rrset_key = reply_find_answer_rrset(&qstate->return_msg->qinfo, qstate->return_msg->rep); + /* Double check that the records are indeed A/AAAA. + * This should never happen as this function is only executed for A/AAAA + * queries but make sure we don't pass anything other than A/AAAA to the + * shell. */ + qtype = ntohs(rrset_key->rk.type); + if(qtype != LDNS_RR_TYPE_AAAA && qtype != LDNS_RR_TYPE_A) { + log_err("ipsecmod: Answer is not of A or AAAA type"); + return 0; + } rrset_data = (struct packed_rrset_data*)rrset_key->entry.data; - sldns_str_print(&s, &slen, "\""); + /* Copy the A/AAAA record(s) into the buffer. Start and end this section + * with a double quote. */ + w += sldns_str_print(&s, &slen, "\""); for(i=0; icount; i++) { if(i > 0) { /* Put space into the buffer. */ - sldns_str_print(&s, &slen, " "); + w += sldns_str_print(&s, &slen, " "); } /* Ignore the first two bytes, they are the rr_data len. */ - w = sldns_wire2str_rdata_buf(rrset_data->rr_data[i] + 2, + w_temp = sldns_wire2str_rdata_buf(rrset_data->rr_data[i] + 2, rrset_data->rr_len[i] - 2, s, slen, qstate->qinfo.qtype); - if(w < 0) { + if(w_temp < 0) { /* Error in printout. */ - return -1; - } else if((size_t)w >= slen) { + log_err("ipsecmod: Error in printing IP address"); + return 0; + } else if((size_t)w_temp >= slen) { s = NULL; /* We do not want str to point outside of buffer. */ slen = 0; - return -1; + log_err("ipsecmod: shell command too long"); + return 0; } else { - s += w; - slen -= w; + s += w_temp; + slen -= w_temp; + w += w_temp; } } - sldns_str_print(&s, &slen, "\""); + w += sldns_str_print(&s, &slen, "\""); /* Put space into the buffer. */ - sldns_str_print(&s, &slen, " "); + w += sldns_str_print(&s, &slen, " "); /* Copy the IPSECKEY record(s) into the buffer. Start and end this section * with a double quote. */ - sldns_str_print(&s, &slen, "\""); + w += sldns_str_print(&s, &slen, "\""); rrset_data = (struct packed_rrset_data*)iq->ipseckey_rrset->entry.data; for(i=0; icount; i++) { if(i > 0) { /* Put space into the buffer. */ - sldns_str_print(&s, &slen, " "); + w += sldns_str_print(&s, &slen, " "); } /* Ignore the first two bytes, they are the rr_data len. */ tempdata = rrset_data->rr_data[i] + 2; tempdata_len = rrset_data->rr_len[i] - 2; /* Save the buffer pointers. */ tempstring = s; tempstring_len = slen; - w = sldns_wire2str_ipseckey_scan(&tempdata, &tempdata_len, &s, &slen, - NULL, 0); + w_temp = sldns_wire2str_ipseckey_scan(&tempdata, &tempdata_len, &s, + &slen, NULL, 0); /* There was an error when parsing the IPSECKEY; reset the buffer * pointers to their previous values. */ - if(w == -1){ + if(w_temp == -1) { s = tempstring; slen = tempstring_len; + } else if(w_temp > 0) { + if(!ipseckey_has_safe_characters( + tempstring, tempstring_len - slen)) { + log_err("ipsecmod: ipseckey has unsafe characters"); + return 0; + } + w += w_temp; } } - sldns_str_print(&s, &slen, "\""); - verbose(VERB_ALGO, "ipsecmod: hook command: '%s'", str); + w += sldns_str_print(&s, &slen, "\""); + if(w >= (int)sizeof(str)) { + log_err("ipsecmod: shell command too long"); + return 0; + } + verbose(VERB_ALGO, "ipsecmod: shell command: '%s'", str); /* ipsecmod-hook should return 0 on success. */ if(system(str) != 0) return 0; From d8090b8cae5b9959f4eedb5c0a81b74ed33f0199 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 19 Nov 2019 10:06:12 +0100 Subject: [PATCH 018/123] - 1.9.5 is 1.9.4 with bugfix, trunk is 1.9.6 in development. --- configure | 25 +++++++++++++------------ configure.ac | 5 +++-- doc/Changelog | 1 + 3 files changed, 17 insertions(+), 14 deletions(-) diff --git a/configure b/configure index 60127ca33..2b2e97b17 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for unbound 1.9.5. +# Generated by GNU Autoconf 2.69 for unbound 1.9.6. # # Report bugs to . # @@ -591,8 +591,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.9.5' -PACKAGE_STRING='unbound 1.9.5' +PACKAGE_VERSION='1.9.6' +PACKAGE_STRING='unbound 1.9.6' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues' PACKAGE_URL='' @@ -1447,7 +1447,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.9.5 to adapt to many kinds of systems. +\`configure' configures unbound 1.9.6 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1512,7 +1512,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.9.5:";; + short | recursive ) echo "Configuration of unbound 1.9.6:";; esac cat <<\_ACEOF @@ -1734,7 +1734,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.9.5 +unbound configure 1.9.6 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2443,7 +2443,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.9.5, which was +It was created by unbound $as_me 1.9.6, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2795,11 +2795,11 @@ UNBOUND_VERSION_MAJOR=1 UNBOUND_VERSION_MINOR=9 -UNBOUND_VERSION_MICRO=5 +UNBOUND_VERSION_MICRO=6 LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=5 +LIBUNBOUND_REVISION=6 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -2872,6 +2872,7 @@ LIBUNBOUND_AGE=1 # 1.9.3 had 9:3:1 # 1.9.4 had 9:4:1 # 1.9.5 had 9:5:1 +# 1.9.6 had 9:6:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -21385,7 +21386,7 @@ _ACEOF -version=1.9.5 +version=1.9.6 date=`date +'%b %e, %Y'` @@ -21904,7 +21905,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.9.5, which was +This file was extended by unbound $as_me 1.9.6, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -21970,7 +21971,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -unbound config.status 1.9.5 +unbound config.status 1.9.6 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index e30b16f9f..b4e402558 100644 --- a/configure.ac +++ b/configure.ac @@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing m4_define([VERSION_MAJOR],[1]) m4_define([VERSION_MINOR],[9]) -m4_define([VERSION_MICRO],[5]) +m4_define([VERSION_MICRO],[6]) AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues, unbound) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=5 +LIBUNBOUND_REVISION=6 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -91,6 +91,7 @@ LIBUNBOUND_AGE=1 # 1.9.3 had 9:3:1 # 1.9.4 had 9:4:1 # 1.9.5 had 9:5:1 +# 1.9.6 had 9:6:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary diff --git a/doc/Changelog b/doc/Changelog index 1f6592004..bbdb34190 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,5 +1,6 @@ 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. + - 1.9.5 is 1.9.4 with bugfix, trunk is 1.9.6 in development. 18 November 2019: Wouter - In unbound-host use separate variable for get_option to please From 16bbfc34613f31bf5a206eab91ecffc6c3b0f18a Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 19 Nov 2019 10:09:44 +0100 Subject: [PATCH 019/123] - Fix authzone printout buffer length check. --- doc/Changelog | 1 + services/authzone.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/Changelog b/doc/Changelog index bbdb34190..8debaf4a9 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,7 @@ 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. - 1.9.5 is 1.9.4 with bugfix, trunk is 1.9.6 in development. + - Fix authzone printout buffer length check. 18 November 2019: Wouter - In unbound-host use separate variable for get_option to please diff --git a/services/authzone.c b/services/authzone.c index 585f86505..9bfea7c3d 100644 --- a/services/authzone.c +++ b/services/authzone.c @@ -1654,7 +1654,7 @@ auth_rr_to_string(uint8_t* nm, size_t nmlen, uint16_t tp, uint16_t cl, } w += sldns_str_print(&s, &slen, "\n"); - if(w > (int)buflen) { + if(w >= (int)buflen) { log_nametypeclass(0, "RR too long to print", nm, tp, cl); return 0; } From 79a6e9fbe2017848281d39f6b5e93e4ab3b7027e Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 19 Nov 2019 12:10:03 +0100 Subject: [PATCH 020/123] - Fixes to please lint checks. --- daemon/worker.c | 3 ++- dns64/dns64.c | 36 ++++++++++++++++++++++++------------ doc/Changelog | 1 + smallapp/unbound-anchor.c | 6 +++--- testcode/delayer.c | 4 ++-- testcode/mini_tdir.sh | 4 ++++ testcode/streamtcp.c | 2 +- util/shm_side/shm_main.c | 4 ++++ util/ub_event.c | 2 ++ util/ub_event_pluggable.c | 4 +++- 10 files changed, 46 insertions(+), 20 deletions(-) diff --git a/daemon/worker.c b/daemon/worker.c index 263fcddfe..2d592e552 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -1562,7 +1562,8 @@ send_reply_rc: #endif if(worker->env.cfg->log_replies) { - struct timeval tv = {0, 0}; + struct timeval tv; + memset(&tv, 0, sizeof(tv)); if(qinfo.local_alias && qinfo.local_alias->rrset && qinfo.local_alias->rrset->rk.dname) { /* log original qname, before the local alias was diff --git a/dns64/dns64.c b/dns64/dns64.c index f2834da2b..4b3c6cee5 100644 --- a/dns64/dns64.c +++ b/dns64/dns64.c @@ -195,12 +195,14 @@ uitoa(unsigned n, char* s) * address. */ static uint32_t -extract_ipv4(const uint8_t ipv6[16], const int offset) +extract_ipv4(const uint8_t ipv6[], size_t ipv6_len, const int offset) { - uint32_t ipv4 = (uint32_t)ipv6[offset/8+0] << (24 + (offset%8)) - | (uint32_t)ipv6[offset/8+1] << (16 + (offset%8)) - | (uint32_t)ipv6[offset/8+2] << ( 8 + (offset%8)) - | (uint32_t)ipv6[offset/8+3] << ( 0 + (offset%8)); + uint32_t ipv4; + log_assert(ipv6_len == 16); (void)ipv6_len; + ipv4 = (uint32_t)ipv6[offset/8+0] << (24 + (offset%8)) + | (uint32_t)ipv6[offset/8+1] << (16 + (offset%8)) + | (uint32_t)ipv6[offset/8+2] << ( 8 + (offset%8)) + | (uint32_t)ipv6[offset/8+3] << ( 0 + (offset%8)); if (offset/8+4 < 16) ipv4 |= (uint32_t)ipv6[offset/8+4] >> (8 - offset%8); return ipv4; @@ -218,7 +220,7 @@ extract_ipv4(const uint8_t ipv6[16], const int offset) * \return The number of characters written. */ static size_t -ipv4_to_ptr(uint32_t ipv4, char ptr[MAX_PTR_QNAME_IPV4]) +ipv4_to_ptr(uint32_t ipv4, char ptr[], size_t nm_len) { static const char IPV4_PTR_SUFFIX[] = "\07in-addr\04arpa"; int i; @@ -227,9 +229,11 @@ ipv4_to_ptr(uint32_t ipv4, char ptr[MAX_PTR_QNAME_IPV4]) for (i = 0; i < 4; ++i) { *c = uitoa((unsigned int)(ipv4 % 256), c + 1); c += *c + 1; + log_assert(c < ptr+nm_len); ipv4 /= 256; } + log_assert(c + sizeof(IPV4_PTR_SUFFIX) <= ptr+nm_len); memmove(c, IPV4_PTR_SUFFIX, sizeof(IPV4_PTR_SUFFIX)); return c + sizeof(IPV4_PTR_SUFFIX) - ptr; @@ -245,9 +249,10 @@ ipv4_to_ptr(uint32_t ipv4, char ptr[MAX_PTR_QNAME_IPV4]) * \return 1 on success, 0 on failure. */ static int -ptr_to_ipv6(const char* ptr, uint8_t ipv6[16]) +ptr_to_ipv6(const char* ptr, uint8_t ipv6[], size_t ipv6_len) { int i; + log_assert(ipv6_len == 16); (void)ipv6_len; for (i = 0; i < 64; i++) { int x; @@ -280,9 +285,12 @@ ptr_to_ipv6(const char* ptr, uint8_t ipv6[16]) * \param aaaa IPv6 address. The result will be written here. */ static void -synthesize_aaaa(const uint8_t prefix_addr[16], int prefix_net, - const uint8_t a[4], uint8_t aaaa[16]) +synthesize_aaaa(const uint8_t prefix_addr[], size_t prefix_addr_len, + int prefix_net, const uint8_t a[], size_t a_len, uint8_t aaaa[], + size_t aaaa_len) { + log_assert(prefix_addr_len == 16 && a_len == 4 && aaaa_len == 16); + (void)prefix_addr_len; (void)a_len; (void)aaaa_len; memcpy(aaaa, prefix_addr, 16); aaaa[prefix_net/8+0] |= a[0] >> (0+prefix_net%8); aaaa[prefix_net/8+1] |= a[0] << (8-prefix_net%8); @@ -447,7 +455,8 @@ handle_ipv6_ptr(struct module_qstate* qstate, int id) /* Convert the PTR query string to an IPv6 address. */ memset(&sin6, 0, sizeof(sin6)); sin6.sin6_family = AF_INET6; - if (!ptr_to_ipv6((char*)qstate->qinfo.qname, sin6.sin6_addr.s6_addr)) + if (!ptr_to_ipv6((char*)qstate->qinfo.qname, sin6.sin6_addr.s6_addr, + sizeof(sin6.sin6_addr.s6_addr))) return module_wait_module; /* Let other module handle this. */ /* @@ -470,7 +479,8 @@ handle_ipv6_ptr(struct module_qstate* qstate, int id) if (!(qinfo.qname = regional_alloc(qstate->region, MAX_PTR_QNAME_IPV4))) return module_error; qinfo.qname_len = ipv4_to_ptr(extract_ipv4(sin6.sin6_addr.s6_addr, - dns64_env->prefix_net), (char*)qinfo.qname); + sizeof(sin6.sin6_addr.s6_addr), dns64_env->prefix_net), + (char*)qinfo.qname, MAX_PTR_QNAME_IPV4); /* Create the new sub-query. */ fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub)); @@ -740,8 +750,10 @@ dns64_synth_aaaa_data(const struct ub_packed_rrset_key* fk, dd->rr_data[i][1] = 16; synthesize_aaaa( ((struct sockaddr_in6*)&dns64_env->prefix_addr)->sin6_addr.s6_addr, + sizeof(((struct sockaddr_in6*)&dns64_env->prefix_addr)->sin6_addr.s6_addr), dns64_env->prefix_net, &fd->rr_data[i][2], - &dd->rr_data[i][2] ); + fd->rr_len[i]-2, &dd->rr_data[i][2], + dd->rr_len[i]-2); dd->rr_ttl[i] = fd->rr_ttl[i]; } diff --git a/doc/Changelog b/doc/Changelog index 8debaf4a9..7a6900929 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -2,6 +2,7 @@ - Fix CVE-2019-18934, shell execution in ipsecmod. - 1.9.5 is 1.9.4 with bugfix, trunk is 1.9.6 in development. - Fix authzone printout buffer length check. + - Fixes to please lint checks. 18 November 2019: Wouter - In unbound-host use separate variable for get_option to please diff --git a/smallapp/unbound-anchor.c b/smallapp/unbound-anchor.c index 817cf6927..c8258f130 100644 --- a/smallapp/unbound-anchor.c +++ b/smallapp/unbound-anchor.c @@ -355,7 +355,7 @@ read_cert_bio(BIO* bio) exit(0); } while(!BIO_eof(bio)) { - X509* x = PEM_read_bio_X509(bio, NULL, 0, NULL); + X509* x = PEM_read_bio_X509(bio, NULL, NULL, NULL); if(x == NULL) { if(verb) { printf("failed to read X509\n"); @@ -396,7 +396,7 @@ read_cert_file(const char* file) return NULL; } while(!feof(in)) { - X509* x = PEM_read_X509(in, NULL, 0, NULL); + X509* x = PEM_read_X509(in, NULL, NULL, NULL); if(x == NULL) { if(verb) { printf("failed to read X509 file\n"); @@ -943,7 +943,7 @@ read_data_chunk(SSL* ssl, size_t len) size_t got = 0; int r; char* data; - if(len >= 0xfffffff0) + if(len >= (size_t)0xfffffff0) return NULL; /* to protect against integer overflow in malloc*/ data = malloc(len+1); if(!data) { diff --git a/testcode/delayer.c b/testcode/delayer.c index 655e4a1e7..ebf883926 100644 --- a/testcode/delayer.c +++ b/testcode/delayer.c @@ -1042,7 +1042,7 @@ service(const char* bind_str, int bindport, const char* serv_str, } i=0; if(bindport == 0) { - bindport = 1024 + arc4random()%64000; + bindport = 1024 + ((int)arc4random())%64000; i = 100; } while(1) { @@ -1058,7 +1058,7 @@ service(const char* bind_str, int bindport, const char* serv_str, #endif if(i--==0) fatal_exit("cannot bind any port"); - bindport = 1024 + arc4random()%64000; + bindport = 1024 + ((int)arc4random())%64000; } else break; } fd_set_nonblock(s); diff --git a/testcode/mini_tdir.sh b/testcode/mini_tdir.sh index 96745515e..5f02b0862 100755 --- a/testcode/mini_tdir.sh +++ b/testcode/mini_tdir.sh @@ -119,7 +119,11 @@ fi # Copy echo "minitdir copy $1 to $dir" mkdir $dir +if cp --help 2>&1 | grep -- "-a" >/dev/null; then cp -a $name.tdir/* $dir/ +else +cp -R $name.tdir/* $dir/ +fi cd $dir # EXE diff --git a/testcode/streamtcp.c b/testcode/streamtcp.c index 64a169f8b..65ea8d4bc 100644 --- a/testcode/streamtcp.c +++ b/testcode/streamtcp.c @@ -314,7 +314,7 @@ static int get_random(void) if (RAND_bytes((unsigned char*)&r, (int)sizeof(r)) == 1) { return r; } - return arc4random(); + return (int)arc4random(); } /** send the TCP queries and print answers */ diff --git a/util/shm_side/shm_main.c b/util/shm_side/shm_main.c index a783c099b..374dd7fd8 100644 --- a/util/shm_side/shm_main.c +++ b/util/shm_side/shm_main.c @@ -223,8 +223,10 @@ void shm_main_run(struct worker *worker) struct ub_stats_info *stat_info; int offset; +#ifndef S_SPLINT_S verbose(VERB_DETAIL, "SHM run - worker [%d] - daemon [%p] - timenow(%u) - timeboot(%u)", worker->thread_num, worker->daemon, (unsigned)worker->env.now_tv->tv_sec, (unsigned)worker->daemon->time_boot.tv_sec); +#endif offset = worker->thread_num + 1; stat_total = worker->daemon->shm_info->ptr_arr; @@ -240,9 +242,11 @@ void shm_main_run(struct worker *worker) memset(stat_total, 0, sizeof(struct ub_stats_info)); /* Point to data into SHM */ +#ifndef S_SPLINT_S shm_stat = worker->daemon->shm_info->ptr_ctl; shm_stat->time.now_sec = (long long)worker->env.now_tv->tv_sec; shm_stat->time.now_usec = (long long)worker->env.now_tv->tv_usec; +#endif stat_timeval_subtract(&shm_stat->time.up_sec, &shm_stat->time.up_usec, worker->env.now_tv, &worker->daemon->time_boot); stat_timeval_subtract(&shm_stat->time.elapsed_sec, &shm_stat->time.elapsed_usec, worker->env.now_tv, &worker->daemon->time_last_stat); diff --git a/util/ub_event.c b/util/ub_event.c index e097fbc40..9af476ad4 100644 --- a/util/ub_event.c +++ b/util/ub_event.c @@ -458,7 +458,9 @@ void ub_comm_base_now(struct comm_base* cb) if(gettimeofday(tv, NULL) < 0) { log_err("gettimeofday: %s", strerror(errno)); } +#ifndef S_SPLINT_S *tt = tv->tv_sec; +#endif #endif /* USE_MINI_EVENT */ } diff --git a/util/ub_event_pluggable.c b/util/ub_event_pluggable.c index 4a9451263..235bba6ba 100644 --- a/util/ub_event_pluggable.c +++ b/util/ub_event_pluggable.c @@ -453,7 +453,7 @@ ub_get_event_sys(struct ub_event_base* ub_base, const char** n, const char** s, * ub_base is guaranteed to exist and to be the default * event base. */ - assert(b); + assert(b != NULL); *n = "pluggable-event"; *s = event_get_version(); # if defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP) @@ -687,6 +687,8 @@ void ub_comm_base_now(struct comm_base* cb) if(gettimeofday(tv, NULL) < 0) { log_err("gettimeofday: %s", strerror(errno)); } +#ifndef S_SPLINT_S *tt = tv->tv_sec; +#endif } From a839a8ae01585c9fd57a6bc47edddbdc442a9dfc Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 19 Nov 2019 12:11:28 +0100 Subject: [PATCH 021/123] And check the buffer size precisely. --- dns64/dns64.c | 1 + 1 file changed, 1 insertion(+) diff --git a/dns64/dns64.c b/dns64/dns64.c index 4b3c6cee5..1e38b8f0d 100644 --- a/dns64/dns64.c +++ b/dns64/dns64.c @@ -225,6 +225,7 @@ ipv4_to_ptr(uint32_t ipv4, char ptr[], size_t nm_len) static const char IPV4_PTR_SUFFIX[] = "\07in-addr\04arpa"; int i; char* c = ptr; + log_assert(nm_len == MAX_PTR_QNAME_IPV4); for (i = 0; i < 4; ++i) { *c = uitoa((unsigned int)(ipv4 % 256), c + 1); From 5d46bb387947892a05161f61cdd8cfc542213427 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 19 Nov 2019 15:26:57 +0100 Subject: [PATCH 022/123] Cast to unsigned before comparison for assertion. --- smallapp/unbound-anchor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/smallapp/unbound-anchor.c b/smallapp/unbound-anchor.c index c8258f130..b8bd1b850 100644 --- a/smallapp/unbound-anchor.c +++ b/smallapp/unbound-anchor.c @@ -943,7 +943,7 @@ read_data_chunk(SSL* ssl, size_t len) size_t got = 0; int r; char* data; - if(len >= (size_t)0xfffffff0) + if((unsigned)len >= (unsigned)0xfffffff0) return NULL; /* to protect against integer overflow in malloc*/ data = malloc(len+1); if(!data) { From 226298bbd36f1f0fd9608e98c2ae85988b7bbdb8 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 19 Nov 2019 15:38:05 +0100 Subject: [PATCH 023/123] - Fix Integer Overflow in Regional Allocator, reported by X41 D-Sec. --- config.h.in | 3 +++ configure | 33 +++++++++++++++++++++++++++++++++ configure.ac | 1 + doc/Changelog | 2 ++ util/regional.c | 12 +++++++++++- 5 files changed, 50 insertions(+), 1 deletion(-) diff --git a/config.h.in b/config.h.in index 3bec6c4fa..8c2aa3b94 100644 --- a/config.h.in +++ b/config.h.in @@ -715,6 +715,9 @@ /* Shared data */ #undef SHARE_DIR +/* The size of `size_t', as computed by sizeof. */ +#undef SIZEOF_SIZE_T + /* The size of `time_t', as computed by sizeof. */ #undef SIZEOF_TIME_T diff --git a/configure b/configure index 2b2e97b17..17b1c2d48 100755 --- a/configure +++ b/configure @@ -15069,6 +15069,39 @@ cat >>confdefs.h <<_ACEOF _ACEOF +# The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of size_t" >&5 +$as_echo_n "checking size of size_t... " >&6; } +if ${ac_cv_sizeof_size_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (size_t))" "ac_cv_sizeof_size_t" "$ac_includes_default"; then : + +else + if test "$ac_cv_type_size_t" = yes; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (size_t) +See \`config.log' for more details" "$LINENO" 5; } + else + ac_cv_sizeof_size_t=0 + fi +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_size_t" >&5 +$as_echo "$ac_cv_sizeof_size_t" >&6; } + + + +cat >>confdefs.h <<_ACEOF +#define SIZEOF_SIZE_T $ac_cv_sizeof_size_t +_ACEOF + + # add option to disable the evil rpath diff --git a/configure.ac b/configure.ac index b4e402558..3d58e36e5 100644 --- a/configure.ac +++ b/configure.ac @@ -432,6 +432,7 @@ AC_INCLUDES_DEFAULT # endif #endif ]) +AC_CHECK_SIZEOF(size_t) # add option to disable the evil rpath ACX_ARG_RPATH diff --git a/doc/Changelog b/doc/Changelog index 7a6900929..a1f3a4445 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -3,6 +3,8 @@ - 1.9.5 is 1.9.4 with bugfix, trunk is 1.9.6 in development. - Fix authzone printout buffer length check. - Fixes to please lint checks. + - Fix Integer Overflow in Regional Allocator, + reported by X41 D-Sec. 18 November 2019: Wouter - In unbound-host use separate variable for get_option to please diff --git a/util/regional.c b/util/regional.c index 899a54edb..5be09eb46 100644 --- a/util/regional.c +++ b/util/regional.c @@ -120,8 +120,18 @@ regional_destroy(struct regional *r) void * regional_alloc(struct regional *r, size_t size) { - size_t a = ALIGN_UP(size, ALIGNMENT); + size_t a; void *s; + if( +#if SIZEOF_SIZE_T == 8 + (unsigned long long)size >= 0xffffffffffffff00ULL +#else + (unsigned)size >= (unsigned)0xffffff00UL +#endif + ) + return NULL; /* protect against integer overflow in + malloc and ALIGN_UP */ + a = ALIGN_UP(size, ALIGNMENT); /* large objects */ if(a > REGIONAL_LARGE_OBJECT_SIZE) { s = malloc(ALIGNMENT + size); From 2a4e840be42974543e7702eebab35d82c0fe0088 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 19 Nov 2019 15:48:18 +0100 Subject: [PATCH 024/123] - Fix Unchecked NULL Pointer in dns64_inform_super() and ipsecmod_new(), reported by X41 D-Sec. --- dns64/dns64.c | 6 ++++++ doc/Changelog | 2 ++ ipsecmod/ipsecmod.c | 2 +- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/dns64/dns64.c b/dns64/dns64.c index 1e38b8f0d..736c30e40 100644 --- a/dns64/dns64.c +++ b/dns64/dns64.c @@ -941,6 +941,12 @@ dns64_inform_super(struct module_qstate* qstate, int id, if(!super_dq) { super_dq = (struct dns64_qstate*)regional_alloc(super->region, sizeof(*super_dq)); + if(!super_dq) { + log_err("out of memory"); + super->return_rcode = LDNS_RCODE_SERVFAIL; + super->return_msg = NULL; + return; + } super->minfo[id] = super_dq; memset(super_dq, 0, sizeof(*super_dq)); super_dq->started_no_cache_store = super->no_cache_store; diff --git a/doc/Changelog b/doc/Changelog index a1f3a4445..823d837a1 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -5,6 +5,8 @@ - Fixes to please lint checks. - Fix Integer Overflow in Regional Allocator, reported by X41 D-Sec. + - Fix Unchecked NULL Pointer in dns64_inform_super() + and ipsecmod_new(), reported by X41 D-Sec. 18 November 2019: Wouter - In unbound-host use separate variable for get_option to please diff --git a/ipsecmod/ipsecmod.c b/ipsecmod/ipsecmod.c index 9e916d604..2e286e73d 100644 --- a/ipsecmod/ipsecmod.c +++ b/ipsecmod/ipsecmod.c @@ -103,11 +103,11 @@ ipsecmod_new(struct module_qstate* qstate, int id) { struct ipsecmod_qstate* iq = (struct ipsecmod_qstate*)regional_alloc( qstate->region, sizeof(struct ipsecmod_qstate)); - memset(iq, 0, sizeof(*iq)); qstate->minfo[id] = iq; if(!iq) return 0; /* Initialise it. */ + memset(iq, 0, sizeof(*iq)); iq->enabled = qstate->env->cfg->ipsecmod_enabled; iq->is_whitelisted = ipsecmod_domain_is_whitelisted( (struct ipsecmod_env*)qstate->env->modinfo[id], qstate->qinfo.qname, From 07156bd5ea540dc4eb801c43e30be39cc05902f7 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 19 Nov 2019 16:17:06 +0100 Subject: [PATCH 025/123] - Fix Out-of-bounds Read in rr_comment_dnskey(), reported by X41 D-Sec. --- doc/Changelog | 2 ++ sldns/wire2str.c | 1 + 2 files changed, 3 insertions(+) diff --git a/doc/Changelog b/doc/Changelog index 823d837a1..9803ae8cc 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -7,6 +7,8 @@ reported by X41 D-Sec. - Fix Unchecked NULL Pointer in dns64_inform_super() and ipsecmod_new(), reported by X41 D-Sec. + - Fix Out-of-bounds Read in rr_comment_dnskey(), + reported by X41 D-Sec. 18 November 2019: Wouter - In unbound-host use separate variable for get_option to please diff --git a/sldns/wire2str.c b/sldns/wire2str.c index 01ec84b3c..f4f52abeb 100644 --- a/sldns/wire2str.c +++ b/sldns/wire2str.c @@ -585,6 +585,7 @@ static int rr_comment_dnskey(char** s, size_t* slen, uint8_t* rr, if(rrlen < dname_off + 10) return 0; rdlen = sldns_read_uint16(rr+dname_off+8); if(rrlen < dname_off + 10 + rdlen) return 0; + if(rdlen < 2) return 0; rdata = rr + dname_off + 10; flags = (int)sldns_read_uint16(rdata); w += sldns_str_print(s, slen, " ;{"); From 02080f6b180232f43b77f403d0c038e9360a460f Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 19 Nov 2019 16:32:40 +0100 Subject: [PATCH 026/123] - Fix Integer Overflows in Size Calculations, reported by X41 D-Sec. --- dnscrypt/dnscrypt.c | 5 +++++ doc/Changelog | 2 ++ respip/respip.c | 8 +++++++- 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/dnscrypt/dnscrypt.c b/dnscrypt/dnscrypt.c index 2b38a1cdb..72a9527f5 100644 --- a/dnscrypt/dnscrypt.c +++ b/dnscrypt/dnscrypt.c @@ -732,6 +732,11 @@ dnsc_load_local_data(struct dnsc_env* dnscenv, struct config_file *cfg) ); continue; } + if((unsigned)strlen(dnscenv->provider_name) >= (unsigned)0xffff0000) { + /* guard against integer overflow in rrlen calculation */ + verbose(VERB_OPS, "cert #%" PRIu32 " is too long", serial); + continue + } rrlen = strlen(dnscenv->provider_name) + strlen(ttl_class_type) + 4 * sizeof(struct SignedCert) + // worst case scenario diff --git a/doc/Changelog b/doc/Changelog index 9803ae8cc..7398075e1 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -9,6 +9,8 @@ and ipsecmod_new(), reported by X41 D-Sec. - Fix Out-of-bounds Read in rr_comment_dnskey(), reported by X41 D-Sec. + - Fix Integer Overflows in Size Calculations, + reported by X41 D-Sec. 18 November 2019: Wouter - In unbound-host use separate variable for get_option to please diff --git a/respip/respip.c b/respip/respip.c index 36a1c9726..482762b50 100644 --- a/respip/respip.c +++ b/respip/respip.c @@ -479,10 +479,16 @@ copy_rrset(const struct ub_packed_rrset_key* key, struct regional* region) if(!ck->rk.dname) return NULL; + if((unsigned)data->count >= 0xffff00U) + return NULL; /* guard against integer overflow in dsize */ dsize = sizeof(struct packed_rrset_data) + data->count * (sizeof(size_t)+sizeof(uint8_t*)+sizeof(time_t)); - for(i=0; icount; i++) + for(i=0; icount; i++) { + if((unsigned)dsize >= 0x0fffffffU || + (unsigned)data->rr_len[i] >= 0x0fffffffU) + return NULL; /* guard against integer overflow */ dsize += data->rr_len[i]; + } d = regional_alloc(region, dsize); if(!d) return NULL; From a3545867fcdec50307c776ce0af28d07046a52dd Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 19 Nov 2019 16:42:17 +0100 Subject: [PATCH 027/123] - Fix Integer Overflow to Buffer Overflow in sldns_str2wire_dname_buf_origin(), reported by X41 D-Sec. --- doc/Changelog | 2 ++ sldns/str2wire.c | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/doc/Changelog b/doc/Changelog index 7398075e1..509b74b87 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -11,6 +11,8 @@ reported by X41 D-Sec. - Fix Integer Overflows in Size Calculations, reported by X41 D-Sec. + - Fix Integer Overflow to Buffer Overflow in + sldns_str2wire_dname_buf_origin(), reported by X41 D-Sec. 18 November 2019: Wouter - In unbound-host use separate variable for get_option to please diff --git a/sldns/str2wire.c b/sldns/str2wire.c index 097f62101..f08f107c6 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -150,6 +150,10 @@ int sldns_str2wire_dname_buf_origin(const char* str, uint8_t* buf, size_t* len, if(s) return s; if(rel && origin && dlen > 0) { + if((unsigned)dlen >= 0x00ffffffU || + (unsigned)origin_len >= 0x00ffffffU) + /* guard against integer overflow in addition */ + return RET_ERR(LDNS_WIREPARSE_ERR_GENERAL, *len); if(dlen + origin_len - 1 > LDNS_MAX_DOMAINLEN) return RET_ERR(LDNS_WIREPARSE_ERR_DOMAINNAME_OVERFLOW, LDNS_MAX_DOMAINLEN); From 51c23b02099b5c279a8459641727adb198078193 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 19 Nov 2019 16:46:33 +0100 Subject: [PATCH 028/123] - Fix Out of Bounds Read in sldns_str2wire_dname(), reported by X41 D-Sec. --- doc/Changelog | 2 ++ sldns/str2wire.c | 4 +++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/doc/Changelog b/doc/Changelog index 509b74b87..e604158ac 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -13,6 +13,8 @@ reported by X41 D-Sec. - Fix Integer Overflow to Buffer Overflow in sldns_str2wire_dname_buf_origin(), reported by X41 D-Sec. + - Fix Out of Bounds Read in sldns_str2wire_dname(), + reported by X41 D-Sec. 18 November 2019: Wouter - In unbound-host use separate variable for get_option to please diff --git a/sldns/str2wire.c b/sldns/str2wire.c index f08f107c6..7c91bbe3d 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -172,7 +172,9 @@ uint8_t* sldns_str2wire_dname(const char* str, size_t* len) uint8_t dname[LDNS_MAX_DOMAINLEN+1]; *len = sizeof(dname); if(sldns_str2wire_dname_buf(str, dname, len) == 0) { - uint8_t* r = (uint8_t*)malloc(*len); + uint8_t* r; + if(*len > sizeof(dname)) return NULL; + r = (uint8_t*)malloc(*len); if(r) return memcpy(r, dname, *len); } *len = 0; From fa23ee8f31ba9a018c720ea822faaee639dc7a9c Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 19 Nov 2019 16:54:44 +0100 Subject: [PATCH 029/123] - Fix Out of Bounds Write in sldns_bget_token_par(), reported by X41 D-Sec. --- doc/Changelog | 2 ++ sldns/parse.c | 8 +++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/doc/Changelog b/doc/Changelog index e604158ac..54c69a8f7 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -15,6 +15,8 @@ sldns_str2wire_dname_buf_origin(), reported by X41 D-Sec. - Fix Out of Bounds Read in sldns_str2wire_dname(), reported by X41 D-Sec. + - Fix Out of Bounds Write in sldns_bget_token_par(), + reported by X41 D-Sec. 18 November 2019: Wouter - In unbound-host use separate variable for get_option to please diff --git a/sldns/parse.c b/sldns/parse.c index b62c40597..b30264e88 100644 --- a/sldns/parse.c +++ b/sldns/parse.c @@ -325,8 +325,14 @@ sldns_bget_token_par(sldns_buffer *b, char *token, const char *delim, if (c == '\n' && p != 0) { /* in parentheses */ /* do not write ' ' if we want to skip spaces */ - if(!(skipw && (strchr(skipw, c)||strchr(skipw, ' ')))) + if(!(skipw && (strchr(skipw, c)||strchr(skipw, ' ')))) { + /* check for space for the space character */ + if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) { + *t = '\0'; + return -1; + } *t++ = ' '; + } lc = c; continue; } From d79d75538bd3d23f6dbf67c782145e00b255fead Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 20 Nov 2019 08:28:12 +0100 Subject: [PATCH 030/123] - Fix Out of Bounds Read in rrinternal_get_owner(), reported by X41 D-Sec. --- doc/Changelog | 4 ++++ sldns/str2wire.c | 3 +++ 2 files changed, 7 insertions(+) diff --git a/doc/Changelog b/doc/Changelog index 54c69a8f7..d02d74122 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,7 @@ +20 November 2019: Wouter + - Fix Out of Bounds Read in rrinternal_get_owner(), + reported by X41 D-Sec. + 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. - 1.9.5 is 1.9.4 with bugfix, trunk is 1.9.6 in development. diff --git a/sldns/str2wire.c b/sldns/str2wire.c index 7c91bbe3d..705cbc286 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -193,6 +193,9 @@ rrinternal_get_owner(sldns_buffer* strbuf, uint8_t* rr, size_t* len, sldns_buffer_position(strbuf)); } + if(token_len < 2) /* make sure there is space to read "@" or "" */ + return RET_ERR(LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, + sldns_buffer_position(strbuf)); if(token[0]=='@' && token[1]=='\0') { uint8_t* tocopy; if (origin) { From 1fa40654d2ddb4dfa45f58e3c6244348ae654d1e Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 20 Nov 2019 11:01:56 +0100 Subject: [PATCH 031/123] - Fix Race Condition in autr_tp_create(), reported by X41 D-Sec. --- doc/Changelog | 2 ++ validator/autotrust.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/Changelog b/doc/Changelog index d02d74122..fb44011f0 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,8 @@ 20 November 2019: Wouter - Fix Out of Bounds Read in rrinternal_get_owner(), reported by X41 D-Sec. + - Fix Race Condition in autr_tp_create(), + reported by X41 D-Sec. 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. diff --git a/validator/autotrust.c b/validator/autotrust.c index be7830fb8..da7078a19 100644 --- a/validator/autotrust.c +++ b/validator/autotrust.c @@ -370,10 +370,10 @@ autr_tp_create(struct val_anchors* anchors, uint8_t* own, size_t own_len, free(tp); return NULL; } - lock_basic_unlock(&anchors->lock); lock_basic_init(&tp->lock); lock_protect(&tp->lock, tp, sizeof(*tp)); lock_protect(&tp->lock, tp->autr, sizeof(*tp->autr)); + lock_basic_unlock(&anchors->lock); return tp; } From c54fe828860cdd53b89f942d1e9cc9337e12cadd Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 20 Nov 2019 11:13:45 +0100 Subject: [PATCH 032/123] - Fix Shared Memory World Writeable, reported by X41 D-Sec. --- doc/Changelog | 2 ++ util/shm_side/shm_main.c | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index fb44011f0..031e75301 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -3,6 +3,8 @@ reported by X41 D-Sec. - Fix Race Condition in autr_tp_create(), reported by X41 D-Sec. + - Fix Shared Memory World Writeable, + reported by X41 D-Sec. 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. diff --git a/util/shm_side/shm_main.c b/util/shm_side/shm_main.c index 374dd7fd8..46a71510f 100644 --- a/util/shm_side/shm_main.c +++ b/util/shm_side/shm_main.c @@ -121,7 +121,7 @@ int shm_main_init(struct daemon* daemon) shmctl(daemon->shm_info->id_arr, IPC_RMID, NULL); /* SHM: Create the segment */ - daemon->shm_info->id_ctl = shmget(daemon->shm_info->key, sizeof(struct ub_shm_stat_info), IPC_CREAT | 0666); + daemon->shm_info->id_ctl = shmget(daemon->shm_info->key, sizeof(struct ub_shm_stat_info), IPC_CREAT | 0644); if (daemon->shm_info->id_ctl < 0) { @@ -134,7 +134,7 @@ int shm_main_init(struct daemon* daemon) return 0; } - daemon->shm_info->id_arr = shmget(daemon->shm_info->key + 1, shm_size, IPC_CREAT | 0666); + daemon->shm_info->id_arr = shmget(daemon->shm_info->key + 1, shm_size, IPC_CREAT | 0644); if (daemon->shm_info->id_arr < 0) { From 7e3da817c34f07330e9ecb77c6e7d683878eecf3 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 20 Nov 2019 11:18:03 +0100 Subject: [PATCH 033/123] - Adjust unbound-control to make stats_shm a read only operation. --- doc/Changelog | 1 + smallapp/unbound-control.c | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index 031e75301..aa2c5df1c 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -5,6 +5,7 @@ reported by X41 D-Sec. - Fix Shared Memory World Writeable, reported by X41 D-Sec. + - Adjust unbound-control to make stats_shm a read only operation. 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c index 20b4575c0..ed8bad1e9 100644 --- a/smallapp/unbound-control.c +++ b/smallapp/unbound-control.c @@ -423,19 +423,19 @@ static void print_stats_shm(const char* cfgfile) if(!config_read(cfg, cfgfile, NULL)) fatal_exit("could not read config file"); /* get shm segments */ - id_ctl = shmget(cfg->shm_key, sizeof(int), SHM_R|SHM_W); + id_ctl = shmget(cfg->shm_key, sizeof(int), SHM_R); if(id_ctl == -1) { fatal_exit("shmget(%d): %s", cfg->shm_key, strerror(errno)); } - id_arr = shmget(cfg->shm_key+1, sizeof(int), SHM_R|SHM_W); + id_arr = shmget(cfg->shm_key+1, sizeof(int), SHM_R); if(id_arr == -1) { fatal_exit("shmget(%d): %s", cfg->shm_key+1, strerror(errno)); } - shm_stat = (struct ub_shm_stat_info*)shmat(id_ctl, NULL, 0); + shm_stat = (struct ub_shm_stat_info*)shmat(id_ctl, NULL, SHM_RDONLY); if(shm_stat == (void*)-1) { fatal_exit("shmat(%d): %s", id_ctl, strerror(errno)); } - stats = (struct ub_stats_info*)shmat(id_arr, NULL, 0); + stats = (struct ub_stats_info*)shmat(id_arr, NULL, SHM_RDONLY); if(stats == (void*)-1) { fatal_exit("shmat(%d): %s", id_arr, strerror(errno)); } From d8809c672ac24b83f70f35eae60cf498d1eb1332 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 20 Nov 2019 11:28:53 +0100 Subject: [PATCH 034/123] - Fix Weak Entropy Used For Nettle, reported by X41 D-Sec. --- daemon/daemon.c | 4 +--- daemon/worker.c | 6 +----- doc/Changelog | 2 ++ libunbound/libunbound.c | 6 +----- libunbound/libworker.c | 8 +------- testcode/unitmain.c | 4 +--- util/random.c | 22 +++++++--------------- util/random.h | 5 +---- 8 files changed, 15 insertions(+), 42 deletions(-) diff --git a/daemon/daemon.c b/daemon/daemon.c index 65c1900d6..a407800b5 100644 --- a/daemon/daemon.c +++ b/daemon/daemon.c @@ -429,9 +429,7 @@ daemon_create_workers(struct daemon* daemon) int* shufport; log_assert(daemon && daemon->cfg); if(!daemon->rand) { - unsigned int seed = (unsigned int)time(NULL) ^ - (unsigned int)getpid() ^ 0x438; - daemon->rand = ub_initstate(seed, NULL); + daemon->rand = ub_initstate(NULL); if(!daemon->rand) fatal_exit("could not init random generator"); hash_set_raninit((uint32_t)ub_random(daemon->rand)); diff --git a/daemon/worker.c b/daemon/worker.c index 2d592e552..f4cfe0035 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -1681,11 +1681,7 @@ worker_create(struct daemon* daemon, int id, int* ports, int n) return NULL; } /* create random state here to avoid locking trouble in RAND_bytes */ - seed = (unsigned int)time(NULL) ^ (unsigned int)getpid() ^ - (((unsigned int)worker->thread_num)<<17); - /* shift thread_num so it does not match out pid bits */ - if(!(worker->rndstate = ub_initstate(seed, daemon->rand))) { - explicit_bzero(&seed, sizeof(seed)); + if(!(worker->rndstate = ub_initstate(daemon->rand))) { log_err("could not init random numbers."); tube_delete(worker->cmd); free(worker->ports); diff --git a/doc/Changelog b/doc/Changelog index aa2c5df1c..cd1321578 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -6,6 +6,8 @@ - Fix Shared Memory World Writeable, reported by X41 D-Sec. - Adjust unbound-control to make stats_shm a read only operation. + - Fix Weak Entropy Used For Nettle, + reported by X41 D-Sec. 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. diff --git a/libunbound/libunbound.c b/libunbound/libunbound.c index f86f56835..cbeaa05d5 100644 --- a/libunbound/libunbound.c +++ b/libunbound/libunbound.c @@ -86,7 +86,6 @@ int ctx_logfile_overridden = 0; static struct ub_ctx* ub_ctx_create_nopipe(void) { struct ub_ctx* ctx; - unsigned int seed; #ifdef USE_WINSOCK int r; WSADATA wsa_data; @@ -111,15 +110,12 @@ static struct ub_ctx* ub_ctx_create_nopipe(void) return NULL; } alloc_init(&ctx->superalloc, NULL, 0); - seed = (unsigned int)time(NULL) ^ (unsigned int)getpid(); - if(!(ctx->seed_rnd = ub_initstate(seed, NULL))) { - explicit_bzero(&seed, sizeof(seed)); + if(!(ctx->seed_rnd = ub_initstate(NULL))) { ub_randfree(ctx->seed_rnd); free(ctx); errno = ENOMEM; return NULL; } - explicit_bzero(&seed, sizeof(seed)); lock_basic_init(&ctx->qqpipe_lock); lock_basic_init(&ctx->rrpipe_lock); lock_basic_init(&ctx->cfglock); diff --git a/libunbound/libworker.c b/libunbound/libworker.c index 01621927e..6686a164f 100644 --- a/libunbound/libworker.c +++ b/libunbound/libworker.c @@ -122,7 +122,6 @@ libworker_delete_event(struct libworker* w) static struct libworker* libworker_setup(struct ub_ctx* ctx, int is_bg, struct ub_event_base* eb) { - unsigned int seed; struct libworker* w = (struct libworker*)calloc(1, sizeof(*w)); struct config_file* cfg = ctx->env->cfg; int* ports; @@ -177,17 +176,13 @@ libworker_setup(struct ub_ctx* ctx, int is_bg, struct ub_event_base* eb) } w->env->worker = (struct worker*)w; w->env->probe_timer = NULL; - seed = (unsigned int)time(NULL) ^ (unsigned int)getpid() ^ - (((unsigned int)w->thread_num)<<17); - seed ^= (unsigned int)w->env->alloc->next_id; if(!w->is_bg || w->is_bg_thread) { lock_basic_lock(&ctx->cfglock); } - if(!(w->env->rnd = ub_initstate(seed, ctx->seed_rnd))) { + if(!(w->env->rnd = ub_initstate(ctx->seed_rnd))) { if(!w->is_bg || w->is_bg_thread) { lock_basic_unlock(&ctx->cfglock); } - explicit_bzero(&seed, sizeof(seed)); libworker_delete(w); return NULL; } @@ -207,7 +202,6 @@ libworker_setup(struct ub_ctx* ctx, int is_bg, struct ub_event_base* eb) hash_set_raninit((uint32_t)ub_random(w->env->rnd)); } } - explicit_bzero(&seed, sizeof(seed)); if(eb) w->base = comm_base_create_event(eb); diff --git a/testcode/unitmain.c b/testcode/unitmain.c index e28be8c83..4b9a39cf8 100644 --- a/testcode/unitmain.c +++ b/testcode/unitmain.c @@ -538,10 +538,8 @@ rnd_test(void) struct ub_randstate* r; int num = 1000, i; long int a[1000]; - unsigned int seed = (unsigned)time(NULL); unit_show_feature("ub_random"); - printf("ub_random seed is %u\n", seed); - unit_assert( (r = ub_initstate(seed, NULL)) ); + unit_assert( (r = ub_initstate(NULL)) ); for(i=0; i= 0); diff --git a/util/random.c b/util/random.c index 8332960b4..1bdad6894 100644 --- a/util/random.c +++ b/util/random.c @@ -86,8 +86,7 @@ ub_systemseed(unsigned int ATTR_UNUSED(seed)) } struct ub_randstate* -ub_initstate(unsigned int ATTR_UNUSED(seed), - struct ub_randstate* ATTR_UNUSED(from)) +ub_initstate(struct ub_randstate* ATTR_UNUSED(from)) { struct ub_randstate* s = (struct ub_randstate*)malloc(1); if(!s) { @@ -123,8 +122,7 @@ void ub_systemseed(unsigned int ATTR_UNUSED(seed)) { } -struct ub_randstate* ub_initstate(unsigned int ATTR_UNUSED(seed), - struct ub_randstate* ATTR_UNUSED(from)) +struct ub_randstate* ub_initstate(struct ub_randstate* ATTR_UNUSED(from)) { struct ub_randstate* s = (struct ub_randstate*)calloc(1, sizeof(*s)); if(!s) { @@ -166,8 +164,7 @@ void ub_systemseed(unsigned int ATTR_UNUSED(seed)) log_err("Re-seeding not supported, generator untouched"); } -struct ub_randstate* ub_initstate(unsigned int seed, - struct ub_randstate* ATTR_UNUSED(from)) +struct ub_randstate* ub_initstate(struct ub_randstate* ATTR_UNUSED(from)) { struct ub_randstate* s = (struct ub_randstate*)calloc(1, sizeof(*s)); uint8_t buf[YARROW256_SEED_FILE_SIZE]; @@ -183,15 +180,10 @@ struct ub_randstate* ub_initstate(unsigned int seed, yarrow256_seed(&s->ctx, YARROW256_SEED_FILE_SIZE, buf); s->seeded = yarrow256_is_seeded(&s->ctx); } else { - /* Stretch the uint32 input seed and feed it to Yarrow */ - uint32_t v = seed; - size_t i; - for(i=0; i < (YARROW256_SEED_FILE_SIZE/sizeof(seed)); i++) { - memmove(buf+i*sizeof(seed), &v, sizeof(seed)); - v = v*seed + (uint32_t)i; - } - yarrow256_seed(&s->ctx, YARROW256_SEED_FILE_SIZE, buf); - s->seeded = yarrow256_is_seeded(&s->ctx); + log_err("nettle random(yarrow) cannot initialize, " + "getentropy failed: %s", strerror(errno)); + free(s); + return NULL; } return s; diff --git a/util/random.h b/util/random.h index a05a994a3..e75157d38 100644 --- a/util/random.h +++ b/util/random.h @@ -57,15 +57,12 @@ void ub_systemseed(unsigned int seed); /** * Initialize a random generator state for use - * @param seed: seed value to create state contents. - * (ignored for arc4random). * @param from: if not NULL, the seed is taken from this random structure. * can be used to seed random states via a parent-random-state that * is itself seeded with entropy. * @return new state or NULL alloc failure. */ -struct ub_randstate* ub_initstate(unsigned int seed, - struct ub_randstate* from); +struct ub_randstate* ub_initstate(struct ub_randstate* from); /** * Generate next random number from the state passed along. From 7646c9625974ab6b3037baf56c9b6a41efd6356f Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 20 Nov 2019 11:35:07 +0100 Subject: [PATCH 035/123] - Fix Randomness Error not Handled Properly, reported by X41 D-Sec. --- doc/Changelog | 2 ++ util/random.c | 4 +++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/doc/Changelog b/doc/Changelog index cd1321578..004cf014a 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -8,6 +8,8 @@ - Adjust unbound-control to make stats_shm a read only operation. - Fix Weak Entropy Used For Nettle, reported by X41 D-Sec. + - Fix Randomness Error not Handled Properly, + reported by X41 D-Sec. 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. diff --git a/util/random.c b/util/random.c index 1bdad6894..bda6d5a68 100644 --- a/util/random.c +++ b/util/random.c @@ -138,7 +138,9 @@ long int ub_random(struct ub_randstate* ATTR_UNUSED(state)) /* random 31 bit value. */ SECStatus s = PK11_GenerateRandom((unsigned char*)&x, (int)sizeof(x)); if(s != SECSuccess) { - log_err("PK11_GenerateRandom error: %s", + /* unbound needs secure randomness for randomized + * ID bits and port numbers in packets to upstream servers */ + fatal_exit("PK11_GenerateRandom error: %s", PORT_ErrorToString(PORT_GetError())); } return x & MAX_VALUE; From 72d348de6a2d8ee0b4cc4a5ad5bebd731d9b32df Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 20 Nov 2019 11:38:11 +0100 Subject: [PATCH 036/123] - Fix Out-of-Bounds Read in dname_valid(), reported by X41 D-Sec. --- doc/Changelog | 2 ++ util/data/dname.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/doc/Changelog b/doc/Changelog index 004cf014a..e6562e98c 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -10,6 +10,8 @@ reported by X41 D-Sec. - Fix Randomness Error not Handled Properly, reported by X41 D-Sec. + - Fix Out-of-Bounds Read in dname_valid(), + reported by X41 D-Sec. 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. diff --git a/util/data/dname.c b/util/data/dname.c index c7360f75f..71e14180d 100644 --- a/util/data/dname.c +++ b/util/data/dname.c @@ -75,6 +75,8 @@ dname_valid(uint8_t* dname, size_t maxlen) { size_t len = 0; size_t labellen; + if(maxlen == 0) + return 0; /* too short, shortest is '0' root label */ labellen = *dname++; while(labellen) { if(labellen&0xc0) From f887552763477a606a9608b0f6b498685e0f6587 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 20 Nov 2019 12:02:19 +0100 Subject: [PATCH 037/123] - Fix Config Injection in create_unbound_ad_servers.sh, reported by X41 D-Sec. --- contrib/create_unbound_ad_servers.sh | 7 +++++-- doc/Changelog | 2 ++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/contrib/create_unbound_ad_servers.sh b/contrib/create_unbound_ad_servers.sh index d31f078b3..49fdbffed 100644 --- a/contrib/create_unbound_ad_servers.sh +++ b/contrib/create_unbound_ad_servers.sh @@ -9,12 +9,13 @@ # Variables dst_dir="/etc/opt/csw/unbound" work_dir="/tmp" -list_addr="http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=1&startdate%5Bday%5D=&startdate%5Bmonth%5D=&startdate%5Byear%5D=" +list_addr="https://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=1&startdate%5Bday%5D=&startdate%5Bmonth%5D=&startdate%5Byear%5D=" # OS commands CAT=`which cat` ECHO=`which echo` WGET=`which wget` +TR=`which tr` # Check Wget installed if [ ! -f $WGET ]; then @@ -22,8 +23,10 @@ if [ ! -f $WGET ]; then exit 1 fi +# remove special characters with tr to protect unbound.conf $WGET -O $work_dir/yoyo_ad_servers "$list_addr" && \ $CAT $work_dir/yoyo_ad_servers | \ +$TR -d '";$\\' | \ while read line ; \ do \ $ECHO "local-zone: \"$line\" redirect" ;\ @@ -36,4 +39,4 @@ echo "Done." # the unbound_ad_servers file: # # include: $dst_dir/unbound_ad_servers -# \ No newline at end of file +# diff --git a/doc/Changelog b/doc/Changelog index e6562e98c..a4f6d873c 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -12,6 +12,8 @@ reported by X41 D-Sec. - Fix Out-of-Bounds Read in dname_valid(), reported by X41 D-Sec. + - Fix Config Injection in create_unbound_ad_servers.sh, + reported by X41 D-Sec. 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. From 2dcc7016ac6da9e57da91cc764734d11d766d8b0 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 20 Nov 2019 12:56:39 +0100 Subject: [PATCH 038/123] - Fix Local Memory Leak in cachedb_init(), reported by X41 D-Sec. --- cachedb/cachedb.c | 4 ++++ doc/Changelog | 2 ++ 2 files changed, 6 insertions(+) diff --git a/cachedb/cachedb.c b/cachedb/cachedb.c index 92217db3d..d5cd8dc55 100644 --- a/cachedb/cachedb.c +++ b/cachedb/cachedb.c @@ -244,6 +244,8 @@ cachedb_init(struct module_env* env, int id) env->modinfo[id] = (void*)cachedb_env; if(!cachedb_apply_cfg(cachedb_env, env->cfg)) { log_err("cachedb: could not apply configuration settings."); + free(cachedb_env); + env->modinfo[id] = NULL; return 0; } /* see if a backend is selected */ @@ -252,6 +254,8 @@ cachedb_init(struct module_env* env, int id) if(!(*cachedb_env->backend->init)(env, cachedb_env)) { log_err("cachedb: could not init %s backend", cachedb_env->backend->name); + free(cachedb_env); + env->modinfo[id] = NULL; return 0; } cachedb_env->enabled = 1; diff --git a/doc/Changelog b/doc/Changelog index a4f6d873c..cda8f1df6 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -14,6 +14,8 @@ reported by X41 D-Sec. - Fix Config Injection in create_unbound_ad_servers.sh, reported by X41 D-Sec. + - Fix Local Memory Leak in cachedb_init(), + reported by X41 D-Sec. 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. From 09707fc403a7e0d7f5ef0029c597c2645ba49dd5 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 20 Nov 2019 13:00:56 +0100 Subject: [PATCH 039/123] - Fix Integer Underflow in Regional Allocator, reported by X41 D-Sec. --- doc/Changelog | 2 ++ util/regional.c | 1 + 2 files changed, 3 insertions(+) diff --git a/doc/Changelog b/doc/Changelog index cda8f1df6..c72a255bf 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -16,6 +16,8 @@ reported by X41 D-Sec. - Fix Local Memory Leak in cachedb_init(), reported by X41 D-Sec. + - Fix Integer Underflow in Regional Allocator, + reported by X41 D-Sec. 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. diff --git a/util/regional.c b/util/regional.c index 5be09eb46..ff36d0e21 100644 --- a/util/regional.c +++ b/util/regional.c @@ -84,6 +84,7 @@ struct regional* regional_create_custom(size_t size) { struct regional* r = (struct regional*)malloc(size); + size = ALIGN_UP(size, ALIGNMENT); log_assert(sizeof(struct regional) <= size); if(!r) return NULL; r->first_size = size; From 623dba975a50c15aa39c68259669c74c808e6b90 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 20 Nov 2019 13:05:10 +0100 Subject: [PATCH 040/123] - Upgrade compat/getentropy_linux.c to version 1.46 from OpenBSD. --- compat/getentropy_linux.c | 149 +++++++++++++++----------------------- doc/Changelog | 1 + 2 files changed, 58 insertions(+), 92 deletions(-) diff --git a/compat/getentropy_linux.c b/compat/getentropy_linux.c index b86c0fba2..6b220be31 100644 --- a/compat/getentropy_linux.c +++ b/compat/getentropy_linux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_linux.c,v 1.20 2014/07/12 15:43:49 beck Exp $ */ +/* $OpenBSD: getentropy_linux.c,v 1.46 2018/11/20 08:04:28 deraadt Exp $ */ /* * Copyright (c) 2014 Theo de Raadt @@ -15,20 +15,20 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Emulation of getentropy(2) as documented at: + * http://man.openbsd.org/getentropy.2 */ -#include "config.h" -/* -#define _POSIX_C_SOURCE 199309L -#define _GNU_SOURCE 1 -*/ +#define _POSIX_C_SOURCE 199309L +#define _GNU_SOURCE 1 #include #include #include #include #include -#ifdef HAVE_SYS_SYSCTL_H -#include +#ifdef SYS__sysctl +#include #endif #include #include @@ -39,6 +39,7 @@ #include #include #include +#include #include #include #include @@ -46,23 +47,14 @@ #include #include #include - -#if defined(HAVE_SSL) #include -#elif defined(HAVE_NETTLE) -#include -#endif #include #include -#include #ifdef HAVE_GETAUXVAL #include #endif #include -#ifndef MAP_ANON -#define MAP_ANON MAP_ANONYMOUS -#endif #define REPEAT 5 #define min(a, b) (((a) < (b)) ? (a) : (b)) @@ -75,29 +67,13 @@ HD(b); \ } while (0) -#if defined(HAVE_SSL) -#define CRYPTO_SHA512_CTX SHA512_CTX -#define CRYPTO_SHA512_INIT(x) SHA512_Init(x) -#define CRYPTO_SHA512_FINAL(r, c) SHA512_Final(r, c) #define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l))) #define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x))) #define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*))) -#elif defined(HAVE_NETTLE) -#define CRYPTO_SHA512_CTX struct sha512_ctx -#define CRYPTO_SHA512_INIT(x) sha512_init(x) -#define CRYPTO_SHA512_FINAL(r, c) sha512_digest(c, SHA512_DIGEST_SIZE, r) -#define HR(x, l) (sha512_update(&ctx, (l), (uint8_t *)(x))) -#define HD(x) (sha512_update(&ctx, sizeof (x), (uint8_t *)&(x))) -#define HF(x) (sha512_update(&ctx, sizeof (void*), (uint8_t *)&(x))) -#endif int getentropy(void *buf, size_t len); -#ifdef CAN_REFERENCE_MAIN -extern int main(int, char *argv[]); -#endif -static int gotdata(char *buf, size_t len); -#if defined(SYS_getrandom) && defined(__NR_getrandom) +#if defined(SYS_getrandom) && defined(GRND_NONBLOCK) static int getentropy_getrandom(void *buf, size_t len); #endif static int getentropy_urandom(void *buf, size_t len); @@ -105,6 +81,7 @@ static int getentropy_urandom(void *buf, size_t len); static int getentropy_sysctl(void *buf, size_t len); #endif static int getentropy_fallback(void *buf, size_t len); +static int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data); int getentropy(void *buf, size_t len) @@ -113,18 +90,21 @@ getentropy(void *buf, size_t len) if (len > 256) { errno = EIO; - return -1; + return (-1); } -#if defined(SYS_getrandom) && defined(__NR_getrandom) +#if defined(SYS_getrandom) && defined(GRND_NONBLOCK) /* - * Try descriptor-less getrandom() + * Try descriptor-less getrandom(), in non-blocking mode. + * + * The design of Linux getrandom is broken. It has an + * uninitialized phase coupled with blocking behaviour, which + * is unacceptable from within a library at boot time without + * possible recovery. See http://bugs.python.org/issue26839#msg267745 */ ret = getentropy_getrandom(buf, len); if (ret != -1) return (ret); - if (errno != ENOSYS) - return (-1); #endif /* @@ -178,7 +158,7 @@ getentropy(void *buf, size_t len) * - Do the best under the circumstances.... * * This code path exists to bring light to the issue that Linux - * does not provide a failsafe API for entropy collection. + * still does not provide a failsafe API for entropy collection. * * We hope this demonstrates that Linux should either retain their * sysctl ABI, or consider providing a new failsafe API which @@ -196,23 +176,7 @@ getentropy(void *buf, size_t len) return (ret); } -/* - * Basic sanity checking; wish we could do better. - */ -static int -gotdata(char *buf, size_t len) -{ - char any_set = 0; - size_t i; - - for (i = 0; i < len; ++i) - any_set |= buf[i]; - if (any_set == 0) - return -1; - return 0; -} - -#if defined(SYS_getrandom) && defined(__NR_getrandom) +#if defined(SYS_getrandom) && defined(GRND_NONBLOCK) static int getentropy_getrandom(void *buf, size_t len) { @@ -221,10 +185,10 @@ getentropy_getrandom(void *buf, size_t len) if (len > 256) return (-1); do { - ret = syscall(SYS_getrandom, buf, len, 0); + ret = syscall(SYS_getrandom, buf, len, GRND_NONBLOCK); } while (ret == -1 && errno == EINTR); - if (ret != (int)len) + if (ret != len) return (-1); errno = pre_errno; return (0); @@ -269,7 +233,7 @@ start: } for (i = 0; i < len; ) { size_t wanted = len - i; - ssize_t ret = read(fd, (char*)buf + i, wanted); + ssize_t ret = read(fd, (char *)buf + i, wanted); if (ret == -1) { if (errno == EAGAIN || errno == EINTR) @@ -280,13 +244,11 @@ start: i += ret; } close(fd); - if (gotdata(buf, len) == 0) { - errno = save_errno; - return 0; /* satisfied */ - } + errno = save_errno; + return (0); /* satisfied */ nodevrandom: errno = EIO; - return -1; + return (-1); } #ifdef SYS__sysctl @@ -311,17 +273,15 @@ getentropy_sysctl(void *buf, size_t len) goto sysctlfailed; i += chunk; } - if (gotdata(buf, len) == 0) { - errno = save_errno; - return (0); /* satisfied */ - } + errno = save_errno; + return (0); /* satisfied */ sysctlfailed: errno = EIO; - return -1; + return (-1); } #endif /* SYS__sysctl */ -static int cl[] = { +static const int cl[] = { CLOCK_REALTIME, #ifdef CLOCK_MONOTONIC CLOCK_MONOTONIC, @@ -346,6 +306,15 @@ static int cl[] = { #endif }; +static int +getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data) +{ + SHA512_CTX *ctx = data; + + SHA512_Update(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr)); + return (0); +} + static int getentropy_fallback(void *buf, size_t len) { @@ -357,7 +326,7 @@ getentropy_fallback(void *buf, size_t len) struct rusage ru; sigset_t sigset; struct stat st; - CRYPTO_SHA512_CTX ctx; + SHA512_CTX ctx; static pid_t lastpid; pid_t pid; size_t i, ii, m; @@ -374,7 +343,7 @@ getentropy_fallback(void *buf, size_t len) } for (i = 0; i < len; ) { int j; - CRYPTO_SHA512_INIT(&ctx); + SHA512_Init(&ctx); for (j = 0; j < repeat; j++) { HX((e = gettimeofday(&tv, NULL)) == -1, tv); if (e != -1) { @@ -382,6 +351,8 @@ getentropy_fallback(void *buf, size_t len) cnt += (int)tv.tv_usec; } + dl_iterate_phdr(getentropy_phdr, &ctx); + for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++) HX(clock_gettime(cl[ii], &ts) == -1, ts); @@ -401,9 +372,6 @@ getentropy_fallback(void *buf, size_t len) HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1, sigset); -#ifdef CAN_REFERENCE_MAIN - HF(main); /* an addr in program */ -#endif HF(getentropy); /* an addr in this library */ HF(printf); /* an addr in libc */ p = (char *)&p; @@ -528,33 +496,30 @@ getentropy_fallback(void *buf, size_t len) HD(cnt); } #ifdef HAVE_GETAUXVAL -# ifdef AT_RANDOM +#ifdef AT_RANDOM /* Not as random as you think but we take what we are given */ p = (char *) getauxval(AT_RANDOM); if (p) HR(p, 16); -# endif -# ifdef AT_SYSINFO_EHDR +#endif +#ifdef AT_SYSINFO_EHDR p = (char *) getauxval(AT_SYSINFO_EHDR); if (p) HR(p, pgs); -# endif -# ifdef AT_BASE +#endif +#ifdef AT_BASE p = (char *) getauxval(AT_BASE); if (p) HD(p); -# endif -#endif /* HAVE_GETAUXVAL */ +#endif +#endif - CRYPTO_SHA512_FINAL(results, &ctx); - memcpy((char*)buf + i, results, min(sizeof(results), len - i)); + SHA512_Final(results, &ctx); + memcpy((char *)buf + i, results, min(sizeof(results), len - i)); i += min(sizeof(results), len - i); } - memset(results, 0, sizeof results); - if (gotdata(buf, len) == 0) { - errno = save_errno; - return 0; /* satisfied */ - } - errno = EIO; - return -1; + explicit_bzero(&ctx, sizeof ctx); + explicit_bzero(results, sizeof results); + errno = save_errno; + return (0); /* satisfied */ } diff --git a/doc/Changelog b/doc/Changelog index c72a255bf..a74b2bc24 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -18,6 +18,7 @@ reported by X41 D-Sec. - Fix Integer Underflow in Regional Allocator, reported by X41 D-Sec. + - Upgrade compat/getentropy_linux.c to version 1.46 from OpenBSD. 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. From 20dd979d00e2849c78d2cfa7795729076a883cef Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 20 Nov 2019 13:08:43 +0100 Subject: [PATCH 041/123] - Synchronize compat/getentropy_win.c with version 1.5 from OpenBSD, no changes but makes the file, comments, identical. --- compat/getentropy_win.c | 7 +++++-- doc/Changelog | 2 ++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/compat/getentropy_win.c b/compat/getentropy_win.c index 71fb955e7..2abeb27bc 100644 --- a/compat/getentropy_win.c +++ b/compat/getentropy_win.c @@ -1,4 +1,4 @@ -/* $OpenBSD$ */ +/* $OpenBSD: getentropy_win.c,v 1.5 2016/08/07 03:27:21 tb Exp $ */ /* * Copyright (c) 2014, Theo de Raadt @@ -15,6 +15,9 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Emulation of getentropy(2) as documented at: + * http://man.openbsd.org/getentropy.2 */ #include @@ -37,7 +40,7 @@ getentropy(void *buf, size_t len) if (len > 256) { errno = EIO; - return -1; + return (-1); } if (CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL, diff --git a/doc/Changelog b/doc/Changelog index a74b2bc24..29ade4fbe 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -19,6 +19,8 @@ - Fix Integer Underflow in Regional Allocator, reported by X41 D-Sec. - Upgrade compat/getentropy_linux.c to version 1.46 from OpenBSD. + - Synchronize compat/getentropy_win.c with version 1.5 from + OpenBSD, no changes but makes the file, comments, identical. 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. From 3ebc480690c47e03e8e6512f20503a4785038ded Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 20 Nov 2019 13:11:05 +0100 Subject: [PATCH 042/123] - Upgrade compat/getentropy_solaris.c to version 1.13 from OpenBSD. --- compat/getentropy_solaris.c | 75 ++++++++++++++----------------------- doc/Changelog | 1 + 2 files changed, 29 insertions(+), 47 deletions(-) diff --git a/compat/getentropy_solaris.c b/compat/getentropy_solaris.c index 810098a8d..b80c84de9 100644 --- a/compat/getentropy_solaris.c +++ b/compat/getentropy_solaris.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_solaris.c,v 1.3 2014/07/12 14:46:31 deraadt Exp $ */ +/* $OpenBSD: getentropy_solaris.c,v 1.13 2018/11/20 08:04:28 deraadt Exp $ */ /* * Copyright (c) 2014 Theo de Raadt @@ -15,8 +15,10 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Emulation of getentropy(2) as documented at: + * http://man.openbsd.org/getentropy.2 */ -#include "config.h" #include #include @@ -30,10 +32,9 @@ #include #include #include -#ifdef HAVE_STDINT_H #include -#endif #include +#include #include #include #include @@ -41,14 +42,10 @@ #include #include #include -#ifdef HAVE_SYS_SHA2_H #include #define SHA512_Init SHA512Init #define SHA512_Update SHA512Update #define SHA512_Final SHA512Final -#else -#include "openssl/sha.h" -#endif #include #include @@ -67,17 +64,14 @@ #define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l))) #define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x))) -#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*))) +#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*))) int getentropy(void *buf, size_t len); -#ifdef CAN_REFERENCE_MAIN -extern int main(int, char *argv[]); -#endif -static int gotdata(char *buf, size_t len); static int getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck); static int getentropy_fallback(void *buf, size_t len); +static int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data); int getentropy(void *buf, size_t len) @@ -86,7 +80,7 @@ getentropy(void *buf, size_t len) if (len > 256) { errno = EIO; - return -1; + return (-1); } /* @@ -153,22 +147,6 @@ getentropy(void *buf, size_t len) return (ret); } -/* - * Basic sanity checking; wish we could do better. - */ -static int -gotdata(char *buf, size_t len) -{ - char any_set = 0; - size_t i; - - for (i = 0; i < len; ++i) - any_set |= buf[i]; - if (any_set == 0) - return -1; - return 0; -} - static int getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck) { @@ -204,7 +182,7 @@ start: } for (i = 0; i < len; ) { size_t wanted = len - i; - ssize_t ret = read(fd, (char*)buf + i, wanted); + ssize_t ret = read(fd, (char *)buf + i, wanted); if (ret == -1) { if (errno == EAGAIN || errno == EINTR) @@ -215,13 +193,11 @@ start: i += ret; } close(fd); - if (gotdata(buf, len) == 0) { - errno = save_errno; - return 0; /* satisfied */ - } + errno = save_errno; + return (0); /* satisfied */ nodevrandom: errno = EIO; - return -1; + return (-1); } static const int cl[] = { @@ -249,6 +225,15 @@ static const int cl[] = { #endif }; +static int +getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data) +{ + SHA512_CTX *ctx = data; + + SHA512_Update(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr)); + return (0); +} + static int getentropy_fallback(void *buf, size_t len) { @@ -286,6 +271,8 @@ getentropy_fallback(void *buf, size_t len) cnt += (int)tv.tv_usec; } + dl_iterate_phdr(getentropy_phdr, &ctx); + for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++) HX(clock_gettime(cl[ii], &ts) == -1, ts); @@ -306,9 +293,6 @@ getentropy_fallback(void *buf, size_t len) HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1, sigset); -#ifdef CAN_REFERENCE_MAIN - HF(main); /* an addr in program */ -#endif HF(getentropy); /* an addr in this library */ HF(printf); /* an addr in libc */ p = (char *)&p; @@ -428,14 +412,11 @@ getentropy_fallback(void *buf, size_t len) HD(cnt); } SHA512_Final(results, &ctx); - memcpy((char*)buf + i, results, min(sizeof(results), len - i)); + memcpy((char *)buf + i, results, min(sizeof(results), len - i)); i += min(sizeof(results), len - i); } - memset(results, 0, sizeof results); - if (gotdata(buf, len) == 0) { - errno = save_errno; - return 0; /* satisfied */ - } - errno = EIO; - return -1; + explicit_bzero(&ctx, sizeof ctx); + explicit_bzero(results, sizeof results); + errno = save_errno; + return (0); /* satisfied */ } diff --git a/doc/Changelog b/doc/Changelog index 29ade4fbe..80e568d51 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -21,6 +21,7 @@ - Upgrade compat/getentropy_linux.c to version 1.46 from OpenBSD. - Synchronize compat/getentropy_win.c with version 1.5 from OpenBSD, no changes but makes the file, comments, identical. + - Upgrade compat/getentropy_solaris.c to version 1.13 from OpenBSD. 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. From d085a0039b91f9e8d956b9969573eb95f4cc11b9 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 20 Nov 2019 13:12:36 +0100 Subject: [PATCH 043/123] - Upgrade compat/getentropy_osx.c to version 1.12 from OpenBSD. --- compat/getentropy_osx.c | 65 ++++++++++++++++------------------------- doc/Changelog | 1 + 2 files changed, 26 insertions(+), 40 deletions(-) diff --git a/compat/getentropy_osx.c b/compat/getentropy_osx.c index d5a64ab36..26dcc824d 100644 --- a/compat/getentropy_osx.c +++ b/compat/getentropy_osx.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_osx.c,v 1.3 2014/07/12 14:48:00 deraadt Exp $ */ +/* $OpenBSD: getentropy_osx.c,v 1.12 2018/11/20 08:04:28 deraadt Exp $ */ /* * Copyright (c) 2014 Theo de Raadt @@ -15,9 +15,12 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Emulation of getentropy(2) as documented at: + * http://man.openbsd.org/getentropy.2 */ -#include "config.h" +#include #include #include #include @@ -43,14 +46,18 @@ #include #include #include +#if TARGET_OS_OSX #include #include +#endif #include #include +#if TARGET_OS_OSX #include #include #include #include +#endif #include #define SHA512_Update(a, b, c) (CC_SHA512_Update((a), (b), (c))) #define SHA512_Init(xxx) (CC_SHA512_Init((xxx))) @@ -75,10 +82,6 @@ int getentropy(void *buf, size_t len); -#ifdef CAN_REFERENCE_MAIN -extern int main(int, char *argv[]); -#endif -static int gotdata(char *buf, size_t len); static int getentropy_urandom(void *buf, size_t len); static int getentropy_fallback(void *buf, size_t len); @@ -89,7 +92,7 @@ getentropy(void *buf, size_t len) if (len > 256) { errno = EIO; - return -1; + return (-1); } /* @@ -138,22 +141,6 @@ getentropy(void *buf, size_t len) return (ret); } -/* - * Basic sanity checking; wish we could do better. - */ -static int -gotdata(char *buf, size_t len) -{ - char any_set = 0; - size_t i; - - for (i = 0; i < len; ++i) - any_set |= buf[i]; - if (any_set == 0) - return -1; - return 0; -} - static int getentropy_urandom(void *buf, size_t len) { @@ -188,7 +175,7 @@ start: } for (i = 0; i < len; ) { size_t wanted = len - i; - ssize_t ret = read(fd, (char*)buf + i, wanted); + ssize_t ret = read(fd, (char *)buf + i, wanted); if (ret == -1) { if (errno == EAGAIN || errno == EINTR) @@ -199,18 +186,18 @@ start: i += ret; } close(fd); - if (gotdata(buf, len) == 0) { - errno = save_errno; - return 0; /* satisfied */ - } + errno = save_errno; + return (0); /* satisfied */ nodevrandom: errno = EIO; - return -1; + return (-1); } +#if TARGET_OS_OSX static int tcpmib[] = { CTL_NET, AF_INET, IPPROTO_TCP, TCPCTL_STATS }; static int udpmib[] = { CTL_NET, AF_INET, IPPROTO_UDP, UDPCTL_STATS }; static int ipmib[] = { CTL_NET, AF_INET, IPPROTO_IP, IPCTL_STATS }; +#endif static int kmib[] = { CTL_KERN, KERN_USRSTACK }; static int hwmib[] = { CTL_HW, HW_USERMEM }; @@ -230,9 +217,11 @@ getentropy_fallback(void *buf, size_t len) pid_t pid; size_t i, ii, m; char *p; +#if TARGET_OS_OSX struct tcpstat tcpstat; struct udpstat udpstat; struct ipstat ipstat; +#endif u_int64_t mach_time; unsigned int idata; void *addr; @@ -267,6 +256,7 @@ getentropy_fallback(void *buf, size_t len) HX(sysctl(hwmib, sizeof(hwmib) / sizeof(hwmib[0]), &idata, &ii, NULL, 0) == -1, idata); +#if TARGET_OS_OSX ii = sizeof(tcpstat); HX(sysctl(tcpmib, sizeof(tcpmib) / sizeof(tcpmib[0]), &tcpstat, &ii, NULL, 0) == -1, tcpstat); @@ -278,6 +268,7 @@ getentropy_fallback(void *buf, size_t len) ii = sizeof(ipstat); HX(sysctl(ipmib, sizeof(ipmib) / sizeof(ipmib[0]), &ipstat, &ii, NULL, 0) == -1, ipstat); +#endif HX((pid = getpid()) == -1, pid); HX((pid = getsid(pid)) == -1, pid); @@ -295,9 +286,6 @@ getentropy_fallback(void *buf, size_t len) HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1, sigset); -#ifdef CAN_REFERENCE_MAIN - HF(main); /* an addr in program */ -#endif HF(getentropy); /* an addr in this library */ HF(printf); /* an addr in libc */ p = (char *)&p; @@ -419,14 +407,11 @@ getentropy_fallback(void *buf, size_t len) } SHA512_Final(results, &ctx); - memcpy((char*)buf + i, results, min(sizeof(results), len - i)); + memcpy((char *)buf + i, results, min(sizeof(results), len - i)); i += min(sizeof(results), len - i); } - memset(results, 0, sizeof results); - if (gotdata(buf, len) == 0) { - errno = save_errno; - return 0; /* satisfied */ - } - errno = EIO; - return -1; + explicit_bzero(&ctx, sizeof ctx); + explicit_bzero(results, sizeof results); + errno = save_errno; + return (0); /* satisfied */ } diff --git a/doc/Changelog b/doc/Changelog index 80e568d51..0df61acbb 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -22,6 +22,7 @@ - Synchronize compat/getentropy_win.c with version 1.5 from OpenBSD, no changes but makes the file, comments, identical. - Upgrade compat/getentropy_solaris.c to version 1.13 from OpenBSD. + - Upgrade compat/getentropy_osx.c to version 1.12 from OpenBSD. 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. From d63536289c9d022b8f90dad0d1c8ee612c9f53b7 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 20 Nov 2019 13:28:49 +0100 Subject: [PATCH 044/123] - Changes to compat/getentropy files for, no link to openssl if using nettle, and hence config.h for HAVE_NETTLE variable. compat definition of MAP_ANON, for older systems. ifdef stdint.h inclusion for older systems. ifdef sha2.h inclusion for older systems. --- compat/getentropy_linux.c | 14 ++++++++++++++ compat/getentropy_solaris.c | 7 +++++++ doc/Changelog | 6 ++++++ 3 files changed, 27 insertions(+) diff --git a/compat/getentropy_linux.c b/compat/getentropy_linux.c index 6b220be31..d9a5277a6 100644 --- a/compat/getentropy_linux.c +++ b/compat/getentropy_linux.c @@ -20,8 +20,11 @@ * http://man.openbsd.org/getentropy.2 */ +#include "config.h" +/* #define _POSIX_C_SOURCE 199309L #define _GNU_SOURCE 1 +*/ #include #include #include @@ -47,7 +50,15 @@ #include #include #include +#ifndef HAVE_NETTLE #include +#else +#include +#define SHA512_CTX struct sha512_ctx +#define SHA512_Init(x) sha512_init(x) +#define SHA512_Update(x, b, s) sha512_update(x, s, b) +#define SHA512_Final(r, c) sha512_digest(c, SHA512_DIGEST_SIZE, r) +#endif #include #include @@ -55,6 +66,9 @@ #include #endif #include +#ifndef MAP_ANON +#define MAP_ANON MAP_ANONYMOUS +#endif #define REPEAT 5 #define min(a, b) (((a) < (b)) ? (a) : (b)) diff --git a/compat/getentropy_solaris.c b/compat/getentropy_solaris.c index b80c84de9..0a03046d4 100644 --- a/compat/getentropy_solaris.c +++ b/compat/getentropy_solaris.c @@ -20,6 +20,7 @@ * http://man.openbsd.org/getentropy.2 */ +#include "config.h" #include #include #include @@ -32,7 +33,9 @@ #include #include #include +#ifdef HAVE_STDINT_H #include +#endif #include #include #include @@ -42,10 +45,14 @@ #include #include #include +#ifdef HAVE_SYS_SHA2_H #include #define SHA512_Init SHA512Init #define SHA512_Update SHA512Update #define SHA512_Final SHA512Final +#else +#include "openssl/sha.h" +#endif #include #include diff --git a/doc/Changelog b/doc/Changelog index 0df61acbb..02ad18bbe 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -23,6 +23,12 @@ OpenBSD, no changes but makes the file, comments, identical. - Upgrade compat/getentropy_solaris.c to version 1.13 from OpenBSD. - Upgrade compat/getentropy_osx.c to version 1.12 from OpenBSD. + - Changes to compat/getentropy files for, + no link to openssl if using nettle, and hence config.h for + HAVE_NETTLE variable. + compat definition of MAP_ANON, for older systems. + ifdef stdint.h inclusion for older systems. + ifdef sha2.h inclusion for older systems. 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. From a76e43341f172ec3063511e1791ae19180e9e831 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 20 Nov 2019 13:30:27 +0100 Subject: [PATCH 045/123] - Fixed Compat Code Diverging from Upstream, reported by X41 D-Sec. --- doc/Changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/Changelog b/doc/Changelog index 02ad18bbe..72c736a98 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -29,6 +29,7 @@ compat definition of MAP_ANON, for older systems. ifdef stdint.h inclusion for older systems. ifdef sha2.h inclusion for older systems. + - Fixed Compat Code Diverging from Upstream, reported by X41 D-Sec. 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. From 61399434282d26a0d28aa9a34abf05b8b9d41ab9 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 20 Nov 2019 13:51:10 +0100 Subject: [PATCH 046/123] - Fix compile with --enable-alloc-checks, reported by X41 D-Sec. --- Makefile.in | 7 ++++--- configure | 6 ++++++ configure.ac | 4 ++++ doc/Changelog | 1 + 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/Makefile.in b/Makefile.in index 9660c49aa..4c37e5906 100644 --- a/Makefile.in +++ b/Makefile.in @@ -160,6 +160,7 @@ SLDNS_SRC=sldns/keyraw.c sldns/sbuffer.c sldns/wire2str.c sldns/parse.c \ sldns/parseutil.c sldns/rrdef.c sldns/str2wire.c SLDNS_OBJ=keyraw.lo sbuffer.lo wire2str.lo parse.lo parseutil.lo rrdef.lo \ str2wire.lo +SLDNS_ALLOCCHECK_EXTRA_OBJ=@SLDNS_ALLOCCHECK_EXTRA_OBJ@ UNITTEST_SRC=testcode/unitanchor.c testcode/unitdname.c \ testcode/unitlruhash.c testcode/unitmain.c testcode/unitmsgparse.c \ testcode/unitneg.c testcode/unitregional.c testcode/unitslabhash.c \ @@ -187,11 +188,11 @@ CONTROL_OBJ_LINK=$(CONTROL_OBJ) worker_cb.lo $(COMMON_OBJ_ALL_SYMBOLS) \ $(SLDNS_OBJ) $(COMPAT_OBJ) @WIN_CONTROL_OBJ_LINK@ HOST_SRC=smallapp/unbound-host.c HOST_OBJ=unbound-host.lo -HOST_OBJ_LINK=$(HOST_OBJ) $(SLDNS_OBJ) $(COMPAT_OBJ_WITHOUT_CTIMEARC4) @WIN_HOST_OBJ_LINK@ +HOST_OBJ_LINK=$(HOST_OBJ) $(SLDNS_OBJ) $(COMPAT_OBJ_WITHOUT_CTIMEARC4) $(SLDNS_ALLOCCHECK_EXTRA_OBJ) @WIN_HOST_OBJ_LINK@ UBANCHOR_SRC=smallapp/unbound-anchor.c UBANCHOR_OBJ=unbound-anchor.lo UBANCHOR_OBJ_LINK=$(UBANCHOR_OBJ) parseutil.lo \ -$(COMPAT_OBJ_WITHOUT_CTIME) @WIN_UBANCHOR_OBJ_LINK@ +$(COMPAT_OBJ_WITHOUT_CTIME) $(SLDNS_ALLOCCHECK_EXTRA_OBJ) @WIN_UBANCHOR_OBJ_LINK@ TESTBOUND_SRC=testcode/testbound.c testcode/testpkts.c \ daemon/worker.c daemon/acl_list.c \ daemon/daemon.c daemon/stats.c \ @@ -217,7 +218,7 @@ MEMSTATS_OBJ_LINK=$(MEMSTATS_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) \ $(SLDNS_OBJ) ASYNCLOOK_SRC=testcode/asynclook.c ASYNCLOOK_OBJ=asynclook.lo -ASYNCLOOK_OBJ_LINK=$(ASYNCLOOK_OBJ) log.lo locks.lo $(COMPAT_OBJ) +ASYNCLOOK_OBJ_LINK=$(ASYNCLOOK_OBJ) log.lo locks.lo $(COMPAT_OBJ) @ASYNCLOOK_ALLOCCHECK_EXTRA_OBJ@ STREAMTCP_SRC=testcode/streamtcp.c STREAMTCP_OBJ=streamtcp.lo STREAMTCP_OBJ_LINK=$(STREAMTCP_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) \ diff --git a/configure b/configure index 17b1c2d48..446c54888 100755 --- a/configure +++ b/configure @@ -702,6 +702,8 @@ PTHREAD_CFLAGS PTHREAD_LIBS PTHREAD_CC ax_pthread_config +ASYNCLOOK_ALLOCCHECK_EXTRA_OBJ +SLDNS_ALLOCCHECK_EXTRA_OBJ USE_SYSTEMD_FALSE USE_SYSTEMD_TRUE SYSTEMD_DAEMON_LIBS @@ -16376,6 +16378,10 @@ if test x_$enable_alloc_checks = x_yes; then $as_echo "#define UNBOUND_ALLOC_STATS 1" >>confdefs.h + SLDNS_ALLOCCHECK_EXTRA_OBJ="alloc.lo log.lo" + + ASYNCLOOK_ALLOCCHECK_EXTRA_OBJ="alloc.lo" + else if test x_$enable_alloc_lite = x_yes; then diff --git a/configure.ac b/configure.ac index 3d58e36e5..5276d4416 100644 --- a/configure.ac +++ b/configure.ac @@ -503,6 +503,10 @@ if test x_$enable_alloc_nonregional = x_yes; then fi if test x_$enable_alloc_checks = x_yes; then AC_DEFINE(UNBOUND_ALLOC_STATS, 1, [use statistics for allocs and frees, for debug use]) + SLDNS_ALLOCCHECK_EXTRA_OBJ="alloc.lo log.lo" + AC_SUBST(SLDNS_ALLOCCHECK_EXTRA_OBJ) + ASYNCLOOK_ALLOCCHECK_EXTRA_OBJ="alloc.lo" + AC_SUBST(ASYNCLOOK_ALLOCCHECK_EXTRA_OBJ) else if test x_$enable_alloc_lite = x_yes; then AC_DEFINE(UNBOUND_ALLOC_LITE, 1, [use to enable lightweight alloc assertions, for debug use]) diff --git a/doc/Changelog b/doc/Changelog index 72c736a98..9d5db1a54 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -30,6 +30,7 @@ ifdef stdint.h inclusion for older systems. ifdef sha2.h inclusion for older systems. - Fixed Compat Code Diverging from Upstream, reported by X41 D-Sec. + - Fix compile with --enable-alloc-checks, reported by X41 D-Sec. 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. From d63ec2dfcb9f091c85d22fc2b352bc66931e36e1 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 20 Nov 2019 14:01:01 +0100 Subject: [PATCH 047/123] - Fix Terminating Quotes not Written, reported by X41 D-Sec. --- dnscrypt/dnscrypt.c | 6 +++--- doc/Changelog | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/dnscrypt/dnscrypt.c b/dnscrypt/dnscrypt.c index 72a9527f5..4a1bd1a10 100644 --- a/dnscrypt/dnscrypt.c +++ b/dnscrypt/dnscrypt.c @@ -751,9 +751,9 @@ dnsc_load_local_data(struct dnsc_env* dnscenv, struct config_file *cfg) for(j=0; jlocal_data, strdup(rr)); free(rr); } diff --git a/doc/Changelog b/doc/Changelog index 9d5db1a54..5ae98c560 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -31,6 +31,7 @@ ifdef sha2.h inclusion for older systems. - Fixed Compat Code Diverging from Upstream, reported by X41 D-Sec. - Fix compile with --enable-alloc-checks, reported by X41 D-Sec. + - Fix Terminating Quotes not Written, reported by X41 D-Sec. 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. From fcd9b34bb58368bd39fa1af3516221a299816116 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 20 Nov 2019 14:02:58 +0100 Subject: [PATCH 048/123] - Fix Useless memset() in validator, reported by X41 D-Sec. --- doc/Changelog | 1 + validator/autotrust.c | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/Changelog b/doc/Changelog index 5ae98c560..d46bf57e9 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -32,6 +32,7 @@ - Fixed Compat Code Diverging from Upstream, reported by X41 D-Sec. - Fix compile with --enable-alloc-checks, reported by X41 D-Sec. - Fix Terminating Quotes not Written, reported by X41 D-Sec. + - Fix Useless memset() in validator, reported by X41 D-Sec. 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. diff --git a/validator/autotrust.c b/validator/autotrust.c index da7078a19..11b600a51 100644 --- a/validator/autotrust.c +++ b/validator/autotrust.c @@ -86,7 +86,6 @@ void autr_global_delete(struct autr_global_data* global) if(!global) return; /* elements deleted by parent */ - memset(global, 0, sizeof(*global)); free(global); } From 3907876eac7d996256431b397e5138add1ece892 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 20 Nov 2019 14:05:54 +0100 Subject: [PATCH 049/123] - Fix Unrequired Checks, reported by X41 D-Sec. --- doc/Changelog | 1 + util/netevent.c | 2 +- validator/autotrust.c | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index d46bf57e9..ee27e47bd 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -33,6 +33,7 @@ - Fix compile with --enable-alloc-checks, reported by X41 D-Sec. - Fix Terminating Quotes not Written, reported by X41 D-Sec. - Fix Useless memset() in validator, reported by X41 D-Sec. + - Fix Unrequired Checks, reported by X41 D-Sec. 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. diff --git a/util/netevent.c b/util/netevent.c index a2e39dffc..ffb668b04 100644 --- a/util/netevent.c +++ b/util/netevent.c @@ -3191,7 +3191,7 @@ comm_point_drop_reply(struct comm_reply* repinfo) { if(!repinfo) return; - log_assert(repinfo && repinfo->c); + log_assert(repinfo->c); log_assert(repinfo->c->type != comm_tcp_accept); if(repinfo->c->type == comm_udp) return; diff --git a/validator/autotrust.c b/validator/autotrust.c index 11b600a51..4bd4ad045 100644 --- a/validator/autotrust.c +++ b/validator/autotrust.c @@ -2261,7 +2261,7 @@ autr_debug_print_ta(struct autr_ta* ta) log_info("out of memory in debug_print_ta"); return; } - if(str && str[0]) str[strlen(str)-1]=0; /* remove newline */ + if(str[0]) str[strlen(str)-1]=0; /* remove newline */ ctime_r(&ta->last_change, buf); if(buf[0]) buf[strlen(buf)-1]=0; /* remove newline */ log_info("[%s] %s ;;state:%d ;;pending_count:%d%s%s last:%s", From 3a49e683ed5f80039a2367103ad09f0ee85e527d Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 20 Nov 2019 14:22:06 +0100 Subject: [PATCH 050/123] - Fix Enum Name not Used, reported by X41 D-Sec. --- daemon/remote.c | 2 +- daemon/worker.c | 4 +- doc/Changelog | 1 + libunbound/libunbound.c | 2 +- libunbound/libworker.c | 2 +- respip/respip.c | 2 +- services/authzone.c | 2 +- services/localzone.c | 6 +- services/mesh.c | 4 +- sldns/rrdef.c | 382 ++++++++++++++++++++-------------------- util/log.c | 2 +- util/netevent.c | 2 +- validator/autotrust.c | 4 +- validator/val_anchor.c | 4 +- validator/validator.c | 2 +- 15 files changed, 211 insertions(+), 210 deletions(-) diff --git a/daemon/remote.c b/daemon/remote.c index 1b67a3444..f688b1be8 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -3125,7 +3125,7 @@ remote_handshake_later(struct daemon_remote* rc, struct rc_state* s, } else { if(r == 0) log_err("remote control connection closed prematurely"); - log_addr(1, "failed connection from", + log_addr(VERB_OPS, "failed connection from", &s->c->repinfo.addr, s->c->repinfo.addrlen); log_crypto_err("remote control failed ssl"); clean_point(rc, s); diff --git a/daemon/worker.c b/daemon/worker.c index f4cfe0035..e2ce0e870 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -1569,10 +1569,10 @@ send_reply_rc: /* log original qname, before the local alias was * used to resolve that CNAME to something else */ qinfo.qname = qinfo.local_alias->rrset->rk.dname; - log_reply_info(0, &qinfo, &repinfo->addr, repinfo->addrlen, + log_reply_info(NO_VERBOSE, &qinfo, &repinfo->addr, repinfo->addrlen, tv, 1, c->buffer); } else { - log_reply_info(0, &qinfo, &repinfo->addr, repinfo->addrlen, + log_reply_info(NO_VERBOSE, &qinfo, &repinfo->addr, repinfo->addrlen, tv, 1, c->buffer); } } diff --git a/doc/Changelog b/doc/Changelog index ee27e47bd..692adb9fe 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -34,6 +34,7 @@ - Fix Terminating Quotes not Written, reported by X41 D-Sec. - Fix Useless memset() in validator, reported by X41 D-Sec. - Fix Unrequired Checks, reported by X41 D-Sec. + - Fix Enum Name not Used, reported by X41 D-Sec. 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. diff --git a/libunbound/libunbound.c b/libunbound/libunbound.c index cbeaa05d5..3b30419b3 100644 --- a/libunbound/libunbound.c +++ b/libunbound/libunbound.c @@ -102,7 +102,7 @@ static struct ub_ctx* ub_ctx_create_nopipe(void) return NULL; } #endif - verbosity = 0; /* errors only */ + verbosity = NO_VERBOSE; /* errors only */ checklock_start(); ctx = (struct ub_ctx*)calloc(1, sizeof(*ctx)); if(!ctx) { diff --git a/libunbound/libworker.c b/libunbound/libworker.c index 6686a164f..5c62017a0 100644 --- a/libunbound/libworker.c +++ b/libunbound/libworker.c @@ -526,7 +526,7 @@ libworker_fillup_fg(struct ctx_query* q, int rcode, sldns_buffer* buf, } q->res->rcode = LDNS_RCODE_SERVFAIL; - q->msg_security = 0; + q->msg_security = sec_status_unchecked; q->msg = memdup(sldns_buffer_begin(buf), sldns_buffer_limit(buf)); q->msg_len = sldns_buffer_limit(buf); if(!q->msg) { diff --git a/respip/respip.c b/respip/respip.c index 482762b50..632a9df64 100644 --- a/respip/respip.c +++ b/respip/respip.c @@ -1188,5 +1188,5 @@ respip_inform_print(struct respip_addr_info* respip_addr, uint8_t* qname, respip, sizeof(respip)); snprintf(txt, sizeof(txt), "%s/%d inform %s@%u", respip, respip_addr->net, srcip, port); - log_nametypeclass(0, txt, qname, qtype, qclass); + log_nametypeclass(NO_VERBOSE, txt, qname, qtype, qclass); } diff --git a/services/authzone.c b/services/authzone.c index 9bfea7c3d..52a19d32c 100644 --- a/services/authzone.c +++ b/services/authzone.c @@ -1655,7 +1655,7 @@ auth_rr_to_string(uint8_t* nm, size_t nmlen, uint16_t tp, uint16_t cl, w += sldns_str_print(&s, &slen, "\n"); if(w >= (int)buflen) { - log_nametypeclass(0, "RR too long to print", nm, tp, cl); + log_nametypeclass(NO_VERBOSE, "RR too long to print", nm, tp, cl); return 0; } return 1; diff --git a/services/localzone.c b/services/localzone.c index 6295b17e2..9d5c91159 100644 --- a/services/localzone.c +++ b/services/localzone.c @@ -1121,7 +1121,7 @@ local_zone_out(struct local_zone* z) struct local_rrset* p; RBTREE_FOR(d, struct local_data*, &z->data) { for(p = d->rrsets; p; p = p->next) { - log_nametypeclass(0, "rrset", d->name, + log_nametypeclass(NO_VERBOSE, "rrset", d->name, ntohs(p->rrset->rk.type), ntohs(p->rrset->rk.rrset_class)); } @@ -1138,7 +1138,7 @@ void local_zones_print(struct local_zones* zones) lock_rw_rdlock(&z->lock); snprintf(buf, sizeof(buf), "%s zone", local_zone_type2str(z->type)); - log_nametypeclass(0, buf, z->name, 0, z->dclass); + log_nametypeclass(NO_VERBOSE, buf, z->name, 0, z->dclass); local_zone_out(z); lock_rw_unlock(&z->lock); } @@ -1500,7 +1500,7 @@ lz_inform_print(struct local_zone* z, struct query_info* qinfo, addr_to_str(&repinfo->addr, repinfo->addrlen, ip, sizeof(ip)); snprintf(txt, sizeof(txt), "%s %s %s@%u", zname, local_zone_type2str(z->type), ip, (unsigned)port); - log_nametypeclass(0, txt, qinfo->qname, qinfo->qtype, qinfo->qclass); + log_nametypeclass(NO_VERBOSE, txt, qinfo->qname, qinfo->qtype, qinfo->qclass); } static enum localzone_type diff --git a/services/mesh.c b/services/mesh.c index 27f919401..d4f814d5a 100644 --- a/services/mesh.c +++ b/services/mesh.c @@ -1157,7 +1157,7 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, } /* Log reply sent */ if(m->s.env->cfg->log_replies) { - log_reply_info(0, &m->s.qinfo, &r->query_reply.addr, + log_reply_info(NO_VERBOSE, &m->s.qinfo, &r->query_reply.addr, r->query_reply.addrlen, duration, 0, r_buffer); } } @@ -1411,7 +1411,7 @@ mesh_continue(struct mesh_area* mesh, struct mesh_state* mstate, /* module is looping. Stop it. */ log_err("internal error: looping module (%s) stopped", mesh->mods.mod[mstate->s.curmod]->name); - log_query_info(0, "pass error for qstate", + log_query_info(NO_VERBOSE, "pass error for qstate", &mstate->s.qinfo); s = module_error; } diff --git a/sldns/rrdef.c b/sldns/rrdef.c index b365a4a8e..0af015f4b 100644 --- a/sldns/rrdef.c +++ b/sldns/rrdef.c @@ -236,7 +236,7 @@ static const sldns_rdf_type type_caa_wireformat[] = { */ static sldns_rr_descriptor rdata_field_descriptors[] = { /* 0 */ - { 0, NULL, 0, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + {(enum sldns_enum_rr_type)0, NULL, 0, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, /* 1 */ {LDNS_RR_TYPE_A, "A", 1, 1, type_a_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, /* 2 */ @@ -344,7 +344,7 @@ static sldns_rr_descriptor rdata_field_descriptors[] = { /* 53 */ {LDNS_RR_TYPE_SMIMEA, "SMIMEA", 4, 4, type_tlsa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, /* 54 */ -{LDNS_RR_TYPE_NULL, "TYPE54", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE54", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, /* 55 * Hip ends with 0 or more Rendezvous Servers represented as dname's. * Hence the LDNS_RDF_TYPE_DNAME _variable field and the _maximum field @@ -358,8 +358,8 @@ static sldns_rr_descriptor rdata_field_descriptors[] = { /* 57 */ {LDNS_RR_TYPE_RKEY, "RKEY", 4, 4, type_key_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, #else -{LDNS_RR_TYPE_NULL, "TYPE56", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE57", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE56", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE57", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, #endif /* 58 */ {LDNS_RR_TYPE_TALINK, "TALINK", 2, 2, type_talink_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 2 }, @@ -372,54 +372,54 @@ static sldns_rr_descriptor rdata_field_descriptors[] = { {LDNS_RR_TYPE_OPENPGPKEY, "OPENPGPKEY", 1, 1, type_openpgpkey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, /* 62 */ {LDNS_RR_TYPE_CSYNC, "CSYNC", 3, 3, type_csync_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE63", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE64", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE65", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE66", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE67", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE68", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE69", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE70", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE71", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE72", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE73", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE74", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE75", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE76", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE77", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE78", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE79", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE80", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE81", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE82", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE83", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE84", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE85", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE86", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE87", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE88", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE89", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE90", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE91", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE92", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE93", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE94", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE95", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE96", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE97", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE98", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE63", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE64", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE65", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE66", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE67", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE68", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE69", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE70", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE71", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE72", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE73", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE74", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE75", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE76", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE77", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE78", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE79", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE80", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE81", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE82", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE83", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE84", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE85", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE86", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE87", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE88", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE89", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE90", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE91", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE92", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE93", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE94", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE95", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE96", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE97", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE98", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, /* 99 */ {LDNS_RR_TYPE_SPF, "SPF", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 }, /* UINFO [IANA-Reserved] */ -{LDNS_RR_TYPE_NULL, "TYPE100", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE100", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, /* UID [IANA-Reserved] */ -{LDNS_RR_TYPE_NULL, "TYPE101", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE101", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, /* GID [IANA-Reserved] */ -{LDNS_RR_TYPE_NULL, "TYPE102", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE102", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, /* UNSPEC [IANA-Reserved] */ -{LDNS_RR_TYPE_NULL, "TYPE103", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE103", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, /* 104 */ {LDNS_RR_TYPE_NID, "NID", 2, 2, type_nid_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, @@ -435,145 +435,145 @@ static sldns_rr_descriptor rdata_field_descriptors[] = { /* 109 */ {LDNS_RR_TYPE_EUI64, "EUI64", 1, 1, type_eui64_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE110", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE111", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE112", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE113", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE114", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE115", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE116", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE117", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE118", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE119", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE120", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE121", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE122", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE123", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE124", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE125", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE126", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE127", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE128", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE129", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE130", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE131", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE132", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE133", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE134", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE135", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE136", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE137", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE138", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE139", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE140", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE141", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE142", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE143", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE144", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE145", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE146", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE147", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE148", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE149", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE150", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE151", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE152", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE153", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE154", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE155", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE156", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE157", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE158", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE159", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE160", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE161", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE162", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE163", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE164", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE165", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE166", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE167", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE168", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE169", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE170", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE171", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE172", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE173", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE174", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE175", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE176", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE177", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE178", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE179", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE180", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE181", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE182", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE183", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE184", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE185", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE186", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE187", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE188", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE189", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE190", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE191", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE192", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE193", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE194", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE195", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE196", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE197", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE198", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE199", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE200", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE201", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE202", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE203", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE204", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE205", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE206", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE207", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE208", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE209", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE210", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE211", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE212", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE213", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE214", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE215", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE216", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE217", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE218", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE219", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE220", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE221", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE222", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE223", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE224", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE225", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE226", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE227", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE228", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE229", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE230", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE231", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE232", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE233", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE234", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE235", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE236", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE237", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE238", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE239", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE240", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE241", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE242", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE243", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE244", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE245", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE246", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE247", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE248", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE110", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE111", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE112", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE113", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE114", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE115", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE116", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE117", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE118", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE119", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE120", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE121", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE122", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE123", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE124", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE125", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE126", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE127", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE128", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE129", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE130", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE131", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE132", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE133", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE134", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE135", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE136", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE137", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE138", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE139", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE140", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE141", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE142", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE143", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE144", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE145", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE146", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE147", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE148", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE149", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE150", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE151", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE152", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE153", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE154", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE155", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE156", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE157", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE158", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE159", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE160", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE161", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE162", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE163", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE164", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE165", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE166", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE167", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE168", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE169", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE170", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE171", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE172", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE173", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE174", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE175", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE176", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE177", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE178", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE179", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE180", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE181", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE182", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE183", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE184", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE185", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE186", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE187", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE188", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE189", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE190", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE191", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE192", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE193", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE194", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE195", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE196", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE197", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE198", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE199", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE200", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE201", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE202", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE203", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE204", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE205", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE206", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE207", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE208", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE209", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE210", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE211", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE212", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE213", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE214", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE215", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE216", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE217", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE218", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE219", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE220", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE221", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE222", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE223", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE224", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE225", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE226", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE227", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE228", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE229", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE230", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE231", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE232", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE233", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE234", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE235", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE236", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE237", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE238", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE239", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE240", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE241", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE242", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE243", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE244", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE245", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE246", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE247", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE248", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, /* LDNS_RDF_TYPE_INT16_DATA takes two fields (length and data) as one. * So, unlike RFC 2930 spec, we have 7 min/max rdf's i.s.o. 8/9. @@ -605,7 +605,7 @@ static sldns_rr_descriptor rdata_field_descriptors[] = { /* 258 */ {LDNS_RR_TYPE_AVC, "AVC", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 }, #else -{LDNS_RR_TYPE_NULL, "TYPE258", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE258", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, #endif /* split in array, no longer contiguous */ @@ -614,7 +614,7 @@ static sldns_rr_descriptor rdata_field_descriptors[] = { /* 32768 */ {LDNS_RR_TYPE_TA, "TA", 4, 4, type_ds_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, #else -{LDNS_RR_TYPE_NULL, "TYPE32768", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE32768", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, #endif /* 32769 */ {LDNS_RR_TYPE_DLV, "DLV", 4, 4, type_ds_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 } @@ -710,18 +710,18 @@ sldns_get_rr_type_by_name(const char *name) /* special cases for query types */ if (strlen(name) == 4 && strncasecmp(name, "IXFR", 4) == 0) { - return 251; + return LDNS_RR_TYPE_IXFR; } else if (strlen(name) == 4 && strncasecmp(name, "AXFR", 4) == 0) { - return 252; + return LDNS_RR_TYPE_AXFR; } else if (strlen(name) == 5 && strncasecmp(name, "MAILB", 5) == 0) { - return 253; + return LDNS_RR_TYPE_MAILB; } else if (strlen(name) == 5 && strncasecmp(name, "MAILA", 5) == 0) { - return 254; + return LDNS_RR_TYPE_MAILA; } else if (strlen(name) == 3 && strncasecmp(name, "ANY", 3) == 0) { - return 255; + return LDNS_RR_TYPE_ANY; } - return 0; + return (enum sldns_enum_rr_type)0; } sldns_rr_class diff --git a/util/log.c b/util/log.c index 63c42f10b..376a2590b 100644 --- a/util/log.c +++ b/util/log.c @@ -61,7 +61,7 @@ #endif /* default verbosity */ -enum verbosity_value verbosity = 0; +enum verbosity_value verbosity = NO_VERBOSE; /** the file logged to. */ static FILE* logfile = 0; /** if key has been created */ diff --git a/util/netevent.c b/util/netevent.c index ffb668b04..b8ec0ee42 100644 --- a/util/netevent.c +++ b/util/netevent.c @@ -1128,7 +1128,7 @@ ssl_handshake(struct comm_point* c) unsigned long err = ERR_get_error(); if(!squelch_err_ssl_handshake(err)) { log_crypto_err_code("ssl handshake failed", err); - log_addr(1, "ssl handshake failed", &c->repinfo.addr, + log_addr(VERB_OPS, "ssl handshake failed", &c->repinfo.addr, c->repinfo.addrlen); } return 0; diff --git a/validator/autotrust.c b/validator/autotrust.c index 4bd4ad045..fd9fb3cf1 100644 --- a/validator/autotrust.c +++ b/validator/autotrust.c @@ -2283,10 +2283,10 @@ autr_debug_print_tp(struct trust_anchor* tp) log_info("assembled %d DS and %d DNSKEYs", (int)tp->numDS, (int)tp->numDNSKEY); if(tp->ds_rrset) { - log_packed_rrset(0, "DS:", tp->ds_rrset); + log_packed_rrset(NO_VERBOSE, "DS:", tp->ds_rrset); } if(tp->dnskey_rrset) { - log_packed_rrset(0, "DNSKEY:", tp->dnskey_rrset); + log_packed_rrset(NO_VERBOSE, "DNSKEY:", tp->dnskey_rrset); } log_info("file %s", tp->autr->file); ctime_r(&tp->autr->last_queried, buf); diff --git a/validator/val_anchor.c b/validator/val_anchor.c index 8ae9e7f3b..7224f00a2 100644 --- a/validator/val_anchor.c +++ b/validator/val_anchor.c @@ -1007,12 +1007,12 @@ anchors_assemble_rrsets(struct val_anchors* anchors) nods = anchors_ds_unsupported(ta); nokey = anchors_dnskey_unsupported(ta); if(nods) { - log_nametypeclass(0, "warning: unsupported " + log_nametypeclass(NO_VERBOSE, "warning: unsupported " "algorithm for trust anchor", ta->name, LDNS_RR_TYPE_DS, ta->dclass); } if(nokey) { - log_nametypeclass(0, "warning: unsupported " + log_nametypeclass(NO_VERBOSE, "warning: unsupported " "algorithm for trust anchor", ta->name, LDNS_RR_TYPE_DNSKEY, ta->dclass); } diff --git a/validator/validator.c b/validator/validator.c index fa8d5419a..4c560a8e1 100644 --- a/validator/validator.c +++ b/validator/validator.c @@ -2242,7 +2242,7 @@ processFinished(struct module_qstate* qstate, struct val_qstate* vq, !qstate->env->cfg->val_log_squelch) { if(qstate->env->cfg->val_log_level < 2 && !qstate->env->cfg->log_servfail) - log_query_info(0, "validation failure", + log_query_info(NO_VERBOSE, "validation failure", &qstate->qinfo); else { char* err = errinf_to_str_bogus(qstate); From 493921ef1f387b82b05a98a69afbc7920b51779f Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 20 Nov 2019 14:24:31 +0100 Subject: [PATCH 051/123] Review fix of space. --- services/localzone.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/localzone.c b/services/localzone.c index 9d5c91159..492bb8304 100644 --- a/services/localzone.c +++ b/services/localzone.c @@ -1121,7 +1121,7 @@ local_zone_out(struct local_zone* z) struct local_rrset* p; RBTREE_FOR(d, struct local_data*, &z->data) { for(p = d->rrsets; p; p = p->next) { - log_nametypeclass(NO_VERBOSE, "rrset", d->name, + log_nametypeclass(NO_VERBOSE, "rrset", d->name, ntohs(p->rrset->rk.type), ntohs(p->rrset->rk.rrset_class)); } From 981fedea0e10d6263ecd1e5022c86f564ce26d78 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 20 Nov 2019 14:37:13 +0100 Subject: [PATCH 052/123] - Fix NULL Pointer Dereference via Control Port, reported by X41 D-Sec. --- daemon/remote.c | 30 +++++++++++++++--------------- doc/Changelog | 2 ++ 2 files changed, 17 insertions(+), 15 deletions(-) diff --git a/daemon/remote.c b/daemon/remote.c index f688b1be8..25547f570 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -674,19 +674,19 @@ static void send_ok(RES* ssl) /** do the stop command */ static void -do_stop(RES* ssl, struct daemon_remote* rc) +do_stop(RES* ssl, struct worker* worker) { - rc->worker->need_to_exit = 1; - comm_base_exit(rc->worker->base); + worker->need_to_exit = 1; + comm_base_exit(worker->base); send_ok(ssl); } /** do the reload command */ static void -do_reload(RES* ssl, struct daemon_remote* rc) +do_reload(RES* ssl, struct worker* worker) { - rc->worker->need_to_exit = 0; - comm_base_exit(rc->worker->base); + worker->need_to_exit = 0; + comm_base_exit(worker->base); send_ok(ssl); } @@ -1070,9 +1070,9 @@ print_ext(RES* ssl, struct ub_stats_info* s) /** do the stats command */ static void -do_stats(RES* ssl, struct daemon_remote* rc, int reset) +do_stats(RES* ssl, struct worker* worker, int reset) { - struct daemon* daemon = rc->worker->daemon; + struct daemon* daemon = worker->daemon; struct ub_stats_info total; struct ub_stats_info s; int i; @@ -1080,7 +1080,7 @@ do_stats(RES* ssl, struct daemon_remote* rc, int reset) log_assert(daemon->num > 0); /* gather all thread statistics in one place */ for(i=0; inum; i++) { - server_stats_obtain(rc->worker, daemon->workers[i], &s, reset); + server_stats_obtain(worker, daemon->workers[i], &s, reset); if(!print_thread_stats(ssl, i, &s)) return; if(i == 0) @@ -1091,10 +1091,10 @@ do_stats(RES* ssl, struct daemon_remote* rc, int reset) total.mesh_time_median /= (double)daemon->num; if(!print_stats(ssl, "total", &total)) return; - if(!print_uptime(ssl, rc->worker, reset)) + if(!print_uptime(ssl, worker, reset)) return; if(daemon->cfg->stat_extended) { - if(!print_mem(ssl, rc->worker, daemon, &total)) + if(!print_mem(ssl, worker, daemon, &total)) return; if(!print_hist(ssl, &total)) return; @@ -2851,16 +2851,16 @@ execute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd, char* p = skipwhite(cmd); /* compare command */ if(cmdcmp(p, "stop", 4)) { - do_stop(ssl, rc); + do_stop(ssl, worker); return; } else if(cmdcmp(p, "reload", 6)) { - do_reload(ssl, rc); + do_reload(ssl, worker); return; } else if(cmdcmp(p, "stats_noreset", 13)) { - do_stats(ssl, rc, 0); + do_stats(ssl, worker, 0); return; } else if(cmdcmp(p, "stats", 5)) { - do_stats(ssl, rc, 1); + do_stats(ssl, worker, 1); return; } else if(cmdcmp(p, "status", 6)) { do_status(ssl, worker); diff --git a/doc/Changelog b/doc/Changelog index 692adb9fe..75fb6a4ca 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -35,6 +35,8 @@ - Fix Useless memset() in validator, reported by X41 D-Sec. - Fix Unrequired Checks, reported by X41 D-Sec. - Fix Enum Name not Used, reported by X41 D-Sec. + - Fix NULL Pointer Dereference via Control Port, + reported by X41 D-Sec. 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. From da4d6ffee31a3ad44bff214da962f7a7e4fbf7df Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 20 Nov 2019 14:40:50 +0100 Subject: [PATCH 053/123] - Fix Bad Randomness in Seed, reported by X41 D-Sec. --- daemon/daemon.c | 2 -- doc/Changelog | 1 + util/random.c | 19 ------------------- util/random.h | 8 -------- 4 files changed, 1 insertion(+), 29 deletions(-) diff --git a/daemon/daemon.c b/daemon/daemon.c index a407800b5..0b1200a2e 100644 --- a/daemon/daemon.c +++ b/daemon/daemon.c @@ -250,8 +250,6 @@ daemon_init(void) /* init timezone info while we are not chrooted yet */ tzset(); #endif - /* open /dev/urandom if needed */ - ub_systemseed((unsigned)time(NULL)^(unsigned)getpid()^0xe67); daemon->need_to_exit = 0; modstack_init(&daemon->mods); if(!(daemon->env = (struct module_env*)calloc(1, diff --git a/doc/Changelog b/doc/Changelog index 75fb6a4ca..a92870553 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -37,6 +37,7 @@ - Fix Enum Name not Used, reported by X41 D-Sec. - Fix NULL Pointer Dereference via Control Port, reported by X41 D-Sec. + - Fix Bad Randomness in Seed, reported by X41 D-Sec. 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. diff --git a/util/random.c b/util/random.c index bda6d5a68..bb564f2f9 100644 --- a/util/random.c +++ b/util/random.c @@ -79,12 +79,6 @@ #define MAX_VALUE 0x7fffffff #if defined(HAVE_SSL) -void -ub_systemseed(unsigned int ATTR_UNUSED(seed)) -{ - /* arc4random_uniform does not need seeds, it gets kernel entropy */ -} - struct ub_randstate* ub_initstate(struct ub_randstate* ATTR_UNUSED(from)) { @@ -118,10 +112,6 @@ struct ub_randstate { int ready; }; -void ub_systemseed(unsigned int ATTR_UNUSED(seed)) -{ -} - struct ub_randstate* ub_initstate(struct ub_randstate* ATTR_UNUSED(from)) { struct ub_randstate* s = (struct ub_randstate*)calloc(1, sizeof(*s)); @@ -157,15 +147,6 @@ struct ub_randstate { int seeded; }; -void ub_systemseed(unsigned int ATTR_UNUSED(seed)) -{ -/** - * We seed on init and not here, as we need the ctx to re-seed. - * This also means that re-seeding is not supported. - */ - log_err("Re-seeding not supported, generator untouched"); -} - struct ub_randstate* ub_initstate(struct ub_randstate* ATTR_UNUSED(from)) { struct ub_randstate* s = (struct ub_randstate*)calloc(1, sizeof(*s)); diff --git a/util/random.h b/util/random.h index e75157d38..b257793a4 100644 --- a/util/random.h +++ b/util/random.h @@ -47,14 +47,6 @@ */ struct ub_randstate; -/** - * Initialize the system randomness. Obtains entropy from the system - * before a chroot or privilege makes it unavailable. - * You do not have to call this, otherwise ub_initstate does so. - * @param seed: seed value to create state (if no good entropy is found). - */ -void ub_systemseed(unsigned int seed); - /** * Initialize a random generator state for use * @param from: if not NULL, the seed is taken from this random structure. From 8833d44d014414c65e50879286bd728c4d8a3b43 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 20 Nov 2019 15:07:09 +0100 Subject: [PATCH 054/123] - Fix python examples/calc.py for eval, reported by X41 D-Sec. --- doc/Changelog | 1 + pythonmod/examples/calc.py | 8 ++++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index a92870553..7408e8371 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -38,6 +38,7 @@ - Fix NULL Pointer Dereference via Control Port, reported by X41 D-Sec. - Fix Bad Randomness in Seed, reported by X41 D-Sec. + - Fix python examples/calc.py for eval, reported by X41 D-Sec. 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. diff --git a/pythonmod/examples/calc.py b/pythonmod/examples/calc.py index 3230e37e3..8c15f50b9 100644 --- a/pythonmod/examples/calc.py +++ b/pythonmod/examples/calc.py @@ -45,9 +45,13 @@ def operate(id, event, qstate, qdata): if (event == MODULE_EVENT_NEW) or (event == MODULE_EVENT_PASS): - if qstate.qinfo.qname_str.endswith("._calc_.cz."): + if qstate.qinfo.qname_str.endswith("._calc_.cz.") and not ("__" in qstate.qinfo.qname_str): try: - res = eval(''.join(qstate.qinfo.qname_list[0:-3])) + # the second and third argument to eval attempt to restrict + # functions and variables available to stop code execution + # but it may not be safe either. This is why __ substrings + # are excluded from evaluation. + res = eval(''.join(qstate.qinfo.qname_list[0:-3]),{"__builtins__":None},{}) except: res = "exception" From ebad5416d764db8f2f8d9ed369943800af52b4fd Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 20 Nov 2019 15:22:20 +0100 Subject: [PATCH 055/123] - Fix comments for doxygen in dns64. --- dns64/dns64.c | 6 ++++++ doc/Changelog | 1 + 2 files changed, 7 insertions(+) diff --git a/dns64/dns64.c b/dns64/dns64.c index 736c30e40..1a569059a 100644 --- a/dns64/dns64.c +++ b/dns64/dns64.c @@ -191,6 +191,7 @@ uitoa(unsigned n, char* s) * * \param ipv6 IPv6 address represented as a 128-bit array in big-endian * order. + * \param ipv6_len length of the ipv6 byte array. * \param offset Index of the MSB of the IPv4 address embedded in the IPv6 * address. */ @@ -216,6 +217,7 @@ extract_ipv4(const uint8_t ipv6[], size_t ipv6_len, const int offset) * \param ipv4 IPv4 address represented as an unsigned 32-bit number. * \param ptr The result will be written here. Must be large enough, be * careful! + * \param nm_len length of the ptr buffer. * * \return The number of characters written. */ @@ -246,6 +248,7 @@ ipv4_to_ptr(uint32_t ipv4, char ptr[], size_t nm_len) * * \param ptr The domain name. (e.g. "\011[...]\010\012\016\012\03ip6\04arpa") * \param ipv6 The result will be written here, in network byte order. + * \param ipv6_len length of the ipv6 byte array. * * \return 1 on success, 0 on failure. */ @@ -281,9 +284,12 @@ ptr_to_ipv6(const char* ptr, uint8_t ipv6[], size_t ipv6_len) * Synthesize an IPv6 address based on an IPv4 address and the DNS64 prefix. * * \param prefix_addr DNS64 prefix address. + * \param prefix_addr_len length of the prefix_addr buffer. * \param prefix_net CIDR length of the DNS64 prefix. Must be between 0 and 96. * \param a IPv4 address. + * \param a_len length of the a buffer. * \param aaaa IPv6 address. The result will be written here. + * \param aaaa_len length of the aaaa buffer. */ static void synthesize_aaaa(const uint8_t prefix_addr[], size_t prefix_addr_len, diff --git a/doc/Changelog b/doc/Changelog index 7408e8371..08fdd996f 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -39,6 +39,7 @@ reported by X41 D-Sec. - Fix Bad Randomness in Seed, reported by X41 D-Sec. - Fix python examples/calc.py for eval, reported by X41 D-Sec. + - Fix comments for doxygen in dns64. 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. From 1718a8e6b56315f3584c1400150438edd47d4879 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Fri, 22 Nov 2019 14:23:00 +0100 Subject: [PATCH 056/123] - Fix dname loop maximum, reported by Eric Sesterhenn from X41 D-Sec. --- doc/Changelog | 3 ++ services/authzone.c | 4 +-- sldns/wire2str.c | 69 ++++++++++++++++++++++++++------------------- sldns/wire2str.h | 29 ++++++++++++++----- testcode/testpkts.c | 47 +++++++++++++++++------------- 5 files changed, 94 insertions(+), 58 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index 08fdd996f..39f3a99d5 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +22 November 2019: Wouter + - Fix dname loop maximum, reported by Eric Sesterhenn from X41 D-Sec. + 20 November 2019: Wouter - Fix Out of Bounds Read in rrinternal_get_owner(), reported by X41 D-Sec. diff --git a/services/authzone.c b/services/authzone.c index 52a19d32c..b59a7334c 100644 --- a/services/authzone.c +++ b/services/authzone.c @@ -1636,7 +1636,7 @@ auth_rr_to_string(uint8_t* nm, size_t nmlen, uint16_t tp, uint16_t cl, if(i >= data->count) tp = LDNS_RR_TYPE_RRSIG; dat = nm; datlen = nmlen; - w += sldns_wire2str_dname_scan(&dat, &datlen, &s, &slen, NULL, 0); + w += sldns_wire2str_dname_scan(&dat, &datlen, &s, &slen, NULL, 0, NULL); w += sldns_str_print(&s, &slen, "\t"); w += sldns_str_print(&s, &slen, "%lu\t", (unsigned long)data->rr_ttl[i]); w += sldns_wire2str_class_print(&s, &slen, cl); @@ -1645,7 +1645,7 @@ auth_rr_to_string(uint8_t* nm, size_t nmlen, uint16_t tp, uint16_t cl, w += sldns_str_print(&s, &slen, "\t"); datlen = data->rr_len[i]-2; dat = data->rr_data[i]+2; - w += sldns_wire2str_rdata_scan(&dat, &datlen, &s, &slen, tp, NULL, 0); + w += sldns_wire2str_rdata_scan(&dat, &datlen, &s, &slen, tp, NULL, 0, NULL); if(tp == LDNS_RR_TYPE_DNSKEY) { w += sldns_str_print(&s, &slen, " ;{id = %u}", diff --git a/sldns/wire2str.c b/sldns/wire2str.c index f4f52abeb..ddff33a28 100644 --- a/sldns/wire2str.c +++ b/sldns/wire2str.c @@ -252,13 +252,13 @@ int sldns_wire2str_pkt_buf(uint8_t* d, size_t dlen, char* s, size_t slen) int sldns_wire2str_rr_buf(uint8_t* d, size_t dlen, char* s, size_t slen) { /* use arguments as temporary variables */ - return sldns_wire2str_rr_scan(&d, &dlen, &s, &slen, NULL, 0); + return sldns_wire2str_rr_scan(&d, &dlen, &s, &slen, NULL, 0, NULL); } int sldns_wire2str_rrquestion_buf(uint8_t* d, size_t dlen, char* s, size_t slen) { /* use arguments as temporary variables */ - return sldns_wire2str_rrquestion_scan(&d, &dlen, &s, &slen, NULL, 0); + return sldns_wire2str_rrquestion_scan(&d, &dlen, &s, &slen, NULL, 0, NULL); } int sldns_wire2str_rdata_buf(uint8_t* rdata, size_t rdata_len, char* str, @@ -266,13 +266,13 @@ int sldns_wire2str_rdata_buf(uint8_t* rdata, size_t rdata_len, char* str, { /* use arguments as temporary variables */ return sldns_wire2str_rdata_scan(&rdata, &rdata_len, &str, &str_len, - rrtype, NULL, 0); + rrtype, NULL, 0, NULL); } int sldns_wire2str_rr_unknown_buf(uint8_t* d, size_t dlen, char* s, size_t slen) { /* use arguments as temporary variables */ - return sldns_wire2str_rr_unknown_scan(&d, &dlen, &s, &slen, NULL, 0); + return sldns_wire2str_rr_unknown_scan(&d, &dlen, &s, &slen, NULL, 0, NULL); } int sldns_wire2str_rr_comment_buf(uint8_t* rr, size_t rrlen, size_t dname_len, @@ -310,7 +310,7 @@ int sldns_wire2str_opcode_buf(int opcode, char* s, size_t slen) int sldns_wire2str_dname_buf(uint8_t* d, size_t dlen, char* s, size_t slen) { /* use arguments as temporary variables */ - return sldns_wire2str_dname_scan(&d, &dlen, &s, &slen, NULL, 0); + return sldns_wire2str_dname_scan(&d, &dlen, &s, &slen, NULL, 0, NULL); } int sldns_str_vprint(char** str, size_t* slen, const char* format, va_list args) @@ -365,7 +365,7 @@ static int print_remainder_hex(const char* pref, uint8_t** d, size_t* dlen, int sldns_wire2str_pkt_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen) { - int w = 0; + int w = 0, comprloop = 0; unsigned qdcount, ancount, nscount, arcount, i; uint8_t* pkt = *d; size_t pktlen = *dlen; @@ -382,25 +382,25 @@ int sldns_wire2str_pkt_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen) w += sldns_str_print(s, slen, ";; QUESTION SECTION:\n"); for(i=0; i 4) + maxcompr = 4; /* just don't want to spend time, any more */ + } if(*dlen == 0) return sldns_str_print(s, slen, "ErrorMissingDname"); if(*pos == 0) { (*d)++; @@ -811,9 +819,12 @@ int sldns_wire2str_dname_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen, if(!pkt || target >= pktlen) return w + sldns_str_print(s, slen, "ErrorComprPtrOutOfBounds"); - if(counter++ > maxcompr) + if(counter++ > maxcompr) { + if(comprloop && *comprloop < 10) + (*comprloop)++; return w + sldns_str_print(s, slen, "ErrorComprPtrLooped"); + } in_buf = 0; pos = pkt+target; continue; @@ -929,14 +940,14 @@ int sldns_wire2str_ttl_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen) } int sldns_wire2str_rdf_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen, - int rdftype, uint8_t* pkt, size_t pktlen) + int rdftype, uint8_t* pkt, size_t pktlen, int* comprloop) { if(*dlen == 0) return 0; switch(rdftype) { case LDNS_RDF_TYPE_NONE: return 0; case LDNS_RDF_TYPE_DNAME: - return sldns_wire2str_dname_scan(d, dlen, s, slen, pkt, pktlen); + return sldns_wire2str_dname_scan(d, dlen, s, slen, pkt, pktlen, comprloop); case LDNS_RDF_TYPE_INT8: return sldns_wire2str_int8_scan(d, dlen, s, slen); case LDNS_RDF_TYPE_INT16: @@ -988,7 +999,7 @@ int sldns_wire2str_rdf_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen, return sldns_wire2str_atma_scan(d, dlen, s, slen); case LDNS_RDF_TYPE_IPSECKEY: return sldns_wire2str_ipseckey_scan(d, dlen, s, slen, pkt, - pktlen); + pktlen, comprloop); case LDNS_RDF_TYPE_HIP: return sldns_wire2str_hip_scan(d, dlen, s, slen); case LDNS_RDF_TYPE_INT16_DATA: @@ -1530,7 +1541,7 @@ int sldns_wire2str_atma_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) /* internal scan routine that can modify arguments on failure */ static int sldns_wire2str_ipseckey_scan_internal(uint8_t** d, size_t* dl, - char** s, size_t* sl, uint8_t* pkt, size_t pktlen) + char** s, size_t* sl, uint8_t* pkt, size_t pktlen, int* comprloop) { /* http://www.ietf.org/internet-drafts/draft-ietf-ipseckey-rr-12.txt*/ uint8_t precedence, gateway_type, algorithm; @@ -1558,7 +1569,7 @@ static int sldns_wire2str_ipseckey_scan_internal(uint8_t** d, size_t* dl, w += sldns_wire2str_aaaa_scan(d, dl, s, sl); break; case 3: /* dname */ - w += sldns_wire2str_dname_scan(d, dl, s, sl, pkt, pktlen); + w += sldns_wire2str_dname_scan(d, dl, s, sl, pkt, pktlen, comprloop); break; default: /* unknown */ return -1; @@ -1572,12 +1583,12 @@ static int sldns_wire2str_ipseckey_scan_internal(uint8_t** d, size_t* dl, } int sldns_wire2str_ipseckey_scan(uint8_t** d, size_t* dl, char** s, size_t* sl, - uint8_t* pkt, size_t pktlen) + uint8_t* pkt, size_t pktlen, int* comprloop) { uint8_t* od = *d; char* os = *s; size_t odl = *dl, osl = *sl; - int w=sldns_wire2str_ipseckey_scan_internal(d, dl, s, sl, pkt, pktlen); + int w=sldns_wire2str_ipseckey_scan_internal(d, dl, s, sl, pkt, pktlen, comprloop); if(w == -1) { *d = od; *s = os; diff --git a/sldns/wire2str.h b/sldns/wire2str.h index a64f58072..0167fe7c1 100644 --- a/sldns/wire2str.h +++ b/sldns/wire2str.h @@ -156,10 +156,11 @@ int sldns_wire2str_pkt_scan(uint8_t** data, size_t* data_len, char** str, * @param str_len: length of string buffer. * @param pkt: packet for decompression, if NULL no decompression. * @param pktlen: length of packet buffer. + * @param comprloop: if pkt, bool detects compression loops. * @return number of characters (except null) needed to print. */ int sldns_wire2str_rr_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len, uint8_t* pkt, size_t pktlen); + size_t* str_len, uint8_t* pkt, size_t pktlen, int* comprloop); /** * Scan wireformat question rr to string, with user buffers. @@ -170,10 +171,11 @@ int sldns_wire2str_rr_scan(uint8_t** data, size_t* data_len, char** str, * @param str_len: length of string buffer. * @param pkt: packet for decompression, if NULL no decompression. * @param pktlen: length of packet buffer. + * @param comprloop: if pkt, bool detects compression loops. * @return number of characters (except null) needed to print. */ int sldns_wire2str_rrquestion_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len, uint8_t* pkt, size_t pktlen); + size_t* str_len, uint8_t* pkt, size_t pktlen, int* comprloop); /** * Scan wireformat RR to string in unknown RR format, with user buffers. @@ -184,10 +186,11 @@ int sldns_wire2str_rrquestion_scan(uint8_t** data, size_t* data_len, char** str, * @param str_len: length of string buffer. * @param pkt: packet for decompression, if NULL no decompression. * @param pktlen: length of packet buffer. + * @param comprloop: if pkt, bool detects compression loops. * @return number of characters (except null) needed to print. */ int sldns_wire2str_rr_unknown_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len, uint8_t* pkt, size_t pktlen); + size_t* str_len, uint8_t* pkt, size_t pktlen, int* comprloop); /** * Print to string the RR-information comment in default format, @@ -228,10 +231,12 @@ int sldns_wire2str_header_scan(uint8_t** data, size_t* data_len, char** str, * @param rrtype: RR type of Rdata, host format. * @param pkt: packet for decompression, if NULL no decompression. * @param pktlen: length of packet buffer. + * @param comprloop: if pkt, bool detects compression loops. * @return number of characters (except null) needed to print. */ int sldns_wire2str_rdata_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len, uint16_t rrtype, uint8_t* pkt, size_t pktlen); + size_t* str_len, uint16_t rrtype, uint8_t* pkt, size_t pktlen, + int* comprloop); /** * Scan wireformat rdata to string in unknown format, with user buffers. @@ -254,10 +259,17 @@ int sldns_wire2str_rdata_unknown_scan(uint8_t** data, size_t* data_len, * @param str_len: length of string buffer. * @param pkt: packet for decompression, if NULL no decompression. * @param pktlen: length of packet buffer. + * @param comprloop: inout bool, that is set true if compression loop failure + * happens. Pass in 0, if passsed in as true, a lower bound is set + * on compression loops to stop arbitrary long packet parse times. + * This is meant so you can set it to 0 at the start of a list of dnames, + * and then scan all of them in sequence, if a loop happens, it becomes + * true and then it becomes more strict for the next dnames in the list. + * You can leave it at NULL if there is no pkt (pkt is NULL too). * @return number of characters (except null) needed to print. */ int sldns_wire2str_dname_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len, uint8_t* pkt, size_t pktlen); + size_t* str_len, uint8_t* pkt, size_t pktlen, int* comprloop); /** * Scan wireformat rr type to string, with user buffers. @@ -492,11 +504,13 @@ int sldns_wire2str_dname_buf(uint8_t* dname, size_t dname_len, char* str, * @param rdftype: the type of the rdata field, enum sldns_rdf_type. * @param pkt: packet for decompression, if NULL no decompression. * @param pktlen: length of packet buffer. + * @param comprloop: if pkt, bool detects compression loops. * @return number of characters (except null) needed to print. * Can return -1 on failure. */ int sldns_wire2str_rdf_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len, int rdftype, uint8_t* pkt, size_t pktlen); + size_t* str_len, int rdftype, uint8_t* pkt, size_t pktlen, + int* comprloop); /** * Scan wireformat int8 field to string, with user buffers. @@ -793,11 +807,12 @@ int sldns_wire2str_atma_scan(uint8_t** data, size_t* data_len, char** str, * @param str_len: length of string buffer. * @param pkt: packet for decompression, if NULL no decompression. * @param pktlen: length of packet buffer. + * @param comprloop: if pkt, bool detects compression loops. * @return number of characters (except null) needed to print. * Can return -1 on failure. */ int sldns_wire2str_ipseckey_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len, uint8_t* pkt, size_t pktlen); + size_t* str_len, uint8_t* pkt, size_t pktlen, int* comprloop); /** * Scan wireformat HIP (algo, HIT, pubkey) field to string, with user buffers. diff --git a/testcode/testpkts.c b/testcode/testpkts.c index 6c90567aa..82c143967 100644 --- a/testcode/testpkts.c +++ b/testcode/testpkts.c @@ -704,6 +704,7 @@ static sldns_rr_type get_qtype(uint8_t* pkt, size_t pktlen) uint8_t* d; size_t dl, sl=0; char* snull = NULL; + int comprloop = 0; if(pktlen < LDNS_HEADER_SIZE) return 0; if(LDNS_QDCOUNT(pkt) == 0) @@ -711,7 +712,7 @@ static sldns_rr_type get_qtype(uint8_t* pkt, size_t pktlen) /* skip over dname with dname-scan routine */ d = pkt+LDNS_HEADER_SIZE; dl = pktlen-LDNS_HEADER_SIZE; - (void)sldns_wire2str_dname_scan(&d, &dl, &snull, &sl, pkt, pktlen); + (void)sldns_wire2str_dname_scan(&d, &dl, &snull, &sl, pkt, pktlen, &comprloop); if(dl < 2) return 0; return sldns_read_uint16(d); @@ -723,6 +724,7 @@ static size_t get_qname_len(uint8_t* pkt, size_t pktlen) uint8_t* d; size_t dl, sl=0; char* snull = NULL; + int comprloop = 0; if(pktlen < LDNS_HEADER_SIZE) return 0; if(LDNS_QDCOUNT(pkt) == 0) @@ -730,7 +732,7 @@ static size_t get_qname_len(uint8_t* pkt, size_t pktlen) /* skip over dname with dname-scan routine */ d = pkt+LDNS_HEADER_SIZE; dl = pktlen-LDNS_HEADER_SIZE; - (void)sldns_wire2str_dname_scan(&d, &dl, &snull, &sl, pkt, pktlen); + (void)sldns_wire2str_dname_scan(&d, &dl, &snull, &sl, pkt, pktlen, &comprloop); return pktlen-dl-LDNS_HEADER_SIZE; } @@ -767,6 +769,7 @@ static uint32_t get_serial(uint8_t* p, size_t plen) size_t walk_len = plen, sl=0; char* snull = NULL; uint16_t i; + int comprloop = 0; if(walk_len < LDNS_HEADER_SIZE) return 0; @@ -776,10 +779,10 @@ static uint32_t get_serial(uint8_t* p, size_t plen) /* skip other records with wire2str_scan */ for(i=0; i < LDNS_QDCOUNT(p); i++) (void)sldns_wire2str_rrquestion_scan(&walk, &walk_len, - &snull, &sl, p, plen); + &snull, &sl, p, plen, &comprloop); for(i=0; i < LDNS_ANCOUNT(p); i++) (void)sldns_wire2str_rr_scan(&walk, &walk_len, &snull, &sl, - p, plen); + p, plen, &comprloop); /* walk through authority section */ for(i=0; i < LDNS_NSCOUNT(p); i++) { @@ -787,7 +790,7 @@ static uint32_t get_serial(uint8_t* p, size_t plen) uint8_t* dstart = walk; size_t dlen = walk_len; (void)sldns_wire2str_dname_scan(&dstart, &dlen, &snull, &sl, - p, plen); + p, plen, &comprloop); if(dlen >= 2 && sldns_read_uint16(dstart) == LDNS_RR_TYPE_SOA) { /* skip type, class, TTL, rdatalen */ if(dlen < 10) @@ -798,9 +801,9 @@ static uint32_t get_serial(uint8_t* p, size_t plen) dlen -= 10; /* check third rdf */ (void)sldns_wire2str_dname_scan(&dstart, &dlen, &snull, - &sl, p, plen); + &sl, p, plen, &comprloop); (void)sldns_wire2str_dname_scan(&dstart, &dlen, &snull, - &sl, p, plen); + &sl, p, plen, &comprloop); if(dlen < 4) return 0; verbose(3, "found serial %u in msg. ", @@ -809,7 +812,7 @@ static uint32_t get_serial(uint8_t* p, size_t plen) } /* move to next RR */ (void)sldns_wire2str_rr_scan(&walk, &walk_len, &snull, &sl, - p, plen); + p, plen, &comprloop); } return 0; } @@ -823,6 +826,7 @@ pkt_find_edns_opt(uint8_t** p, size_t* plen) size_t wlen = *plen, sl=0; char* snull = NULL; uint16_t i; + int comprloop = 0; if(wlen < LDNS_HEADER_SIZE) return 0; @@ -832,11 +836,11 @@ pkt_find_edns_opt(uint8_t** p, size_t* plen) /* skip other records with wire2str_scan */ for(i=0; i < LDNS_QDCOUNT(*p); i++) (void)sldns_wire2str_rrquestion_scan(&w, &wlen, &snull, &sl, - *p, *plen); + *p, *plen, &comprloop); for(i=0; i < LDNS_ANCOUNT(*p); i++) - (void)sldns_wire2str_rr_scan(&w, &wlen, &snull, &sl, *p, *plen); + (void)sldns_wire2str_rr_scan(&w, &wlen, &snull, &sl, *p, *plen, &comprloop); for(i=0; i < LDNS_NSCOUNT(*p); i++) - (void)sldns_wire2str_rr_scan(&w, &wlen, &snull, &sl, *p, *plen); + (void)sldns_wire2str_rr_scan(&w, &wlen, &snull, &sl, *p, *plen, &comprloop); /* walk through additional section */ for(i=0; i < LDNS_ARCOUNT(*p); i++) { @@ -844,14 +848,14 @@ pkt_find_edns_opt(uint8_t** p, size_t* plen) uint8_t* dstart = w; size_t dlen = wlen; (void)sldns_wire2str_dname_scan(&dstart, &dlen, &snull, &sl, - *p, *plen); + *p, *plen, &comprloop); if(dlen >= 2 && sldns_read_uint16(dstart) == LDNS_RR_TYPE_OPT) { *p = dstart+2; *plen = dlen-2; return 1; } /* move to next RR */ - (void)sldns_wire2str_rr_scan(&w, &wlen, &snull, &sl, *p, *plen); + (void)sldns_wire2str_rr_scan(&w, &wlen, &snull, &sl, *p, *plen, &comprloop); } return 0; } @@ -889,25 +893,26 @@ zerottls(uint8_t* pkt, size_t pktlen) char* snull = NULL; uint16_t i; uint16_t num = LDNS_ANCOUNT(pkt)+LDNS_NSCOUNT(pkt)+LDNS_ARCOUNT(pkt); + int comprloop = 0; if(walk_len < LDNS_HEADER_SIZE) return; walk += LDNS_HEADER_SIZE; walk_len -= LDNS_HEADER_SIZE; for(i=0; i < LDNS_QDCOUNT(pkt); i++) (void)sldns_wire2str_rrquestion_scan(&walk, &walk_len, - &snull, &sl, pkt, pktlen); + &snull, &sl, pkt, pktlen, &comprloop); for(i=0; i < num; i++) { /* wipe TTL */ uint8_t* dstart = walk; size_t dlen = walk_len; (void)sldns_wire2str_dname_scan(&dstart, &dlen, &snull, &sl, - pkt, pktlen); + pkt, pktlen, &comprloop); if(dlen < 8) return; sldns_write_uint32(dstart+4, 0); /* go to next RR */ (void)sldns_wire2str_rr_scan(&walk, &walk_len, &snull, &sl, - pkt, pktlen); + pkt, pktlen, &comprloop); } } @@ -1347,10 +1352,11 @@ static int equal_dname(uint8_t* q, size_t qlen, uint8_t* p, size_t plen) char qs[512], ps[512]; size_t qslen = sizeof(qs), pslen = sizeof(ps); char* qss = qs, *pss = ps; + int comprloop = 0; if(!qn || !pn) return 0; - (void)sldns_wire2str_dname_scan(&qn, &qlen, &qss, &qslen, q, qlen); - (void)sldns_wire2str_dname_scan(&pn, &plen, &pss, &pslen, p, plen); + (void)sldns_wire2str_dname_scan(&qn, &qlen, &qss, &qslen, q, qlen, &comprloop); + (void)sldns_wire2str_dname_scan(&pn, &plen, &pss, &pslen, p, plen, &comprloop); return (strcmp(qs, ps) == 0); } @@ -1364,11 +1370,12 @@ static int subdomain_dname(uint8_t* q, size_t qlen, uint8_t* p, size_t plen) char qs[5120], ps[5120]; size_t qslen = sizeof(qs), pslen = sizeof(ps); char* qss = qs, *pss = ps; + int comprloop = 0; if(!qn || !pn) return 0; /* decompresses domain names */ - (void)sldns_wire2str_dname_scan(&qn, &qlen, &qss, &qslen, q, qlen); - (void)sldns_wire2str_dname_scan(&pn, &plen, &pss, &pslen, p, plen); + (void)sldns_wire2str_dname_scan(&qn, &qlen, &qss, &qslen, q, qlen, &comprloop); + (void)sldns_wire2str_dname_scan(&pn, &plen, &pss, &pslen, p, plen, &comprloop); /* same: false, (strict subdomain check)??? */ if(strcmp(qs, ps) == 0) return 1; From 30b0fa1e8eee0a413044ef0c2cc4cab5f717f749 Mon Sep 17 00:00:00 2001 From: George Thessalonikefs Date: Fri, 22 Nov 2019 14:30:56 +0100 Subject: [PATCH 057/123] Fix compiler warnings. --- compat/getentropy_linux.c | 4 ++-- doc/Changelog | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/compat/getentropy_linux.c b/compat/getentropy_linux.c index d9a5277a6..82cdb78b8 100644 --- a/compat/getentropy_linux.c +++ b/compat/getentropy_linux.c @@ -202,7 +202,7 @@ getentropy_getrandom(void *buf, size_t len) ret = syscall(SYS_getrandom, buf, len, GRND_NONBLOCK); } while (ret == -1 && errno == EINTR); - if (ret != len) + if (ret != (int)len) return (-1); errno = pre_errno; return (0); @@ -321,7 +321,7 @@ static const int cl[] = { }; static int -getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data) +getentropy_phdr(struct dl_phdr_info *info, size_t ATTR_UNUSED(size), void *data) { SHA512_CTX *ctx = data; diff --git a/doc/Changelog b/doc/Changelog index 39f3a99d5..17f5f9569 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +22 November 2019: George + - Fix compiler warnings. + 22 November 2019: Wouter - Fix dname loop maximum, reported by Eric Sesterhenn from X41 D-Sec. From f82f97199741a05cef5c2cd2d84b4fe24847a57a Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Fri, 22 Nov 2019 15:10:02 +0100 Subject: [PATCH 058/123] - Add make distclean that removes everything configure produced, and make maintainer-clean that removes bison and flex output. --- Makefile.in | 15 ++++++++++----- doc/Changelog | 2 ++ 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/Makefile.in b/Makefile.in index 4c37e5906..8452b1f5c 100644 --- a/Makefile.in +++ b/Makefile.in @@ -456,14 +456,19 @@ clean: rm -f _unbound.la libunbound/python/libunbound_wrap.c libunbound/python/unbound.py pythonmod/interface.h pythonmod/unboundmodule.py rm -rf autom4te.cache .libs build doc/html doc/xml -realclean: clean - rm -f config.status config.log config.h.in config.h - rm -f configure config.sub config.guess ltmain.sh aclocal.m4 libtool - rm -f util/configlexer.c util/configparser.c util/configparser.h - rm -f doc/example.conf doc/libunbound.3 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound-control.8 doc/unbound.8 doc/unbound.conf.5 +distclean: clean + rm -f config.status config.log config.h + rm -f doc/example.conf doc/libunbound.3 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound-control.8 doc/unbound.8 doc/unbound.conf.5 doc/unbound-host.1 + rm -f smallapp/unbound-control-setup.sh dnstap/dnstap_config.h dnscrypt/dnscrypt_config.h contrib/libunbound.pc contrib/unbound.socket contrib/unbound.service rm -f $(TEST_BIN) rm -f Makefile +maintainer-clean: distclean + rm -f util/configlexer.c util/configparser.c util/configparser.h + +realclean: maintainer-clean + rm -f configure config.h.in config.sub config.guess ltmain.sh aclocal.m4 libtool + .SUFFIXES: .lint .c.lint: $(LINT) $(LINTFLAGS) -I. -I$(srcdir) $< diff --git a/doc/Changelog b/doc/Changelog index 17f5f9569..1bd10738f 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -3,6 +3,8 @@ 22 November 2019: Wouter - Fix dname loop maximum, reported by Eric Sesterhenn from X41 D-Sec. + - Add make distclean that removes everything configure produced, + and make maintainer-clean that removes bison and flex output. 20 November 2019: Wouter - Fix Out of Bounds Read in rrinternal_get_owner(), From dc0b1699e53df94aae35e7e4104d6e7c35bf39ce Mon Sep 17 00:00:00 2001 From: Havard Eidnes Date: Tue, 26 Nov 2019 00:02:34 +0100 Subject: [PATCH 059/123] In tcp_callback_writer(), don't disable time-out when changing to read. --- util/netevent.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/netevent.c b/util/netevent.c index b8ec0ee42..980bb8bea 100644 --- a/util/netevent.c +++ b/util/netevent.c @@ -1001,7 +1001,7 @@ tcp_callback_writer(struct comm_point* c) tcp_req_info_handle_writedone(c->tcp_req_info); } else { comm_point_stop_listening(c); - comm_point_start_listening(c, -1, -1); + comm_point_start_listening(c, -1, c->tcp_timeout_msec); } } From d63cb996494f6d8fbee2d39485d2bdcf9c05f268 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Renaud=20M=C3=A9trich?= Date: Tue, 26 Nov 2019 16:32:03 +0100 Subject: [PATCH 060/123] Changed log lock from 'quick' to 'basic' because this is an I/O lock. We cannot use a 'quick' lock (i.e. lock spinning on the CPU) for the log lock because it can wait a lot on I/Os. Using a 'quick' lock leads to eating the CPU for no good reason. Example of 'pidstat' output when using various locks for log_lock: - 'quick' lock and slow log file system (tail -f on the log file on XFS on RHEL 8) 04:15:11 PM UID TGID TID %usr %system %CPU CPU Command 04:15:21 PM 998 16431 - 100.00 4.20 100.00 2 unbound 04:15:21 PM 998 - 16431 31.00 1.00 32.00 2 |__unbound 04:15:21 PM 998 - 16432 31.30 0.80 32.10 0 |__unbound 04:15:21 PM 998 - 16433 30.20 1.40 31.60 1 |__unbound 04:15:21 PM 998 - 16434 30.70 1.00 31.70 3 |__unbound - 'quick' lock and log file system being fast 04:15:40 PM UID TGID TID %usr %system %CPU CPU Command 04:15:50 PM 998 16431 - 10.00 1.60 11.60 1 unbound 04:15:50 PM 998 - 16431 2.50 0.50 3.00 1 |__unbound 04:15:50 PM 998 - 16432 2.30 0.40 2.70 3 |__unbound 04:15:50 PM 998 - 16433 2.70 0.30 3.00 0 |__unbound 04:15:50 PM 998 - 16434 2.60 0.40 3.00 2 |__unbound - 'basic' lock (this commit) and slow log file system (tail -f on the log file on XFS on RHEL 8) 04:29:48 PM UID TGID TID %usr %system %CPU CPU Command 04:29:58 PM 998 11632 - 7.10 14.10 21.20 3 unbound 04:29:58 PM 998 - 11632 1.70 3.20 4.90 3 |__unbound 04:29:58 PM 998 - 11633 1.60 3.30 4.90 1 |__unbound 04:29:58 PM 998 - 11634 2.00 4.10 6.10 1 |__unbound 04:29:58 PM 998 - 11635 1.90 3.50 5.40 1 |__unbound We can see in the above example, when 'basic' lock is used, that CPU isn't consumed when log file system is slow. Another reproducer scenario: put the log file on a NFS share with 'sync' option. --- util/log.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/util/log.c b/util/log.c index 376a2590b..8499d8c0a 100644 --- a/util/log.c +++ b/util/log.c @@ -70,7 +70,7 @@ static int key_created = 0; static ub_thread_key_type logkey; #ifndef THREADS_DISABLED /** pthread mutex to protect FILE* */ -static lock_quick_type log_lock; +static lock_basic_type log_lock; #endif /** the identity of this executable/process */ static const char* ident="unbound"; @@ -88,18 +88,18 @@ log_init(const char* filename, int use_syslog, const char* chrootdir) if(!key_created) { key_created = 1; ub_thread_key_create(&logkey, NULL); - lock_quick_init(&log_lock); + lock_basic_init(&log_lock); } - lock_quick_lock(&log_lock); + lock_basic_lock(&log_lock); if(logfile #if defined(HAVE_SYSLOG_H) || defined(UB_ON_WINDOWS) || logging_to_syslog #endif ) { - lock_quick_unlock(&log_lock); /* verbose() needs the lock */ + lock_basic_unlock(&log_lock); /* verbose() needs the lock */ verbose(VERB_QUERY, "switching log to %s", use_syslog?"syslog":(filename&&filename[0]?filename:"stderr")); - lock_quick_lock(&log_lock); + lock_basic_lock(&log_lock); } if(logfile && logfile != stderr) { FILE* cl = logfile; @@ -119,7 +119,7 @@ log_init(const char* filename, int use_syslog, const char* chrootdir) * --with-syslog-facility=LOCAL[0-7] can override it */ openlog(ident, LOG_NDELAY, UB_SYSLOG_FACILITY); logging_to_syslog = 1; - lock_quick_unlock(&log_lock); + lock_basic_unlock(&log_lock); return; } #elif defined(UB_ON_WINDOWS) @@ -128,13 +128,13 @@ log_init(const char* filename, int use_syslog, const char* chrootdir) } if(use_syslog) { logging_to_syslog = 1; - lock_quick_unlock(&log_lock); + lock_basic_unlock(&log_lock); return; } #endif /* HAVE_SYSLOG_H */ if(!filename || !filename[0]) { logfile = stderr; - lock_quick_unlock(&log_lock); + lock_basic_unlock(&log_lock); return; } /* open the file for logging */ @@ -143,7 +143,7 @@ log_init(const char* filename, int use_syslog, const char* chrootdir) filename += strlen(chrootdir); f = fopen(filename, "a"); if(!f) { - lock_quick_unlock(&log_lock); + lock_basic_unlock(&log_lock); log_err("Could not open logfile %s: %s", filename, strerror(errno)); return; @@ -153,14 +153,14 @@ log_init(const char* filename, int use_syslog, const char* chrootdir) setvbuf(f, NULL, (int)_IOLBF, 0); #endif logfile = f; - lock_quick_unlock(&log_lock); + lock_basic_unlock(&log_lock); } void log_file(FILE *f) { - lock_quick_lock(&log_lock); + lock_basic_lock(&log_lock); logfile = f; - lock_quick_unlock(&log_lock); + lock_basic_unlock(&log_lock); } void log_thread_set(int* num) @@ -245,9 +245,9 @@ log_vmsg(int pri, const char* type, return; } #endif /* HAVE_SYSLOG_H */ - lock_quick_lock(&log_lock); + lock_basic_lock(&log_lock); if(!logfile) { - lock_quick_unlock(&log_lock); + lock_basic_unlock(&log_lock); return; } now = (time_t)time(NULL); @@ -272,7 +272,7 @@ log_vmsg(int pri, const char* type, /* line buffering does not work on windows */ fflush(logfile); #endif - lock_quick_unlock(&log_lock); + lock_basic_unlock(&log_lock); } /** From aa64c583686e0c9652622d8d73010219a3236ba7 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Mon, 2 Dec 2019 13:59:43 +0100 Subject: [PATCH 061/123] Changelog entry for #122. - Merge pull request #122 from he32: In tcp_callback_writer(), don't disable time-out when changing to read. --- doc/Changelog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/Changelog b/doc/Changelog index 1bd10738f..066a4707e 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,7 @@ +2 December 2019: Wouter + - Merge pull request #122 from he32: In tcp_callback_writer(), + don't disable time-out when changing to read. + 22 November 2019: George - Fix compiler warnings. From cdbf091c0d4845b09db8c48102af3ccbd1b53f31 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 3 Dec 2019 10:03:44 +0100 Subject: [PATCH 062/123] Changelog entry for merge of #124. - Merge pull request #124 from rmetrich: Changed log lock from 'quick' to 'basic' because this is an I/O lock. --- doc/Changelog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/Changelog b/doc/Changelog index 066a4707e..560e22ca3 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,7 @@ +3 December 2019: Wouter + - Merge pull request #124 from rmetrich: Changed log lock + from 'quick' to 'basic' because this is an I/O lock. + 2 December 2019: Wouter - Merge pull request #122 from he32: In tcp_callback_writer(), don't disable time-out when changing to read. From 5a00b31f86eaf18847416d4d982a9ad1c25949dd Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 3 Dec 2019 12:58:09 +0100 Subject: [PATCH 063/123] - Fix text around serial arithmatic used for RRSIG times to refer to correct RFC number. --- doc/Changelog | 2 ++ validator/val_sigcrypt.c | 22 +++++++++++----------- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index 560e22ca3..0bca5d9ef 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,8 @@ 3 December 2019: Wouter - Merge pull request #124 from rmetrich: Changed log lock from 'quick' to 'basic' because this is an I/O lock. + - Fix text around serial arithmatic used for RRSIG times to refer + to correct RFC number. 2 December 2019: Wouter - Merge pull request #122 from he32: In tcp_callback_writer(), diff --git a/validator/val_sigcrypt.c b/validator/val_sigcrypt.c index cfa3eadcf..33d206de8 100644 --- a/validator/val_sigcrypt.c +++ b/validator/val_sigcrypt.c @@ -1225,11 +1225,11 @@ sigdate_error(const char* str, int32_t expi, int32_t incep, int32_t now) (unsigned)incep, (unsigned)now); } -/** RFC 1918 comparison, uses unsigned integers, and tries to avoid +/** RFC 1982 comparison, uses unsigned integers, and tries to avoid * compiler optimization (eg. by avoiding a-b<0 comparisons), * this routine matches compare_serial(), for SOA serial number checks */ static int -compare_1918(uint32_t a, uint32_t b) +compare_1982(uint32_t a, uint32_t b) { /* for 32 bit values */ const uint32_t cutoff = ((uint32_t) 1 << (32 - 1)); @@ -1244,9 +1244,9 @@ compare_1918(uint32_t a, uint32_t b) } /** if we know that b is larger than a, return the difference between them, - * that is the distance between them. in RFC1918 arith */ + * that is the distance between them. in RFC1982 arith */ static uint32_t -subtract_1918(uint32_t a, uint32_t b) +subtract_1982(uint32_t a, uint32_t b) { /* for 32 bit values */ const uint32_t cutoff = ((uint32_t) 1 << (32 - 1)); @@ -1286,18 +1286,18 @@ check_dates(struct val_env* ve, uint32_t unow, } else now = unow; /* check them */ - if(compare_1918(incep, expi) > 0) { + if(compare_1982(incep, expi) > 0) { sigdate_error("verify: inception after expiration, " "signature bad", expi, incep, now); *reason = "signature inception after expiration"; return 0; } - if(compare_1918(incep, now) > 0) { + if(compare_1982(incep, now) > 0) { /* within skew ? (calc here to avoid calculation normally) */ - uint32_t skew = subtract_1918(incep, expi)/10; + uint32_t skew = subtract_1982(incep, expi)/10; if(skew < (uint32_t)ve->skew_min) skew = ve->skew_min; if(skew > (uint32_t)ve->skew_max) skew = ve->skew_max; - if(subtract_1918(now, incep) > skew) { + if(subtract_1982(now, incep) > skew) { sigdate_error("verify: signature bad, current time is" " before inception date", expi, incep, now); *reason = "signature before inception date"; @@ -1306,11 +1306,11 @@ check_dates(struct val_env* ve, uint32_t unow, sigdate_error("verify warning suspicious signature inception " " or bad local clock", expi, incep, now); } - if(compare_1918(now, expi) > 0) { - uint32_t skew = subtract_1918(incep, expi)/10; + if(compare_1982(now, expi) > 0) { + uint32_t skew = subtract_1982(incep, expi)/10; if(skew < (uint32_t)ve->skew_min) skew = ve->skew_min; if(skew > (uint32_t)ve->skew_max) skew = ve->skew_max; - if(subtract_1918(expi, now) > skew) { + if(subtract_1982(expi, now) > skew) { sigdate_error("verify: signature expired", expi, incep, now); *reason = "signature expired"; From f5e06689d193619c57c33270c83f5e40781a261d Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 3 Dec 2019 15:10:36 +0100 Subject: [PATCH 064/123] - Fix Assert Causing DoS in synth_cname(), reported by X41 D-Sec. --- doc/Changelog | 2 ++ iterator/iter_scrub.c | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/doc/Changelog b/doc/Changelog index 0bca5d9ef..59541fa34 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -3,6 +3,8 @@ from 'quick' to 'basic' because this is an I/O lock. - Fix text around serial arithmatic used for RRSIG times to refer to correct RFC number. + - Fix Assert Causing DoS in synth_cname(), + reported by X41 D-Sec. 2 December 2019: Wouter - Merge pull request #122 from he32: In tcp_callback_writer(), diff --git a/iterator/iter_scrub.c b/iterator/iter_scrub.c index 3f1438a4f..cceec3d56 100644 --- a/iterator/iter_scrub.c +++ b/iterator/iter_scrub.c @@ -217,6 +217,10 @@ synth_cname(uint8_t* qname, size_t qnamelen, struct rrset_parse* dname_rrset, size_t dtarglen; if(!parse_get_cname_target(dname_rrset, &dtarg, &dtarglen)) return 0; + if(qnamelen <= dname_rrset->dname_len) + return 0; + if(qnamelen == 0) + return 0; log_assert(qnamelen > dname_rrset->dname_len); /* DNAME from com. to net. with qname example.com. -> example.net. */ /* so: \3com\0 to \3net\0 and qname \7example\3com\0 */ From 5a66aecef9601b60a0f34d1f05f9720c786f57c0 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 3 Dec 2019 15:11:22 +0100 Subject: [PATCH 065/123] - Fix similar code in auth_zone synth cname to add the extra checks. --- doc/Changelog | 1 + services/authzone.c | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/doc/Changelog b/doc/Changelog index 59541fa34..67f89849d 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -5,6 +5,7 @@ to correct RFC number. - Fix Assert Causing DoS in synth_cname(), reported by X41 D-Sec. + - Fix similar code in auth_zone synth cname to add the extra checks. 2 December 2019: Wouter - Merge pull request #122 from he32: In tcp_callback_writer(), diff --git a/services/authzone.c b/services/authzone.c index b59a7334c..7d806d9d5 100644 --- a/services/authzone.c +++ b/services/authzone.c @@ -2380,6 +2380,10 @@ create_synth_cname(uint8_t* qname, size_t qname_len, struct regional* region, return 0; /* rdatalen in DNAME rdata is malformed */ if(dname_valid(dtarg, dtarglen) != dtarglen) return 0; /* DNAME RR has malformed rdata */ + if(qname_len == 0) + return 0; /* too short */ + if(qname_len <= node->namelen) + return 0; /* qname too short for dname removal */ /* synthesize a CNAME */ newlen = synth_cname_buf(qname, qname_len, node->namelen, From d2eb78e871153f22332d30c6647f3815148f21e5 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 3 Dec 2019 15:20:48 +0100 Subject: [PATCH 066/123] - Fix Assert Causing DoS in dname_pkt_copy(), reported by X41 D-Sec. --- doc/Changelog | 2 ++ util/data/dname.c | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/doc/Changelog b/doc/Changelog index 67f89849d..16b6d53c1 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -6,6 +6,8 @@ - Fix Assert Causing DoS in synth_cname(), reported by X41 D-Sec. - Fix similar code in auth_zone synth cname to add the extra checks. + - Fix Assert Causing DoS in dname_pkt_copy(), + reported by X41 D-Sec. 2 December 2019: Wouter - Merge pull request #122 from he32: In tcp_callback_writer(), diff --git a/util/data/dname.c b/util/data/dname.c index 71e14180d..0cca0a4e6 100644 --- a/util/data/dname.c +++ b/util/data/dname.c @@ -339,6 +339,10 @@ void dname_pkt_copy(sldns_buffer* pkt, uint8_t* to, uint8_t* dname) lablen = *dname++; continue; } + if(lablen > LDNS_MAX_LABELLEN) { + *to = 0; /* end the result prematurely */ + return; + } log_assert(lablen <= LDNS_MAX_LABELLEN); len += (size_t)lablen+1; if(len >= LDNS_MAX_DOMAINLEN) { From e183a66d60039ee66a120279dc759211a035406a Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 3 Dec 2019 15:42:34 +0100 Subject: [PATCH 067/123] - Fix OOB Read in sldns_wire2str_dname_scan(), reported by X41 D-Sec. --- doc/Changelog | 2 ++ sldns/wire2str.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/Changelog b/doc/Changelog index 16b6d53c1..aabdcec25 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -8,6 +8,8 @@ - Fix similar code in auth_zone synth cname to add the extra checks. - Fix Assert Causing DoS in dname_pkt_copy(), reported by X41 D-Sec. + - Fix OOB Read in sldns_wire2str_dname_scan(), + reported by X41 D-Sec. 2 December 2019: Wouter - Merge pull request #122 from he32: In tcp_callback_writer(), diff --git a/sldns/wire2str.c b/sldns/wire2str.c index ddff33a28..8ccc78d95 100644 --- a/sldns/wire2str.c +++ b/sldns/wire2str.c @@ -798,7 +798,7 @@ int sldns_wire2str_dname_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen, (*dlen)--; return sldns_str_print(s, slen, "."); } - while(*pos) { + while((!pkt || pos < pkt+pktlen) && *pos) { /* read label length */ uint8_t labellen = *pos++; if(in_buf) { (*d)++; (*dlen)--; } From 3f3cadd416d6efa92ff2d548ac090f42cd79fee9 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 3 Dec 2019 16:01:31 +0100 Subject: [PATCH 068/123] - Fix Out of Bounds Write in sldns_str2wire_str_buf(), reported by X41 D-Sec. --- doc/Changelog | 2 ++ sldns/str2wire.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/Changelog b/doc/Changelog index aabdcec25..5c4cb3eb1 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -10,6 +10,8 @@ reported by X41 D-Sec. - Fix OOB Read in sldns_wire2str_dname_scan(), reported by X41 D-Sec. + - Fix Out of Bounds Write in sldns_str2wire_str_buf(), + reported by X41 D-Sec. 2 December 2019: Wouter - Merge pull request #122 from he32: In tcp_callback_writer(), diff --git a/sldns/str2wire.c b/sldns/str2wire.c index 705cbc286..eea9a38b8 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -1103,7 +1103,7 @@ int sldns_str2wire_str_buf(const char* str, uint8_t* rd, size_t* len) while(sldns_parse_char(&ch, &s)) { if(sl >= 255) return RET_ERR(LDNS_WIREPARSE_ERR_INVALID_STR, s-str); - if(*len < sl+1) + if(*len < sl+2) return RET_ERR(LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, s-str); rd[++sl] = ch; From c99438c6a1b19d71ed07f152f245f15e16ff09d0 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 3 Dec 2019 16:10:34 +0100 Subject: [PATCH 069/123] - Fix Out of Bounds Write in sldns_b64_pton(), fixed by check in sldns_str2wire_int16_data_buf(), reported by X41 D-Sec. --- doc/Changelog | 3 +++ sldns/str2wire.c | 2 ++ 2 files changed, 5 insertions(+) diff --git a/doc/Changelog b/doc/Changelog index 5c4cb3eb1..00e20279f 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -12,6 +12,9 @@ reported by X41 D-Sec. - Fix Out of Bounds Write in sldns_str2wire_str_buf(), reported by X41 D-Sec. + - Fix Out of Bounds Write in sldns_b64_pton(), + fixed by check in sldns_str2wire_int16_data_buf(), + reported by X41 D-Sec. 2 December 2019: Wouter - Merge pull request #122 from he32: In tcp_callback_writer(), diff --git a/sldns/str2wire.c b/sldns/str2wire.c index eea9a38b8..358e45345 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -2104,6 +2104,8 @@ int sldns_str2wire_int16_data_buf(const char* str, uint8_t* rd, size_t* len) char* s; int n; n = strtol(str, &s, 10); + if(n < 0) /* negative number not allowed */ + return LDNS_WIREPARSE_ERR_SYNTAX; if(*len < ((size_t)n)+2) return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; if(n > 65535) From 2d444a5037acff6024630b88092d9188f2f5d8fe Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 3 Dec 2019 16:17:03 +0100 Subject: [PATCH 070/123] - Fix Insufficient Handling of Compressed Names in dname_pkt_copy(), reported by X41 D-Sec. --- doc/Changelog | 2 ++ util/data/dname.c | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/doc/Changelog b/doc/Changelog index 00e20279f..bceb443e3 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -15,6 +15,8 @@ - Fix Out of Bounds Write in sldns_b64_pton(), fixed by check in sldns_str2wire_int16_data_buf(), reported by X41 D-Sec. + - Fix Insufficient Handling of Compressed Names in dname_pkt_copy(), + reported by X41 D-Sec. 2 December 2019: Wouter - Merge pull request #122 from he32: In tcp_callback_writer(), diff --git a/util/data/dname.c b/util/data/dname.c index 0cca0a4e6..9f25e1efe 100644 --- a/util/data/dname.c +++ b/util/data/dname.c @@ -329,11 +329,17 @@ dname_pkt_hash(sldns_buffer* pkt, uint8_t* dname, hashvalue_type h) void dname_pkt_copy(sldns_buffer* pkt, uint8_t* to, uint8_t* dname) { /* copy over the dname and decompress it at the same time */ + size_t comprcount = 0; size_t len = 0; uint8_t lablen; lablen = *dname++; while(lablen) { if(LABEL_IS_PTR(lablen)) { + if(comprcount++ > MAX_COMPRESS_PTRS) { + /* too many compression pointers */ + *to = 0; /* end the result prematurely */ + return; + } /* follow pointer */ dname = sldns_buffer_at(pkt, PTR_OFFSET(lablen, *dname)); lablen = *dname++; From 6c3a0b54ed8ace93d5b5ca7b8078dc87e75cd640 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 3 Dec 2019 16:18:47 +0100 Subject: [PATCH 071/123] - Fix Out of Bound Write Compressed Names in rdata_copy(), reported by X41 D-Sec. --- doc/Changelog | 2 ++ util/data/msgreply.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/Changelog b/doc/Changelog index bceb443e3..7e592710c 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -17,6 +17,8 @@ reported by X41 D-Sec. - Fix Insufficient Handling of Compressed Names in dname_pkt_copy(), reported by X41 D-Sec. + - Fix Out of Bound Write Compressed Names in rdata_copy(), + reported by X41 D-Sec. 2 December 2019: Wouter - Merge pull request #122 from he32: In tcp_callback_writer(), diff --git a/util/data/msgreply.c b/util/data/msgreply.c index a2c09ac20..4320f312d 100644 --- a/util/data/msgreply.c +++ b/util/data/msgreply.c @@ -243,10 +243,10 @@ rdata_copy(sldns_buffer* pkt, struct packed_rrset_data* data, uint8_t* to, break; } if(len) { + log_assert(len <= pkt_len); memmove(to, sldns_buffer_current(pkt), len); to += len; sldns_buffer_skip(pkt, (ssize_t)len); - log_assert(len <= pkt_len); pkt_len -= len; } rdf++; From d3ff930b06f6b273d02662c3c6a6ecd9b60cd9cb Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 3 Dec 2019 16:20:24 +0100 Subject: [PATCH 072/123] - Fix Hang in sldns_wire2str_pkt_scan(), reported by X41 D-Sec. --- doc/Changelog | 2 ++ sldns/wire2str.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/Changelog b/doc/Changelog index 7e592710c..edda0d427 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -19,6 +19,8 @@ reported by X41 D-Sec. - Fix Out of Bound Write Compressed Names in rdata_copy(), reported by X41 D-Sec. + - Fix Hang in sldns_wire2str_pkt_scan(), + reported by X41 D-Sec. 2 December 2019: Wouter - Merge pull request #122 from he32: In tcp_callback_writer(), diff --git a/sldns/wire2str.c b/sldns/wire2str.c index 8ccc78d95..f827d848d 100644 --- a/sldns/wire2str.c +++ b/sldns/wire2str.c @@ -784,7 +784,7 @@ int sldns_wire2str_dname_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen, /* spool labels onto the string, use compression if its there */ uint8_t* pos = *d; unsigned i, counter=0; - unsigned maxcompr = 1000; /* loop detection, max compr ptrs */ + unsigned maxcompr = 256; /* loop detection, max compr ptrs */ int in_buf = 1; if(comprloop) { if(*comprloop != 0) From 534eac6ae592d79ac0d87439eed56a417cbc4b30 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 3 Dec 2019 16:21:04 +0100 Subject: [PATCH 073/123] Note what it did, lower to 256 max count. --- doc/Changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/Changelog b/doc/Changelog index edda0d427..36490b094 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -21,6 +21,7 @@ reported by X41 D-Sec. - Fix Hang in sldns_wire2str_pkt_scan(), reported by X41 D-Sec. + This further lowers the max to 256. 2 December 2019: Wouter - Merge pull request #122 from he32: In tcp_callback_writer(), From 9ce611951391f4c27321f58b409c3d811d10e978 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 3 Dec 2019 16:29:18 +0100 Subject: [PATCH 074/123] - Fix snprintf() supports the n-specifier, reported by X41 D-Sec. --- compat/snprintf.c | 7 +++++-- doc/Changelog | 2 ++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/compat/snprintf.c b/compat/snprintf.c index 97cd7061f..bab873e30 100644 --- a/compat/snprintf.c +++ b/compat/snprintf.c @@ -658,7 +658,7 @@ int vsnprintf(char* str, size_t size, const char* format, va_list arg) * are not their own functions. */ /* printout designation: - * conversion specifier: x, d, u, s, c, n, m, p + * conversion specifier: x, d, u, s, c, m, p * flags: # not supported * 0 zeropad (on the left) * - left adjust (right by default) @@ -798,7 +798,10 @@ int vsnprintf(char* str, size_t size, const char* format, va_list arg) minw, minus); break; case 'n': - *va_arg(arg, int*) = ret; + /* unsupported to harden against format string + * exploitation, + * handled like an unknown format specifier. */ + /* *va_arg(arg, int*) = ret; */ break; case 'm': print_str(&at, &left, &ret, strerror(errno), diff --git a/doc/Changelog b/doc/Changelog index 36490b094..d6f33069c 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -22,6 +22,8 @@ - Fix Hang in sldns_wire2str_pkt_scan(), reported by X41 D-Sec. This further lowers the max to 256. + - Fix snprintf() supports the n-specifier, + reported by X41 D-Sec. 2 December 2019: Wouter - Merge pull request #122 from he32: In tcp_callback_writer(), From 4a7ebfabcf5372a7524d9cb37959ccac3ce3e1e0 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 3 Dec 2019 16:34:53 +0100 Subject: [PATCH 075/123] - Fix Bad Indentation, in dnscrypt.c, reported by X41 D-Sec. --- dnscrypt/dnscrypt.c | 18 +++++++++--------- doc/Changelog | 2 ++ 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/dnscrypt/dnscrypt.c b/dnscrypt/dnscrypt.c index 4a1bd1a10..173d26c95 100644 --- a/dnscrypt/dnscrypt.c +++ b/dnscrypt/dnscrypt.c @@ -316,15 +316,15 @@ dnscrypt_server_uncurve(struct dnsc_env* env, #else return -1; #endif - } else { - if (crypto_box_beforenm(nmkey, - query_header->publickey, - cert->keypair->crypt_secretkey) != 0) { - return -1; - } - } - // Cache the shared secret we just computed. - dnsc_shared_secret_cache_insert(env->shared_secrets_cache, + } else { + if (crypto_box_beforenm(nmkey, + query_header->publickey, + cert->keypair->crypt_secretkey) != 0) { + return -1; + } + } + // Cache the shared secret we just computed. + dnsc_shared_secret_cache_insert(env->shared_secrets_cache, key, hash, nmkey); diff --git a/doc/Changelog b/doc/Changelog index d6f33069c..574c469c9 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -24,6 +24,8 @@ This further lowers the max to 256. - Fix snprintf() supports the n-specifier, reported by X41 D-Sec. + - Fix Bad Indentation, in dnscrypt.c, + reported by X41 D-Sec. 2 December 2019: Wouter - Merge pull request #122 from he32: In tcp_callback_writer(), From 68027ab14541a5e43e9f8747f953ecb9069ea0c6 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 3 Dec 2019 16:42:14 +0100 Subject: [PATCH 076/123] - Fix Client NONCE Generation used for Server NONCE, reported by X41 D-Sec. --- dnscrypt/dnscrypt.c | 15 +-------------- doc/Changelog | 2 ++ 2 files changed, 3 insertions(+), 14 deletions(-) diff --git a/dnscrypt/dnscrypt.c b/dnscrypt/dnscrypt.c index 173d26c95..6d187a748 100644 --- a/dnscrypt/dnscrypt.c +++ b/dnscrypt/dnscrypt.c @@ -442,20 +442,7 @@ dnscrypt_hrtime(void) static void add_server_nonce(uint8_t *nonce) { - uint64_t ts; - uint64_t tsn; - uint32_t suffix; - ts = dnscrypt_hrtime(); - // TODO? dnscrypt-wrapper does some logic with context->nonce_ts_last - // unclear if we really need it, so skipping it for now. - tsn = (ts << 10) | (randombytes_random() & 0x3ff); -#if (BYTE_ORDER == LITTLE_ENDIAN) - tsn = - (((uint64_t)htonl((uint32_t)tsn)) << 32) | htonl((uint32_t)(tsn >> 32)); -#endif - memcpy(nonce + crypto_box_HALF_NONCEBYTES, &tsn, 8); - suffix = randombytes_random(); - memcpy(nonce + crypto_box_HALF_NONCEBYTES + 8, &suffix, 4); + randombytes_buf(nonce + crypto_box_HALF_NONCEBYTES, 8/*tsn*/+4/*suffix*/); } /** diff --git a/doc/Changelog b/doc/Changelog index 574c469c9..099db0484 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -26,6 +26,8 @@ reported by X41 D-Sec. - Fix Bad Indentation, in dnscrypt.c, reported by X41 D-Sec. + - Fix Client NONCE Generation used for Server NONCE, + reported by X41 D-Sec. 2 December 2019: Wouter - Merge pull request #122 from he32: In tcp_callback_writer(), From b6f0b1af86ba1916e32357e96249791c51f45b2f Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 3 Dec 2019 16:44:24 +0100 Subject: [PATCH 077/123] - Fix compile error in dnscrypt. --- dnscrypt/dnscrypt.c | 2 +- doc/Changelog | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/dnscrypt/dnscrypt.c b/dnscrypt/dnscrypt.c index 6d187a748..843735018 100644 --- a/dnscrypt/dnscrypt.c +++ b/dnscrypt/dnscrypt.c @@ -722,7 +722,7 @@ dnsc_load_local_data(struct dnsc_env* dnscenv, struct config_file *cfg) if((unsigned)strlen(dnscenv->provider_name) >= (unsigned)0xffff0000) { /* guard against integer overflow in rrlen calculation */ verbose(VERB_OPS, "cert #%" PRIu32 " is too long", serial); - continue + continue; } rrlen = strlen(dnscenv->provider_name) + strlen(ttl_class_type) + diff --git a/doc/Changelog b/doc/Changelog index 099db0484..6b646b3f1 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -28,6 +28,7 @@ reported by X41 D-Sec. - Fix Client NONCE Generation used for Server NONCE, reported by X41 D-Sec. + - Fix compile error in dnscrypt. 2 December 2019: Wouter - Merge pull request #122 from he32: In tcp_callback_writer(), From c4c1f9e5efe9b9148433cfda042db47c99a917bf Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 3 Dec 2019 17:07:35 +0100 Subject: [PATCH 078/123] - Fix _vfixed not Used, removed from sbuffer code, reported by X41 D-Sec. --- doc/Changelog | 2 ++ sldns/sbuffer.c | 33 ------------------------ sldns/sbuffer.h | 68 ++++++------------------------------------------- 3 files changed, 10 insertions(+), 93 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index 6b646b3f1..08a225157 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -29,6 +29,8 @@ - Fix Client NONCE Generation used for Server NONCE, reported by X41 D-Sec. - Fix compile error in dnscrypt. + - Fix _vfixed not Used, removed from sbuffer code, + reported by X41 D-Sec. 2 December 2019: Wouter - Merge pull request #122 from he32: In tcp_callback_writer(), diff --git a/sldns/sbuffer.c b/sldns/sbuffer.c index 4ac83977e..f0f1fbd91 100644 --- a/sldns/sbuffer.c +++ b/sldns/sbuffer.c @@ -33,7 +33,6 @@ sldns_buffer_new(size_t capacity) buffer->_position = 0; buffer->_limit = buffer->_capacity = capacity; buffer->_fixed = 0; - buffer->_vfixed = 0; buffer->_status_err = 0; sldns_buffer_invariant(buffer); @@ -49,7 +48,6 @@ sldns_buffer_new_frm_data(sldns_buffer *buffer, void *data, size_t size) buffer->_position = 0; buffer->_limit = buffer->_capacity = size; buffer->_fixed = 0; - buffer->_vfixed = 0; if (!buffer->_fixed && buffer->_data) free(buffer->_data); buffer->_data = malloc(size); @@ -70,17 +68,6 @@ sldns_buffer_init_frm_data(sldns_buffer *buffer, void *data, size_t size) buffer->_data = data; buffer->_capacity = buffer->_limit = size; buffer->_fixed = 1; - buffer->_vfixed = 0; -} - -void -sldns_buffer_init_vfixed_frm_data(sldns_buffer *buffer, void *data, size_t size) -{ - memset(buffer, 0, sizeof(*buffer)); - buffer->_data = data; - buffer->_capacity = buffer->_limit = size; - buffer->_fixed = 1; - buffer->_vfixed = 1; } int @@ -141,19 +128,6 @@ sldns_buffer_printf(sldns_buffer *buffer, const char *format, ...) if (written == -1) { buffer->_status_err = 1; return -1; - } else if (!buffer->_vfixed && (size_t) written >= remaining) { - if (!sldns_buffer_reserve(buffer, (size_t) written + 1)) { - buffer->_status_err = 1; - return -1; - } - va_start(args, format); - written = vsnprintf((char *) sldns_buffer_current(buffer), - sldns_buffer_remaining(buffer), format, args); - va_end(args); - if (written == -1) { - buffer->_status_err = 1; - return -1; - } } buffer->_position += written; } @@ -173,13 +147,6 @@ sldns_buffer_free(sldns_buffer *buffer) free(buffer); } -void * -sldns_buffer_export(sldns_buffer *buffer) -{ - buffer->_fixed = 1; - return buffer->_data; -} - void sldns_buffer_copy(sldns_buffer* result, sldns_buffer* from) { diff --git a/sldns/sbuffer.h b/sldns/sbuffer.h index 2241640dd..5dbe988cd 100644 --- a/sldns/sbuffer.h +++ b/sldns/sbuffer.h @@ -130,17 +130,6 @@ struct sldns_buffer /** If the buffer is fixed it cannot be resized */ unsigned _fixed : 1; - /** If the buffer is vfixed, no more than capacity bytes will be - * written to _data, however the _position counter will be updated - * with the amount that would have been written in consecutive - * writes. This allows for a modus operandi in which a sequence is - * written on a fixed capacity buffer (perhaps with _data on stack). - * When everything could be written, then the _data is immediately - * usable, if not, then a buffer could be allocated sized precisely - * to fit the data for a second attempt. - */ - unsigned _vfixed : 1; - /** The current state of the buffer. If writing to the buffer fails * for any reason, this value is changed. This way, you can perform * multiple writes in sequence and check for success afterwards. */ @@ -158,9 +147,9 @@ INLINE void sldns_buffer_invariant(sldns_buffer *buffer) { assert(buffer != NULL); - assert(buffer->_position <= buffer->_limit || buffer->_vfixed); + assert(buffer->_position <= buffer->_limit); assert(buffer->_limit <= buffer->_capacity); - assert(buffer->_data != NULL || (buffer->_vfixed && buffer->_capacity == 0 && buffer->_limit == 0)); + assert(buffer->_data != NULL); } #endif @@ -192,19 +181,6 @@ void sldns_buffer_new_frm_data(sldns_buffer *buffer, void *data, size_t size); */ void sldns_buffer_init_frm_data(sldns_buffer *buffer, void *data, size_t size); -/** - * Setup a buffer with the data pointed to. No data copied, no memory allocs. - * The buffer is "virtually" fixed. Writes beyond size (the capacity) will - * only update position, but no data will be written beyond capacity. This - * allows to determine how big the buffer should have been to contain all the - * written data, by looking at the position with sldns_buffer_position(), - * similarly to the return value of POSIX's snprintf. - * \param[in] buffer pointer to the buffer to put the data in - * \param[in] data the data to encapsulate in the buffer - * \param[in] size the size of the data - */ -void sldns_buffer_init_vfixed_frm_data(sldns_buffer *buffer, void *data, size_t size); - /** * clears the buffer and make it ready for writing. The buffer's limit * is set to the capacity and the position is set to 0. @@ -268,7 +244,7 @@ sldns_buffer_position(sldns_buffer *buffer) INLINE void sldns_buffer_set_position(sldns_buffer *buffer, size_t mark) { - assert(mark <= buffer->_limit || buffer->_vfixed); + assert(mark <= buffer->_limit); buffer->_position = mark; } @@ -282,7 +258,7 @@ sldns_buffer_set_position(sldns_buffer *buffer, size_t mark) INLINE void sldns_buffer_skip(sldns_buffer *buffer, ssize_t count) { - assert(buffer->_position + count <= buffer->_limit || buffer->_vfixed); + assert(buffer->_position + count <= buffer->_limit); buffer->_position += count; } @@ -354,7 +330,7 @@ int sldns_buffer_reserve(sldns_buffer *buffer, size_t amount); INLINE uint8_t * sldns_buffer_at(const sldns_buffer *buffer, size_t at) { - assert(at <= buffer->_limit || buffer->_vfixed); + assert(at <= buffer->_limit); return buffer->_data + at; } @@ -404,7 +380,7 @@ INLINE size_t sldns_buffer_remaining_at(sldns_buffer *buffer, size_t at) { sldns_buffer_invariant(buffer); - assert(at <= buffer->_limit || buffer->_vfixed); + assert(at <= buffer->_limit); return at < buffer->_limit ? buffer->_limit - at : 0; } @@ -457,15 +433,7 @@ sldns_buffer_available(sldns_buffer *buffer, size_t count) INLINE void sldns_buffer_write_at(sldns_buffer *buffer, size_t at, const void *data, size_t count) { - if (!buffer->_vfixed) - assert(sldns_buffer_available_at(buffer, at, count)); - else if (sldns_buffer_remaining_at(buffer, at) == 0) - return; - else if (count > sldns_buffer_remaining_at(buffer, at)) { - memcpy(buffer->_data + at, data, - sldns_buffer_remaining_at(buffer, at)); - return; - } + assert(sldns_buffer_available_at(buffer, at, count)); memcpy(buffer->_data + at, data, count); } @@ -480,15 +448,7 @@ sldns_buffer_write_at(sldns_buffer *buffer, size_t at, const void *data, size_t INLINE void sldns_buffer_set_at(sldns_buffer *buffer, size_t at, int c, size_t count) { - if (!buffer->_vfixed) - assert(sldns_buffer_available_at(buffer, at, count)); - else if (sldns_buffer_remaining_at(buffer, at) == 0) - return; - else if (count > sldns_buffer_remaining_at(buffer, at)) { - memset(buffer->_data + at, c, - sldns_buffer_remaining_at(buffer, at)); - return; - } + assert(sldns_buffer_available_at(buffer, at, count)); memset(buffer->_data + at, c, count); } @@ -538,7 +498,6 @@ sldns_buffer_write_string(sldns_buffer *buffer, const char *str) INLINE void sldns_buffer_write_u8_at(sldns_buffer *buffer, size_t at, uint8_t data) { - if (buffer->_vfixed && at + sizeof(data) > buffer->_limit) return; assert(sldns_buffer_available_at(buffer, at, sizeof(data))); buffer->_data[at] = data; } @@ -564,7 +523,6 @@ sldns_buffer_write_u8(sldns_buffer *buffer, uint8_t data) INLINE void sldns_buffer_write_u16_at(sldns_buffer *buffer, size_t at, uint16_t data) { - if (buffer->_vfixed && at + sizeof(data) > buffer->_limit) return; assert(sldns_buffer_available_at(buffer, at, sizeof(data))); sldns_write_uint16(buffer->_data + at, data); } @@ -590,7 +548,6 @@ sldns_buffer_write_u16(sldns_buffer *buffer, uint16_t data) INLINE void sldns_buffer_write_u32_at(sldns_buffer *buffer, size_t at, uint32_t data) { - if (buffer->_vfixed && at + sizeof(data) > buffer->_limit) return; assert(sldns_buffer_available_at(buffer, at, sizeof(data))); sldns_write_uint32(buffer->_data + at, data); } @@ -604,7 +561,6 @@ sldns_buffer_write_u32_at(sldns_buffer *buffer, size_t at, uint32_t data) INLINE void sldns_buffer_write_u48_at(sldns_buffer *buffer, size_t at, uint64_t data) { - if (buffer->_vfixed && at + 6 > buffer->_limit) return; assert(sldns_buffer_available_at(buffer, at, 6)); sldns_write_uint48(buffer->_data + at, data); } @@ -780,14 +736,6 @@ int sldns_buffer_printf(sldns_buffer *buffer, const char *format, ...) */ void sldns_buffer_free(sldns_buffer *buffer); -/** - * Makes the buffer fixed and returns a pointer to the data. The - * caller is responsible for free'ing the result. - * \param[in] *buffer the buffer to be exported - * \return void - */ -void *sldns_buffer_export(sldns_buffer *buffer); - /** * Copy contents of the from buffer to the result buffer and then flips * the result buffer. Data will be silently truncated if the result buffer is From 4106308bd5e92f819604ed8c75fdbf39bf04b905 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 3 Dec 2019 17:23:38 +0100 Subject: [PATCH 079/123] - Fix Hardcoded Constant, reported by X41 D-Sec. --- doc/Changelog | 1 + sldns/wire2str.c | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/Changelog b/doc/Changelog index 08a225157..05af5220d 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -31,6 +31,7 @@ - Fix compile error in dnscrypt. - Fix _vfixed not Used, removed from sbuffer code, reported by X41 D-Sec. + - Fix Hardcoded Constant, reported by X41 D-Sec. 2 December 2019: Wouter - Merge pull request #122 from he32: In tcp_callback_writer(), diff --git a/sldns/wire2str.c b/sldns/wire2str.c index f827d848d..d0d1632d4 100644 --- a/sldns/wire2str.c +++ b/sldns/wire2str.c @@ -22,6 +22,7 @@ #include "sldns/parseutil.h" #include "sldns/sbuffer.h" #include "sldns/keyraw.h" +#include "util/data/dname.h" #ifdef HAVE_TIME_H #include #endif @@ -784,7 +785,7 @@ int sldns_wire2str_dname_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen, /* spool labels onto the string, use compression if its there */ uint8_t* pos = *d; unsigned i, counter=0; - unsigned maxcompr = 256; /* loop detection, max compr ptrs */ + unsigned maxcompr = MAX_COMPRESS_PTRS; /* loop detection, max compr ptrs */ int in_buf = 1; if(comprloop) { if(*comprloop != 0) From 8f79119826bc192fafad8946a40c0edbbae989ee Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 3 Dec 2019 17:28:51 +0100 Subject: [PATCH 080/123] - make depend --- Makefile.in | 527 ++++++++++++++++++++++++-------------------------- doc/Changelog | 1 + 2 files changed, 249 insertions(+), 279 deletions(-) diff --git a/Makefile.in b/Makefile.in index 8452b1f5c..721c01b6a 100644 --- a/Makefile.in +++ b/Makefile.in @@ -654,9 +654,9 @@ infra.lo infra.o: $(srcdir)/services/cache/infra.c config.h $(srcdir)/sldns/rrde $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/services/cache/infra.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/iterator/iterator.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lookup3.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/iterator/iterator.h \ $(srcdir)/services/outbound_list.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h rrset.lo rrset.o: $(srcdir)/services/cache/rrset.c config.h $(srcdir)/services/cache/rrset.h \ @@ -681,11 +681,11 @@ msgparse.lo msgparse.o: $(srcdir)/util/data/msgparse.c config.h $(srcdir)/util/d msgreply.lo msgreply.o: $(srcdir)/util/data/msgreply.c config.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/regional.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/util/data/msgencode.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/module.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgencode.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h \ + $(srcdir)/util/module.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ + $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h packed_rrset.lo packed_rrset.o: $(srcdir)/util/data/packed_rrset.c config.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/regional.h \ @@ -699,11 +699,11 @@ iterator.lo iterator.o: $(srcdir)/iterator/iterator.c config.h $(srcdir)/iterato $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_scrub.h $(srcdir)/iterator/iter_priv.h \ $(srcdir)/validator/val_neg.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h \ $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ - $(srcdir)/services/modstack.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/data/msgencode.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/random.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/parseutil.h \ - $(srcdir)/sldns/sbuffer.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/services/authzone.h \ + $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/random.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h \ + $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h iter_delegpt.lo iter_delegpt.o: $(srcdir)/iterator/iter_delegpt.c config.h $(srcdir)/iterator/iter_delegpt.h \ $(srcdir)/util/log.h $(srcdir)/services/cache/dns.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h \ @@ -745,18 +745,19 @@ iter_utils.lo iter_utils.o: $(srcdir)/iterator/iter_utils.c config.h $(srcdir)/i $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_fwd.h \ $(srcdir)/iterator/iter_donotq.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_priv.h \ $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/validator/val_anchor.h \ - $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_utils.h \ - $(srcdir)/validator/val_sigcrypt.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/services/cache/dns.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/util/random.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \ + $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h \ + $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/sldns/str2wire.h listen_dnsport.lo listen_dnsport.o: $(srcdir)/services/listen_dnsport.c config.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/mesh.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/services/modstack.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h localzone.lo localzone.o: $(srcdir)/services/localzone.c config.h $(srcdir)/services/localzone.h \ @@ -766,15 +767,16 @@ localzone.lo localzone.o: $(srcdir)/services/localzone.c config.h $(srcdir)/serv $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/data/msgencode.h $(srcdir)/util/net_help.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/as112.h + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ + $(srcdir)/util/as112.h mesh.lo mesh.o: $(srcdir)/services/mesh.c config.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h $(srcdir)/services/outbound_list.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ - $(srcdir)/util/data/msgencode.h $(srcdir)/util/timehist.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ - $(srcdir)/util/alloc.h $(srcdir)/util/config_file.h $(srcdir)/util/edns.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/dns.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/regional.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/timehist.h $(srcdir)/util/fptr_wlist.h \ + $(srcdir)/util/tube.h $(srcdir)/util/alloc.h $(srcdir)/util/config_file.h $(srcdir)/util/edns.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/sldns/wire2str.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/services/view.h $(srcdir)/util/data/dname.h $(srcdir)/respip/respip.h \ $(srcdir)/services/listen_dnsport.h @@ -782,14 +784,11 @@ modstack.lo modstack.o: $(srcdir)/services/modstack.c config.h $(srcdir)/service $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ - $(srcdir)/respip/respip.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/services/view.h $(PYTHONMOD_HEADER) $(srcdir)/ipsecmod/ipsecmod.h \ - $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \ - $(srcdir)/ipset/ipset.h + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ + $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/dns64/dns64.h \ + $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h \ + $(srcdir)/validator/val_utils.h $(srcdir)/respip/respip.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h view.lo view.o: $(srcdir)/services/view.c config.h $(srcdir)/services/view.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \ @@ -798,35 +797,35 @@ view.lo view.o: $(srcdir)/services/view.c config.h $(srcdir)/services/view.h $(s outbound_list.lo outbound_list.o: $(srcdir)/services/outbound_list.c config.h \ $(srcdir)/services/outbound_list.h $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h outside_network.lo outside_network.o: $(srcdir)/services/outside_network.c config.h \ $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/iterator/iterator.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/listen_dnsport.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgencode.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h \ + $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/dnstap/dnstap.h \ alloc.lo alloc.o: $(srcdir)/util/alloc.c config.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/regional.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h config_file.lo config_file.o: $(srcdir)/util/config_file.c config.h $(srcdir)/util/log.h \ $(srcdir)/util/configyyrename.h $(srcdir)/util/config_file.h util/configparser.h \ $(srcdir)/util/net_help.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/modstack.h $(srcdir)/util/data/dname.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h \ - $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/edns-subnet/edns-subnet.h \ - $(srcdir)/util/iana_ports.inc + $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/util/iana_ports.inc configlexer.lo configlexer.o: util/configlexer.c config.h $(srcdir)/util/configyyrename.h \ $(srcdir)/util/config_file.h util/configparser.h configparser.lo configparser.o: util/configparser.c config.h $(srcdir)/util/configyyrename.h \ @@ -836,7 +835,7 @@ shm_main.lo shm_main.o: $(srcdir)/util/shm_side/shm_main.c config.h $(srcdir)/ut $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \ $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/services/mesh.h \ $(srcdir)/util/rbtree.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ @@ -845,33 +844,31 @@ shm_main.lo shm_main.o: $(srcdir)/util/shm_side/shm_main.c config.h $(srcdir)/ut $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h authzone.lo authzone.o: $(srcdir)/services/authzone.c config.h $(srcdir)/services/authzone.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/random.h $(srcdir)/services/cache/dns.h \ - $(srcdir)/services/outside_network.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/services/modstack.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h \ + $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/util/random.h \ + $(srcdir)/services/cache/dns.h $(srcdir)/services/outside_network.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h \ $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/keyraw.h \ $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_secalgo.h fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h $(srcdir)/services/outside_network.h \ - $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/services/view.h $(srcdir)/services/authzone.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h \ - $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \ - $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h \ - $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h \ - $(srcdir)/validator/val_neg.h $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h \ - $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/util/config_file.h $(srcdir)/respip/respip.h $(PYTHONMOD_HEADER) \ - $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/net_help.h \ - $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/ipset/ipset.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h \ + $(srcdir)/services/outside_network.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/services/authzone.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/validator/validator.h \ + $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_nsec3.h \ + $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_neg.h \ + $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h $(srcdir)/libunbound/context.h \ + $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h \ + $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/respip/respip.h locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h @@ -879,13 +876,14 @@ module.lo module.o: $(srcdir)/util/module.c config.h $(srcdir)/util/module.h $(s $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/ub_event.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/tcp_conn_limit.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ - $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/services/listen_dnsport.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h $(srcdir)/util/tcp_conn_limit.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/fptr_wlist.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/services/listen_dnsport.h \ net_help.lo net_help.o: $(srcdir)/util/net_help.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \ @@ -896,10 +894,10 @@ net_help.lo net_help.o: $(srcdir)/util/net_help.c config.h $(srcdir)/util/net_he random.lo random.o: $(srcdir)/util/random.c config.h $(srcdir)/util/random.h $(srcdir)/util/log.h rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h regional.lo regional.o: $(srcdir)/util/regional.c config.h $(srcdir)/util/log.h $(srcdir)/util/regional.h rtt.lo rtt.o: $(srcdir)/util/rtt.c config.h $(srcdir)/util/rtt.h $(srcdir)/iterator/iterator.h \ $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ @@ -907,19 +905,19 @@ rtt.lo rtt.o: $(srcdir)/util/rtt.c config.h $(srcdir)/util/rtt.h $(srcdir)/itera $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h edns.lo edns.o: $(srcdir)/util/edns.c config.h $(srcdir)/util/edns.h $(srcdir)/util/config_file.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/regional.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/regional.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h dnstree.lo dnstree.o: $(srcdir)/util/storage/dnstree.c config.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/log.h $(srcdir)/util/net_help.h lookup3.lo lookup3.o: $(srcdir)/util/storage/lookup3.c config.h $(srcdir)/util/storage/lookup3.h lruhash.lo lruhash.o: $(srcdir)/util/storage/lruhash.c config.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h slabhash.lo slabhash.o: $(srcdir)/util/storage/slabhash.c config.h $(srcdir)/util/storage/slabhash.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h tcp_conn_limit.lo tcp_conn_limit.o: $(srcdir)/util/tcp_conn_limit.c config.h $(srcdir)/util/regional.h \ @@ -931,20 +929,20 @@ tcp_conn_limit.lo tcp_conn_limit.o: $(srcdir)/util/tcp_conn_limit.c config.h $(s timehist.lo timehist.o: $(srcdir)/util/timehist.c config.h $(srcdir)/util/timehist.h $(srcdir)/util/log.h tube.lo tube.o: $(srcdir)/util/tube.c config.h $(srcdir)/util/tube.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h $(srcdir)/util/ub_event.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/mesh.h \ + $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/ub_event.h ub_event.lo ub_event.o: $(srcdir)/util/ub_event.c config.h $(srcdir)/util/ub_event.h $(srcdir)/util/log.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/tube.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/tube.h \ ub_event_pluggable.lo ub_event_pluggable.o: $(srcdir)/util/ub_event_pluggable.c config.h $(srcdir)/util/ub_event.h \ $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ $(srcdir)/services/modstack.h \ winsock_event.lo winsock_event.o: $(srcdir)/util/winsock_event.c config.h @@ -955,9 +953,9 @@ autotrust.lo autotrust.o: $(srcdir)/validator/autotrust.c config.h $(srcdir)/val $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h \ $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/random.h $(srcdir)/services/mesh.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/services/modstack.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/validator/val_kcache.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h \ - $(srcdir)/sldns/keyraw.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/services/modstack.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/validator/val_kcache.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h \ val_anchor.lo val_anchor.o: $(srcdir)/validator/val_anchor.c config.h $(srcdir)/validator/val_anchor.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_sigcrypt.h \ @@ -975,7 +973,7 @@ validator.lo validator.o: $(srcdir)/validator/validator.c config.h $(srcdir)/val $(srcdir)/validator/autotrust.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h \ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ $(srcdir)/services/modstack.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h val_kcache.lo val_kcache.o: $(srcdir)/validator/val_kcache.c config.h $(srcdir)/validator/val_kcache.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ @@ -1035,30 +1033,16 @@ dns64.lo dns64.o: $(srcdir)/dns64/dns64.c config.h $(srcdir)/dns64/dns64.h $(src $(srcdir)/sldns/rrdef.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/data/dname.h \ - $(srcdir)/sldns/str2wire.h -edns-subnet.lo edns-subnet.o: $(srcdir)/edns-subnet/edns-subnet.c config.h \ - $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h -subnetmod.lo subnetmod.o: $(srcdir)/edns-subnet/subnetmod.c config.h $(srcdir)/edns-subnet/subnetmod.h \ - $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h $(srcdir)/edns-subnet/addrtree.h \ - $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/edns-subnet/subnet-whitelist.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/services/modstack.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/modstack.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h +edns-subnet.lo edns-subnet.o: $(srcdir)/edns-subnet/edns-subnet.c config.h +subnetmod.lo subnetmod.o: $(srcdir)/edns-subnet/subnetmod.c config.h addrtree.lo addrtree.o: $(srcdir)/edns-subnet/addrtree.c config.h $(srcdir)/util/log.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/edns-subnet/addrtree.h -subnet-whitelist.lo subnet-whitelist.o: $(srcdir)/edns-subnet/subnet-whitelist.c config.h \ - $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ - $(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h +subnet-whitelist.lo subnet-whitelist.o: $(srcdir)/edns-subnet/subnet-whitelist.c config.h cachedb.lo cachedb.o: $(srcdir)/cachedb/cachedb.c config.h redis.lo redis.o: $(srcdir)/cachedb/redis.c config.h respip.lo respip.o: $(srcdir)/respip/respip.c config.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \ @@ -1067,36 +1051,24 @@ respip.lo respip.o: $(srcdir)/respip/respip.c config.h $(srcdir)/services/localz $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h \ $(srcdir)/services/cache/dns.h $(srcdir)/sldns/str2wire.h $(srcdir)/util/config_file.h \ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ $(srcdir)/services/modstack.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/respip/respip.h checklocks.lo checklocks.o: $(srcdir)/testcode/checklocks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/testcode/checklocks.h dnstap.lo dnstap.o: $(srcdir)/dnstap/dnstap.c config.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ + $(srcdir)/util/locks.h $(srcdir)/dnstap/dnstap.h \ dnstap/dnstap.pb-c.h dnstap.pb-c.lo dnstap.pb-c.o: dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h \ -ipsecmod.lo ipsecmod.o: $(srcdir)/ipsecmod/ipsecmod.c config.h $(srcdir)/ipsecmod/ipsecmod.h \ - $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/rbtree.h $(srcdir)/ipsecmod/ipsecmod-whitelist.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/config_file.h $(srcdir)/services/cache/dns.h $(srcdir)/sldns/wire2str.h -ipsecmod-whitelist.lo ipsecmod-whitelist.o: $(srcdir)/ipsecmod/ipsecmod-whitelist.c config.h \ - $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/rbtree.h \ - $(srcdir)/ipsecmod/ipsecmod-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/regional.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h -ipset.lo ipset.o: $(srcdir)/ipset/ipset.c config.h $(srcdir)/ipset/ipset.h $(srcdir)/util/module.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h +dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ + $(srcdir)/util/locks.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/storage/lookup3.h +ipsecmod.lo ipsecmod.o: $(srcdir)/ipsecmod/ipsecmod.c config.h +ipsecmod-whitelist.lo ipsecmod-whitelist.o: $(srcdir)/ipsecmod/ipsecmod-whitelist.c config.h unitanchor.lo unitanchor.o: $(srcdir)/testcode/unitanchor.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/testcode/unitmain.h \ $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h @@ -1113,7 +1085,7 @@ unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/libunbound/unbound.h $(srcdir)/services/cache/infra.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/random.h $(srcdir)/respip/respip.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/random.h $(srcdir)/respip/respip.h \ $(srcdir)/services/localzone.h $(srcdir)/services/view.h unitmsgparse.lo unitmsgparse.o: $(srcdir)/testcode/unitmsgparse.c config.h $(srcdir)/util/log.h \ $(srcdir)/testcode/unitmain.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \ @@ -1145,19 +1117,15 @@ testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcod $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h unitldns.lo unitldns.o: $(srcdir)/testcode/unitldns.c config.h $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h -unitecs.lo unitecs.o: $(srcdir)/testcode/unitecs.c config.h $(srcdir)/util/log.h $(srcdir)/util/module.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/testcode/unitmain.h $(srcdir)/edns-subnet/addrtree.h \ - $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h $(srcdir)/edns-subnet/edns-subnet.h +unitecs.lo unitecs.o: $(srcdir)/testcode/unitecs.c config.h unitauth.lo unitauth.o: $(srcdir)/testcode/unitauth.c config.h $(srcdir)/services/authzone.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h \ - $(srcdir)/testcode/unitmain.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/sbuffer.h + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/services/modstack.h $(srcdir)/testcode/unitmain.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/config_file.h $(srcdir)/services/cache/dns.h $(srcdir)/sldns/str2wire.h \ + $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/sbuffer.h acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \ $(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ @@ -1168,24 +1136,24 @@ cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h \ $(srcdir)/daemon/cachedump.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \ - $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \ - $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h \ - $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/sldns/wire2str.h \ - $(srcdir)/sldns/str2wire.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \ + $(srcdir)/dnstap/dnstap.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/regional.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h \ + $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ + $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \ $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ $(srcdir)/daemon/worker.h \ $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ + $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h $(srcdir)/services/listen_dnsport.h \ @@ -1197,52 +1165,53 @@ remote.lo remote.o: $(srcdir)/daemon/remote.c config.h \ $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ - $(srcdir)/services/modstack.h $(srcdir)/daemon/cachedump.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \ - $(srcdir)/services/view.h $(srcdir)/services/authzone.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ - $(srcdir)/util/data/dname.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ - $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_anchor.h \ - $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \ - $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/services/outside_network.h \ - $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \ + $(srcdir)/daemon/cachedump.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ + $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h \ + $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/services/authzone.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/data/dname.h $(srcdir)/validator/validator.h \ + $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h \ + $(srcdir)/validator/val_anchor.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \ + $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_delegpt.h \ + $(srcdir)/services/outside_network.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/parseutil.h \ + $(srcdir)/sldns/wire2str.h stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/outside_network.h $(srcdir)/services/listen_dnsport.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ - $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rtt.h $(srcdir)/services/authzone.h $(srcdir)/validator/val_kcache.h \ - $(srcdir)/validator/val_neg.h $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/edns-subnet/addrtree.h \ - $(srcdir)/edns-subnet/edns-subnet.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h \ + $(srcdir)/services/listen_dnsport.h $(srcdir)/util/config_file.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \ + $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/iterator/iterator.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \ + $(srcdir)/services/authzone.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h \ unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h \ $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ $(srcdir)/daemon/remote.h \ $(srcdir)/util/config_file.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/ub_event.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ - $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \ + $(srcdir)/daemon/remote.h \ $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \ @@ -1255,16 +1224,15 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(sr $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/testcode/testpkts.h \ $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h \ - $(srcdir)/daemon/remote.h \ - $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c $(srcdir)/util/log.h \ - $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h $(srcdir)/daemon/remote.h \ + $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c $(srcdir)/daemon/daemon.h \ + $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/services/listen_dnsport.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcode/testpkts.h \ $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h @@ -1272,10 +1240,11 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(sr $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ - $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \ + $(srcdir)/daemon/remote.h \ $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \ @@ -1297,9 +1266,9 @@ daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \ $(srcdir)/daemon/worker.h \ $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ + $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h $(srcdir)/services/listen_dnsport.h \ @@ -1310,37 +1279,38 @@ stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(s $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/outside_network.h $(srcdir)/services/listen_dnsport.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ - $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rtt.h $(srcdir)/services/authzone.h $(srcdir)/validator/val_kcache.h \ - $(srcdir)/validator/val_neg.h $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/edns-subnet/addrtree.h \ - $(srcdir)/edns-subnet/edns-subnet.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h \ + $(srcdir)/services/listen_dnsport.h $(srcdir)/util/config_file.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \ + $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/iterator/iterator.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \ + $(srcdir)/services/authzone.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h \ replay.lo replay.o: $(srcdir)/testcode/replay.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/testcode/testpkts.h $(srcdir)/util/rbtree.h \ - $(srcdir)/testcode/fake_event.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h \ + $(srcdir)/testcode/testpkts.h $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h $(srcdir)/sldns/str2wire.h \ + $(srcdir)/sldns/rrdef.h fake_event.lo fake_event.o: $(srcdir)/testcode/fake_event.c config.h $(srcdir)/testcode/fake_event.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/config_file.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \ - $(srcdir)/util/rbtree.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h $(srcdir)/testcode/replay.h $(srcdir)/testcode/testpkts.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ - $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/config_file.h $(srcdir)/services/listen_dnsport.h \ + $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \ + $(srcdir)/testcode/replay.h $(srcdir)/testcode/testpkts.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \ + $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h lock_verify.lo lock_verify.o: $(srcdir)/testcode/lock_verify.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ - $(srcdir)/services/modstack.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ + $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h pktview.lo pktview.o: $(srcdir)/testcode/pktview.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/testcode/unitmain.h $(srcdir)/testcode/readhex.h $(srcdir)/sldns/sbuffer.h \ @@ -1349,10 +1319,10 @@ readhex.lo readhex.o: $(srcdir)/testcode/readhex.c config.h $(srcdir)/testcode/r $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h memstats.lo memstats.o: $(srcdir)/testcode/memstats.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ - $(srcdir)/services/modstack.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ + $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h unbound-checkconf.lo unbound-checkconf.o: $(srcdir)/smallapp/unbound-checkconf.c config.h $(srcdir)/util/log.h \ $(srcdir)/util/config_file.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ @@ -1361,17 +1331,16 @@ unbound-checkconf.lo unbound-checkconf.o: $(srcdir)/smallapp/unbound-checkconf.c $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/services/localzone.h \ $(srcdir)/services/view.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/services/modstack.h \ - $(srcdir)/respip/respip.h $(srcdir)/sldns/sbuffer.h $(PYTHONMOD_HEADER) \ - $(srcdir)/edns-subnet/subnet-whitelist.h + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ + $(srcdir)/services/modstack.h $(srcdir)/respip/respip.h $(srcdir)/sldns/sbuffer.h worker_cb.lo worker_cb.o: $(srcdir)/smallapp/worker_cb.c config.h $(srcdir)/libunbound/context.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/tube.h $(srcdir)/services/mesh.h context.lo context.o: $(srcdir)/libunbound/context.c config.h $(srcdir)/libunbound/context.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/data/packed_rrset.h \ @@ -1380,8 +1349,8 @@ context.lo context.o: $(srcdir)/libunbound/context.c config.h $(srcdir)/libunbou $(srcdir)/util/net_help.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/services/view.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ - $(srcdir)/sldns/sbuffer.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/services/authzone.h \ + $(srcdir)/services/mesh.h $(srcdir)/sldns/sbuffer.h libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbound/unbound.h \ $(srcdir)/libunbound/unbound-event.h config.h $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h \ $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ @@ -1391,7 +1360,7 @@ libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbou $(srcdir)/util/random.h $(srcdir)/util/net_help.h $(srcdir)/util/tube.h $(srcdir)/util/ub_event.h \ $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/services/cache/rrset.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ $(srcdir)/sldns/sbuffer.h libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h \ @@ -1400,14 +1369,15 @@ libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h \ $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h \ $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/outside_network.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h \ - $(srcdir)/services/authzone.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/regional.h \ - $(srcdir)/util/random.h $(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h \ - $(srcdir)/iterator/iter_hints.h $(srcdir)/sldns/str2wire.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/services/mesh.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/services/view.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/services/authzone.h $(srcdir)/util/fptr_wlist.h \ + $(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \ + $(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ + $(srcdir)/sldns/str2wire.h unbound-host.lo unbound-host.o: $(srcdir)/smallapp/unbound-host.c config.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h \ @@ -1441,18 +1411,17 @@ pythonmod_utils.lo pythonmod_utils.o: $(srcdir)/pythonmod/pythonmod_utils.c conf $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/regional.h \ - $(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h \ - + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/net_help.h \ + $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/util/regional.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h $(srcdir)/winrc/win_svc.h $(srcdir)/winrc/w_inst.h \ $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ $(srcdir)/daemon/worker.h \ $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ + $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h w_inst.lo w_inst.o: $(srcdir)/winrc/w_inst.c config.h $(srcdir)/winrc/w_inst.h $(srcdir)/winrc/win_svc.h unbound-service-install.lo unbound-service-install.o: $(srcdir)/winrc/unbound-service-install.c config.h \ @@ -1468,7 +1437,7 @@ sbuffer.lo sbuffer.o: $(srcdir)/sldns/sbuffer.c config.h $(srcdir)/sldns/sbuffer wire2str.lo wire2str.o: $(srcdir)/sldns/wire2str.c config.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/sldns/keyraw.h \ - + $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h parse.lo parse.o: $(srcdir)/sldns/parse.c config.h $(srcdir)/sldns/parse.h $(srcdir)/sldns/parseutil.h \ $(srcdir)/sldns/sbuffer.h parseutil.lo parseutil.o: $(srcdir)/sldns/parseutil.c config.h $(srcdir)/sldns/parseutil.h @@ -1488,10 +1457,10 @@ snprintf.lo snprintf.o: $(srcdir)/compat/snprintf.c config.h strlcat.lo strlcat.o: $(srcdir)/compat/strlcat.c config.h strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h strptime.lo strptime.o: $(srcdir)/compat/strptime.c config.h -getentropy_freebsd.lo getentropy_freebsd.o: $(srcdir)/compat/getentropy_freebsd.c config.h +getentropy_freebsd.lo getentropy_freebsd.o: $(srcdir)/compat/getentropy_freebsd.c getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h \ -getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c config.h +getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h \ getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c diff --git a/doc/Changelog b/doc/Changelog index 05af5220d..8d63bad70 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -32,6 +32,7 @@ - Fix _vfixed not Used, removed from sbuffer code, reported by X41 D-Sec. - Fix Hardcoded Constant, reported by X41 D-Sec. + - make depend 2 December 2019: Wouter - Merge pull request #122 from he32: In tcp_callback_writer(), From 216747bb171b368a8c522d7b60085fd9977484db Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 4 Dec 2019 09:44:31 +0100 Subject: [PATCH 081/123] - Fix lock type for memory purify log lock deletion. --- daemon/unbound.c | 2 +- doc/Changelog | 3 +++ testcode/testbound.c | 4 ++-- testcode/unitmain.c | 2 +- 4 files changed, 7 insertions(+), 4 deletions(-) diff --git a/daemon/unbound.c b/daemon/unbound.c index f696b19d3..beffb5700 100644 --- a/daemon/unbound.c +++ b/daemon/unbound.c @@ -787,7 +787,7 @@ main(int argc, char* argv[]) log_init(NULL, 0, NULL); /* close logfile */ #ifndef unbound_testbound if(log_get_lock()) { - lock_quick_destroy((lock_quick_type*)log_get_lock()); + lock_basic_destroy((lock_basic_type*)log_get_lock()); } #endif return 0; diff --git a/doc/Changelog b/doc/Changelog index 8d63bad70..21d250348 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +4 December 2019: Wouter + - Fix lock type for memory purify log lock deletion. + 3 December 2019: Wouter - Merge pull request #124 from rmetrich: Changed log lock from 'quick' to 'basic' because this is an I/O lock. diff --git a/testcode/testbound.c b/testcode/testbound.c index 246bc6735..735cbea62 100644 --- a/testcode/testbound.c +++ b/testcode/testbound.c @@ -358,7 +358,7 @@ main(int argc, char* argv[]) testbound_selftest(); checklock_stop(); if(log_get_lock()) { - lock_quick_destroy((lock_quick_type*)log_get_lock()); + lock_basic_destroy((lock_basic_type*)log_get_lock()); } exit(0); case '1': @@ -464,7 +464,7 @@ main(int argc, char* argv[]) if(res == 0) { log_info("Testbound Exit Success\n"); if(log_get_lock()) { - lock_quick_destroy((lock_quick_type*)log_get_lock()); + lock_basic_destroy((lock_basic_type*)log_get_lock()); } #ifdef HAVE_PTHREAD /* dlopen frees its thread state (dlopen of gost engine) */ diff --git a/testcode/unitmain.c b/testcode/unitmain.c index 4b9a39cf8..e8e7a44c7 100644 --- a/testcode/unitmain.c +++ b/testcode/unitmain.c @@ -905,7 +905,7 @@ main(int argc, char* argv[]) ecs_test(); #endif /* CLIENT_SUBNET */ if(log_get_lock()) { - lock_quick_destroy((lock_quick_type*)log_get_lock()); + lock_basic_destroy((lock_basic_type*)log_get_lock()); } checklock_stop(); printf("%d checks ok.\n", testcount); From 6f7eb3ea9f756085a85a4f9d6442253dcc653792 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 4 Dec 2019 11:37:24 +0100 Subject: [PATCH 082/123] - Fix testbound for alloccheck runs, memory purify and lock checks. --- doc/Changelog | 1 + testcode/testbound.c | 23 +++++++++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/doc/Changelog b/doc/Changelog index 21d250348..9eea61490 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,5 +1,6 @@ 4 December 2019: Wouter - Fix lock type for memory purify log lock deletion. + - Fix testbound for alloccheck runs, memory purify and lock checks. 3 December 2019: Wouter - Merge pull request #124 from rmetrich: Changed log lock diff --git a/testcode/testbound.c b/testcode/testbound.c index 735cbea62..4405231c0 100644 --- a/testcode/testbound.c +++ b/testcode/testbound.c @@ -65,6 +65,23 @@ /** config files (removed at exit) */ static struct config_strlist* cfgfiles = NULL; +#ifdef UNBOUND_ALLOC_STATS +# define strdup(s) unbound_stat_strdup_log(s, __FILE__, __LINE__, __func__) +char* unbound_stat_strdup_log(char* s, const char* file, int line, + const char* func); +char* unbound_stat_strdup_log(char* s, const char* file, int line, + const char* func) { + char* result; + size_t len; + if(!s) return NULL; + len = strlen(s); + log_info("%s:%d %s strdup(%u)", file, line, func, (unsigned)len+1); + result = unbound_stat_malloc(len+1); + memmove(result, s, len+1); + return result; +} +#endif /* UNBOUND_ALLOC_STATS */ + /** give commandline usage for testbound. */ static void testbound_usage(void) @@ -463,6 +480,12 @@ main(int argc, char* argv[]) free(pass_argv[c]); if(res == 0) { log_info("Testbound Exit Success\n"); + /* remove configfile from here, the atexit() is for when + * there is a crash to remove the tmpdir file. + * This one removes the file while alloc and log locks are + * still valid, and can be logged (for memory calculation), + * it leaves the ptr NULL so the atexit does nothing. */ + remove_configfile(); if(log_get_lock()) { lock_basic_destroy((lock_basic_type*)log_get_lock()); } From 6e8b4a7796283f2fdf77661bb003e47f413aa8d3 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 4 Dec 2019 11:41:13 +0100 Subject: [PATCH 083/123] - update contrib/fastrpz.patch to apply more cleanly. --- contrib/fastrpz.patch | 28 ++++++++++++++-------------- doc/Changelog | 1 + 2 files changed, 15 insertions(+), 14 deletions(-) diff --git a/contrib/fastrpz.patch b/contrib/fastrpz.patch index 2bd01f2ee..c38ac22b9 100644 --- a/contrib/fastrpz.patch +++ b/contrib/fastrpz.patch @@ -2,7 +2,7 @@ Description: based on the included patch contrib/fastrpz.patch Author: fastrpz@farsightsecurity.com --- diff --git a/Makefile.in b/Makefile.in -index 9660c49a..8b078201 100644 +index 721c01b6..56bfb560 100644 --- a/Makefile.in +++ b/Makefile.in @@ -23,6 +23,8 @@ CHECKLOCK_SRC=testcode/checklocks.c @@ -32,7 +32,7 @@ index 9660c49a..8b078201 100644 COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \ outside_network.lo COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo -@@ -408,6 +410,11 @@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \ +@@ -409,6 +411,11 @@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \ $(srcdir)/util/config_file.h $(srcdir)/util/log.h \ $(srcdir)/util/netevent.h @@ -45,10 +45,10 @@ index 9660c49a..8b078201 100644 pythonmod.lo pythonmod.o: $(srcdir)/pythonmod/pythonmod.c config.h \ pythonmod/interface.h \ diff --git a/config.h.in b/config.h.in -index d8ec50a6..bf6dc973 100644 +index 8c2aa3b9..efaf6450 100644 --- a/config.h.in +++ b/config.h.in -@@ -1319,4 +1319,11 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, +@@ -1325,4 +1325,11 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, /** the version of unbound-control that this software implements */ #define UNBOUND_CONTROL_VERSION 1 @@ -62,7 +62,7 @@ index d8ec50a6..bf6dc973 100644 +/** turn on fastrpz response policy zones */ +#undef ENABLE_FASTRPZ diff --git a/configure.ac b/configure.ac -index d8a1ac95..4f1106a0 100644 +index 5276d441..9d74592e 100644 --- a/configure.ac +++ b/configure.ac @@ -6,6 +6,7 @@ sinclude(ax_pthread.m4) @@ -73,7 +73,7 @@ index d8a1ac95..4f1106a0 100644 sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing -@@ -1684,6 +1685,9 @@ case "$enable_ipset" in +@@ -1726,6 +1727,9 @@ case "$enable_ipset" in ;; esac @@ -84,7 +84,7 @@ index d8a1ac95..4f1106a0 100644 # on openBSD, the implicit rule make $< work. # on Solaris, it does not work ($? is changed sources, $^ lists dependencies). diff --git a/daemon/daemon.c b/daemon/daemon.c -index e09138cb..efad0532 100644 +index 0b1200a2..5857c18b 100644 --- a/daemon/daemon.c +++ b/daemon/daemon.c @@ -91,6 +91,9 @@ @@ -97,7 +97,7 @@ index e09138cb..efad0532 100644 #ifdef HAVE_SYSTEMD #include -@@ -460,6 +463,14 @@ daemon_create_workers(struct daemon* daemon) +@@ -458,6 +461,14 @@ daemon_create_workers(struct daemon* daemon) dt_apply_cfg(daemon->dtenv, daemon->cfg); #else fatal_exit("dnstap enabled in config but not built with dnstap support"); @@ -112,7 +112,7 @@ index e09138cb..efad0532 100644 #endif } for(i=0; inum; i++) { -@@ -726,6 +737,9 @@ daemon_cleanup(struct daemon* daemon) +@@ -724,6 +735,9 @@ daemon_cleanup(struct daemon* daemon) #ifdef USE_DNSCRYPT dnsc_delete(daemon->dnscenv); daemon->dnscenv = NULL; @@ -139,7 +139,7 @@ index 5749dbef..64ce230f 100644 /** diff --git a/daemon/worker.c b/daemon/worker.c -index 263fcddf..e6bc84bd 100644 +index e2ce0e87..f031c656 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -75,6 +75,9 @@ @@ -3125,7 +3125,7 @@ index aa4efec7..5dd3412e 100644 rep = reply_info_copy(msgrep, env->alloc, NULL); if(!rep) diff --git a/services/mesh.c b/services/mesh.c -index 27f91940..f1bd4e90 100644 +index d4f814d5..624a9d95 100644 --- a/services/mesh.c +++ b/services/mesh.c @@ -60,6 +60,9 @@ @@ -3384,7 +3384,7 @@ index 3a5335dd..20113217 100644 /** diff --git a/util/netevent.c b/util/netevent.c -index c54c570f..c45699d5 100644 +index 980bb8be..d537d288 100644 --- a/util/netevent.c +++ b/util/netevent.c @@ -57,6 +57,9 @@ @@ -3439,7 +3439,7 @@ index c54c570f..c45699d5 100644 void @@ -3193,6 +3208,9 @@ comm_point_drop_reply(struct comm_reply* repinfo) return; - log_assert(repinfo && repinfo->c); + log_assert(repinfo->c); log_assert(repinfo->c->type != comm_tcp_accept); +#ifdef ENABLE_FASTRPZ + rpz_end(repinfo); @@ -3473,7 +3473,7 @@ index d80c72b3..0233292f 100644 uint8_t client_nonce[crypto_box_HALF_NONCEBYTES]; uint8_t nmkey[crypto_box_BEFORENMBYTES]; diff --git a/validator/validator.c b/validator/validator.c -index fa8d5419..5628ef0b 100644 +index 4c560a8e..71de3760 100644 --- a/validator/validator.c +++ b/validator/validator.c @@ -2755,6 +2755,12 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, diff --git a/doc/Changelog b/doc/Changelog index 9eea61490..3a3974804 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,7 @@ 4 December 2019: Wouter - Fix lock type for memory purify log lock deletion. - Fix testbound for alloccheck runs, memory purify and lock checks. + - update contrib/fastrpz.patch to apply more cleanly. 3 December 2019: Wouter - Merge pull request #124 from rmetrich: Changed log lock From 3fb98a72d2e99269f628e14dee3b4264ead36a3d Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 4 Dec 2019 16:23:52 +0100 Subject: [PATCH 084/123] - Fix Make Test Fails when Configured With --enable-alloc-nonregional, reported by X41 D-Sec. --- doc/Changelog | 2 ++ testcode/unitregional.c | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/doc/Changelog b/doc/Changelog index 3a3974804..1378ad241 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -2,6 +2,8 @@ - Fix lock type for memory purify log lock deletion. - Fix testbound for alloccheck runs, memory purify and lock checks. - update contrib/fastrpz.patch to apply more cleanly. + - Fix Make Test Fails when Configured With --enable-alloc-nonregional, + reported by X41 D-Sec. 3 December 2019: Wouter - Merge pull request #124 from rmetrich: Changed log lock diff --git a/testcode/unitregional.c b/testcode/unitregional.c index 49c8147c9..d21e2caa3 100644 --- a/testcode/unitregional.c +++ b/testcode/unitregional.c @@ -50,7 +50,9 @@ corner_cases(struct regional* r) size_t s; /* shadow count of allocated memory */ void* a; size_t minsize = sizeof(uint64_t); +#ifndef UNBOUND_ALLOC_NONREGIONAL size_t mysize; +#endif char* str; unit_assert(r); /* alloc cases: @@ -75,6 +77,7 @@ corner_cases(struct regional* r) s+=0; unit_assert(r->available == r->first_size - s); +#ifndef UNBOUND_ALLOC_NONREGIONAL a = regional_alloc(r, 1); unit_assert(a); memset(a, 0x42, 1); @@ -171,6 +174,7 @@ corner_cases(struct regional* r) memset(a, 0x42, mysize); unit_assert(a); unit_assert(r->available == 8); +#endif /* UNBOUND_ALLOC_NONREGIONAL */ /* test if really copied over */ str = "test12345"; From ff7d68ca53f303e42f400e85ca5422b857faf2f4 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Thu, 5 Dec 2019 09:10:49 +0100 Subject: [PATCH 085/123] - unbound-fuzzers.tar.bz2: three programs for fuzzing, that are 1:1 replacements for unbound-fuzzme.c that gets created after applying the contrib/unbound-fuzzme.patch. They are contributed by Eric Sesterhenn from X41 D-Sec. --- contrib/README | 4 ++++ contrib/unbound-fuzzers.tar.bz2 | Bin 0 -> 1649 bytes doc/Changelog | 6 ++++++ 3 files changed, 10 insertions(+) create mode 100644 contrib/unbound-fuzzers.tar.bz2 diff --git a/contrib/README b/contrib/README index 988b59435..f12e52f25 100644 --- a/contrib/README +++ b/contrib/README @@ -40,6 +40,10 @@ distribution but may be helpful. redis backend) redis Python modules. * unbound-fuzzme.patch: adds unbound-fuzzme program that parses a packet from stdin. Used with fuzzers, patch from Jacob Hoffman-Andrews. +* unbound-fuzzers.tar.bz2: three programs for fuzzing, that are 1:1 + replacements for unbound-fuzzme.c that gets created after applying + the contrib/unbound-fuzzme.patch. They are contributed by + Eric Sesterhenn from X41 D-Sec. * drop-tld.diff: adds option drop-tld: yesno that drops 2 label queries, to stop random floods. Apply with patch -p1 < contrib/drop-tld.diff and compile. From Saksham Manchanda (Secure64). Please note that we think diff --git a/contrib/unbound-fuzzers.tar.bz2 b/contrib/unbound-fuzzers.tar.bz2 new file mode 100644 index 0000000000000000000000000000000000000000..562aa15d825fceb99b92d840f7f5c13abaca01b1 GIT binary patch literal 1649 zcmV-%29EhcT4*^jL0KkKSsfvmUH}NZf5gZT08n{<|N9OFnqL3!|M~y`fB=99Uh^j7dD)`y$cd?^r5>T`W@w|-^){o_00EF_0BC3uNeScuBh+MRplOf* z05kvq9MdBqlLRzjFh-g*Vg{KqFaQurdWjVBk3woaOv(T<27m)V28@G1+LJ^m@Inp{8h3dlfbWSS`gp_0KhuN3IC zvdQo~lAO7w!a}58ekDB7y16W@7s*meq+tAC$wcACR0ZfnS$Q~0z{X%Dg=%1lFG*YJ zJpHU49-HKsjhW7Z(nwl_Zj}hZ^51xn$96WTLZbFWo<=BqUgSyiQbB&&f{mjne=;hs zUvdo*i3T_v2G3=9iTQJ7r%3ogwe|^HV12?_#b`E7Z)ZcNRTSq2DuU?3Lc(6~E+v+> zKE7H1W><{Z@3r_-Wm=1-Riq@nrHew%DeJt%USkH0eoAfqdF|Pzb~Km9c;SW^)ILmx zH^#bQCmTbjimNM{^t7)DFi*J-kJ+mT@2MxYeo6q6=m8)GAp#XeSO8U3%RCB^&ZV0< z&%?=fFE|!cW_YY%$Gh>(F?YKj54Wejt!(z&g}U#jcAjq@?bV1~F$X3YRHbqH^!-?4 zizd#F{#&UzP|5LggBU%+Z*koqx6!fLevFpO-;#@ICE#DzXkoK19l6Qu;e%qA0bKNC zs%el$6=f_c69%h8W}*b_;u8@Wq-M}8FbdXF7w$#YiA2IMK^c;OL(Ik!bW!-6aP~55 zrVqVi*Sq~)oXS&4m(@FG)sj|zOYZsoAY!NiMG%U00|w=RrN#zHt@vz zT@n}YIhQJguBx1{yB6p*gE1`$JLLOS0Qz5h=_esJIlHBb{2ZnR1>~Hi;lzu4aK|(T zb4qb)7zPo&oal?ZA%8;cAkd=J~KvYqGJKV8aaD?~>aM_jIcdL^%rYWwxiYoXt05<>cg? zQwY^9HM3uQ>Xaek^g}tD-g~Xz@|{v%IF|H17=Cg|*~s&rb7Y;6cTBT<$<`-i9@%It zg-KoMYhg|n+0m?loW^)LF|-e43rLemileJN#hqDMd|OcE;^W`4OrENnSBAMZ-Q%*M zyu8mW7Mke=rPTdsQ!eZ*AD`L~7pFLJgB&WjJ^nPx;PHG(A-C{R{ zZB300@`D!v*7ny;qoFeLnG3eIVs`f?Esal8vDlE|JY`w6LQ{TT3bneovCgU3{Wkbn zuvOy`z@29KaL{S7V)W@?K$$^1(gh&S5;F+^P(XyBP^<{U49trK%C}0H=|~9@tWYm8 zqRC89j3CStL0MXjQCUSbUP)zE`5s;tMO29`(zisi9UEfr8yW-=17KvbmE$HqdLbReau=@MTg>@*d~4BxyGq`OdZaaO`&eQwOn02dsqZ!LMv} v%%X~xGcHlo*k=MJ021#(dkmb`mEuz%7@GnaEJ=eJNBFyvDZ+$+=?uc~F5MNW literal 0 HcmV?d00001 diff --git a/doc/Changelog b/doc/Changelog index 1378ad241..106b94bcf 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,9 @@ +5 December 2019: Wouter + - unbound-fuzzers.tar.bz2: three programs for fuzzing, that are 1:1 + replacements for unbound-fuzzme.c that gets created after applying + the contrib/unbound-fuzzme.patch. They are contributed by + Eric Sesterhenn from X41 D-Sec. + 4 December 2019: Wouter - Fix lock type for memory purify log lock deletion. - Fix testbound for alloccheck runs, memory purify and lock checks. From 4b73b5f299955e77f567c7e64cac17908b35b3e4 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Thu, 5 Dec 2019 11:21:46 +0100 Subject: [PATCH 086/123] - tag for 1.9.6rc1. --- doc/Changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/Changelog b/doc/Changelog index 106b94bcf..c6d1005b1 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -3,6 +3,7 @@ replacements for unbound-fuzzme.c that gets created after applying the contrib/unbound-fuzzme.patch. They are contributed by Eric Sesterhenn from X41 D-Sec. + - tag for 1.9.6rc1. 4 December 2019: Wouter - Fix lock type for memory purify log lock deletion. From f3c2d0572860545c04e2e189b0380c73e0139354 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Fri, 6 Dec 2019 07:59:55 +0100 Subject: [PATCH 087/123] - Fix ipsecmod compile. --- doc/Changelog | 3 +++ ipsecmod/ipsecmod.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/doc/Changelog b/doc/Changelog index c6d1005b1..17d007f7f 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +6 December 2019: Wouter + - Fix ipsecmod compile. + 5 December 2019: Wouter - unbound-fuzzers.tar.bz2: three programs for fuzzing, that are 1:1 replacements for unbound-fuzzme.c that gets created after applying diff --git a/ipsecmod/ipsecmod.c b/ipsecmod/ipsecmod.c index 2e286e73d..a1f40a512 100644 --- a/ipsecmod/ipsecmod.c +++ b/ipsecmod/ipsecmod.c @@ -337,7 +337,7 @@ call_hook(struct module_qstate* qstate, struct ipsecmod_qstate* iq, /* Save the buffer pointers. */ tempstring = s; tempstring_len = slen; w_temp = sldns_wire2str_ipseckey_scan(&tempdata, &tempdata_len, &s, - &slen, NULL, 0); + &slen, NULL, 0, NULL); /* There was an error when parsing the IPSECKEY; reset the buffer * pointers to their previous values. */ if(w_temp == -1) { From e828d678bafb7ef0df32623f6883bc4bdc07dc5b Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Fri, 6 Dec 2019 11:31:34 +0100 Subject: [PATCH 088/123] - Fix Makefile.in for ipset module compile, from Adi Prasaja. --- Makefile.in | 20 +++++++++++++++++--- doc/Changelog | 1 + 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/Makefile.in b/Makefile.in index 721c01b6a..1a2e2c548 100644 --- a/Makefile.in +++ b/Makefile.in @@ -788,7 +788,9 @@ modstack.lo modstack.o: $(srcdir)/services/modstack.c config.h $(srcdir)/service $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/dns64/dns64.h \ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h \ $(srcdir)/validator/val_utils.h $(srcdir)/respip/respip.h $(srcdir)/services/localzone.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(PYTHONMOD_HEADER) $(srcdir)/ipsecmod/ipsecmod.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \ + $(srcdir)/ipset/ipset.h view.lo view.o: $(srcdir)/services/view.c config.h $(srcdir)/services/view.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \ @@ -868,7 +870,9 @@ fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/ $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_neg.h \ $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h $(srcdir)/libunbound/context.h \ $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h \ - $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/respip/respip.h + $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/respip/respip.h \ + $(PYTHONMOD_HEADER) $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/net_help.h \ + $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/ipset/ipset.h locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h @@ -1068,7 +1072,17 @@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h $(srcdir)/sldns/s $(srcdir)/util/locks.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/storage/lookup3.h ipsecmod.lo ipsecmod.o: $(srcdir)/ipsecmod/ipsecmod.c config.h -ipsecmod-whitelist.lo ipsecmod-whitelist.o: $(srcdir)/ipsecmod/ipsecmod-whitelist.c config.h +ipsecmod-whitelist.lo ipsecmod-whitelist.o: $(srcdir)/ipsecmod/ipsecmod-whitelist.c config.h \ + $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ + $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/rbtree.h \ + $(srcdir)/ipsecmod/ipsecmod-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/regional.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h +ipset.lo ipset.o: $(srcdir)/ipset/ipset.c config.h $(srcdir)/ipset/ipset.h $(srcdir)/util/module.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/services/cache/dns.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h unitanchor.lo unitanchor.o: $(srcdir)/testcode/unitanchor.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/testcode/unitmain.h \ $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h diff --git a/doc/Changelog b/doc/Changelog index 17d007f7f..1fca26b64 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,5 +1,6 @@ 6 December 2019: Wouter - Fix ipsecmod compile. + - Fix Makefile.in for ipset module compile, from Adi Prasaja. 5 December 2019: Wouter - unbound-fuzzers.tar.bz2: three programs for fuzzing, that are 1:1 From 41d3e2027cfa1227906a5a0920ee68ee9ccf734e Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 10 Dec 2019 13:09:50 +0100 Subject: [PATCH 089/123] - Fix to make auth zone IXFR to fallback to AXFR if a single response RR is received over TCP with the SOA in it. --- doc/Changelog | 4 ++++ services/authzone.c | 5 ++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/doc/Changelog b/doc/Changelog index 1fca26b64..c27877609 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,7 @@ +10 December 2019: Wouter + - Fix to make auth zone IXFR to fallback to AXFR if a single + response RR is received over TCP with the SOA in it. + 6 December 2019: Wouter - Fix ipsecmod compile. - Fix Makefile.in for ipset module compile, from Adi Prasaja. diff --git a/services/authzone.c b/services/authzone.c index 7d806d9d5..9621d6ee3 100644 --- a/services/authzone.c +++ b/services/authzone.c @@ -5530,9 +5530,12 @@ check_xfer_packet(sldns_buffer* pkt, struct auth_xfer* xfr, xfr->task_transfer->rr_scan_num == 0 && LDNS_ANCOUNT(wire)==1) { verbose(VERB_ALGO, "xfr to %s ended, " - "IXFR reply that zone has serial %u", + "IXFR reply that zone has serial %u," + " fallback from IXFR to AXFR", xfr->task_transfer->master->host, (unsigned)serial); + xfr->task_transfer->ixfr_fail = 1; + *gonextonfail = 0; return 0; } From 0a499ec2ee48626aa8f1cda1cd0433f9420547f6 Mon Sep 17 00:00:00 2001 From: Florian Obser Date: Tue, 10 Dec 2019 18:03:21 +0100 Subject: [PATCH 090/123] Fix typo to let serve-expired-ttl work with ub_ctx_set_option(). --- util/config_file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/config_file.c b/util/config_file.c index 119b22238..104c3f83e 100644 --- a/util/config_file.c +++ b/util/config_file.c @@ -582,7 +582,7 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_YNO("aggressive-nsec:", aggressive_nsec) else S_YNO("ignore-cd-flag:", ignore_cd) else S_YNO("serve-expired:", serve_expired) - else if(strcmp(opt, "serve_expired_ttl:") == 0) + else if(strcmp(opt, "serve-expired-ttl:") == 0) { IS_NUMBER_OR_ZERO; cfg->serve_expired_ttl = atoi(val); SERVE_EXPIRED_TTL=(time_t)cfg->serve_expired_ttl;} else S_YNO("serve-expired-ttl-reset:", serve_expired_ttl_reset) else S_STR("val-nsec3-keysize-iterations:", val_nsec3_key_iterations) From f1d5d5d682e87b5a62b3004dcc83c0645173eded Mon Sep 17 00:00:00 2001 From: Ralph Dolmans Date: Thu, 12 Dec 2019 12:48:29 +0100 Subject: [PATCH 091/123] Make master 1.9.7 in development. --- configure | 27 ++++++++++++++++++++------- configure.ac | 3 ++- doc/Changelog | 4 ++++ 3 files changed, 26 insertions(+), 8 deletions(-) diff --git a/configure b/configure index 446c54888..416189389 100755 --- a/configure +++ b/configure @@ -801,6 +801,7 @@ infodir docdir oldincludedir includedir +runstatedir localstatedir sharedstatedir sysconfdir @@ -947,6 +948,7 @@ datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' +runstatedir='${localstatedir}/run' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' @@ -1199,6 +1201,15 @@ do | -silent | --silent | --silen | --sile | --sil) silent=yes ;; + -runstatedir | --runstatedir | --runstatedi | --runstated \ + | --runstate | --runstat | --runsta | --runst | --runs \ + | --run | --ru | --r) + ac_prev=runstatedir ;; + -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ + | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ + | --run=* | --ru=* | --r=*) + runstatedir=$ac_optarg ;; + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ @@ -1336,7 +1347,7 @@ fi for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir + libdir localedir mandir runstatedir do eval ac_val=\$$ac_var # Remove trailing slashes. @@ -1489,6 +1500,7 @@ Fine tuning of the installation directories: --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] @@ -2801,7 +2813,7 @@ UNBOUND_VERSION_MICRO=6 LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=6 +LIBUNBOUND_REVISION=7 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -2875,6 +2887,7 @@ LIBUNBOUND_AGE=1 # 1.9.4 had 9:4:1 # 1.9.5 had 9:5:1 # 1.9.6 had 9:6:1 +# 1.9.7 had 9:7:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -15643,7 +15656,7 @@ else We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -15689,7 +15702,7 @@ else We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -15713,7 +15726,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -15758,7 +15771,7 @@ else We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -15782,7 +15795,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; diff --git a/configure.ac b/configure.ac index 5276d4416..190adb4a0 100644 --- a/configure.ac +++ b/configure.ac @@ -18,7 +18,7 @@ AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=6 +LIBUNBOUND_REVISION=7 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -92,6 +92,7 @@ LIBUNBOUND_AGE=1 # 1.9.4 had 9:4:1 # 1.9.5 had 9:5:1 # 1.9.6 had 9:6:1 +# 1.9.7 had 9:7:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary diff --git a/doc/Changelog b/doc/Changelog index c27877609..6e91d2537 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +12 December 2019: Ralph + - Master is 1.9.7 in development. + 10 December 2019: Wouter - Fix to make auth zone IXFR to fallback to AXFR if a single response RR is received over TCP with the SOA in it. @@ -5,6 +8,7 @@ 6 December 2019: Wouter - Fix ipsecmod compile. - Fix Makefile.in for ipset module compile, from Adi Prasaja. + - release-1.9.6 tag, which became the 1.9.6 release 5 December 2019: Wouter - unbound-fuzzers.tar.bz2: three programs for fuzzing, that are 1:1 From 90b42b56b638555fe90d652a69dcca091e4669fe Mon Sep 17 00:00:00 2001 From: Ralph Dolmans Date: Thu, 12 Dec 2019 13:05:09 +0100 Subject: [PATCH 092/123] - Fix typo to let serve-expired-ttl work with ub_ctx_set_option(), by Florian Obser --- doc/Changelog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/Changelog b/doc/Changelog index 6e91d2537..a6be944b9 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,5 +1,7 @@ 12 December 2019: Ralph - Master is 1.9.7 in development. + - Fix typo to let serve-expired-ttl work with ub_ctx_set_option(), by + Florian Obser 10 December 2019: Wouter - Fix to make auth zone IXFR to fallback to AXFR if a single From 40787a06d899dea891da6ed6426cd7aaef45aa39 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Thu, 12 Dec 2019 15:52:21 +0100 Subject: [PATCH 093/123] Fixup 1.9.7 version commit in configure.ac. --- configure | 46 +++++++++++++++++----------------------------- configure.ac | 2 +- 2 files changed, 18 insertions(+), 30 deletions(-) diff --git a/configure b/configure index 416189389..eb855554d 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for unbound 1.9.6. +# Generated by GNU Autoconf 2.69 for unbound 1.9.7. # # Report bugs to . # @@ -591,8 +591,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.9.6' -PACKAGE_STRING='unbound 1.9.6' +PACKAGE_VERSION='1.9.7' +PACKAGE_STRING='unbound 1.9.7' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues' PACKAGE_URL='' @@ -801,7 +801,6 @@ infodir docdir oldincludedir includedir -runstatedir localstatedir sharedstatedir sysconfdir @@ -948,7 +947,6 @@ datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' -runstatedir='${localstatedir}/run' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' @@ -1201,15 +1199,6 @@ do | -silent | --silent | --silen | --sile | --sil) silent=yes ;; - -runstatedir | --runstatedir | --runstatedi | --runstated \ - | --runstate | --runstat | --runsta | --runst | --runs \ - | --run | --ru | --r) - ac_prev=runstatedir ;; - -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ - | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ - | --run=* | --ru=* | --r=*) - runstatedir=$ac_optarg ;; - -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ @@ -1347,7 +1336,7 @@ fi for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir runstatedir + libdir localedir mandir do eval ac_val=\$$ac_var # Remove trailing slashes. @@ -1460,7 +1449,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.9.6 to adapt to many kinds of systems. +\`configure' configures unbound 1.9.7 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1500,7 +1489,6 @@ Fine tuning of the installation directories: --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] - --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] @@ -1526,7 +1514,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.9.6:";; + short | recursive ) echo "Configuration of unbound 1.9.7:";; esac cat <<\_ACEOF @@ -1748,7 +1736,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.9.6 +unbound configure 1.9.7 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2457,7 +2445,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.9.6, which was +It was created by unbound $as_me 1.9.7, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2809,7 +2797,7 @@ UNBOUND_VERSION_MAJOR=1 UNBOUND_VERSION_MINOR=9 -UNBOUND_VERSION_MICRO=6 +UNBOUND_VERSION_MICRO=7 LIBUNBOUND_CURRENT=9 @@ -15656,7 +15644,7 @@ else We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -15702,7 +15690,7 @@ else We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -15726,7 +15714,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -15771,7 +15759,7 @@ else We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -15795,7 +15783,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -21438,7 +21426,7 @@ _ACEOF -version=1.9.6 +version=1.9.7 date=`date +'%b %e, %Y'` @@ -21957,7 +21945,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.9.6, which was +This file was extended by unbound $as_me 1.9.7, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -22023,7 +22011,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -unbound config.status 1.9.6 +unbound config.status 1.9.7 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 190adb4a0..4ed9bb872 100644 --- a/configure.ac +++ b/configure.ac @@ -11,7 +11,7 @@ sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing m4_define([VERSION_MAJOR],[1]) m4_define([VERSION_MINOR],[9]) -m4_define([VERSION_MICRO],[6]) +m4_define([VERSION_MICRO],[7]) AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues, unbound) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) From 1d45b4a1e085acba51e27d6e7d360322959aaceb Mon Sep 17 00:00:00 2001 From: George Thessalonikefs Date: Mon, 16 Dec 2019 16:03:31 +0100 Subject: [PATCH 094/123] - Update mailing list URL. --- README.md | 2 +- doc/Changelog | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ee6e4f488..7120d486f 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards. If you have any feedback, we would love to hear from you. Don’t hesitate to [create an issue on Github](https://github.com/NLnetLabs/unbound/issues/new) -or post a message on the [Unbound mailing list](https://nlnetlabs.nl/mailman/listinfo/unbound-users). +or post a message on the [Unbound mailing list](https://lists.nlnetlabs.nl/mailman/listinfo/unbound-users). You can lean more about Unbound by reading our [documentation](https://nlnetlabs.nl/documentation/unbound/). diff --git a/doc/Changelog b/doc/Changelog index a6be944b9..75ed9e3d9 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,7 +1,10 @@ +16 December 2019: George + - Update mailing list URL. + 12 December 2019: Ralph - Master is 1.9.7 in development. - Fix typo to let serve-expired-ttl work with ub_ctx_set_option(), by - Florian Obser + Florian Obser 10 December 2019: Wouter - Fix to make auth zone IXFR to fallback to AXFR if a single From da6ac0c4ff381c16558ffb4568a672e40f122782 Mon Sep 17 00:00:00 2001 From: Florian Obser Date: Thu, 19 Dec 2019 13:20:34 +0100 Subject: [PATCH 095/123] Use passed in neg and key cache if non-NULL. With this the neg and key caches can be shared between multiple libunbound contexts. The msg and rrset caches already allowed this since context_finalize() did not touch those if they are already available and have the correct size. Care must be taken to properly unhook the caches from the validator environment before calling ub_ctx_delete() otherwise one risks double free or use after free bugs. --- validator/validator.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/validator/validator.c b/validator/validator.c index 4c560a8e1..1e052a0e2 100644 --- a/validator/validator.c +++ b/validator/validator.c @@ -121,6 +121,8 @@ val_apply_cfg(struct module_env* env, struct val_env* val_env, log_err("out of memory"); return 0; } + if (env->key_cache) + val_env->kcache = env->key_cache; if(!val_env->kcache) val_env->kcache = key_cache_create(cfg); if(!val_env->kcache) { @@ -146,6 +148,8 @@ val_apply_cfg(struct module_env* env, struct val_env* val_env, log_err("validator: cannot apply nsec3 key iterations"); return 0; } + if (env->neg_cache) + val_env->neg_cache = env->neg_cache; if(!val_env->neg_cache) val_env->neg_cache = val_neg_create(cfg, val_env->nsec3_maxiter[val_env->nsec3_keyiter_count-1]); From 20a3d3be5f347179d7684cad025a58d850fdd0c4 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Mon, 6 Jan 2020 16:18:46 +0100 Subject: [PATCH 096/123] (Changelog note for #135). - Merge #135 from Florian Obser: Use passed in neg and key cache if non-NULL. --- doc/Changelog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/Changelog b/doc/Changelog index 75ed9e3d9..5582fc8c4 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,7 @@ +6 January 2020: Wouter + - Merge #135 from Florian Obser: Use passed in neg and key cache + if non-NULL. + 16 December 2019: George - Update mailing list URL. From 453c84b237b1c1d598f756be69167a9c94aa5aed Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Mon, 6 Jan 2020 16:36:44 +0100 Subject: [PATCH 097/123] - Fix #140: Document slave not downloading new zonefile upon update. --- doc/Changelog | 1 + doc/unbound.conf.5.in | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/doc/Changelog b/doc/Changelog index 5582fc8c4..17b12330a 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,7 @@ 6 January 2020: Wouter - Merge #135 from Florian Obser: Use passed in neg and key cache if non-NULL. + - Fix #140: Document slave not downloading new zonefile upon update. 16 December 2019: George - Update mailing list URL. diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index 4bdfcd56b..a4d925499 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -1680,6 +1680,12 @@ Name of the authority zone. Where to download a copy of the zone from, with AXFR and IXFR. Multiple masters can be specified. They are all tried if one fails. With the "ip#name" notation a AXFR over TLS can be used. +If you point it at another Unbound instance, it would not work because +that does not support AXFR/IXFR for the zone, but if you used \fBurl:\fR to download +the zonefile as a text file from a webserver that would work. +If you specify the hostname, you cannot use the domain from the zonefile, +because it may not have that when retrieving that data, instead use a plain +IP address to avoid a circular dependency on retrieving that IP address. .TP .B url: \fI Where to download a zonefile for the zone. With http or https. An example @@ -1691,6 +1697,10 @@ see if the SOA serial number has changed, reducing the number of downloads. If none of the urls work, the masters are tried with IXFR and AXFR. For https, the \fBtls\-cert\-bundle\fR and the hostname from the url are used to authenticate the connection. +If you specify a hostname in the URL, you cannot use the domain from the +zonefile, because it may not have that when retrieving that data, instead +use a plain IP address to avoid a circular dependency on retrieving that IP +address. Avoid dependencies on name lookups by using a notation like "http://192.0.2.1/unbound-master/example.com.zone", with an explicit IP address. .TP .B allow\-notify: \fI With allow\-notify you can specify additional sources of notifies. From d68ece28c42f7a813a026aa9b6724e16c4810a66 Mon Sep 17 00:00:00 2001 From: George Thessalonikefs Date: Tue, 7 Jan 2020 15:06:14 +0200 Subject: [PATCH 098/123] - Downgrade compat/getentropy_solaris.c to version 1.4 from OpenBSD. The dl_iterate_phdr() function introduced in newer versions raises compilation errors on solaris 10. --- compat/getentropy_solaris.c | 67 +++++++++++++++++++------------------ doc/Changelog | 5 +++ 2 files changed, 39 insertions(+), 33 deletions(-) diff --git a/compat/getentropy_solaris.c b/compat/getentropy_solaris.c index 0a03046d4..cfd5b7047 100644 --- a/compat/getentropy_solaris.c +++ b/compat/getentropy_solaris.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_solaris.c,v 1.13 2018/11/20 08:04:28 deraadt Exp $ */ +/* $OpenBSD: getentropy_solaris.c,v 1.4 2014/07/12 20:41:47 wouter Exp $ */ /* * Copyright (c) 2014 Theo de Raadt @@ -15,12 +15,8 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * Emulation of getentropy(2) as documented at: - * http://man.openbsd.org/getentropy.2 */ -#include "config.h" #include #include #include @@ -33,11 +29,8 @@ #include #include #include -#ifdef HAVE_STDINT_H #include -#endif #include -#include #include #include #include @@ -45,14 +38,10 @@ #include #include #include -#ifdef HAVE_SYS_SHA2_H #include #define SHA512_Init SHA512Init #define SHA512_Update SHA512Update #define SHA512_Final SHA512Final -#else -#include "openssl/sha.h" -#endif #include #include @@ -71,14 +60,15 @@ #define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l))) #define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x))) -#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*))) +#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*))) int getentropy(void *buf, size_t len); +extern int main(int, char *argv[]); +static int gotdata(char *buf, size_t len); static int getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck); static int getentropy_fallback(void *buf, size_t len); -static int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data); int getentropy(void *buf, size_t len) @@ -87,7 +77,7 @@ getentropy(void *buf, size_t len) if (len > 256) { errno = EIO; - return (-1); + return -1; } /* @@ -154,6 +144,22 @@ getentropy(void *buf, size_t len) return (ret); } +/* + * Basic sanity checking; wish we could do better. + */ +static int +gotdata(char *buf, size_t len) +{ + char any_set = 0; + size_t i; + + for (i = 0; i < len; ++i) + any_set |= buf[i]; + if (any_set == 0) + return -1; + return 0; +} + static int getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck) { @@ -200,11 +206,13 @@ start: i += ret; } close(fd); - errno = save_errno; - return (0); /* satisfied */ + if (gotdata(buf, len) == 0) { + errno = save_errno; + return 0; /* satisfied */ + } nodevrandom: errno = EIO; - return (-1); + return -1; } static const int cl[] = { @@ -232,15 +240,6 @@ static const int cl[] = { #endif }; -static int -getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data) -{ - SHA512_CTX *ctx = data; - - SHA512_Update(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr)); - return (0); -} - static int getentropy_fallback(void *buf, size_t len) { @@ -278,8 +277,6 @@ getentropy_fallback(void *buf, size_t len) cnt += (int)tv.tv_usec; } - dl_iterate_phdr(getentropy_phdr, &ctx); - for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++) HX(clock_gettime(cl[ii], &ts) == -1, ts); @@ -300,6 +297,7 @@ getentropy_fallback(void *buf, size_t len) HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1, sigset); + HF(main); /* an addr in program */ HF(getentropy); /* an addr in this library */ HF(printf); /* an addr in libc */ p = (char *)&p; @@ -422,8 +420,11 @@ getentropy_fallback(void *buf, size_t len) memcpy((char *)buf + i, results, min(sizeof(results), len - i)); i += min(sizeof(results), len - i); } - explicit_bzero(&ctx, sizeof ctx); - explicit_bzero(results, sizeof results); - errno = save_errno; - return (0); /* satisfied */ + memset(results, 0, sizeof results); + if (gotdata(buf, len) == 0) { + errno = save_errno; + return 0; /* satisfied */ + } + errno = EIO; + return -1; } diff --git a/doc/Changelog b/doc/Changelog index 17b12330a..6626bcc0c 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,8 @@ +6 January 2020: George + - Downgrade compat/getentropy_solaris.c to version 1.4 from OpenBSD. + The dl_iterate_phdr() function introduced in newer versions raises + compilation errors on solaris 10. + 6 January 2020: Wouter - Merge #135 from Florian Obser: Use passed in neg and key cache if non-NULL. From 8686b0abbf63cb03d22bb6535d79f1f8cf5d7fa3 Mon Sep 17 00:00:00 2001 From: George Thessalonikefs Date: Tue, 7 Jan 2020 15:19:15 +0200 Subject: [PATCH 099/123] - Changes to compat/getentropy_solaris.c for, ifdef stdint.h inclusion for older systems. ifdef sha2.h inclusion for older systems. --- compat/getentropy_solaris.c | 11 +++++++++++ doc/Changelog | 3 +++ 2 files changed, 14 insertions(+) diff --git a/compat/getentropy_solaris.c b/compat/getentropy_solaris.c index cfd5b7047..5e3b1cbbb 100644 --- a/compat/getentropy_solaris.c +++ b/compat/getentropy_solaris.c @@ -16,6 +16,7 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include "config.h" #include #include @@ -29,7 +30,9 @@ #include #include #include +#ifdef HAVE_STDINT_H #include +#endif #include #include #include @@ -38,10 +41,14 @@ #include #include #include +#ifdef HAVE_SYS_SHA2_H #include #define SHA512_Init SHA512Init #define SHA512_Update SHA512Update #define SHA512_Final SHA512Final +#else +#include "openssl/sha.h" +#endif #include #include @@ -64,7 +71,9 @@ int getentropy(void *buf, size_t len); +#ifdef CAN_REFERENCE_MAIN extern int main(int, char *argv[]); +#endif static int gotdata(char *buf, size_t len); static int getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck); @@ -297,7 +306,9 @@ getentropy_fallback(void *buf, size_t len) HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1, sigset); +#ifdef CAN_REFERENCE_MAIN HF(main); /* an addr in program */ +#endif HF(getentropy); /* an addr in this library */ HF(printf); /* an addr in libc */ p = (char *)&p; diff --git a/doc/Changelog b/doc/Changelog index 6626bcc0c..e6d42a2e8 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -2,6 +2,9 @@ - Downgrade compat/getentropy_solaris.c to version 1.4 from OpenBSD. The dl_iterate_phdr() function introduced in newer versions raises compilation errors on solaris 10. + - Changes to compat/getentropy_solaris.c for, + ifdef stdint.h inclusion for older systems. + ifdef sha2.h inclusion for older systems. 6 January 2020: Wouter - Merge #135 from Florian Obser: Use passed in neg and key cache From 19473d95ebe1122f1d5548f7528b63f87d402eaf Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 8 Jan 2020 09:23:46 +0100 Subject: [PATCH 100/123] - Fix 'make test' to work for --disable-sha1 configure option. --- doc/Changelog | 3 +++ testdata/auth_zonefile_dnssec_fail.rpl | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/doc/Changelog b/doc/Changelog index e6d42a2e8..92b036db3 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +8 January 2020: Wouter + - Fix 'make test' to work for --disable-sha1 configure option. + 6 January 2020: George - Downgrade compat/getentropy_solaris.c to version 1.4 from OpenBSD. The dl_iterate_phdr() function introduced in newer versions raises diff --git a/testdata/auth_zonefile_dnssec_fail.rpl b/testdata/auth_zonefile_dnssec_fail.rpl index 49da19993..7e4e51de5 100644 --- a/testdata/auth_zonefile_dnssec_fail.rpl +++ b/testdata/auth_zonefile_dnssec_fail.rpl @@ -47,7 +47,9 @@ ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 ; this RR is edited to create the failure ;www.example.com. IN A 10.20.30.40 www.example.com. IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +; also edits the signature to fail, without needing crypto checks. +;www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 28540 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} TEMPFILE_END From 05a5dc2d0d7d1c9054af48913079abebff06a5a1 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 8 Jan 2020 11:08:16 +0100 Subject: [PATCH 101/123] - Fix out-of-bounds null-byte write in sldns_bget_token_par while parsing type WKS, reported by Luis Merino from X41 D-Sec. --- doc/Changelog | 2 ++ sldns/parse.c | 8 ++++---- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index 92b036db3..4f80bbe95 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,5 +1,7 @@ 8 January 2020: Wouter - Fix 'make test' to work for --disable-sha1 configure option. + - Fix out-of-bounds null-byte write in sldns_bget_token_par while + parsing type WKS, reported by Luis Merino from X41 D-Sec. 6 January 2020: George - Downgrade compat/getentropy_solaris.c to version 1.4 from OpenBSD. diff --git a/sldns/parse.c b/sldns/parse.c index b30264e88..2f9a15e01 100644 --- a/sldns/parse.c +++ b/sldns/parse.c @@ -120,7 +120,7 @@ sldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l if (line_nr) { *line_nr = *line_nr + 1; } - if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) { + if (limit > 0 && (i > limit || (size_t)(t-token) > limit)) { *t = '\0'; return -1; } @@ -141,7 +141,7 @@ sldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l if (c != '\0' && c != '\n') { i++; } - if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) { + if (limit > 0 && (i > limit || (size_t)(t-token) > limit)) { *t = '\0'; return -1; } @@ -327,7 +327,7 @@ sldns_bget_token_par(sldns_buffer *b, char *token, const char *delim, /* do not write ' ' if we want to skip spaces */ if(!(skipw && (strchr(skipw, c)||strchr(skipw, ' ')))) { /* check for space for the space character */ - if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) { + if (limit > 0 && (i > limit || (size_t)(t-token) > limit)) { *t = '\0'; return -1; } @@ -354,7 +354,7 @@ sldns_bget_token_par(sldns_buffer *b, char *token, const char *delim, } i++; - if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) { + if (limit > 0 && (i > limit || (size_t)(t-token) > limit)) { *t = '\0'; return -1; } From 5ae1544583f98054d22753434ac7da986e5347e5 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 8 Jan 2020 11:55:42 +0100 Subject: [PATCH 102/123] - Updated sldns_bget_token_par fix for also space for the zero delimiter after the character. --- doc/Changelog | 2 ++ sldns/parse.c | 11 ++++++----- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index 4f80bbe95..f1d8762ee 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -2,6 +2,8 @@ - Fix 'make test' to work for --disable-sha1 configure option. - Fix out-of-bounds null-byte write in sldns_bget_token_par while parsing type WKS, reported by Luis Merino from X41 D-Sec. + - Updated sldns_bget_token_par fix for also space for the zero + delimiter after the character. 6 January 2020: George - Downgrade compat/getentropy_solaris.c to version 1.4 from OpenBSD. diff --git a/sldns/parse.c b/sldns/parse.c index 2f9a15e01..832e643c6 100644 --- a/sldns/parse.c +++ b/sldns/parse.c @@ -120,7 +120,7 @@ sldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l if (line_nr) { *line_nr = *line_nr + 1; } - if (limit > 0 && (i > limit || (size_t)(t-token) > limit)) { + if (limit > 0 && (i+1 > limit || (size_t)(t-token)+1 > limit)) { *t = '\0'; return -1; } @@ -141,7 +141,8 @@ sldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l if (c != '\0' && c != '\n') { i++; } - if (limit > 0 && (i > limit || (size_t)(t-token) > limit)) { + /* is there space for the character and the zero after it */ + if (limit > 0 && (i+1 > limit || (size_t)(t-token)+1 > limit)) { *t = '\0'; return -1; } @@ -326,8 +327,8 @@ sldns_bget_token_par(sldns_buffer *b, char *token, const char *delim, /* in parentheses */ /* do not write ' ' if we want to skip spaces */ if(!(skipw && (strchr(skipw, c)||strchr(skipw, ' ')))) { - /* check for space for the space character */ - if (limit > 0 && (i > limit || (size_t)(t-token) > limit)) { + /* check for space for the space character and a zero delimiter after that. */ + if (limit > 0 && (i+1 > limit || (size_t)(t-token)+1 > limit)) { *t = '\0'; return -1; } @@ -354,7 +355,7 @@ sldns_bget_token_par(sldns_buffer *b, char *token, const char *delim, } i++; - if (limit > 0 && (i > limit || (size_t)(t-token) > limit)) { + if (limit > 0 && (i+1 > limit || (size_t)(t-token)+1 > limit)) { *t = '\0'; return -1; } From c4e199ecca8801ac51d4b0111f18b0e78c6a7f73 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 8 Jan 2020 12:58:07 +0100 Subject: [PATCH 103/123] - And update for more spare space. --- doc/Changelog | 2 +- sldns/parse.c | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index f1d8762ee..d84e4ad58 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -3,7 +3,7 @@ - Fix out-of-bounds null-byte write in sldns_bget_token_par while parsing type WKS, reported by Luis Merino from X41 D-Sec. - Updated sldns_bget_token_par fix for also space for the zero - delimiter after the character. + delimiter after the character. And update for more spare space. 6 January 2020: George - Downgrade compat/getentropy_solaris.c to version 1.4 from OpenBSD. diff --git a/sldns/parse.c b/sldns/parse.c index 832e643c6..f4de8602f 100644 --- a/sldns/parse.c +++ b/sldns/parse.c @@ -120,7 +120,7 @@ sldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l if (line_nr) { *line_nr = *line_nr + 1; } - if (limit > 0 && (i+1 > limit || (size_t)(t-token)+1 > limit)) { + if (limit > 0 && (i+1 >= limit || (size_t)(t-token)+1 >= limit)) { *t = '\0'; return -1; } @@ -142,7 +142,7 @@ sldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l i++; } /* is there space for the character and the zero after it */ - if (limit > 0 && (i+1 > limit || (size_t)(t-token)+1 > limit)) { + if (limit > 0 && (i+1 >= limit || (size_t)(t-token)+1 >= limit)) { *t = '\0'; return -1; } @@ -328,7 +328,7 @@ sldns_bget_token_par(sldns_buffer *b, char *token, const char *delim, /* do not write ' ' if we want to skip spaces */ if(!(skipw && (strchr(skipw, c)||strchr(skipw, ' ')))) { /* check for space for the space character and a zero delimiter after that. */ - if (limit > 0 && (i+1 > limit || (size_t)(t-token)+1 > limit)) { + if (limit > 0 && (i+1 >= limit || (size_t)(t-token)+1 >= limit)) { *t = '\0'; return -1; } @@ -355,7 +355,7 @@ sldns_bget_token_par(sldns_buffer *b, char *token, const char *delim, } i++; - if (limit > 0 && (i+1 > limit || (size_t)(t-token)+1 > limit)) { + if (limit > 0 && (i+1 >= limit || (size_t)(t-token)+1 >= limit)) { *t = '\0'; return -1; } From 89d98564c38b7d1318cf8c7af699a59c3bb03102 Mon Sep 17 00:00:00 2001 From: Maryse47 <41080948+Maryse47@users.noreply.github.com> Date: Wed, 8 Jan 2020 15:21:22 +0000 Subject: [PATCH 104/123] unbound.service.in: stop binding pidfile inside chroot dir Apparently pidfile isn't used inside chroot and binding it may cause some weird failures with older systemd. Fixes https://github.com/NLnetLabs/unbound/issues/138 --- contrib/unbound.service.in | 1 - 1 file changed, 1 deletion(-) diff --git a/contrib/unbound.service.in b/contrib/unbound.service.in index 6eb2d0c3f..13ca4b294 100644 --- a/contrib/unbound.service.in +++ b/contrib/unbound.service.in @@ -26,7 +26,6 @@ ReadWritePaths=/run @UNBOUND_RUN_DIR@ @UNBOUND_CHROOT_DIR@ TemporaryFileSystem=@UNBOUND_CHROOT_DIR@/dev:ro TemporaryFileSystem=@UNBOUND_CHROOT_DIR@/run:ro BindReadOnlyPaths=-/run/systemd/notify:@UNBOUND_CHROOT_DIR@/run/systemd/notify -BindPaths=-@UNBOUND_PIDFILE@:@UNBOUND_CHROOT_DIR@@UNBOUND_PIDFILE@ BindReadOnlyPaths=-/dev/urandom:@UNBOUND_CHROOT_DIR@/dev/urandom BindPaths=-/dev/log:@UNBOUND_CHROOT_DIR@/dev/log RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX From 92a525225b71d6aa55fd087e67ff027ca31cb91a Mon Sep 17 00:00:00 2001 From: Ralph Dolmans Date: Wed, 8 Jan 2020 16:36:18 +0100 Subject: [PATCH 105/123] - Add changelog entry for fix #138 (stop binding pidfile inside chroot dir in systemd service file). --- doc/Changelog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/Changelog b/doc/Changelog index d84e4ad58..5b699af01 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,7 @@ +8 January 2020: Ralph + - Fix #138: stop binding pidfile inside chroot dir in systemd service + file. + 8 January 2020: Wouter - Fix 'make test' to work for --disable-sha1 configure option. - Fix out-of-bounds null-byte write in sldns_bget_token_par while From a8db52120b3d3ac078601ed875e8eac92bbbae65 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Fri, 10 Jan 2020 10:04:50 +0100 Subject: [PATCH 106/123] - Fix the relationship between serve-expired and prefetch options, patch from Saksham Manchanda from Secure64. --- daemon/worker.c | 8 +++++--- doc/Changelog | 4 ++++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/daemon/worker.c b/daemon/worker.c index e2ce0e870..aa16650ec 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -1468,9 +1468,11 @@ lookup_cache: * Note that if there is more than one pass * its qname must be that used for cache * lookup. */ - if((worker->env.cfg->prefetch || worker->env.cfg->serve_expired) - && *worker->env.now >= - ((struct reply_info*)e->data)->prefetch_ttl) { + if((worker->env.cfg->prefetch && *worker->env.now >= + ((struct reply_info*)e->data)->prefetch_ttl) || + (worker->env.cfg->serve_expired && + *worker->env.now >= ((struct reply_info*)e->data)->ttl)) { + time_t leeway = ((struct reply_info*)e-> data)->ttl - *worker->env.now; if(((struct reply_info*)e->data)->ttl diff --git a/doc/Changelog b/doc/Changelog index 5b699af01..c14e79617 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,7 @@ +10 January 2020: Wouter + - Fix the relationship between serve-expired and prefetch options, + patch from Saksham Manchanda from Secure64. + 8 January 2020: Ralph - Fix #138: stop binding pidfile inside chroot dir in systemd service file. From e149bc70460268f7f559ce10ab7e3678a5baac0f Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Fri, 10 Jan 2020 11:28:01 +0100 Subject: [PATCH 107/123] - Fix unreachable code in ssl set options code. --- doc/Changelog | 1 + smallapp/unbound-control.c | 2 ++ testcode/petal.c | 2 ++ util/net_help.c | 4 ++++ 4 files changed, 9 insertions(+) diff --git a/doc/Changelog b/doc/Changelog index c14e79617..684a5728b 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,7 @@ 10 January 2020: Wouter - Fix the relationship between serve-expired and prefetch options, patch from Saksham Manchanda from Secure64. + - Fix unreachable code in ssl set options code. 8 January 2020: Ralph - Fix #138: stop binding pidfile inside chroot dir in systemd service diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c index ed8bad1e9..4f51e400e 100644 --- a/smallapp/unbound-control.c +++ b/smallapp/unbound-control.c @@ -493,9 +493,11 @@ setup_ctx(struct config_file* cfg) ctx = SSL_CTX_new(SSLv23_client_method()); if(!ctx) ssl_err("could not allocate SSL_CTX pointer"); +#if SSL_OP_NO_SSLv2 != 0 if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) != SSL_OP_NO_SSLv2) ssl_err("could not set SSL_OP_NO_SSLv2"); +#endif if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3) != SSL_OP_NO_SSLv3) ssl_err("could not set SSL_OP_NO_SSLv3"); diff --git a/testcode/petal.c b/testcode/petal.c index dcc31fdc5..123684aab 100644 --- a/testcode/petal.c +++ b/testcode/petal.c @@ -234,7 +234,9 @@ setup_ctx(char* key, char* cert) { SSL_CTX* ctx = SSL_CTX_new(SSLv23_server_method()); if(!ctx) print_exit("out of memory"); +#if SSL_OP_NO_SSLv2 != 0 (void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); +#endif (void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3); if(!SSL_CTX_use_certificate_chain_file(ctx, cert)) print_exit("cannot read cert"); diff --git a/util/net_help.c b/util/net_help.c index 9747b5d55..10c4acc47 100644 --- a/util/net_help.c +++ b/util/net_help.c @@ -728,11 +728,13 @@ listen_sslctx_setup(void* ctxt) #ifdef HAVE_SSL SSL_CTX* ctx = (SSL_CTX*)ctxt; /* no SSLv2, SSLv3 because has defects */ +#if SSL_OP_NO_SSLv2 != 0 if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) != SSL_OP_NO_SSLv2){ log_crypto_err("could not set SSL_OP_NO_SSLv2"); return 0; } +#endif if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3) != SSL_OP_NO_SSLv3){ log_crypto_err("could not set SSL_OP_NO_SSLv3"); @@ -968,12 +970,14 @@ void* connect_sslctx_create(char* key, char* pem, char* verifypem, int wincert) log_crypto_err("could not allocate SSL_CTX pointer"); return NULL; } +#if SSL_OP_NO_SSLv2 != 0 if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) != SSL_OP_NO_SSLv2) { log_crypto_err("could not set SSL_OP_NO_SSLv2"); SSL_CTX_free(ctx); return NULL; } +#endif if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3) != SSL_OP_NO_SSLv3) { log_crypto_err("could not set SSL_OP_NO_SSLv3"); From 9b3f3101e3d0b027ef7a7b4370587724a57abac2 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 14 Jan 2020 14:40:44 +0100 Subject: [PATCH 108/123] - Removed the dnscrypt_queries and dnscrypt_queries_chacha tests, because dnscrypt-proxy (2.0.36) does not support the test setup any more, and also the config file format does not seem to have the appropriate keys to recreate that setup. --- doc/Changelog | 6 + testdata/dnscrypt_queries.tdir/1.cert | Bin 124 -> 0 bytes testdata/dnscrypt_queries.tdir/1.key | 1 - testdata/dnscrypt_queries.tdir/1_chacha.cert | Bin 124 -> 0 bytes testdata/dnscrypt_queries.tdir/1_salsa.cert | Bin 124 -> 0 bytes testdata/dnscrypt_queries.tdir/2.cert | Bin 124 -> 0 bytes testdata/dnscrypt_queries.tdir/2.key | 1 - testdata/dnscrypt_queries.tdir/2_chacha.cert | Bin 124 -> 0 bytes testdata/dnscrypt_queries.tdir/2_salsa.cert | Bin 124 -> 0 bytes .../dnscrypt_queries.conf | 26 ----- .../dnscrypt_queries.dsc | 16 --- .../dnscrypt_queries.post | 20 ---- .../dnscrypt_queries.pre | 53 --------- .../dnscrypt_queries.test | 107 ------------------ .../dnscrypt_queries.testns | 63 ----------- testdata/dnscrypt_queries_chacha.tdir/1.key | 1 - .../1_chacha.cert | Bin 124 -> 0 bytes .../dnscrypt_queries_chacha.tdir/1_salsa.cert | Bin 124 -> 0 bytes testdata/dnscrypt_queries_chacha.tdir/2.key | 1 - .../2_chacha.cert | Bin 124 -> 0 bytes .../dnscrypt_queries_chacha.tdir/2_salsa.cert | Bin 124 -> 0 bytes .../dnscrypt_queries_chacha.conf | 24 ---- .../dnscrypt_queries_chacha.dsc | 16 --- .../dnscrypt_queries_chacha.post | 17 --- .../dnscrypt_queries_chacha.pre | 52 --------- .../dnscrypt_queries_chacha.test | 101 ----------------- .../dnscrypt_queries_chacha.testns | 63 ----------- .../dnscrypt_queries_chacha.tdir/precheck.sh | 27 ----- 28 files changed, 6 insertions(+), 589 deletions(-) delete mode 100644 testdata/dnscrypt_queries.tdir/1.cert delete mode 100644 testdata/dnscrypt_queries.tdir/1.key delete mode 100644 testdata/dnscrypt_queries.tdir/1_chacha.cert delete mode 100644 testdata/dnscrypt_queries.tdir/1_salsa.cert delete mode 100644 testdata/dnscrypt_queries.tdir/2.cert delete mode 100644 testdata/dnscrypt_queries.tdir/2.key delete mode 100644 testdata/dnscrypt_queries.tdir/2_chacha.cert delete mode 100644 testdata/dnscrypt_queries.tdir/2_salsa.cert delete mode 100644 testdata/dnscrypt_queries.tdir/dnscrypt_queries.conf delete mode 100644 testdata/dnscrypt_queries.tdir/dnscrypt_queries.dsc delete mode 100644 testdata/dnscrypt_queries.tdir/dnscrypt_queries.post delete mode 100644 testdata/dnscrypt_queries.tdir/dnscrypt_queries.pre delete mode 100644 testdata/dnscrypt_queries.tdir/dnscrypt_queries.test delete mode 100644 testdata/dnscrypt_queries.tdir/dnscrypt_queries.testns delete mode 100644 testdata/dnscrypt_queries_chacha.tdir/1.key delete mode 100644 testdata/dnscrypt_queries_chacha.tdir/1_chacha.cert delete mode 100644 testdata/dnscrypt_queries_chacha.tdir/1_salsa.cert delete mode 100644 testdata/dnscrypt_queries_chacha.tdir/2.key delete mode 100644 testdata/dnscrypt_queries_chacha.tdir/2_chacha.cert delete mode 100644 testdata/dnscrypt_queries_chacha.tdir/2_salsa.cert delete mode 100644 testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.conf delete mode 100644 testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.dsc delete mode 100644 testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.post delete mode 100644 testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.pre delete mode 100644 testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.test delete mode 100644 testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.testns delete mode 100644 testdata/dnscrypt_queries_chacha.tdir/precheck.sh diff --git a/doc/Changelog b/doc/Changelog index 684a5728b..59f8b5521 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,9 @@ +14 January 2020: Wouter + - Removed the dnscrypt_queries and dnscrypt_queries_chacha tests, + because dnscrypt-proxy (2.0.36) does not support the test setup + any more, and also the config file format does not seem to have + the appropriate keys to recreate that setup. + 10 January 2020: Wouter - Fix the relationship between serve-expired and prefetch options, patch from Saksham Manchanda from Secure64. diff --git a/testdata/dnscrypt_queries.tdir/1.cert b/testdata/dnscrypt_queries.tdir/1.cert deleted file mode 100644 index fbc529bfa3abc64f84dcde8b7b41c48375059d29..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 124 zcmZ?q3wCB;WMI$^4_>YA@9W0=!HOrL)J1l346k%r+{*9ITNvN5oV_a(_1U)|(a%KU zO3p_64?2x$GLs#%b_AcTHQbQ;XrGlJxBp!B=wh?NX$>m{yiAi_-hQ(BWxyJGdf}v& WR?VzpJ$;yb_&$?YARIYABMSg@x-xbE diff --git a/testdata/dnscrypt_queries.tdir/1.key b/testdata/dnscrypt_queries.tdir/1.key deleted file mode 100644 index 165262c86..000000000 --- a/testdata/dnscrypt_queries.tdir/1.key +++ /dev/null @@ -1 +0,0 @@ -®öÝìK¬‡#‘€4ùsŽ pèÖôÁæÀx!¹»AŠ"mM \ No newline at end of file diff --git a/testdata/dnscrypt_queries.tdir/1_chacha.cert b/testdata/dnscrypt_queries.tdir/1_chacha.cert deleted file mode 100644 index 3da5c612d06020c86edda3d99a31d9d44c20cd26..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 124 zcmZ?q3wCB;VqjRK{Q6Xq>2Kc6nkT;%Z`>at>Uj9aQ{^>>p6yw{<#d9ddA`K_|5h54 zZY=O}n8R$k=uBeKY^nAImXoaS@G?$Vu!{e%^nRn$8(ajoq#n!YsJ>Bb9h_nmH|rs* Zjezr6?cm#vN1*bN3$9y$aOtJnI{=8hINSgL diff --git a/testdata/dnscrypt_queries.tdir/1_salsa.cert b/testdata/dnscrypt_queries.tdir/1_salsa.cert deleted file mode 100644 index 17e447fc339b7e1d19d078e43cdf685cacacc6a6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 124 zcmZ?q3wCB;WMIgAwlO39lENChev9wxW`*9^Gh<>UL+HN?+Y6ln=LrYz-7<~Wd%>L_ zZ)6gh*IiQ-jL1GUW3N=mgDslsmZehtEKG-`_Zyww;3BXk^;kwn^^Icd;1r{{Sr1ul Y1f0)m2j6yt$ww|Y%?ZM#m(F(r0G>)XPXGV_ diff --git a/testdata/dnscrypt_queries.tdir/2.cert b/testdata/dnscrypt_queries.tdir/2.cert deleted file mode 100644 index ebf8ac108d141a1d247ec4c08c4bb37ec13508db..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 124 zcmZ?q3wCB;WMH`6a7UVRBhw!4878b(`7W`zS!C{GU`Yy{(A$`lwt07=)whXUtF1YM`(lvI1LnT6eL)A8bEhkvyY#B&;w$kRKT};77xas3 YnoQkTYfxtflaJ6_^a6yV_^)LE07hy#^8f$< diff --git a/testdata/dnscrypt_queries.tdir/2.key b/testdata/dnscrypt_queries.tdir/2.key deleted file mode 100644 index c299f550a..000000000 --- a/testdata/dnscrypt_queries.tdir/2.key +++ /dev/null @@ -1 +0,0 @@ -m7Ÿñâƒx;‘%׸õé*•ÜR¯äÓ¯¹mDªñ \ No newline at end of file diff --git a/testdata/dnscrypt_queries.tdir/2_chacha.cert b/testdata/dnscrypt_queries.tdir/2_chacha.cert deleted file mode 100644 index ed4ec26065a60f958ac8797b0515f692e2561152..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 124 zcmZ?q3wCB;VqjQp_UOOX7bc&L>5}pFB|+1_1)bhB^9Ng}QrFrVcYU1&Gx)jI?6{M# z{^oz3MM9f&Q`o;{8!&rDpDmZtJmbW)kn8K`@cnzEZd|I6JoA0+Vn2LPf}JkrbK?xa|s(C2#RraymOa5q+ zm`UrFB~;fg48Qo~I@8&j^IF`CRMuaLX8Za%eE;648<#31&wO9|xTH&HQQeHcm*uNs Ym~u@y{yi{($ww|Y%?ZM#m(F(r03OOaw*UYD diff --git a/testdata/dnscrypt_queries.tdir/dnscrypt_queries.conf b/testdata/dnscrypt_queries.tdir/dnscrypt_queries.conf deleted file mode 100644 index 355d4ff13..000000000 --- a/testdata/dnscrypt_queries.tdir/dnscrypt_queries.conf +++ /dev/null @@ -1,26 +0,0 @@ -server: - verbosity: 2 - # num-threads: 1 - port: @PORT@ - interface: 0.0.0.0 - interface: 0.0.0.0@@DNSCRYPT_PORT@ - use-syslog: no - directory: . - pidfile: "unbound.pid" - chroot: "" - username: "" - do-not-query-localhost: no - -forward-zone: - name: "." - forward-addr: "127.0.0.1@@TOPORT@" - -dnscrypt: - dnscrypt-enable: yes - dnscrypt-port: @DNSCRYPT_PORT@ - dnscrypt-provider: 2.dnscrypt-cert.example.com. - dnscrypt-secret-key: 1.key - dnscrypt-secret-key: 2.key - dnscrypt-provider-cert: 1_salsa.cert - dnscrypt-provider-cert: 2_salsa.cert - diff --git a/testdata/dnscrypt_queries.tdir/dnscrypt_queries.dsc b/testdata/dnscrypt_queries.tdir/dnscrypt_queries.dsc deleted file mode 100644 index e1e653e57..000000000 --- a/testdata/dnscrypt_queries.tdir/dnscrypt_queries.dsc +++ /dev/null @@ -1,16 +0,0 @@ -BaseName: dnscrypt_queries -Version: 1.0 -Description: dnscrypt queries. -CreationDate: Fri Mar 03 10:08:08 CEST 2017 -Maintainer: Emmanuel Bretelle -Category: -Component: -CmdDepends: -Depends: -Help: -Pre: dnscrypt_queries.pre -Post: dnscrypt_queries.post -Test: dnscrypt_queries.test -AuxFiles: -Passed: -Failure: diff --git a/testdata/dnscrypt_queries.tdir/dnscrypt_queries.post b/testdata/dnscrypt_queries.tdir/dnscrypt_queries.post deleted file mode 100644 index b61480616..000000000 --- a/testdata/dnscrypt_queries.tdir/dnscrypt_queries.post +++ /dev/null @@ -1,20 +0,0 @@ -# #-- dnscrypt_queries.post --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# source the test var file when it's there -[ -f .tpkg.var.test ] && source .tpkg.var.test -# -# do your teardown here -PRE="../.." -. ../common.sh -# if no dnscrypt; exit -if grep "define USE_DNSCRYPT 1" $PRE/config.h; then - echo "have dnscrypt" -else - echo "no dnscrypt" - exit 0 -fi - -kill_pid $FWD_PID -kill_pid $UNBOUND_PID -kill_pid $PROXY_PID diff --git a/testdata/dnscrypt_queries.tdir/dnscrypt_queries.pre b/testdata/dnscrypt_queries.tdir/dnscrypt_queries.pre deleted file mode 100644 index 288a66541..000000000 --- a/testdata/dnscrypt_queries.tdir/dnscrypt_queries.pre +++ /dev/null @@ -1,53 +0,0 @@ -# #-- dnscrypt_queries.pre--# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." -. ../common.sh -# if no dnscrypt; exit -if grep "define USE_DNSCRYPT 1" $PRE/config.h; then - echo "have dnscrypt" -else - echo "no dnscrypt" - exit 0 -fi - -get_random_port 4 -UNBOUND_PORT=$RND_PORT -FWD_PORT=$(($RND_PORT + 1)) -DNSCRYPT_PORT=$(($RND_PORT + 2)) -PROXY_PORT=$(($RND_PORT + 3)) -echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test -echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test -echo "DNSCRYPT_PORT=$DNSCRYPT_PORT" >> .tpkg.var.test -echo "PROXY_PORT=$PROXY_PORT" >> .tpkg.var.test - -# start forwarder -get_ldns_testns -$LDNS_TESTNS -p $FWD_PORT dnscrypt_queries.testns >fwd.log 2>&1 & -FWD_PID=$! -echo "FWD_PID=$FWD_PID" >> .tpkg.var.test - -dnscrypt-proxy --local-address=127.0.0.1:${PROXY_PORT} \ - --resolver-address=127.0.0.1:${DNSCRYPT_PORT} \ - --provider-name=2.dnscrypt-cert.example.com \ - --provider-key=B85F:41A1:4F23:F7DB:C866:F397:CC6F:44B6:5F9D:65C5:B629:7C27:5403:A6E9:DCF2:4F9D \ - -m 32 \ - >dnscryptproxy.log 2>&1 & -PROXY_PID=$! -echo "PROXY_PID=$PROXY_PID" >> .tpkg.var.test - -# make config file -sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' \ - -e 's/@DNSCRYPT_PORT\@/'$DNSCRYPT_PORT'/' < dnscrypt_queries.conf > ub.conf -# start unbound in the background -$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & -UNBOUND_PID=$! -echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test - -cat .tpkg.var.test -wait_ldns_testns_up fwd.log -wait_unbound_up unbound.log -wait_server_up dnscryptproxy.log "Proxying from" diff --git a/testdata/dnscrypt_queries.tdir/dnscrypt_queries.test b/testdata/dnscrypt_queries.tdir/dnscrypt_queries.test deleted file mode 100644 index 5614a444d..000000000 --- a/testdata/dnscrypt_queries.tdir/dnscrypt_queries.test +++ /dev/null @@ -1,107 +0,0 @@ -# #-- dnscrypt_queries.test --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." -. ../common.sh -# if no dnscrypt; exit -if grep "define USE_DNSCRYPT 1" $PRE/config.h; then - echo "have dnscrypt" -else - echo "no dnscrypt" - exit 0 -fi - - -# do the test -for opt in '' '+tcp' -do - echo "> do queries ${opt}" - dig @127.0.0.1 ${opt} -p $PROXY_PORT www1.example.com. >outfile1 & - digpid1=$! - dig @127.0.0.1 ${opt} -p $PROXY_PORT www2.example.com. >outfile2 & - digpid2=$! - dig @127.0.0.1 ${opt} -p $PROXY_PORT www3.example.com. >outfile3 & - digpid3=$! - dig @127.0.0.1 ${opt} -p $PROXY_PORT www4.example.com. >outfile4 & - digpid4=$! - dig @127.0.0.1 ${opt} -p $PROXY_PORT www5.example.com. >outfile5 & - digpid5=$! - dig @127.0.0.1 ${opt} -p $PROXY_PORT www6.example.com. >outfile6 & - digpid6=$! - sleep 1 - kill -9 $digpid1 - kill -9 $digpid2 - kill -9 $digpid3 - kill -9 $digpid4 - kill -9 $digpid5 - kill -9 $digpid6 - - echo "> cat outfile1" - cat outfile1 - echo "> cat outfile2" - cat outfile2 - echo "> cat outfile3" - cat outfile3 - echo "> cat outfile4" - cat outfile4 - echo "> cat outfile5" - cat outfile5 - echo "> cat outfile6" - cat outfile6 - echo "> cat logfiles" - cat fwd.log - cat unbound.log - - echo "> check for ID bit collisions" - grep "pending reply" unbound.log > ids - numsend=`cat ids | wc -l` - cat ids | awk '{print $8};' | sort -u > ids2 - numuniq=`cat ids2 | wc -l` - if test $numuniq -ne $numsend; then - echo "got a ID number clash. could not do test, sorry" - exit 0 - fi - - echo "> check answers for queries" - if grep "10.20.30.40" outfile1; then - echo "1 is OK" - else - echo "1 is not OK" - exit 1 - fi - if grep "10.20.30.50" outfile2; then - echo "2 is OK" - else - echo "2 is not OK" - exit 1 - fi - if grep "10.20.30.60" outfile3; then - echo "3 is OK" - else - echo "3 is not OK" - exit 1 - fi - if grep "10.20.30.70" outfile4; then - echo "4 is OK" - else - echo "4 is not OK" - exit 1 - fi - if grep "10.20.30.80" outfile5; then - echo "5 is OK" - else - echo "5 is not OK" - exit 1 - fi - if grep "10.20.30.90" outfile6; then - echo "6 is OK" - else - echo "6 is not OK" - exit 1 - fi -done - -exit 0 diff --git a/testdata/dnscrypt_queries.tdir/dnscrypt_queries.testns b/testdata/dnscrypt_queries.tdir/dnscrypt_queries.testns deleted file mode 100644 index f03c15f76..000000000 --- a/testdata/dnscrypt_queries.tdir/dnscrypt_queries.testns +++ /dev/null @@ -1,63 +0,0 @@ -; nameserver test file -$ORIGIN example.com. -$TTL 3600 - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -www1 IN A -SECTION ANSWER -www1 IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -www2 IN A -SECTION ANSWER -www2 IN A 10.20.30.50 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -www3 IN A -SECTION ANSWER -www3 IN A 10.20.30.60 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -www4 IN A -SECTION ANSWER -www4 IN A 10.20.30.70 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -www5 IN A -SECTION ANSWER -www5 IN A 10.20.30.80 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -www6 IN A -SECTION ANSWER -www6 IN A 10.20.30.90 -ENTRY_END diff --git a/testdata/dnscrypt_queries_chacha.tdir/1.key b/testdata/dnscrypt_queries_chacha.tdir/1.key deleted file mode 100644 index 165262c86..000000000 --- a/testdata/dnscrypt_queries_chacha.tdir/1.key +++ /dev/null @@ -1 +0,0 @@ -®öÝìK¬‡#‘€4ùsŽ pèÖôÁæÀx!¹»AŠ"mM \ No newline at end of file diff --git a/testdata/dnscrypt_queries_chacha.tdir/1_chacha.cert b/testdata/dnscrypt_queries_chacha.tdir/1_chacha.cert deleted file mode 100644 index 3da5c612d06020c86edda3d99a31d9d44c20cd26..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 124 zcmZ?q3wCB;VqjRK{Q6Xq>2Kc6nkT;%Z`>at>Uj9aQ{^>>p6yw{<#d9ddA`K_|5h54 zZY=O}n8R$k=uBeKY^nAImXoaS@G?$Vu!{e%^nRn$8(ajoq#n!YsJ>Bb9h_nmH|rs* Zjezr6?cm#vN1*bN3$9y$aOtJnI{=8hINSgL diff --git a/testdata/dnscrypt_queries_chacha.tdir/1_salsa.cert b/testdata/dnscrypt_queries_chacha.tdir/1_salsa.cert deleted file mode 100644 index 17e447fc339b7e1d19d078e43cdf685cacacc6a6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 124 zcmZ?q3wCB;WMIgAwlO39lENChev9wxW`*9^Gh<>UL+HN?+Y6ln=LrYz-7<~Wd%>L_ zZ)6gh*IiQ-jL1GUW3N=mgDslsmZehtEKG-`_Zyww;3BXk^;kwn^^Icd;1r{{Sr1ul Y1f0)m2j6yt$ww|Y%?ZM#m(F(r0G>)XPXGV_ diff --git a/testdata/dnscrypt_queries_chacha.tdir/2.key b/testdata/dnscrypt_queries_chacha.tdir/2.key deleted file mode 100644 index c299f550a..000000000 --- a/testdata/dnscrypt_queries_chacha.tdir/2.key +++ /dev/null @@ -1 +0,0 @@ -m7Ÿñâƒx;‘%׸õé*•ÜR¯äÓ¯¹mDªñ \ No newline at end of file diff --git a/testdata/dnscrypt_queries_chacha.tdir/2_chacha.cert b/testdata/dnscrypt_queries_chacha.tdir/2_chacha.cert deleted file mode 100644 index ed4ec26065a60f958ac8797b0515f692e2561152..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 124 zcmZ?q3wCB;VqjQp_UOOX7bc&L>5}pFB|+1_1)bhB^9Ng}QrFrVcYU1&Gx)jI?6{M# z{^oz3MM9f&Q`o;{8!&rDpDmZtJmbW)kn8K`@cnzEZd|I6JoA0+Vn2LPf}JkrbK?xa|s(C2#RraymOa5q+ zm`UrFB~;fg48Qo~I@8&j^IF`CRMuaLX8Za%eE;648<#31&wO9|xTH&HQQeHcm*uNs Ym~u@y{yi{($ww|Y%?ZM#m(F(r03OOaw*UYD diff --git a/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.conf b/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.conf deleted file mode 100644 index 9e269ba60..000000000 --- a/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.conf +++ /dev/null @@ -1,24 +0,0 @@ -server: - verbosity: 2 - # num-threads: 1 - port: @PORT@ - interface: 0.0.0.0 - interface: 0.0.0.0@@DNSCRYPT_PORT@ - use-syslog: no - directory: . - pidfile: "unbound.pid" - chroot: "" - username: "" - do-not-query-localhost: no - -forward-zone: - name: "." - forward-addr: "127.0.0.1@@TOPORT@" - -dnscrypt: - dnscrypt-enable: yes - dnscrypt-port: @DNSCRYPT_PORT@ - dnscrypt-provider: 2.dnscrypt-cert.example.com. - dnscrypt-secret-key: 2.key - dnscrypt-provider-cert: 2_salsa.cert - dnscrypt-provider-cert: 2_chacha.cert diff --git a/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.dsc b/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.dsc deleted file mode 100644 index 372126bc3..000000000 --- a/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.dsc +++ /dev/null @@ -1,16 +0,0 @@ -BaseName: dnscrypt_queries_chacha -Version: 1.0 -Description: dnscrypt queries using xchacha -CreationDate: Thu Jun 01 10:08:08 CEST 2017 -Maintainer: Emmanuel Bretelle -Category: -Component: -CmdDepends: -Depends: -Help: -Pre: dnscrypt_queries_chacha.pre -Post: dnscrypt_queries_chacha.post -Test: dnscrypt_queries_chacha.test -AuxFiles: -Passed: -Failure: diff --git a/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.post b/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.post deleted file mode 100644 index 1ca6a7e3f..000000000 --- a/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.post +++ /dev/null @@ -1,17 +0,0 @@ -# #-- dnscrypt_queries_chacha.post --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# source the test var file when it's there -[ -f .tpkg.var.test ] && source .tpkg.var.test -# -# do your teardown here -PRE="../.." -. ../common.sh - -# Check if we can run the test. -. ./precheck.sh - - -kill_pid $FWD_PID -kill_pid $UNBOUND_PID -kill_pid $PROXY_PID diff --git a/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.pre b/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.pre deleted file mode 100644 index 6474c540d..000000000 --- a/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.pre +++ /dev/null @@ -1,52 +0,0 @@ -# #-- dnscrypt_queries_chacha.pre--# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." -. ../common.sh -# Check if we can run the test. -. ./precheck.sh - -get_random_port 4 -UNBOUND_PORT=$RND_PORT -FWD_PORT=$(($RND_PORT + 1)) -DNSCRYPT_PORT=$(($RND_PORT + 2)) -PROXY_PORT=$(($RND_PORT + 3)) -echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test -echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test -echo "DNSCRYPT_PORT=$DNSCRYPT_PORT" >> .tpkg.var.test -echo "PROXY_PORT=$PROXY_PORT" >> .tpkg.var.test - -# start forwarder -get_ldns_testns -$LDNS_TESTNS -p $FWD_PORT dnscrypt_queries_chacha.testns >fwd.log 2>&1 & -FWD_PID=$! -echo "FWD_PID=$FWD_PID" >> .tpkg.var.test - -dnscrypt-proxy --local-address=127.0.0.1:${PROXY_PORT} \ - --resolver-address=127.0.0.1:${DNSCRYPT_PORT} \ - --provider-name=2.dnscrypt-cert.example.com \ - --provider-key=C352:1F20:F2D2:FD65:B5F4:7BF6:6C1A:88C1:4BCB:80CE:1E3A:3572:5CB1:7D4B:12D3:E783 \ - -m 32 \ - >dnscryptproxy.log 2>&1 & -PROXY_PID=$! -echo "PROXY_PID=$PROXY_PID" >> .tpkg.var.test - -# make config file -sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' \ - -e 's/@DNSCRYPT_PORT\@/'$DNSCRYPT_PORT'/' < dnscrypt_queries_chacha.conf > ub.conf -# start unbound in the background -$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & -UNBOUND_PID=$! -echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test - -cat .tpkg.var.test -wait_ldns_testns_up fwd.log -wait_unbound_up unbound.log -wait_server_up dnscryptproxy.log "Proxying from" -if ! grep 'Using version 2.0 of the DNSCrypt protocol' dnscryptproxy.log; then - echo "Failed to select xchacha cert" - exit 1 -fi diff --git a/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.test b/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.test deleted file mode 100644 index 455c506a0..000000000 --- a/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.test +++ /dev/null @@ -1,101 +0,0 @@ -# #-- dnscrypt_queries_chacha.test --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." -. ../common.sh -# Check if we can run the test. -. ./precheck.sh - -# do the test -for opt in '' '+tcp' -do - echo "> do queries ${opt}" - dig @127.0.0.1 ${opt} -p $PROXY_PORT www1.example.com. >outfile1 & - digpid1=$! - dig @127.0.0.1 ${opt} -p $PROXY_PORT www2.example.com. >outfile2 & - digpid2=$! - dig @127.0.0.1 ${opt} -p $PROXY_PORT www3.example.com. >outfile3 & - digpid3=$! - dig @127.0.0.1 ${opt} -p $PROXY_PORT www4.example.com. >outfile4 & - digpid4=$! - dig @127.0.0.1 ${opt} -p $PROXY_PORT www5.example.com. >outfile5 & - digpid5=$! - dig @127.0.0.1 ${opt} -p $PROXY_PORT www6.example.com. >outfile6 & - digpid6=$! - sleep 1 - kill -9 $digpid1 - kill -9 $digpid2 - kill -9 $digpid3 - kill -9 $digpid4 - kill -9 $digpid5 - kill -9 $digpid6 - - echo "> cat outfile1" - cat outfile1 - echo "> cat outfile2" - cat outfile2 - echo "> cat outfile3" - cat outfile3 - echo "> cat outfile4" - cat outfile4 - echo "> cat outfile5" - cat outfile5 - echo "> cat outfile6" - cat outfile6 - echo "> cat logfiles" - cat fwd.log - cat unbound.log - - echo "> check for ID bit collisions" - grep "pending reply" unbound.log > ids - numsend=`cat ids | wc -l` - cat ids | awk '{print $8};' | sort -u > ids2 - numuniq=`cat ids2 | wc -l` - if test $numuniq -ne $numsend; then - echo "got a ID number clash. could not do test, sorry" - exit 0 - fi - - echo "> check answers for queries" - if grep "10.20.30.40" outfile1; then - echo "1 is OK" - else - echo "1 is not OK" - exit 1 - fi - if grep "10.20.30.50" outfile2; then - echo "2 is OK" - else - echo "2 is not OK" - exit 1 - fi - if grep "10.20.30.60" outfile3; then - echo "3 is OK" - else - echo "3 is not OK" - exit 1 - fi - if grep "10.20.30.70" outfile4; then - echo "4 is OK" - else - echo "4 is not OK" - exit 1 - fi - if grep "10.20.30.80" outfile5; then - echo "5 is OK" - else - echo "5 is not OK" - exit 1 - fi - if grep "10.20.30.90" outfile6; then - echo "6 is OK" - else - echo "6 is not OK" - exit 1 - fi -done - -exit 0 diff --git a/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.testns b/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.testns deleted file mode 100644 index f03c15f76..000000000 --- a/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.testns +++ /dev/null @@ -1,63 +0,0 @@ -; nameserver test file -$ORIGIN example.com. -$TTL 3600 - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -www1 IN A -SECTION ANSWER -www1 IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -www2 IN A -SECTION ANSWER -www2 IN A 10.20.30.50 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -www3 IN A -SECTION ANSWER -www3 IN A 10.20.30.60 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -www4 IN A -SECTION ANSWER -www4 IN A 10.20.30.70 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -www5 IN A -SECTION ANSWER -www5 IN A 10.20.30.80 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -www6 IN A -SECTION ANSWER -www6 IN A 10.20.30.90 -ENTRY_END diff --git a/testdata/dnscrypt_queries_chacha.tdir/precheck.sh b/testdata/dnscrypt_queries_chacha.tdir/precheck.sh deleted file mode 100644 index 8288d9516..000000000 --- a/testdata/dnscrypt_queries_chacha.tdir/precheck.sh +++ /dev/null @@ -1,27 +0,0 @@ -# dnscrypt precheck.sh - -# if no dnscrypt; exit -if grep "define USE_DNSCRYPT 1" $PRE/config.h; then - echo "have dnscrypt" -else - echo "no dnscrypt" - exit 0 -fi - -# if no xchacha20 support in unbound; exit -if grep "define USE_DNSCRYPT_XCHACHA20 1" $PRE/config.h; then - echo "have xchacha20" - xchacha20=1 -else - echo "no xchacha20" - xchacha20=0 - exit 0 -fi - -# if dnscrypt-proxy does not support xchacha20; exit -if (dnscrypt-proxy -h 2>&1 | grep -q 'XChaCha20-Poly1305 cipher: present'); then - echo "dnscrypt-proxy has xchacha20" -else - echo "dnscrypt-proxy does not have xchacha20" - exit 0 -fi From 2c4be0c2012a157e0dde6e7cf7712ec146931186 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 14 Jan 2020 15:18:52 +0100 Subject: [PATCH 109/123] - Fix crash after reload where a stats lookup could reference old key cache and neg cache structures. --- doc/Changelog | 2 ++ .../remote-threaded.tdir/remote-threaded.test | 26 ++++++++++--------- validator/validator.c | 2 ++ 3 files changed, 18 insertions(+), 12 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index 59f8b5521..8fd0e38ae 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -3,6 +3,8 @@ because dnscrypt-proxy (2.0.36) does not support the test setup any more, and also the config file format does not seem to have the appropriate keys to recreate that setup. + - Fix crash after reload where a stats lookup could reference old key + cache and neg cache structures. 10 January 2020: Wouter - Fix the relationship between serve-expired and prefetch options, diff --git a/testdata/remote-threaded.tdir/remote-threaded.test b/testdata/remote-threaded.tdir/remote-threaded.test index 7392fa909..e2f6b2783 100644 --- a/testdata/remote-threaded.tdir/remote-threaded.test +++ b/testdata/remote-threaded.tdir/remote-threaded.test @@ -25,7 +25,7 @@ if grep "10.20.30.40" outfile; then echo "OK" else echo "> cat logfiles" - cat fwd.log + cat fwd.log cat unbound.log echo "Not OK" exit 1 @@ -37,7 +37,7 @@ $PRE/unbound-control -c ub.conf blablargh if test $? -ne 1; then echo "wrong exit value on error." echo "> cat logfiles" - cat fwd.log + cat fwd.log cat unbound.log exit 1 else @@ -61,7 +61,7 @@ if grep "5.6.7.8" outfile; then echo "OK" else echo "> cat logfiles" - cat fwd.log + cat fwd.log cat unbound.log echo "Not OK" exit 1 @@ -72,6 +72,8 @@ echo "$PRE/unbound-control -c ub.conf stats" $PRE/unbound-control -c ub.conf stats > tmp.$$ if test $? -ne 0; then echo "wrong exit value after success" + cat fwd.log + cat unbound.log exit 1 fi if grep "^total.num.queries=[1-9][0-9]*$" tmp.$$; then @@ -90,7 +92,7 @@ if test $? -ne 0; then exit 1 fi -# check syntax error in parse +# check syntax error in parse echo "$PRE/unbound-control -c ub.conf verbosity jkdf" $PRE/unbound-control -c ub.conf verbosity jkdf if test $? -ne 1; then @@ -135,7 +137,7 @@ if grep "192.0.2.1" outfile; then echo "OK" else echo "> cat logfiles" - cat fwd.log + cat fwd.log cat unbound.log echo "Not OK" exit 1 @@ -149,7 +151,7 @@ if grep "NXDOMAIN" outfile; then echo "OK" else echo "> cat logfiles" - cat fwd.log + cat fwd.log cat unbound.log echo "Not OK" exit 1 @@ -169,7 +171,7 @@ if grep "NXDOMAIN" outfile; then echo "OK" else echo "> cat logfiles" - cat fwd.log + cat fwd.log cat unbound.log echo "Not OK" exit 1 @@ -189,7 +191,7 @@ if grep "SERVFAIL" outfile; then echo "OK" else echo "> cat logfiles" - cat fwd.log + cat fwd.log cat unbound.log echo "Not OK" exit 1 @@ -216,7 +218,7 @@ else exit 1 fi -# test lookup +# test lookup echo "$PRE/unbound-control -c ub.conf lookup www.example.com" $PRE/unbound-control -c ub.conf lookup www.example.com if test $? -ne 0; then @@ -282,7 +284,7 @@ done if kill -0 $UNBOUND_PID; then echo "still up!" echo "> cat logfiles" - cat fwd.log + cat fwd.log cat unbound.log echo "not stopped, failure" exit 1 @@ -294,7 +296,7 @@ else echo "lock-verify test worked." else echo "lock-verify test failed." - cat fwd.log + cat fwd.log cat unbound.log exit 1 fi @@ -302,7 +304,7 @@ else fi echo "> cat logfiles" -cat fwd.log +cat fwd.log cat unbound.log echo "> OK" exit 0 diff --git a/validator/validator.c b/validator/validator.c index 1e052a0e2..c3ca0a27d 100644 --- a/validator/validator.c +++ b/validator/validator.c @@ -200,7 +200,9 @@ val_deinit(struct module_env* env, int id) anchors_delete(env->anchors); env->anchors = NULL; key_cache_delete(val_env->kcache); + env->key_cache = NULL; neg_cache_delete(val_env->neg_cache); + env->neg_cache = NULL; free(val_env->nsec3_keysize); free(val_env->nsec3_maxiter); free(val_env); From ea26e5038eb0906fd5f868410260796c9df5a6bc Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 14 Jan 2020 15:48:27 +0100 Subject: [PATCH 110/123] - Fix for memory leak when edns subnet config options are read when compiled without edns subnet support. --- doc/Changelog | 2 + util/configparser.c | 1078 ++++++++++++++++++++++--------------------- util/configparser.y | 2 + 3 files changed, 544 insertions(+), 538 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index 8fd0e38ae..c085d7e9d 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -5,6 +5,8 @@ the appropriate keys to recreate that setup. - Fix crash after reload where a stats lookup could reference old key cache and neg cache structures. + - Fix for memory leak when edns subnet config options are read when + compiled without edns subnet support. 10 January 2020: Wouter - Fix the relationship between serve-expired and prefetch options, diff --git a/util/configparser.c b/util/configparser.c index 29d86e472..fda5d0ab6 100644 --- a/util/configparser.c +++ b/util/configparser.c @@ -1037,37 +1037,37 @@ static const yytype_uint16 yyrline[] = 304, 304, 304, 304, 305, 305, 307, 321, 322, 323, 323, 323, 323, 324, 324, 324, 326, 342, 343, 344, 344, 344, 344, 345, 345, 345, 346, 348, 357, 366, - 377, 386, 395, 404, 415, 424, 435, 448, 463, 474, - 491, 508, 525, 542, 557, 572, 585, 600, 609, 618, - 627, 636, 645, 654, 663, 672, 681, 690, 699, 708, - 717, 730, 739, 752, 761, 770, 779, 786, 793, 802, - 809, 818, 826, 833, 840, 848, 857, 866, 880, 889, - 898, 907, 916, 925, 934, 941, 948, 974, 982, 989, - 996, 1003, 1010, 1018, 1026, 1034, 1041, 1052, 1063, 1070, - 1079, 1088, 1097, 1104, 1111, 1119, 1127, 1137, 1147, 1157, - 1165, 1178, 1189, 1197, 1210, 1219, 1228, 1237, 1247, 1257, - 1265, 1278, 1287, 1295, 1304, 1312, 1325, 1334, 1341, 1351, - 1361, 1371, 1381, 1391, 1401, 1411, 1421, 1428, 1435, 1442, - 1451, 1460, 1469, 1478, 1485, 1495, 1515, 1522, 1540, 1553, - 1566, 1575, 1584, 1593, 1602, 1612, 1622, 1633, 1642, 1651, - 1660, 1669, 1682, 1695, 1704, 1711, 1720, 1729, 1738, 1747, - 1755, 1768, 1776, 1817, 1824, 1839, 1849, 1859, 1866, 1873, - 1880, 1889, 1897, 1911, 1932, 1953, 1965, 1977, 1989, 1998, - 2019, 2029, 2038, 2046, 2054, 2067, 2080, 2095, 2110, 2119, - 2128, 2134, 2143, 2152, 2162, 2172, 2185, 2198, 2210, 2224, - 2236, 2250, 2260, 2267, 2274, 2283, 2292, 2302, 2312, 2322, - 2329, 2336, 2345, 2354, 2364, 2374, 2381, 2388, 2395, 2403, - 2413, 2423, 2433, 2443, 2482, 2492, 2500, 2508, 2523, 2532, - 2537, 2538, 2539, 2539, 2539, 2540, 2540, 2540, 2541, 2541, - 2543, 2553, 2562, 2569, 2576, 2583, 2590, 2597, 2604, 2609, - 2610, 2611, 2611, 2612, 2612, 2613, 2613, 2614, 2615, 2616, - 2617, 2618, 2619, 2621, 2630, 2637, 2646, 2655, 2662, 2669, - 2679, 2689, 2699, 2709, 2719, 2729, 2734, 2735, 2736, 2738, - 2744, 2754, 2761, 2770, 2778, 2783, 2784, 2786, 2786, 2786, - 2787, 2787, 2788, 2789, 2790, 2791, 2792, 2794, 2804, 2813, - 2820, 2829, 2836, 2845, 2853, 2866, 2874, 2887, 2892, 2893, - 2894, 2894, 2895, 2895, 2895, 2897, 2912, 2927, 2939, 2954, - 2967, 2978, 2983, 2984, 2985, 2985, 2987, 3002 + 377, 386, 395, 404, 415, 424, 436, 450, 465, 476, + 493, 510, 527, 544, 559, 574, 587, 602, 611, 620, + 629, 638, 647, 656, 665, 674, 683, 692, 701, 710, + 719, 732, 741, 754, 763, 772, 781, 788, 795, 804, + 811, 820, 828, 835, 842, 850, 859, 868, 882, 891, + 900, 909, 918, 927, 936, 943, 950, 976, 984, 991, + 998, 1005, 1012, 1020, 1028, 1036, 1043, 1054, 1065, 1072, + 1081, 1090, 1099, 1106, 1113, 1121, 1129, 1139, 1149, 1159, + 1167, 1180, 1191, 1199, 1212, 1221, 1230, 1239, 1249, 1259, + 1267, 1280, 1289, 1297, 1306, 1314, 1327, 1336, 1343, 1353, + 1363, 1373, 1383, 1393, 1403, 1413, 1423, 1430, 1437, 1444, + 1453, 1462, 1471, 1480, 1487, 1497, 1517, 1524, 1542, 1555, + 1568, 1577, 1586, 1595, 1604, 1614, 1624, 1635, 1644, 1653, + 1662, 1671, 1684, 1697, 1706, 1713, 1722, 1731, 1740, 1749, + 1757, 1770, 1778, 1819, 1826, 1841, 1851, 1861, 1868, 1875, + 1882, 1891, 1899, 1913, 1934, 1955, 1967, 1979, 1991, 2000, + 2021, 2031, 2040, 2048, 2056, 2069, 2082, 2097, 2112, 2121, + 2130, 2136, 2145, 2154, 2164, 2174, 2187, 2200, 2212, 2226, + 2238, 2252, 2262, 2269, 2276, 2285, 2294, 2304, 2314, 2324, + 2331, 2338, 2347, 2356, 2366, 2376, 2383, 2390, 2397, 2405, + 2415, 2425, 2435, 2445, 2484, 2494, 2502, 2510, 2525, 2534, + 2539, 2540, 2541, 2541, 2541, 2542, 2542, 2542, 2543, 2543, + 2545, 2555, 2564, 2571, 2578, 2585, 2592, 2599, 2606, 2611, + 2612, 2613, 2613, 2614, 2614, 2615, 2615, 2616, 2617, 2618, + 2619, 2620, 2621, 2623, 2632, 2639, 2648, 2657, 2664, 2671, + 2681, 2691, 2701, 2711, 2721, 2731, 2736, 2737, 2738, 2740, + 2746, 2756, 2763, 2772, 2780, 2785, 2786, 2788, 2788, 2788, + 2789, 2789, 2790, 2791, 2792, 2793, 2794, 2796, 2806, 2815, + 2822, 2831, 2838, 2847, 2855, 2868, 2876, 2889, 2894, 2895, + 2896, 2896, 2897, 2897, 2897, 2899, 2914, 2929, 2941, 2956, + 2969, 2980, 2985, 2986, 2987, 2987, 2989, 3004 }; #endif @@ -2790,13 +2790,14 @@ yyreduce: fatal_exit("out of memory adding client-subnet"); #else OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); + free((yyvsp[0].str)); #endif } -#line 2796 "util/configparser.c" +#line 2797 "util/configparser.c" break; case 256: -#line 436 "./util/configparser.y" +#line 437 "./util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(server_client_subnet_zone:%s)\n", (yyvsp[0].str))); @@ -2805,13 +2806,14 @@ yyreduce: fatal_exit("out of memory adding client-subnet-zone"); #else OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); + free((yyvsp[0].str)); #endif } -#line 2811 "util/configparser.c" +#line 2813 "util/configparser.c" break; case 257: -#line 449 "./util/configparser.y" +#line 451 "./util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(server_client_subnet_always_forward:%s)\n", (yyvsp[0].str))); @@ -2825,11 +2827,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 2829 "util/configparser.c" +#line 2831 "util/configparser.c" break; case 258: -#line 464 "./util/configparser.y" +#line 466 "./util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(client_subnet_opcode:%s)\n", (yyvsp[0].str))); @@ -2839,11 +2841,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 2843 "util/configparser.c" +#line 2845 "util/configparser.c" break; case 259: -#line 475 "./util/configparser.y" +#line 477 "./util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(max_client_subnet_ipv4:%s)\n", (yyvsp[0].str))); @@ -2859,11 +2861,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 2863 "util/configparser.c" +#line 2865 "util/configparser.c" break; case 260: -#line 492 "./util/configparser.y" +#line 494 "./util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(max_client_subnet_ipv6:%s)\n", (yyvsp[0].str))); @@ -2879,11 +2881,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 2883 "util/configparser.c" +#line 2885 "util/configparser.c" break; case 261: -#line 509 "./util/configparser.y" +#line 511 "./util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(min_client_subnet_ipv4:%s)\n", (yyvsp[0].str))); @@ -2899,11 +2901,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 2903 "util/configparser.c" +#line 2905 "util/configparser.c" break; case 262: -#line 526 "./util/configparser.y" +#line 528 "./util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(min_client_subnet_ipv6:%s)\n", (yyvsp[0].str))); @@ -2919,11 +2921,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 2923 "util/configparser.c" +#line 2925 "util/configparser.c" break; case 263: -#line 543 "./util/configparser.y" +#line 545 "./util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", (yyvsp[0].str))); @@ -2937,11 +2939,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 2941 "util/configparser.c" +#line 2943 "util/configparser.c" break; case 264: -#line 558 "./util/configparser.y" +#line 560 "./util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", (yyvsp[0].str))); @@ -2955,11 +2957,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 2959 "util/configparser.c" +#line 2961 "util/configparser.c" break; case 265: -#line 573 "./util/configparser.y" +#line 575 "./util/configparser.y" { OUTYY(("P(server_interface:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->num_ifs == 0) @@ -2971,11 +2973,11 @@ yyreduce: else cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = (yyvsp[0].str); } -#line 2975 "util/configparser.c" +#line 2977 "util/configparser.c" break; case 266: -#line 586 "./util/configparser.y" +#line 588 "./util/configparser.y" { OUTYY(("P(server_outgoing_interface:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->num_out_ifs == 0) @@ -2989,11 +2991,11 @@ yyreduce: cfg_parser->cfg->out_ifs[ cfg_parser->cfg->num_out_ifs++] = (yyvsp[0].str); } -#line 2993 "util/configparser.c" +#line 2995 "util/configparser.c" break; case 267: -#line 601 "./util/configparser.y" +#line 603 "./util/configparser.y" { OUTYY(("P(server_outgoing_range:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3001,11 +3003,11 @@ yyreduce: else cfg_parser->cfg->outgoing_num_ports = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3005 "util/configparser.c" +#line 3007 "util/configparser.c" break; case 268: -#line 610 "./util/configparser.y" +#line 612 "./util/configparser.y" { OUTYY(("P(server_outgoing_port_permit:%s)\n", (yyvsp[0].str))); if(!cfg_mark_ports((yyvsp[0].str), 1, @@ -3013,11 +3015,11 @@ yyreduce: yyerror("port number or range (\"low-high\") expected"); free((yyvsp[0].str)); } -#line 3017 "util/configparser.c" +#line 3019 "util/configparser.c" break; case 269: -#line 619 "./util/configparser.y" +#line 621 "./util/configparser.y" { OUTYY(("P(server_outgoing_port_avoid:%s)\n", (yyvsp[0].str))); if(!cfg_mark_ports((yyvsp[0].str), 0, @@ -3025,11 +3027,11 @@ yyreduce: yyerror("port number or range (\"low-high\") expected"); free((yyvsp[0].str)); } -#line 3029 "util/configparser.c" +#line 3031 "util/configparser.c" break; case 270: -#line 628 "./util/configparser.y" +#line 630 "./util/configparser.y" { OUTYY(("P(server_outgoing_num_tcp:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3037,11 +3039,11 @@ yyreduce: else cfg_parser->cfg->outgoing_num_tcp = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3041 "util/configparser.c" +#line 3043 "util/configparser.c" break; case 271: -#line 637 "./util/configparser.y" +#line 639 "./util/configparser.y" { OUTYY(("P(server_incoming_num_tcp:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3049,11 +3051,11 @@ yyreduce: else cfg_parser->cfg->incoming_num_tcp = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3053 "util/configparser.c" +#line 3055 "util/configparser.c" break; case 272: -#line 646 "./util/configparser.y" +#line 648 "./util/configparser.y" { OUTYY(("P(server_interface_automatic:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3061,11 +3063,11 @@ yyreduce: else cfg_parser->cfg->if_automatic = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3065 "util/configparser.c" +#line 3067 "util/configparser.c" break; case 273: -#line 655 "./util/configparser.y" +#line 657 "./util/configparser.y" { OUTYY(("P(server_do_ip4:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3073,11 +3075,11 @@ yyreduce: else cfg_parser->cfg->do_ip4 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3077 "util/configparser.c" +#line 3079 "util/configparser.c" break; case 274: -#line 664 "./util/configparser.y" +#line 666 "./util/configparser.y" { OUTYY(("P(server_do_ip6:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3085,11 +3087,11 @@ yyreduce: else cfg_parser->cfg->do_ip6 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3089 "util/configparser.c" +#line 3091 "util/configparser.c" break; case 275: -#line 673 "./util/configparser.y" +#line 675 "./util/configparser.y" { OUTYY(("P(server_do_udp:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3097,11 +3099,11 @@ yyreduce: else cfg_parser->cfg->do_udp = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3101 "util/configparser.c" +#line 3103 "util/configparser.c" break; case 276: -#line 682 "./util/configparser.y" +#line 684 "./util/configparser.y" { OUTYY(("P(server_do_tcp:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3109,11 +3111,11 @@ yyreduce: else cfg_parser->cfg->do_tcp = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3113 "util/configparser.c" +#line 3115 "util/configparser.c" break; case 277: -#line 691 "./util/configparser.y" +#line 693 "./util/configparser.y" { OUTYY(("P(server_prefer_ip6:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3121,11 +3123,11 @@ yyreduce: else cfg_parser->cfg->prefer_ip6 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3125 "util/configparser.c" +#line 3127 "util/configparser.c" break; case 278: -#line 700 "./util/configparser.y" +#line 702 "./util/configparser.y" { OUTYY(("P(server_tcp_mss:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3133,11 +3135,11 @@ yyreduce: else cfg_parser->cfg->tcp_mss = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3137 "util/configparser.c" +#line 3139 "util/configparser.c" break; case 279: -#line 709 "./util/configparser.y" +#line 711 "./util/configparser.y" { OUTYY(("P(server_outgoing_tcp_mss:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3145,11 +3147,11 @@ yyreduce: else cfg_parser->cfg->outgoing_tcp_mss = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3149 "util/configparser.c" +#line 3151 "util/configparser.c" break; case 280: -#line 718 "./util/configparser.y" +#line 720 "./util/configparser.y" { OUTYY(("P(server_tcp_idle_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3161,11 +3163,11 @@ yyreduce: else cfg_parser->cfg->tcp_idle_timeout = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3165 "util/configparser.c" +#line 3167 "util/configparser.c" break; case 281: -#line 731 "./util/configparser.y" +#line 733 "./util/configparser.y" { OUTYY(("P(server_tcp_keepalive:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3173,11 +3175,11 @@ yyreduce: else cfg_parser->cfg->do_tcp_keepalive = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3177 "util/configparser.c" +#line 3179 "util/configparser.c" break; case 282: -#line 740 "./util/configparser.y" +#line 742 "./util/configparser.y" { OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3189,11 +3191,11 @@ yyreduce: else cfg_parser->cfg->tcp_keepalive_timeout = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3193 "util/configparser.c" +#line 3195 "util/configparser.c" break; case 283: -#line 753 "./util/configparser.y" +#line 755 "./util/configparser.y" { OUTYY(("P(server_tcp_upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3201,11 +3203,11 @@ yyreduce: else cfg_parser->cfg->tcp_upstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3205 "util/configparser.c" +#line 3207 "util/configparser.c" break; case 284: -#line 762 "./util/configparser.y" +#line 764 "./util/configparser.y" { OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3213,11 +3215,11 @@ yyreduce: else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3217 "util/configparser.c" +#line 3219 "util/configparser.c" break; case 285: -#line 771 "./util/configparser.y" +#line 773 "./util/configparser.y" { OUTYY(("P(server_ssl_upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3225,31 +3227,31 @@ yyreduce: else cfg_parser->cfg->ssl_upstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3229 "util/configparser.c" +#line 3231 "util/configparser.c" break; case 286: -#line 780 "./util/configparser.y" +#line 782 "./util/configparser.y" { OUTYY(("P(server_ssl_service_key:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->ssl_service_key); cfg_parser->cfg->ssl_service_key = (yyvsp[0].str); } -#line 3239 "util/configparser.c" +#line 3241 "util/configparser.c" break; case 287: -#line 787 "./util/configparser.y" +#line 789 "./util/configparser.y" { OUTYY(("P(server_ssl_service_pem:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->ssl_service_pem); cfg_parser->cfg->ssl_service_pem = (yyvsp[0].str); } -#line 3249 "util/configparser.c" +#line 3251 "util/configparser.c" break; case 288: -#line 794 "./util/configparser.y" +#line 796 "./util/configparser.y" { OUTYY(("P(server_ssl_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3257,21 +3259,21 @@ yyreduce: else cfg_parser->cfg->ssl_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3261 "util/configparser.c" +#line 3263 "util/configparser.c" break; case 289: -#line 803 "./util/configparser.y" +#line 805 "./util/configparser.y" { OUTYY(("P(server_tls_cert_bundle:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->tls_cert_bundle); cfg_parser->cfg->tls_cert_bundle = (yyvsp[0].str); } -#line 3271 "util/configparser.c" +#line 3273 "util/configparser.c" break; case 290: -#line 810 "./util/configparser.y" +#line 812 "./util/configparser.y" { OUTYY(("P(server_tls_win_cert:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3279,53 +3281,53 @@ yyreduce: else cfg_parser->cfg->tls_win_cert = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3283 "util/configparser.c" +#line 3285 "util/configparser.c" break; case 291: -#line 819 "./util/configparser.y" +#line 821 "./util/configparser.y" { OUTYY(("P(server_tls_additional_port:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3294 "util/configparser.c" +#line 3296 "util/configparser.c" break; case 292: -#line 827 "./util/configparser.y" +#line 829 "./util/configparser.y" { OUTYY(("P(server_tls_ciphers:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->tls_ciphers); cfg_parser->cfg->tls_ciphers = (yyvsp[0].str); } -#line 3304 "util/configparser.c" +#line 3306 "util/configparser.c" break; case 293: -#line 834 "./util/configparser.y" +#line 836 "./util/configparser.y" { OUTYY(("P(server_tls_ciphersuites:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->tls_ciphersuites); cfg_parser->cfg->tls_ciphersuites = (yyvsp[0].str); } -#line 3314 "util/configparser.c" +#line 3316 "util/configparser.c" break; case 294: -#line 841 "./util/configparser.y" +#line 843 "./util/configparser.y" { OUTYY(("P(server_tls_session_ticket_keys:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3325 "util/configparser.c" +#line 3327 "util/configparser.c" break; case 295: -#line 849 "./util/configparser.y" +#line 851 "./util/configparser.y" { OUTYY(("P(server_use_systemd:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3333,11 +3335,11 @@ yyreduce: else cfg_parser->cfg->use_systemd = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3337 "util/configparser.c" +#line 3339 "util/configparser.c" break; case 296: -#line 858 "./util/configparser.y" +#line 860 "./util/configparser.y" { OUTYY(("P(server_do_daemonize:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3345,11 +3347,11 @@ yyreduce: else cfg_parser->cfg->do_daemonize = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3349 "util/configparser.c" +#line 3351 "util/configparser.c" break; case 297: -#line 867 "./util/configparser.y" +#line 869 "./util/configparser.y" { OUTYY(("P(server_use_syslog:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3362,11 +3364,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3366 "util/configparser.c" +#line 3368 "util/configparser.c" break; case 298: -#line 881 "./util/configparser.y" +#line 883 "./util/configparser.y" { OUTYY(("P(server_log_time_ascii:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3374,11 +3376,11 @@ yyreduce: else cfg_parser->cfg->log_time_ascii = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3378 "util/configparser.c" +#line 3380 "util/configparser.c" break; case 299: -#line 890 "./util/configparser.y" +#line 892 "./util/configparser.y" { OUTYY(("P(server_log_queries:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3386,11 +3388,11 @@ yyreduce: else cfg_parser->cfg->log_queries = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3390 "util/configparser.c" +#line 3392 "util/configparser.c" break; case 300: -#line 899 "./util/configparser.y" +#line 901 "./util/configparser.y" { OUTYY(("P(server_log_replies:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3398,11 +3400,11 @@ yyreduce: else cfg_parser->cfg->log_replies = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3402 "util/configparser.c" +#line 3404 "util/configparser.c" break; case 301: -#line 908 "./util/configparser.y" +#line 910 "./util/configparser.y" { OUTYY(("P(server_log_tag_queryreply:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3410,11 +3412,11 @@ yyreduce: else cfg_parser->cfg->log_tag_queryreply = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3414 "util/configparser.c" +#line 3416 "util/configparser.c" break; case 302: -#line 917 "./util/configparser.y" +#line 919 "./util/configparser.y" { OUTYY(("P(server_log_servfail:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3422,11 +3424,11 @@ yyreduce: else cfg_parser->cfg->log_servfail = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3426 "util/configparser.c" +#line 3428 "util/configparser.c" break; case 303: -#line 926 "./util/configparser.y" +#line 928 "./util/configparser.y" { OUTYY(("P(server_log_local_actions:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3434,31 +3436,31 @@ yyreduce: else cfg_parser->cfg->log_local_actions = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3438 "util/configparser.c" +#line 3440 "util/configparser.c" break; case 304: -#line 935 "./util/configparser.y" +#line 937 "./util/configparser.y" { OUTYY(("P(server_chroot:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->chrootdir); cfg_parser->cfg->chrootdir = (yyvsp[0].str); } -#line 3448 "util/configparser.c" +#line 3450 "util/configparser.c" break; case 305: -#line 942 "./util/configparser.y" +#line 944 "./util/configparser.y" { OUTYY(("P(server_username:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->username); cfg_parser->cfg->username = (yyvsp[0].str); } -#line 3458 "util/configparser.c" +#line 3460 "util/configparser.c" break; case 306: -#line 949 "./util/configparser.y" +#line 951 "./util/configparser.y" { OUTYY(("P(server_directory:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->directory); @@ -3483,105 +3485,105 @@ yyreduce: } } } -#line 3487 "util/configparser.c" +#line 3489 "util/configparser.c" break; case 307: -#line 975 "./util/configparser.y" +#line 977 "./util/configparser.y" { OUTYY(("P(server_logfile:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->logfile); cfg_parser->cfg->logfile = (yyvsp[0].str); cfg_parser->cfg->use_syslog = 0; } -#line 3498 "util/configparser.c" +#line 3500 "util/configparser.c" break; case 308: -#line 983 "./util/configparser.y" +#line 985 "./util/configparser.y" { OUTYY(("P(server_pidfile:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->pidfile); cfg_parser->cfg->pidfile = (yyvsp[0].str); } -#line 3508 "util/configparser.c" +#line 3510 "util/configparser.c" break; case 309: -#line 990 "./util/configparser.y" +#line 992 "./util/configparser.y" { OUTYY(("P(server_root_hints:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3518 "util/configparser.c" +#line 3520 "util/configparser.c" break; case 310: -#line 997 "./util/configparser.y" +#line 999 "./util/configparser.y" { OUTYY(("P(server_dlv_anchor_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dlv_anchor_file); cfg_parser->cfg->dlv_anchor_file = (yyvsp[0].str); } -#line 3528 "util/configparser.c" +#line 3530 "util/configparser.c" break; case 311: -#line 1004 "./util/configparser.y" +#line 1006 "./util/configparser.y" { OUTYY(("P(server_dlv_anchor:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->dlv_anchor_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3538 "util/configparser.c" +#line 3540 "util/configparser.c" break; case 312: -#line 1011 "./util/configparser.y" +#line 1013 "./util/configparser.y" { OUTYY(("P(server_auto_trust_anchor_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> auto_trust_anchor_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3549 "util/configparser.c" +#line 3551 "util/configparser.c" break; case 313: -#line 1019 "./util/configparser.y" +#line 1021 "./util/configparser.y" { OUTYY(("P(server_trust_anchor_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> trust_anchor_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3560 "util/configparser.c" +#line 3562 "util/configparser.c" break; case 314: -#line 1027 "./util/configparser.y" +#line 1029 "./util/configparser.y" { OUTYY(("P(server_trusted_keys_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> trusted_keys_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3571 "util/configparser.c" +#line 3573 "util/configparser.c" break; case 315: -#line 1035 "./util/configparser.y" +#line 1037 "./util/configparser.y" { OUTYY(("P(server_trust_anchor:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3581 "util/configparser.c" +#line 3583 "util/configparser.c" break; case 316: -#line 1042 "./util/configparser.y" +#line 1044 "./util/configparser.y" { OUTYY(("P(server_trust_anchor_signaling:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3591,11 +3593,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3595 "util/configparser.c" +#line 3597 "util/configparser.c" break; case 317: -#line 1053 "./util/configparser.y" +#line 1055 "./util/configparser.y" { OUTYY(("P(server_root_key_sentinel:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3605,21 +3607,21 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3609 "util/configparser.c" +#line 3611 "util/configparser.c" break; case 318: -#line 1064 "./util/configparser.y" +#line 1066 "./util/configparser.y" { OUTYY(("P(server_domain_insecure:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3619 "util/configparser.c" +#line 3621 "util/configparser.c" break; case 319: -#line 1071 "./util/configparser.y" +#line 1073 "./util/configparser.y" { OUTYY(("P(server_hide_identity:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3627,11 +3629,11 @@ yyreduce: else cfg_parser->cfg->hide_identity = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3631 "util/configparser.c" +#line 3633 "util/configparser.c" break; case 320: -#line 1080 "./util/configparser.y" +#line 1082 "./util/configparser.y" { OUTYY(("P(server_hide_version:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3639,11 +3641,11 @@ yyreduce: else cfg_parser->cfg->hide_version = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3643 "util/configparser.c" +#line 3645 "util/configparser.c" break; case 321: -#line 1089 "./util/configparser.y" +#line 1091 "./util/configparser.y" { OUTYY(("P(server_hide_trustanchor:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3651,53 +3653,53 @@ yyreduce: else cfg_parser->cfg->hide_trustanchor = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3655 "util/configparser.c" +#line 3657 "util/configparser.c" break; case 322: -#line 1098 "./util/configparser.y" +#line 1100 "./util/configparser.y" { OUTYY(("P(server_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->identity); cfg_parser->cfg->identity = (yyvsp[0].str); } -#line 3665 "util/configparser.c" +#line 3667 "util/configparser.c" break; case 323: -#line 1105 "./util/configparser.y" +#line 1107 "./util/configparser.y" { OUTYY(("P(server_version:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->version); cfg_parser->cfg->version = (yyvsp[0].str); } -#line 3675 "util/configparser.c" +#line 3677 "util/configparser.c" break; case 324: -#line 1112 "./util/configparser.y" +#line 1114 "./util/configparser.y" { OUTYY(("P(server_so_rcvbuf:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_rcvbuf)) yyerror("buffer size expected"); free((yyvsp[0].str)); } -#line 3686 "util/configparser.c" +#line 3688 "util/configparser.c" break; case 325: -#line 1120 "./util/configparser.y" +#line 1122 "./util/configparser.y" { OUTYY(("P(server_so_sndbuf:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_sndbuf)) yyerror("buffer size expected"); free((yyvsp[0].str)); } -#line 3697 "util/configparser.c" +#line 3699 "util/configparser.c" break; case 326: -#line 1128 "./util/configparser.y" +#line 1130 "./util/configparser.y" { OUTYY(("P(server_so_reuseport:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3706,11 +3708,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3710 "util/configparser.c" +#line 3712 "util/configparser.c" break; case 327: -#line 1138 "./util/configparser.y" +#line 1140 "./util/configparser.y" { OUTYY(("P(server_ip_transparent:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3719,11 +3721,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3723 "util/configparser.c" +#line 3725 "util/configparser.c" break; case 328: -#line 1148 "./util/configparser.y" +#line 1150 "./util/configparser.y" { OUTYY(("P(server_ip_freebind:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3732,22 +3734,22 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3736 "util/configparser.c" +#line 3738 "util/configparser.c" break; case 329: -#line 1158 "./util/configparser.y" +#line 1160 "./util/configparser.y" { OUTYY(("P(server_stream_wait_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->stream_wait_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 3747 "util/configparser.c" +#line 3749 "util/configparser.c" break; case 330: -#line 1166 "./util/configparser.y" +#line 1168 "./util/configparser.y" { OUTYY(("P(server_edns_buffer_size:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3759,11 +3761,11 @@ yyreduce: else cfg_parser->cfg->edns_buffer_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3763 "util/configparser.c" +#line 3765 "util/configparser.c" break; case 331: -#line 1179 "./util/configparser.y" +#line 1181 "./util/configparser.y" { OUTYY(("P(server_msg_buffer_size:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3773,22 +3775,22 @@ yyreduce: else cfg_parser->cfg->msg_buffer_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3777 "util/configparser.c" +#line 3779 "util/configparser.c" break; case 332: -#line 1190 "./util/configparser.y" +#line 1192 "./util/configparser.y" { OUTYY(("P(server_msg_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->msg_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 3788 "util/configparser.c" +#line 3790 "util/configparser.c" break; case 333: -#line 1198 "./util/configparser.y" +#line 1200 "./util/configparser.y" { OUTYY(("P(server_msg_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3800,11 +3802,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 3804 "util/configparser.c" +#line 3806 "util/configparser.c" break; case 334: -#line 1211 "./util/configparser.y" +#line 1213 "./util/configparser.y" { OUTYY(("P(server_num_queries_per_thread:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3812,11 +3814,11 @@ yyreduce: else cfg_parser->cfg->num_queries_per_thread = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3816 "util/configparser.c" +#line 3818 "util/configparser.c" break; case 335: -#line 1220 "./util/configparser.y" +#line 1222 "./util/configparser.y" { OUTYY(("P(server_jostle_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3824,11 +3826,11 @@ yyreduce: else cfg_parser->cfg->jostle_time = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3828 "util/configparser.c" +#line 3830 "util/configparser.c" break; case 336: -#line 1229 "./util/configparser.y" +#line 1231 "./util/configparser.y" { OUTYY(("P(server_delay_close:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3836,11 +3838,11 @@ yyreduce: else cfg_parser->cfg->delay_close = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3840 "util/configparser.c" +#line 3842 "util/configparser.c" break; case 337: -#line 1238 "./util/configparser.y" +#line 1240 "./util/configparser.y" { OUTYY(("P(server_unblock_lan_zones:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3849,11 +3851,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3853 "util/configparser.c" +#line 3855 "util/configparser.c" break; case 338: -#line 1248 "./util/configparser.y" +#line 1250 "./util/configparser.y" { OUTYY(("P(server_insecure_lan_zones:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3862,22 +3864,22 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3866 "util/configparser.c" +#line 3868 "util/configparser.c" break; case 339: -#line 1258 "./util/configparser.y" +#line 1260 "./util/configparser.y" { OUTYY(("P(server_rrset_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->rrset_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 3877 "util/configparser.c" +#line 3879 "util/configparser.c" break; case 340: -#line 1266 "./util/configparser.y" +#line 1268 "./util/configparser.y" { OUTYY(("P(server_rrset_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3889,11 +3891,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 3893 "util/configparser.c" +#line 3895 "util/configparser.c" break; case 341: -#line 1279 "./util/configparser.y" +#line 1281 "./util/configparser.y" { OUTYY(("P(server_infra_host_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3901,22 +3903,22 @@ yyreduce: else cfg_parser->cfg->host_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3905 "util/configparser.c" +#line 3907 "util/configparser.c" break; case 342: -#line 1288 "./util/configparser.y" +#line 1290 "./util/configparser.y" { OUTYY(("P(server_infra_lame_ttl:%s)\n", (yyvsp[0].str))); verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option " "removed, use infra-host-ttl)", (yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3916 "util/configparser.c" +#line 3918 "util/configparser.c" break; case 343: -#line 1296 "./util/configparser.y" +#line 1298 "./util/configparser.y" { OUTYY(("P(server_infra_cache_numhosts:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3924,22 +3926,22 @@ yyreduce: else cfg_parser->cfg->infra_cache_numhosts = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3928 "util/configparser.c" +#line 3930 "util/configparser.c" break; case 344: -#line 1305 "./util/configparser.y" +#line 1307 "./util/configparser.y" { OUTYY(("P(server_infra_cache_lame_size:%s)\n", (yyvsp[0].str))); verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s " "(option removed, use infra-cache-numhosts)", (yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3939 "util/configparser.c" +#line 3941 "util/configparser.c" break; case 345: -#line 1313 "./util/configparser.y" +#line 1315 "./util/configparser.y" { OUTYY(("P(server_infra_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3951,11 +3953,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 3955 "util/configparser.c" +#line 3957 "util/configparser.c" break; case 346: -#line 1326 "./util/configparser.y" +#line 1328 "./util/configparser.y" { OUTYY(("P(server_infra_cache_min_rtt:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3963,21 +3965,21 @@ yyreduce: else cfg_parser->cfg->infra_cache_min_rtt = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3967 "util/configparser.c" +#line 3969 "util/configparser.c" break; case 347: -#line 1335 "./util/configparser.y" +#line 1337 "./util/configparser.y" { OUTYY(("P(server_target_fetch_policy:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->target_fetch_policy); cfg_parser->cfg->target_fetch_policy = (yyvsp[0].str); } -#line 3977 "util/configparser.c" +#line 3979 "util/configparser.c" break; case 348: -#line 1342 "./util/configparser.y" +#line 1344 "./util/configparser.y" { OUTYY(("P(server_harden_short_bufsize:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3986,11 +3988,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3990 "util/configparser.c" +#line 3992 "util/configparser.c" break; case 349: -#line 1352 "./util/configparser.y" +#line 1354 "./util/configparser.y" { OUTYY(("P(server_harden_large_queries:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3999,11 +4001,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4003 "util/configparser.c" +#line 4005 "util/configparser.c" break; case 350: -#line 1362 "./util/configparser.y" +#line 1364 "./util/configparser.y" { OUTYY(("P(server_harden_glue:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4012,11 +4014,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4016 "util/configparser.c" +#line 4018 "util/configparser.c" break; case 351: -#line 1372 "./util/configparser.y" +#line 1374 "./util/configparser.y" { OUTYY(("P(server_harden_dnssec_stripped:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4025,11 +4027,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4029 "util/configparser.c" +#line 4031 "util/configparser.c" break; case 352: -#line 1382 "./util/configparser.y" +#line 1384 "./util/configparser.y" { OUTYY(("P(server_harden_below_nxdomain:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4038,11 +4040,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4042 "util/configparser.c" +#line 4044 "util/configparser.c" break; case 353: -#line 1392 "./util/configparser.y" +#line 1394 "./util/configparser.y" { OUTYY(("P(server_harden_referral_path:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4051,11 +4053,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4055 "util/configparser.c" +#line 4057 "util/configparser.c" break; case 354: -#line 1402 "./util/configparser.y" +#line 1404 "./util/configparser.y" { OUTYY(("P(server_harden_algo_downgrade:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4064,11 +4066,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4068 "util/configparser.c" +#line 4070 "util/configparser.c" break; case 355: -#line 1412 "./util/configparser.y" +#line 1414 "./util/configparser.y" { OUTYY(("P(server_use_caps_for_id:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4077,41 +4079,41 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4081 "util/configparser.c" +#line 4083 "util/configparser.c" break; case 356: -#line 1422 "./util/configparser.y" +#line 1424 "./util/configparser.y" { OUTYY(("P(server_caps_whitelist:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4091 "util/configparser.c" +#line 4093 "util/configparser.c" break; case 357: -#line 1429 "./util/configparser.y" +#line 1431 "./util/configparser.y" { OUTYY(("P(server_private_address:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4101 "util/configparser.c" +#line 4103 "util/configparser.c" break; case 358: -#line 1436 "./util/configparser.y" +#line 1438 "./util/configparser.y" { OUTYY(("P(server_private_domain:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4111 "util/configparser.c" +#line 4113 "util/configparser.c" break; case 359: -#line 1443 "./util/configparser.y" +#line 1445 "./util/configparser.y" { OUTYY(("P(server_prefetch:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4119,11 +4121,11 @@ yyreduce: else cfg_parser->cfg->prefetch = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4123 "util/configparser.c" +#line 4125 "util/configparser.c" break; case 360: -#line 1452 "./util/configparser.y" +#line 1454 "./util/configparser.y" { OUTYY(("P(server_prefetch_key:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4131,11 +4133,11 @@ yyreduce: else cfg_parser->cfg->prefetch_key = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4135 "util/configparser.c" +#line 4137 "util/configparser.c" break; case 361: -#line 1461 "./util/configparser.y" +#line 1463 "./util/configparser.y" { OUTYY(("P(server_deny_any:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4143,11 +4145,11 @@ yyreduce: else cfg_parser->cfg->deny_any = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4147 "util/configparser.c" +#line 4149 "util/configparser.c" break; case 362: -#line 1470 "./util/configparser.y" +#line 1472 "./util/configparser.y" { OUTYY(("P(server_unwanted_reply_threshold:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4155,21 +4157,21 @@ yyreduce: else cfg_parser->cfg->unwanted_threshold = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4159 "util/configparser.c" +#line 4161 "util/configparser.c" break; case 363: -#line 1479 "./util/configparser.y" +#line 1481 "./util/configparser.y" { OUTYY(("P(server_do_not_query_address:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4169 "util/configparser.c" +#line 4171 "util/configparser.c" break; case 364: -#line 1486 "./util/configparser.y" +#line 1488 "./util/configparser.y" { OUTYY(("P(server_do_not_query_localhost:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4178,11 +4180,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4182 "util/configparser.c" +#line 4184 "util/configparser.c" break; case 365: -#line 1496 "./util/configparser.y" +#line 1498 "./util/configparser.y" { OUTYY(("P(server_access_control:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "deny")!=0 && strcmp((yyvsp[0].str), "refuse")!=0 && @@ -4201,21 +4203,21 @@ yyreduce: fatal_exit("out of memory adding acl"); } } -#line 4205 "util/configparser.c" +#line 4207 "util/configparser.c" break; case 366: -#line 1516 "./util/configparser.y" +#line 1518 "./util/configparser.y" { OUTYY(("P(server_module_conf:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->module_conf); cfg_parser->cfg->module_conf = (yyvsp[0].str); } -#line 4215 "util/configparser.c" +#line 4217 "util/configparser.c" break; case 367: -#line 1523 "./util/configparser.y" +#line 1525 "./util/configparser.y" { OUTYY(("P(server_val_override_date:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { @@ -4232,11 +4234,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4236 "util/configparser.c" +#line 4238 "util/configparser.c" break; case 368: -#line 1541 "./util/configparser.y" +#line 1543 "./util/configparser.y" { OUTYY(("P(server_val_sig_skew_min:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { @@ -4248,11 +4250,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4252 "util/configparser.c" +#line 4254 "util/configparser.c" break; case 369: -#line 1554 "./util/configparser.y" +#line 1556 "./util/configparser.y" { OUTYY(("P(server_val_sig_skew_max:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { @@ -4264,11 +4266,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4268 "util/configparser.c" +#line 4270 "util/configparser.c" break; case 370: -#line 1567 "./util/configparser.y" +#line 1569 "./util/configparser.y" { OUTYY(("P(server_cache_max_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4276,11 +4278,11 @@ yyreduce: else cfg_parser->cfg->max_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4280 "util/configparser.c" +#line 4282 "util/configparser.c" break; case 371: -#line 1576 "./util/configparser.y" +#line 1578 "./util/configparser.y" { OUTYY(("P(server_cache_max_negative_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4288,11 +4290,11 @@ yyreduce: else cfg_parser->cfg->max_negative_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4292 "util/configparser.c" +#line 4294 "util/configparser.c" break; case 372: -#line 1585 "./util/configparser.y" +#line 1587 "./util/configparser.y" { OUTYY(("P(server_cache_min_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4300,11 +4302,11 @@ yyreduce: else cfg_parser->cfg->min_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4304 "util/configparser.c" +#line 4306 "util/configparser.c" break; case 373: -#line 1594 "./util/configparser.y" +#line 1596 "./util/configparser.y" { OUTYY(("P(server_bogus_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4312,11 +4314,11 @@ yyreduce: else cfg_parser->cfg->bogus_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4316 "util/configparser.c" +#line 4318 "util/configparser.c" break; case 374: -#line 1603 "./util/configparser.y" +#line 1605 "./util/configparser.y" { OUTYY(("P(server_val_clean_additional:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4325,11 +4327,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4329 "util/configparser.c" +#line 4331 "util/configparser.c" break; case 375: -#line 1613 "./util/configparser.y" +#line 1615 "./util/configparser.y" { OUTYY(("P(server_val_permissive_mode:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4338,11 +4340,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4342 "util/configparser.c" +#line 4344 "util/configparser.c" break; case 376: -#line 1623 "./util/configparser.y" +#line 1625 "./util/configparser.y" { OUTYY(("P(server_aggressive_nsec:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4352,11 +4354,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4356 "util/configparser.c" +#line 4358 "util/configparser.c" break; case 377: -#line 1634 "./util/configparser.y" +#line 1636 "./util/configparser.y" { OUTYY(("P(server_ignore_cd_flag:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4364,11 +4366,11 @@ yyreduce: else cfg_parser->cfg->ignore_cd = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4368 "util/configparser.c" +#line 4370 "util/configparser.c" break; case 378: -#line 1643 "./util/configparser.y" +#line 1645 "./util/configparser.y" { OUTYY(("P(server_serve_expired:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4376,11 +4378,11 @@ yyreduce: else cfg_parser->cfg->serve_expired = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4380 "util/configparser.c" +#line 4382 "util/configparser.c" break; case 379: -#line 1652 "./util/configparser.y" +#line 1654 "./util/configparser.y" { OUTYY(("P(server_serve_expired_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4388,11 +4390,11 @@ yyreduce: else cfg_parser->cfg->serve_expired_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4392 "util/configparser.c" +#line 4394 "util/configparser.c" break; case 380: -#line 1661 "./util/configparser.y" +#line 1663 "./util/configparser.y" { OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4400,11 +4402,11 @@ yyreduce: else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4404 "util/configparser.c" +#line 4406 "util/configparser.c" break; case 381: -#line 1670 "./util/configparser.y" +#line 1672 "./util/configparser.y" { OUTYY(("P(server_fake_dsa:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4416,11 +4418,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 4420 "util/configparser.c" +#line 4422 "util/configparser.c" break; case 382: -#line 1683 "./util/configparser.y" +#line 1685 "./util/configparser.y" { OUTYY(("P(server_fake_sha1:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4432,11 +4434,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 4436 "util/configparser.c" +#line 4438 "util/configparser.c" break; case 383: -#line 1696 "./util/configparser.y" +#line 1698 "./util/configparser.y" { OUTYY(("P(server_val_log_level:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4444,21 +4446,21 @@ yyreduce: else cfg_parser->cfg->val_log_level = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4448 "util/configparser.c" +#line 4450 "util/configparser.c" break; case 384: -#line 1705 "./util/configparser.y" +#line 1707 "./util/configparser.y" { OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->val_nsec3_key_iterations); cfg_parser->cfg->val_nsec3_key_iterations = (yyvsp[0].str); } -#line 4458 "util/configparser.c" +#line 4460 "util/configparser.c" break; case 385: -#line 1712 "./util/configparser.y" +#line 1714 "./util/configparser.y" { OUTYY(("P(server_add_holddown:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4466,11 +4468,11 @@ yyreduce: else cfg_parser->cfg->add_holddown = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4470 "util/configparser.c" +#line 4472 "util/configparser.c" break; case 386: -#line 1721 "./util/configparser.y" +#line 1723 "./util/configparser.y" { OUTYY(("P(server_del_holddown:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4478,11 +4480,11 @@ yyreduce: else cfg_parser->cfg->del_holddown = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4482 "util/configparser.c" +#line 4484 "util/configparser.c" break; case 387: -#line 1730 "./util/configparser.y" +#line 1732 "./util/configparser.y" { OUTYY(("P(server_keep_missing:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4490,11 +4492,11 @@ yyreduce: else cfg_parser->cfg->keep_missing = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4494 "util/configparser.c" +#line 4496 "util/configparser.c" break; case 388: -#line 1739 "./util/configparser.y" +#line 1741 "./util/configparser.y" { OUTYY(("P(server_permit_small_holddown:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4503,22 +4505,22 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4507 "util/configparser.c" +#line 4509 "util/configparser.c" break; case 389: -#line 1748 "./util/configparser.y" +#line 1750 "./util/configparser.y" { OUTYY(("P(server_key_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->key_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4518 "util/configparser.c" +#line 4520 "util/configparser.c" break; case 390: -#line 1756 "./util/configparser.y" +#line 1758 "./util/configparser.y" { OUTYY(("P(server_key_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4530,22 +4532,22 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4534 "util/configparser.c" +#line 4536 "util/configparser.c" break; case 391: -#line 1769 "./util/configparser.y" +#line 1771 "./util/configparser.y" { OUTYY(("P(server_neg_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->neg_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4545 "util/configparser.c" +#line 4547 "util/configparser.c" break; case 392: -#line 1777 "./util/configparser.y" +#line 1779 "./util/configparser.y" { OUTYY(("P(server_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 && @@ -4585,21 +4587,21 @@ yyreduce: fatal_exit("out of memory adding local-zone"); } } -#line 4589 "util/configparser.c" +#line 4591 "util/configparser.c" break; case 393: -#line 1818 "./util/configparser.y" +#line 1820 "./util/configparser.y" { OUTYY(("P(server_local_data:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, (yyvsp[0].str))) fatal_exit("out of memory adding local-data"); } -#line 4599 "util/configparser.c" +#line 4601 "util/configparser.c" break; case 394: -#line 1825 "./util/configparser.y" +#line 1827 "./util/configparser.y" { char* ptr; OUTYY(("P(server_local_data_ptr:%s)\n", (yyvsp[0].str))); @@ -4613,11 +4615,11 @@ yyreduce: yyerror("local-data-ptr could not be reversed"); } } -#line 4617 "util/configparser.c" +#line 4619 "util/configparser.c" break; case 395: -#line 1840 "./util/configparser.y" +#line 1842 "./util/configparser.y" { OUTYY(("P(server_minimal_responses:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4626,11 +4628,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4630 "util/configparser.c" +#line 4632 "util/configparser.c" break; case 396: -#line 1850 "./util/configparser.y" +#line 1852 "./util/configparser.y" { OUTYY(("P(server_rrset_roundrobin:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4639,41 +4641,41 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4643 "util/configparser.c" +#line 4645 "util/configparser.c" break; case 397: -#line 1860 "./util/configparser.y" +#line 1862 "./util/configparser.y" { OUTYY(("P(server_unknown_server_time_limit:%s)\n", (yyvsp[0].str))); cfg_parser->cfg->unknown_server_time_limit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4653 "util/configparser.c" +#line 4655 "util/configparser.c" break; case 398: -#line 1867 "./util/configparser.y" +#line 1869 "./util/configparser.y" { OUTYY(("P(server_max_udp_size:%s)\n", (yyvsp[0].str))); cfg_parser->cfg->max_udp_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4663 "util/configparser.c" +#line 4665 "util/configparser.c" break; case 399: -#line 1874 "./util/configparser.y" +#line 1876 "./util/configparser.y" { OUTYY(("P(dns64_prefix:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dns64_prefix); cfg_parser->cfg->dns64_prefix = (yyvsp[0].str); } -#line 4673 "util/configparser.c" +#line 4675 "util/configparser.c" break; case 400: -#line 1881 "./util/configparser.y" +#line 1883 "./util/configparser.y" { OUTYY(("P(server_dns64_synthall:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4681,22 +4683,22 @@ yyreduce: else cfg_parser->cfg->dns64_synthall = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4685 "util/configparser.c" +#line 4687 "util/configparser.c" break; case 401: -#line 1890 "./util/configparser.y" +#line 1892 "./util/configparser.y" { OUTYY(("P(dns64_ignore_aaaa:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa, (yyvsp[0].str))) fatal_exit("out of memory adding dns64-ignore-aaaa"); } -#line 4696 "util/configparser.c" +#line 4698 "util/configparser.c" break; case 402: -#line 1898 "./util/configparser.y" +#line 1900 "./util/configparser.y" { char* p, *s = (yyvsp[0].str); OUTYY(("P(server_define_tag:%s)\n", (yyvsp[0].str))); @@ -4709,11 +4711,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4713 "util/configparser.c" +#line 4715 "util/configparser.c" break; case 403: -#line 1912 "./util/configparser.y" +#line 1914 "./util/configparser.y" { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), @@ -4733,11 +4735,11 @@ yyreduce: } } } -#line 4737 "util/configparser.c" +#line 4739 "util/configparser.c" break; case 404: -#line 1933 "./util/configparser.y" +#line 1935 "./util/configparser.y" { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), @@ -4757,11 +4759,11 @@ yyreduce: } } } -#line 4761 "util/configparser.c" +#line 4763 "util/configparser.c" break; case 405: -#line 1954 "./util/configparser.y" +#line 1956 "./util/configparser.y" { OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions, @@ -4772,11 +4774,11 @@ yyreduce: free((yyvsp[0].str)); } } -#line 4776 "util/configparser.c" +#line 4778 "util/configparser.c" break; case 406: -#line 1966 "./util/configparser.y" +#line 1968 "./util/configparser.y" { OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas, @@ -4787,11 +4789,11 @@ yyreduce: free((yyvsp[0].str)); } } -#line 4791 "util/configparser.c" +#line 4793 "util/configparser.c" break; case 407: -#line 1978 "./util/configparser.y" +#line 1980 "./util/configparser.y" { OUTYY(("P(server_local_zone_override:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides, @@ -4802,11 +4804,11 @@ yyreduce: free((yyvsp[0].str)); } } -#line 4806 "util/configparser.c" +#line 4808 "util/configparser.c" break; case 408: -#line 1990 "./util/configparser.y" +#line 1992 "./util/configparser.y" { OUTYY(("P(server_access_control_view:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view, @@ -4814,11 +4816,11 @@ yyreduce: yyerror("out of memory"); } } -#line 4818 "util/configparser.c" +#line 4820 "util/configparser.c" break; case 409: -#line 1999 "./util/configparser.y" +#line 2001 "./util/configparser.y" { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), @@ -4838,11 +4840,11 @@ yyreduce: } } } -#line 4842 "util/configparser.c" +#line 4844 "util/configparser.c" break; case 410: -#line 2020 "./util/configparser.y" +#line 2022 "./util/configparser.y" { OUTYY(("P(server_ip_ratelimit:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4850,11 +4852,11 @@ yyreduce: else cfg_parser->cfg->ip_ratelimit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4854 "util/configparser.c" +#line 4856 "util/configparser.c" break; case 411: -#line 2030 "./util/configparser.y" +#line 2032 "./util/configparser.y" { OUTYY(("P(server_ratelimit:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4862,33 +4864,33 @@ yyreduce: else cfg_parser->cfg->ratelimit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4866 "util/configparser.c" +#line 4868 "util/configparser.c" break; case 412: -#line 2039 "./util/configparser.y" +#line 2041 "./util/configparser.y" { OUTYY(("P(server_ip_ratelimit_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ip_ratelimit_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4877 "util/configparser.c" +#line 4879 "util/configparser.c" break; case 413: -#line 2047 "./util/configparser.y" +#line 2049 "./util/configparser.y" { OUTYY(("P(server_ratelimit_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ratelimit_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4888 "util/configparser.c" +#line 4890 "util/configparser.c" break; case 414: -#line 2055 "./util/configparser.y" +#line 2057 "./util/configparser.y" { OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4900,11 +4902,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4904 "util/configparser.c" +#line 4906 "util/configparser.c" break; case 415: -#line 2068 "./util/configparser.y" +#line 2070 "./util/configparser.y" { OUTYY(("P(server_ratelimit_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4916,11 +4918,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4920 "util/configparser.c" +#line 4922 "util/configparser.c" break; case 416: -#line 2081 "./util/configparser.y" +#line 2083 "./util/configparser.y" { OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { @@ -4934,11 +4936,11 @@ yyreduce: "ratelimit-for-domain"); } } -#line 4938 "util/configparser.c" +#line 4940 "util/configparser.c" break; case 417: -#line 2096 "./util/configparser.y" +#line 2098 "./util/configparser.y" { OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { @@ -4952,11 +4954,11 @@ yyreduce: "ratelimit-below-domain"); } } -#line 4956 "util/configparser.c" +#line 4958 "util/configparser.c" break; case 418: -#line 2111 "./util/configparser.y" +#line 2113 "./util/configparser.y" { OUTYY(("P(server_ip_ratelimit_factor:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4964,11 +4966,11 @@ yyreduce: else cfg_parser->cfg->ip_ratelimit_factor = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4968 "util/configparser.c" +#line 4970 "util/configparser.c" break; case 419: -#line 2120 "./util/configparser.y" +#line 2122 "./util/configparser.y" { OUTYY(("P(server_ratelimit_factor:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4976,20 +4978,20 @@ yyreduce: else cfg_parser->cfg->ratelimit_factor = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4980 "util/configparser.c" +#line 4982 "util/configparser.c" break; case 420: -#line 2129 "./util/configparser.y" +#line 2131 "./util/configparser.y" { OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n")); free((yyvsp[0].str)); } -#line 4989 "util/configparser.c" +#line 4991 "util/configparser.c" break; case 421: -#line 2135 "./util/configparser.y" +#line 2137 "./util/configparser.y" { OUTYY(("P(server_fast_server_num:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) <= 0) @@ -4997,11 +4999,11 @@ yyreduce: else cfg_parser->cfg->fast_server_num = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5001 "util/configparser.c" +#line 5003 "util/configparser.c" break; case 422: -#line 2144 "./util/configparser.y" +#line 2146 "./util/configparser.y" { OUTYY(("P(server_fast_server_permil:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5009,11 +5011,11 @@ yyreduce: else cfg_parser->cfg->fast_server_permil = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5013 "util/configparser.c" +#line 5015 "util/configparser.c" break; case 423: -#line 2153 "./util/configparser.y" +#line 2155 "./util/configparser.y" { OUTYY(("P(server_qname_minimisation:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5022,11 +5024,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5026 "util/configparser.c" +#line 5028 "util/configparser.c" break; case 424: -#line 2163 "./util/configparser.y" +#line 2165 "./util/configparser.y" { OUTYY(("P(server_qname_minimisation_strict:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5035,11 +5037,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5039 "util/configparser.c" +#line 5041 "util/configparser.c" break; case 425: -#line 2173 "./util/configparser.y" +#line 2175 "./util/configparser.y" { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_enabled:%s)\n", (yyvsp[0].str))); @@ -5051,11 +5053,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 5055 "util/configparser.c" +#line 5057 "util/configparser.c" break; case 426: -#line 2186 "./util/configparser.y" +#line 2188 "./util/configparser.y" { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", (yyvsp[0].str))); @@ -5067,11 +5069,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 5071 "util/configparser.c" +#line 5073 "util/configparser.c" break; case 427: -#line 2199 "./util/configparser.y" +#line 2201 "./util/configparser.y" { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_hook:%s)\n", (yyvsp[0].str))); @@ -5082,11 +5084,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5086 "util/configparser.c" +#line 5088 "util/configparser.c" break; case 428: -#line 2211 "./util/configparser.y" +#line 2213 "./util/configparser.y" { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", (yyvsp[0].str))); @@ -5099,11 +5101,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5103 "util/configparser.c" +#line 5105 "util/configparser.c" break; case 429: -#line 2225 "./util/configparser.y" +#line 2227 "./util/configparser.y" { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_whitelist:%s)\n", (yyvsp[0].str))); @@ -5114,11 +5116,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5118 "util/configparser.c" +#line 5120 "util/configparser.c" break; case 430: -#line 2237 "./util/configparser.y" +#line 2239 "./util/configparser.y" { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_strict:%s)\n", (yyvsp[0].str))); @@ -5131,11 +5133,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5135 "util/configparser.c" +#line 5137 "util/configparser.c" break; case 431: -#line 2251 "./util/configparser.y" +#line 2253 "./util/configparser.y" { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->stubs->name) @@ -5144,31 +5146,31 @@ yyreduce: free(cfg_parser->cfg->stubs->name); cfg_parser->cfg->stubs->name = (yyvsp[0].str); } -#line 5148 "util/configparser.c" +#line 5150 "util/configparser.c" break; case 432: -#line 2261 "./util/configparser.y" +#line 2263 "./util/configparser.y" { OUTYY(("P(stub-host:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5158 "util/configparser.c" +#line 5160 "util/configparser.c" break; case 433: -#line 2268 "./util/configparser.y" +#line 2270 "./util/configparser.y" { OUTYY(("P(stub-addr:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5168 "util/configparser.c" +#line 5170 "util/configparser.c" break; case 434: -#line 2275 "./util/configparser.y" +#line 2277 "./util/configparser.y" { OUTYY(("P(stub-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5176,11 +5178,11 @@ yyreduce: else cfg_parser->cfg->stubs->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5180 "util/configparser.c" +#line 5182 "util/configparser.c" break; case 435: -#line 2284 "./util/configparser.y" +#line 2286 "./util/configparser.y" { OUTYY(("P(stub-no-cache:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5188,11 +5190,11 @@ yyreduce: else cfg_parser->cfg->stubs->no_cache=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5192 "util/configparser.c" +#line 5194 "util/configparser.c" break; case 436: -#line 2293 "./util/configparser.y" +#line 2295 "./util/configparser.y" { OUTYY(("P(stub-ssl-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5201,11 +5203,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5205 "util/configparser.c" +#line 5207 "util/configparser.c" break; case 437: -#line 2303 "./util/configparser.y" +#line 2305 "./util/configparser.y" { OUTYY(("P(stub-prime:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5214,11 +5216,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5218 "util/configparser.c" +#line 5220 "util/configparser.c" break; case 438: -#line 2313 "./util/configparser.y" +#line 2315 "./util/configparser.y" { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->forwards->name) @@ -5227,31 +5229,31 @@ yyreduce: free(cfg_parser->cfg->forwards->name); cfg_parser->cfg->forwards->name = (yyvsp[0].str); } -#line 5231 "util/configparser.c" +#line 5233 "util/configparser.c" break; case 439: -#line 2323 "./util/configparser.y" +#line 2325 "./util/configparser.y" { OUTYY(("P(forward-host:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5241 "util/configparser.c" +#line 5243 "util/configparser.c" break; case 440: -#line 2330 "./util/configparser.y" +#line 2332 "./util/configparser.y" { OUTYY(("P(forward-addr:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5251 "util/configparser.c" +#line 5253 "util/configparser.c" break; case 441: -#line 2337 "./util/configparser.y" +#line 2339 "./util/configparser.y" { OUTYY(("P(forward-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5259,11 +5261,11 @@ yyreduce: else cfg_parser->cfg->forwards->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5263 "util/configparser.c" +#line 5265 "util/configparser.c" break; case 442: -#line 2346 "./util/configparser.y" +#line 2348 "./util/configparser.y" { OUTYY(("P(forward-no-cache:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5271,11 +5273,11 @@ yyreduce: else cfg_parser->cfg->forwards->no_cache=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5275 "util/configparser.c" +#line 5277 "util/configparser.c" break; case 443: -#line 2355 "./util/configparser.y" +#line 2357 "./util/configparser.y" { OUTYY(("P(forward-ssl-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5284,11 +5286,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5288 "util/configparser.c" +#line 5290 "util/configparser.c" break; case 444: -#line 2365 "./util/configparser.y" +#line 2367 "./util/configparser.y" { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->auths->name) @@ -5297,52 +5299,52 @@ yyreduce: free(cfg_parser->cfg->auths->name); cfg_parser->cfg->auths->name = (yyvsp[0].str); } -#line 5301 "util/configparser.c" +#line 5303 "util/configparser.c" break; case 445: -#line 2375 "./util/configparser.y" +#line 2377 "./util/configparser.y" { OUTYY(("P(zonefile:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->auths->zonefile); cfg_parser->cfg->auths->zonefile = (yyvsp[0].str); } -#line 5311 "util/configparser.c" +#line 5313 "util/configparser.c" break; case 446: -#line 2382 "./util/configparser.y" +#line 2384 "./util/configparser.y" { OUTYY(("P(master:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5321 "util/configparser.c" +#line 5323 "util/configparser.c" break; case 447: -#line 2389 "./util/configparser.y" +#line 2391 "./util/configparser.y" { OUTYY(("P(url:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5331 "util/configparser.c" +#line 5333 "util/configparser.c" break; case 448: -#line 2396 "./util/configparser.y" +#line 2398 "./util/configparser.y" { OUTYY(("P(allow-notify:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5342 "util/configparser.c" +#line 5344 "util/configparser.c" break; case 449: -#line 2404 "./util/configparser.y" +#line 2406 "./util/configparser.y" { OUTYY(("P(for-downstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5351,11 +5353,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5355 "util/configparser.c" +#line 5357 "util/configparser.c" break; case 450: -#line 2414 "./util/configparser.y" +#line 2416 "./util/configparser.y" { OUTYY(("P(for-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5364,11 +5366,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5368 "util/configparser.c" +#line 5370 "util/configparser.c" break; case 451: -#line 2424 "./util/configparser.y" +#line 2426 "./util/configparser.y" { OUTYY(("P(fallback-enabled:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5377,11 +5379,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5381 "util/configparser.c" +#line 5383 "util/configparser.c" break; case 452: -#line 2434 "./util/configparser.y" +#line 2436 "./util/configparser.y" { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->views->name) @@ -5390,11 +5392,11 @@ yyreduce: free(cfg_parser->cfg->views->name); cfg_parser->cfg->views->name = (yyvsp[0].str); } -#line 5394 "util/configparser.c" +#line 5396 "util/configparser.c" break; case 453: -#line 2444 "./util/configparser.y" +#line 2446 "./util/configparser.y" { OUTYY(("P(view_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 && @@ -5432,11 +5434,11 @@ yyreduce: fatal_exit("out of memory adding local-zone"); } } -#line 5436 "util/configparser.c" +#line 5438 "util/configparser.c" break; case 454: -#line 2483 "./util/configparser.y" +#line 2485 "./util/configparser.y" { OUTYY(("P(view_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); validate_respip_action((yyvsp[0].str)); @@ -5445,33 +5447,33 @@ yyreduce: fatal_exit("out of memory adding per-view " "response-ip action"); } -#line 5449 "util/configparser.c" +#line 5451 "util/configparser.c" break; case 455: -#line 2493 "./util/configparser.y" +#line 2495 "./util/configparser.y" { OUTYY(("P(view_response_ip_data:%s)\n", (yyvsp[-1].str))); if(!cfg_str2list_insert( &cfg_parser->cfg->views->respip_data, (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding response-ip-data"); } -#line 5460 "util/configparser.c" +#line 5462 "util/configparser.c" break; case 456: -#line 2501 "./util/configparser.y" +#line 2503 "./util/configparser.y" { OUTYY(("P(view_local_data:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, (yyvsp[0].str))) { fatal_exit("out of memory adding local-data"); } } -#line 5471 "util/configparser.c" +#line 5473 "util/configparser.c" break; case 457: -#line 2509 "./util/configparser.y" +#line 2511 "./util/configparser.y" { char* ptr; OUTYY(("P(view_local_data_ptr:%s)\n", (yyvsp[0].str))); @@ -5485,11 +5487,11 @@ yyreduce: yyerror("local-data-ptr could not be reversed"); } } -#line 5489 "util/configparser.c" +#line 5491 "util/configparser.c" break; case 458: -#line 2524 "./util/configparser.y" +#line 2526 "./util/configparser.y" { OUTYY(("P(view-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5497,19 +5499,19 @@ yyreduce: else cfg_parser->cfg->views->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5501 "util/configparser.c" +#line 5503 "util/configparser.c" break; case 459: -#line 2533 "./util/configparser.y" +#line 2535 "./util/configparser.y" { OUTYY(("\nP(remote-control:)\n")); } -#line 5509 "util/configparser.c" +#line 5511 "util/configparser.c" break; case 470: -#line 2544 "./util/configparser.y" +#line 2546 "./util/configparser.y" { OUTYY(("P(control_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5518,11 +5520,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5522 "util/configparser.c" +#line 5524 "util/configparser.c" break; case 471: -#line 2554 "./util/configparser.y" +#line 2556 "./util/configparser.y" { OUTYY(("P(control_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -5530,79 +5532,79 @@ yyreduce: else cfg_parser->cfg->control_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5534 "util/configparser.c" +#line 5536 "util/configparser.c" break; case 472: -#line 2563 "./util/configparser.y" +#line 2565 "./util/configparser.y" { OUTYY(("P(control_interface:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5544 "util/configparser.c" +#line 5546 "util/configparser.c" break; case 473: -#line 2570 "./util/configparser.y" +#line 2572 "./util/configparser.y" { OUTYY(("P(control_use_cert:%s)\n", (yyvsp[0].str))); cfg_parser->cfg->control_use_cert = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5554 "util/configparser.c" +#line 5556 "util/configparser.c" break; case 474: -#line 2577 "./util/configparser.y" +#line 2579 "./util/configparser.y" { OUTYY(("P(rc_server_key_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->server_key_file); cfg_parser->cfg->server_key_file = (yyvsp[0].str); } -#line 5564 "util/configparser.c" +#line 5566 "util/configparser.c" break; case 475: -#line 2584 "./util/configparser.y" +#line 2586 "./util/configparser.y" { OUTYY(("P(rc_server_cert_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->server_cert_file); cfg_parser->cfg->server_cert_file = (yyvsp[0].str); } -#line 5574 "util/configparser.c" +#line 5576 "util/configparser.c" break; case 476: -#line 2591 "./util/configparser.y" +#line 2593 "./util/configparser.y" { OUTYY(("P(rc_control_key_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->control_key_file); cfg_parser->cfg->control_key_file = (yyvsp[0].str); } -#line 5584 "util/configparser.c" +#line 5586 "util/configparser.c" break; case 477: -#line 2598 "./util/configparser.y" +#line 2600 "./util/configparser.y" { OUTYY(("P(rc_control_cert_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->control_cert_file); cfg_parser->cfg->control_cert_file = (yyvsp[0].str); } -#line 5594 "util/configparser.c" +#line 5596 "util/configparser.c" break; case 478: -#line 2605 "./util/configparser.y" +#line 2607 "./util/configparser.y" { OUTYY(("\nP(dnstap:)\n")); } -#line 5602 "util/configparser.c" +#line 5604 "util/configparser.c" break; case 493: -#line 2622 "./util/configparser.y" +#line 2624 "./util/configparser.y" { OUTYY(("P(dt_dnstap_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5610,21 +5612,21 @@ yyreduce: else cfg_parser->cfg->dnstap = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5614 "util/configparser.c" +#line 5616 "util/configparser.c" break; case 494: -#line 2631 "./util/configparser.y" +#line 2633 "./util/configparser.y" { OUTYY(("P(dt_dnstap_socket_path:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_socket_path); cfg_parser->cfg->dnstap_socket_path = (yyvsp[0].str); } -#line 5624 "util/configparser.c" +#line 5626 "util/configparser.c" break; case 495: -#line 2638 "./util/configparser.y" +#line 2640 "./util/configparser.y" { OUTYY(("P(dt_dnstap_send_identity:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5632,11 +5634,11 @@ yyreduce: else cfg_parser->cfg->dnstap_send_identity = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5636 "util/configparser.c" +#line 5638 "util/configparser.c" break; case 496: -#line 2647 "./util/configparser.y" +#line 2649 "./util/configparser.y" { OUTYY(("P(dt_dnstap_send_version:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5644,31 +5646,31 @@ yyreduce: else cfg_parser->cfg->dnstap_send_version = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5648 "util/configparser.c" +#line 5650 "util/configparser.c" break; case 497: -#line 2656 "./util/configparser.y" +#line 2658 "./util/configparser.y" { OUTYY(("P(dt_dnstap_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_identity); cfg_parser->cfg->dnstap_identity = (yyvsp[0].str); } -#line 5658 "util/configparser.c" +#line 5660 "util/configparser.c" break; case 498: -#line 2663 "./util/configparser.y" +#line 2665 "./util/configparser.y" { OUTYY(("P(dt_dnstap_version:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_version); cfg_parser->cfg->dnstap_version = (yyvsp[0].str); } -#line 5668 "util/configparser.c" +#line 5670 "util/configparser.c" break; case 499: -#line 2670 "./util/configparser.y" +#line 2672 "./util/configparser.y" { OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5677,11 +5679,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5681 "util/configparser.c" +#line 5683 "util/configparser.c" break; case 500: -#line 2680 "./util/configparser.y" +#line 2682 "./util/configparser.y" { OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5690,11 +5692,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5694 "util/configparser.c" +#line 5696 "util/configparser.c" break; case 501: -#line 2690 "./util/configparser.y" +#line 2692 "./util/configparser.y" { OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5703,11 +5705,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5707 "util/configparser.c" +#line 5709 "util/configparser.c" break; case 502: -#line 2700 "./util/configparser.y" +#line 2702 "./util/configparser.y" { OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5716,11 +5718,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5720 "util/configparser.c" +#line 5722 "util/configparser.c" break; case 503: -#line 2710 "./util/configparser.y" +#line 2712 "./util/configparser.y" { OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5729,11 +5731,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5733 "util/configparser.c" +#line 5735 "util/configparser.c" break; case 504: -#line 2720 "./util/configparser.y" +#line 2722 "./util/configparser.y" { OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5742,29 +5744,29 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5746 "util/configparser.c" +#line 5748 "util/configparser.c" break; case 505: -#line 2730 "./util/configparser.y" +#line 2732 "./util/configparser.y" { OUTYY(("\nP(python:)\n")); } -#line 5754 "util/configparser.c" +#line 5756 "util/configparser.c" break; case 509: -#line 2739 "./util/configparser.y" +#line 2741 "./util/configparser.y" { OUTYY(("P(python-script:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5764 "util/configparser.c" +#line 5766 "util/configparser.c" break; case 510: -#line 2745 "./util/configparser.y" +#line 2747 "./util/configparser.y" { OUTYY(("P(disable_dnssec_lame_check:%s)\n", (yyvsp[0].str))); if (strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5773,21 +5775,21 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5777 "util/configparser.c" +#line 5779 "util/configparser.c" break; case 511: -#line 2755 "./util/configparser.y" +#line 2757 "./util/configparser.y" { OUTYY(("P(server_log_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->log_identity); cfg_parser->cfg->log_identity = (yyvsp[0].str); } -#line 5787 "util/configparser.c" +#line 5789 "util/configparser.c" break; case 512: -#line 2762 "./util/configparser.y" +#line 2764 "./util/configparser.y" { OUTYY(("P(server_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); validate_respip_action((yyvsp[0].str)); @@ -5795,30 +5797,30 @@ yyreduce: (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding response-ip"); } -#line 5799 "util/configparser.c" +#line 5801 "util/configparser.c" break; case 513: -#line 2771 "./util/configparser.y" +#line 2773 "./util/configparser.y" { OUTYY(("P(server_response_ip_data:%s)\n", (yyvsp[-1].str))); if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data, (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding response-ip-data"); } -#line 5810 "util/configparser.c" +#line 5812 "util/configparser.c" break; case 514: -#line 2779 "./util/configparser.y" +#line 2781 "./util/configparser.y" { OUTYY(("\nP(dnscrypt:)\n")); } -#line 5818 "util/configparser.c" +#line 5820 "util/configparser.c" break; case 527: -#line 2795 "./util/configparser.y" +#line 2797 "./util/configparser.y" { OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5826,11 +5828,11 @@ yyreduce: else cfg_parser->cfg->dnscrypt = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5830 "util/configparser.c" +#line 5832 "util/configparser.c" break; case 528: -#line 2805 "./util/configparser.y" +#line 2807 "./util/configparser.y" { OUTYY(("P(dnsc_dnscrypt_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -5838,21 +5840,21 @@ yyreduce: else cfg_parser->cfg->dnscrypt_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5842 "util/configparser.c" +#line 5844 "util/configparser.c" break; case 529: -#line 2814 "./util/configparser.y" +#line 2816 "./util/configparser.y" { OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnscrypt_provider); cfg_parser->cfg->dnscrypt_provider = (yyvsp[0].str); } -#line 5852 "util/configparser.c" +#line 5854 "util/configparser.c" break; case 530: -#line 2821 "./util/configparser.y" +#line 2823 "./util/configparser.y" { OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", (yyvsp[0].str))); if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str))) @@ -5860,21 +5862,21 @@ yyreduce: if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str))) fatal_exit("out of memory adding dnscrypt-provider-cert"); } -#line 5864 "util/configparser.c" +#line 5866 "util/configparser.c" break; case 531: -#line 2830 "./util/configparser.y" +#line 2832 "./util/configparser.y" { OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, (yyvsp[0].str))) fatal_exit("out of memory adding dnscrypt-provider-cert-rotated"); } -#line 5874 "util/configparser.c" +#line 5876 "util/configparser.c" break; case 532: -#line 2837 "./util/configparser.y" +#line 2839 "./util/configparser.y" { OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", (yyvsp[0].str))); if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str))) @@ -5882,22 +5884,22 @@ yyreduce: if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str))) fatal_exit("out of memory adding dnscrypt-secret-key"); } -#line 5886 "util/configparser.c" +#line 5888 "util/configparser.c" break; case 533: -#line 2846 "./util/configparser.y" +#line 2848 "./util/configparser.y" { OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_shared_secret_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 5897 "util/configparser.c" +#line 5899 "util/configparser.c" break; case 534: -#line 2854 "./util/configparser.y" +#line 2856 "./util/configparser.y" { OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -5909,22 +5911,22 @@ yyreduce: } free((yyvsp[0].str)); } -#line 5913 "util/configparser.c" +#line 5915 "util/configparser.c" break; case 535: -#line 2867 "./util/configparser.y" +#line 2869 "./util/configparser.y" { OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_nonce_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 5924 "util/configparser.c" +#line 5926 "util/configparser.c" break; case 536: -#line 2875 "./util/configparser.y" +#line 2877 "./util/configparser.y" { OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -5936,19 +5938,19 @@ yyreduce: } free((yyvsp[0].str)); } -#line 5940 "util/configparser.c" +#line 5942 "util/configparser.c" break; case 537: -#line 2888 "./util/configparser.y" +#line 2890 "./util/configparser.y" { OUTYY(("\nP(cachedb:)\n")); } -#line 5948 "util/configparser.c" +#line 5950 "util/configparser.c" break; case 545: -#line 2898 "./util/configparser.y" +#line 2900 "./util/configparser.y" { #ifdef USE_CACHEDB OUTYY(("P(backend:%s)\n", (yyvsp[0].str))); @@ -5962,11 +5964,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5966 "util/configparser.c" +#line 5968 "util/configparser.c" break; case 546: -#line 2913 "./util/configparser.y" +#line 2915 "./util/configparser.y" { #ifdef USE_CACHEDB OUTYY(("P(secret-seed:%s)\n", (yyvsp[0].str))); @@ -5980,11 +5982,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5984 "util/configparser.c" +#line 5986 "util/configparser.c" break; case 547: -#line 2928 "./util/configparser.y" +#line 2930 "./util/configparser.y" { #if defined(USE_CACHEDB) && defined(USE_REDIS) OUTYY(("P(redis_server_host:%s)\n", (yyvsp[0].str))); @@ -5995,11 +5997,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5999 "util/configparser.c" +#line 6001 "util/configparser.c" break; case 548: -#line 2940 "./util/configparser.y" +#line 2942 "./util/configparser.y" { #if defined(USE_CACHEDB) && defined(USE_REDIS) int port; @@ -6013,11 +6015,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 6017 "util/configparser.c" +#line 6019 "util/configparser.c" break; case 549: -#line 2955 "./util/configparser.y" +#line 2957 "./util/configparser.y" { #if defined(USE_CACHEDB) && defined(USE_REDIS) OUTYY(("P(redis_timeout:%s)\n", (yyvsp[0].str))); @@ -6029,11 +6031,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 6033 "util/configparser.c" +#line 6035 "util/configparser.c" break; case 550: -#line 2968 "./util/configparser.y" +#line 2970 "./util/configparser.y" { OUTYY(("P(server_tcp_connection_limit:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if (atoi((yyvsp[0].str)) < 0) @@ -6043,19 +6045,19 @@ yyreduce: fatal_exit("out of memory adding tcp connection limit"); } } -#line 6047 "util/configparser.c" +#line 6049 "util/configparser.c" break; case 551: -#line 2979 "./util/configparser.y" +#line 2981 "./util/configparser.y" { OUTYY(("\nP(ipset:)\n")); } -#line 6055 "util/configparser.c" +#line 6057 "util/configparser.c" break; case 556: -#line 2988 "./util/configparser.y" +#line 2990 "./util/configparser.y" { #ifdef USE_IPSET OUTYY(("P(name-v4:%s)\n", (yyvsp[0].str))); @@ -6069,11 +6071,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 6073 "util/configparser.c" +#line 6075 "util/configparser.c" break; case 557: -#line 3003 "./util/configparser.y" +#line 3005 "./util/configparser.y" { #ifdef USE_IPSET OUTYY(("P(name-v6:%s)\n", (yyvsp[0].str))); @@ -6087,11 +6089,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 6091 "util/configparser.c" +#line 6093 "util/configparser.c" break; -#line 6095 "util/configparser.c" +#line 6097 "util/configparser.c" default: break; } @@ -6323,7 +6325,7 @@ yyreturn: #endif return yyresult; } -#line 3017 "./util/configparser.y" +#line 3019 "./util/configparser.y" /* parse helper routines could be here */ diff --git a/util/configparser.y b/util/configparser.y index 10227a2ff..8be6bd3e8 100644 --- a/util/configparser.y +++ b/util/configparser.y @@ -429,6 +429,7 @@ server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG fatal_exit("out of memory adding client-subnet"); #else OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); + free($2); #endif } ; @@ -441,6 +442,7 @@ server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG fatal_exit("out of memory adding client-subnet-zone"); #else OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); + free($2); #endif } ; From 1e0c957dcd7b0b1e03ff2d8bf58fdbb147ce4978 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 14 Jan 2020 16:03:29 +0100 Subject: [PATCH 111/123] - Fix auth zone support for NSEC3 records without salt. --- doc/Changelog | 1 + services/authzone.c | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index c085d7e9d..519f4c3ea 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -7,6 +7,7 @@ cache and neg cache structures. - Fix for memory leak when edns subnet config options are read when compiled without edns subnet support. + - Fix auth zone support for NSEC3 records without salt. 10 January 2020: Wouter - Fix the relationship between serve-expired and prefetch options, diff --git a/services/authzone.c b/services/authzone.c index 9621d6ee3..bad649c39 100644 --- a/services/authzone.c +++ b/services/authzone.c @@ -2586,12 +2586,14 @@ az_nsec3_hash(uint8_t* buf, size_t buflen, uint8_t* nm, size_t nmlen, /* hashfunc(name, salt) */ memmove(p, nm, nmlen); query_dname_tolower(p); - memmove(p+nmlen, salt, saltlen); + if(salt && saltlen > 0) + memmove(p+nmlen, salt, saltlen); (void)secalgo_nsec3_hash(algo, p, nmlen+saltlen, (unsigned char*)buf); for(i=0; i 0) + memmove(p+hlen, salt, saltlen); (void)secalgo_nsec3_hash(algo, p, hlen+saltlen, (unsigned char*)buf); } From 05cb07093d5938f3caf0ffa1f11c4e0aed715ea1 Mon Sep 17 00:00:00 2001 From: frpet Date: Thu, 23 Jan 2020 08:23:16 +0100 Subject: [PATCH 112/123] Update unbound_munin_ Add TLS (DoT) counters --- contrib/unbound_munin_ | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/contrib/unbound_munin_ b/contrib/unbound_munin_ index 5d3dff8e8..2839cd8b5 100755 --- a/contrib/unbound_munin_ +++ b/contrib/unbound_munin_ @@ -242,6 +242,8 @@ if test "$1" = "config" ; then p_config "total.num.prefetch" "cache prefetch" "ABSOLUTE" p_config "num.query.tcp" "TCP queries" "ABSOLUTE" p_config "num.query.tcpout" "TCP out queries" "ABSOLUTE" + p_config "num.query.tls" "TLS queries" "ABSOLUTE" + p_config "num.query.tls.resume" "TLS resumes" "ABSOLUTE" p_config "num.query.ipv6" "IPv6 queries" "ABSOLUTE" p_config "unwanted.queries" "queries that failed acl" "ABSOLUTE" p_config "unwanted.replies" "unwanted or unsolicited replies" "ABSOLUTE" @@ -443,7 +445,8 @@ hits) for x in `grep "^thread[0-9][0-9]*\.num\.queries=" $state | sed -e 's/=.*//'` total.num.queries \ total.num.cachehits total.num.prefetch num.query.tcp \ - num.query.tcpout num.query.ipv6 unwanted.queries \ + num.query.tcpout num.query.tls num.query.tls.resume \ + num.query.ipv6 unwanted.queries \ unwanted.replies; do if grep "^"$x"=" $state >/dev/null 2>&1; then print_value $x From 016f742f16bc3ea6e4cbafaf8b3e479581d3d6b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20KUBLER?= Date: Thu, 23 Jan 2020 15:46:53 +0100 Subject: [PATCH 113/123] Added a new unit file to run unbound with systemd and without chroot. See https://github.com/NLnetLabs/unbound/pull/149 --- contrib/unbound_nochroot.service.in | 97 +++++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) create mode 100644 contrib/unbound_nochroot.service.in diff --git a/contrib/unbound_nochroot.service.in b/contrib/unbound_nochroot.service.in new file mode 100644 index 000000000..301062e38 --- /dev/null +++ b/contrib/unbound_nochroot.service.in @@ -0,0 +1,97 @@ +; This unit file is provided to run unbound without chroot. +; +; To use this unit file, please make sure you either compile unbound with the +; following options: +; +; - --with-pidfile=/run/unbound/unbound.pid +; - --with-chroot-dir="" +; +; Or put the following options in your unbound configuration file: +; +; - chroot: "" +; - pidfile: /run/unbound/unbound.pid +; +; Running without the chroot doesn't mean it's less secure. Simply put, we will +; instead rely on a few systemd directives to harden the service. +; To quote systemd : it's like a chroot on steroids ! +; +; The most important parts are : +; +; - `ProtectSystem=strict` implies we mount the entire file system hierarchy +; read-only for the processes invoked by the unit except for the API file +; system subtrees /dev, /proc and /sys (which are protected by +; PrivateDevices=, ProtectKernelTunables=, ProtectControlGroups=). +; +; - `PrivateTmp=yes` secures access to temporary files of the process, and +; makes sharing between processes via /tmp or /var/tmp impossible. +; +; - `ProtectHome=yes` makes the directories /home, /root, and /run/user +; inaccessible and empty for processes invoked by the unit. +; +; - `ProtectControlGroups=yes` makes the Linux Control Groups hierarchies +; (accessible through /sys/fs/cgroup) read-only to all processes invoked by +; the unit. It also implies `MountAPIVFS=yes`. +; +; - `RuntimeDirectory=unbound` creates a /run/unbound directory, owned by the +; unit User and Group with read-write permissions (0755) as soon as the +; unit starts. This allows unbound to store its pidfile. The directory and +; its content are automatically removed by systemd when the unit stops. +; +; - `NoNewPrivileges=yes` ensures that the service process and all its +; children can never gain new privileges through execve(). +; +; - `RestrictSUIDSGID=yes` ensures that any attempts to set the set-user-ID +; (SUID) or set-group-ID (SGID) bits on files or directories will be denied. +; +; - `RestrictRealTime=yes` ensures that any attempts to enable realtime +; scheduling in a process invoked by the unit will be denied. +; +; - `RestrictNamespaces=yes` ensures that access to any kind of namespacing +; is prohibited. +; +; - `LockPersonality=yes` locks down the personality system call so that the +; kernel execution domain may not be changed from the default. +; +; +; For further details about the directives used in this unit file, including +; the above, please refer to systemd's official documentation, available at +; https://www.freedesktop.org/software/systemd/man/systemd.exec.html. +; +; +[Unit] +Description=Validating, recursive, and caching DNS resolver +Documentation=man:unbound(8) +After=network.target +Before=network-online.target nss-lookup.target +Wants=nss-lookup.target + +[Install] +WantedBy=multi-user.target + +[Service] +ExecStart=@UNBOUND_SBIN_DIR@/unbound -d +ExecReload=+/bin/kill -HUP $MAINPID +ExecStop=+/bin/kill -TERM $MAINPID +NotifyAccess=main +Type=notify +CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID \ + CAP_SYS_CHROOT CAP_SYS_RESOURCE CAP_NET_RAW +MemoryDenyWriteExecute=true +NoNewPrivileges=true +PrivateDevices=true +PrivateTmp=true +ProtectHome=true +ProtectControlGroups=true +ProtectKernelModules=true +ProtectSystem=strict +ConfigurationDirectory=unbound +RuntimeDirectory=unbound +BindPaths=/run/systemd/notify +BindReadOnlyPaths=/dev/log /run/systemd/journal/socket /run/systemd/journal/stdout +RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX +RestrictRealtime=true +SystemCallArchitectures=native +SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module mount @obsolete @resources +RestrictNamespaces=yes +LockPersonality=yes +RestrictSUIDSGID=yes From c3f6f0a3329e7a533b36b5d8313f8a18ca1c0af1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20KUBLER?= Date: Thu, 23 Jan 2020 15:51:07 +0100 Subject: [PATCH 114/123] Patch configure.ac file to take the new contrib/unbound_nochroot.service unit file in consideration. All props to Wouter Wijngaards for this work. --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 4ed9bb872..0104554dc 100644 --- a/configure.ac +++ b/configure.ac @@ -2047,6 +2047,6 @@ dnl if this is a distro tarball, that was already done by makedist.sh AC_SUBST(version, [VERSION_MAJOR.VERSION_MINOR.VERSION_MICRO]) AC_SUBST(date, [`date +'%b %e, %Y'`]) -AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h dnscrypt/dnscrypt_config.h contrib/libunbound.pc contrib/unbound.socket contrib/unbound.service]) +AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h dnscrypt/dnscrypt_config.h contrib/libunbound.pc contrib/unbound.socket contrib/unbound.service contrib/unbound_nochroot.service]) AC_CONFIG_HEADER([config.h]) AC_OUTPUT From 61456ff81d75a67803c4372948068788b465f558 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Thu, 23 Jan 2020 16:16:52 +0100 Subject: [PATCH 115/123] Changelog and contrib/README note for PR#150. - Merge PR#150 from Frzk: Systemd unit without chroot. It add contrib/unbound_nochroot.service.in, a systemd file for use with chroot: "", see comments in the file, it uses systemd protections instead. --- contrib/README | 3 +++ doc/Changelog | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/contrib/README b/contrib/README index f12e52f25..1dce78c09 100644 --- a/contrib/README +++ b/contrib/README @@ -31,6 +31,9 @@ distribution but may be helpful. Contributed by Yuri Voinov. * unbound.socket and unbound.service: systemd files for unbound, install them in /usr/lib/systemd/system. Contributed by Sami Kerola and Pavel Odintsov. +* unbound_nochroot.service.in: systemd file for use with chroot: "", see + comments in the file, it uses systemd protections instead. Contributed + by Frzk. * redirect-bogus.patch: Return configured address for bogus A and AAAA answers, instead of SERVFAIL. Contributed by SIDN. * fastrpz.patch: fastrpz support from Farsight Security. diff --git a/doc/Changelog b/doc/Changelog index 519f4c3ea..e323cb84b 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,9 @@ +23 January 2020: Wouter + - Merge PR#150 from Frzk: Systemd unit without chroot. It add + contrib/unbound_nochroot.service.in, a systemd file for use with + chroot: "", see comments in the file, it uses systemd protections + instead. + 14 January 2020: Wouter - Removed the dnscrypt_queries and dnscrypt_queries_chacha tests, because dnscrypt-proxy (2.0.36) does not support the test setup From f6b4f2a14918c96c3c3f5e35775e3edf4418ef24 Mon Sep 17 00:00:00 2001 From: Steven Chamberlain Date: Thu, 16 Feb 2017 12:37:41 +0000 Subject: [PATCH 116/123] Allow use of libbsd functions with configure option --with-libbsd Add a new configure option `--with-libbsd', which allows to use libbsd's portable implementations of: strlcpy strlcat arc4random arc4random_uniform reallocarray instead of the embedded code copies in contrib/, which will be difficult to maintain in the long term. Also patch util/random.c so that, when building with libbsd and without OpenSSL, arc4random can still be used as the PRNG. Otherwise, building with libnettle would need a kernel-specific getentropy implementation, and libbsd does not export one. [edmonds@debian.org: Imported patch description from BTS, refreshed patch against Unbound 1.9.6.] --- configure.ac | 18 ++++++++++++++++++ contrib/libunbound.pc.in | 2 +- util/random.c | 8 ++++---- 3 files changed, 23 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index 0104554dc..15efda669 100644 --- a/configure.ac +++ b/configure.ac @@ -881,6 +881,19 @@ fi fi AC_SUBST(SSLLIB) +# libbsd +AC_ARG_WITH([libbsd], AC_HELP_STRING([--with-libbsd], [Use portable libbsd functions]), [ + AC_CHECK_HEADERS([bsd/string.h bsd/stdlib.h],,, [AC_INCLUDES_DEFAULT]) + if test "x$ac_cv_header_bsd_string_h" = xyes -a "x$ac_cv_header_bsd_stdlib_h" = xyes; then + for func in strlcpy strlcat arc4random arc4random_uniform reallocarray; do + AC_SEARCH_LIBS([$func], [bsd], [ + AC_DEFINE(HAVE_LIBBSD, 1, [Use portable libbsd functions]) + PC_LIBBSD_DEPENDENCY=libbsd + AC_SUBST(PC_LIBBSD_DEPENDENCY) + ]) + done + fi +]) AC_ARG_ENABLE(sha1, AC_HELP_STRING([--disable-sha1], [Disable SHA1 RRSIG support, does not disable nsec3 support])) case "$enable_sha1" in @@ -1946,6 +1959,11 @@ char *strptime(const char *s, const char *format, struct tm *tm); void *reallocarray(void *ptr, size_t nmemb, size_t size); #endif +#ifdef HAVE_LIBBSD +#include +#include +#endif + #ifdef HAVE_LIBRESSL # if !HAVE_DECL_STRLCPY size_t strlcpy(char *dst, const char *src, size_t siz); diff --git a/contrib/libunbound.pc.in b/contrib/libunbound.pc.in index 810c57134..e3e842695 100644 --- a/contrib/libunbound.pc.in +++ b/contrib/libunbound.pc.in @@ -8,7 +8,7 @@ Description: Library with validating, recursive, and caching DNS resolver URL: http://www.unbound.net Version: @PACKAGE_VERSION@ Requires: libcrypto libssl @PC_LIBEVENT_DEPENDENCY@ -Requires.private: @PC_PY_DEPENDENCY@ +Requires.private: @PC_PY_DEPENDENCY@ @PC_LIBBSD_DEPENDENCY@ Libs: -L${libdir} -lunbound -lssl -lcrypto Libs.private: @SSLLIB@ @LIBS@ Cflags: -I${includedir} diff --git a/util/random.c b/util/random.c index bb564f2f9..6eb102c63 100644 --- a/util/random.c +++ b/util/random.c @@ -78,7 +78,7 @@ */ #define MAX_VALUE 0x7fffffff -#if defined(HAVE_SSL) +#if defined(HAVE_SSL) || defined(HAVE_LIBBSD) struct ub_randstate* ub_initstate(struct ub_randstate* ATTR_UNUSED(from)) { @@ -183,10 +183,10 @@ long int ub_random(struct ub_randstate* s) } return x & MAX_VALUE; } -#endif /* HAVE_SSL or HAVE_NSS or HAVE_NETTLE */ +#endif /* HAVE_SSL or HAVE_LIBBSD or HAVE_NSS or HAVE_NETTLE */ -#if defined(HAVE_NSS) || defined(HAVE_NETTLE) +#if defined(HAVE_NSS) || defined(HAVE_NETTLE) && !defined(HAVE_LIBBSD) long int ub_random_max(struct ub_randstate* state, long int x) { @@ -198,7 +198,7 @@ ub_random_max(struct ub_randstate* state, long int x) v = ub_random(state); return (v % x); } -#endif /* HAVE_NSS or HAVE_NETTLE */ +#endif /* HAVE_NSS or HAVE_NETTLE and !HAVE_LIBBSD */ void ub_randfree(struct ub_randstate* s) From 36b5d74fc4e604e73ddd6689a140f7b324347e30 Mon Sep 17 00:00:00 2001 From: Robert Edmonds Date: Sun, 26 Jan 2020 22:01:38 -0500 Subject: [PATCH 117/123] contrib/libunbound.pc.in: Only specify -lunbound for Libs According to the pkg-config manpage, the "Libs" line in a .pc file should give the link flags "specific to your package", and specifically says not to include link flags for dependencies: Libs: This line should give the link flags specific to your package. Don't add any flags for required packages; pkg-config will add those automatically. --- contrib/libunbound.pc.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/libunbound.pc.in b/contrib/libunbound.pc.in index 810c57134..74dfdb6fc 100644 --- a/contrib/libunbound.pc.in +++ b/contrib/libunbound.pc.in @@ -9,6 +9,6 @@ URL: http://www.unbound.net Version: @PACKAGE_VERSION@ Requires: libcrypto libssl @PC_LIBEVENT_DEPENDENCY@ Requires.private: @PC_PY_DEPENDENCY@ -Libs: -L${libdir} -lunbound -lssl -lcrypto +Libs: -L${libdir} -lunbound Libs.private: @SSLLIB@ @LIBS@ -Cflags: -I${includedir} +Cflags: -I${includedir} From 394f9403df102e47bcebc174ed26968a68548c9f Mon Sep 17 00:00:00 2001 From: Robert Edmonds Date: Sun, 26 Jan 2020 22:23:53 -0500 Subject: [PATCH 118/123] contrib/libunbound.pc.in: Embed the correct crypto dependencies This commit removes the hardcoded dependency in the libunbound pkg-config .pc file on the libcrypto and libssl modules and instead populates the .pc file based on which crypto library was selected at configure time. Note that the .pc file specifies pkg-config module names for the "Requires" line and this can vary from the library filename (e.g. "nss" is the pkg-config module name vs. "nss3" being the library name). --- configure.ac | 7 +++++++ contrib/libunbound.pc.in | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 0104554dc..99c662792 100644 --- a/configure.ac +++ b/configure.ac @@ -761,6 +761,8 @@ AC_ARG_WITH([nss], AC_HELP_STRING([--with-nss=path], fi LIBS="$LIBS -lnss3 -lnspr4" SSLLIB="" + PC_CRYPTO_DEPENDENCY="nss nspr" + AC_SUBST(PC_CRYPTO_DEPENDENCY) ] ) @@ -781,6 +783,8 @@ AC_ARG_WITH([nettle], AC_HELP_STRING([--with-nettle=path], fi LIBS="$LIBS -lhogweed -lnettle -lgmp" SSLLIB="" + PC_CRYPTO_DEPENDENCY="hogweed nettle" + AC_SUBST(PC_CRYPTO_DEPENDENCY) ] ) @@ -790,6 +794,9 @@ ACX_WITH_SSL ACX_LIB_SSL SSLLIB="-lssl" +PC_CRYPTO_DEPENDENCY="libcrypto libssl" +AC_SUBST(PC_CRYPTO_DEPENDENCY) + # check if -lcrypt32 is needed because CAPIENG needs that. (on windows) BAKLIBS="$LIBS" LIBS="-lssl $LIBS" diff --git a/contrib/libunbound.pc.in b/contrib/libunbound.pc.in index 74dfdb6fc..f7cd1e074 100644 --- a/contrib/libunbound.pc.in +++ b/contrib/libunbound.pc.in @@ -7,7 +7,7 @@ Name: unbound Description: Library with validating, recursive, and caching DNS resolver URL: http://www.unbound.net Version: @PACKAGE_VERSION@ -Requires: libcrypto libssl @PC_LIBEVENT_DEPENDENCY@ +Requires: @PC_CRYPTO_DEPENDENCY@ @PC_LIBEVENT_DEPENDENCY@ Requires.private: @PC_PY_DEPENDENCY@ Libs: -L${libdir} -lunbound Libs.private: @SSLLIB@ @LIBS@ From 82a6a2f8ccf6f1a80d15264eb1a9e7799daf08e7 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Mon, 27 Jan 2020 09:31:07 +0100 Subject: [PATCH 119/123] Changelog note for PR#155. - Merge PR#155 from Rober Edmonds: contrib/libunbound.pc.in: Fixes to Libs/Requires for crypto library dependencies. --- doc/Changelog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/Changelog b/doc/Changelog index e323cb84b..e372886d0 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,7 @@ +27 January 2020: Wouter + - Merge PR#155 from Rober Edmonds: contrib/libunbound.pc.in: Fixes + to Libs/Requires for crypto library dependencies. + 23 January 2020: Wouter - Merge PR#150 from Frzk: Systemd unit without chroot. It add contrib/unbound_nochroot.service.in, a systemd file for use with From 68ff1730ac9cb7f339d6618b87977f69dc02d974 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Mon, 27 Jan 2020 09:40:18 +0100 Subject: [PATCH 120/123] - Fix #153: Disable validation for DSA algorithms. RFC 8624 compliance. --- configure | 19 +++++++++++++++---- configure.ac | 8 +++++--- doc/Changelog | 2 ++ 3 files changed, 22 insertions(+), 7 deletions(-) diff --git a/configure b/configure index eb855554d..d5f8d8cee 100755 --- a/configure +++ b/configure @@ -675,6 +675,7 @@ SUBNET_HEADER SUBNET_OBJ SSLLIB HAVE_SSL +PC_CRYPTO_DEPENDENCY CONFIG_DATE NETBSD_LINTFLAGS PYUNBOUND_UNINSTALL @@ -17759,6 +17760,8 @@ $as_echo "#define HAVE_NSS 1" >>confdefs.h fi LIBS="$LIBS -lnss3 -lnspr4" SSLLIB="" + PC_CRYPTO_DEPENDENCY="nss nspr" + fi @@ -17802,6 +17805,8 @@ done fi LIBS="$LIBS -lhogweed -lnettle -lgmp" SSLLIB="" + PC_CRYPTO_DEPENDENCY="hogweed nettle" + fi @@ -18152,6 +18157,9 @@ rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext SSLLIB="-lssl" +PC_CRYPTO_DEPENDENCY="libcrypto libssl" + + # check if -lcrypt32 is needed because CAPIENG needs that. (on windows) BAKLIBS="$LIBS" LIBS="-lssl $LIBS" @@ -18745,9 +18753,7 @@ fi use_dsa="no" case "$enable_dsa" in - no) - ;; - *) + yes) # detect if DSA is supported, and turn it off if not. if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then ac_fn_c_check_func "$LINENO" "DSA_SIG_new" "ac_cv_func_DSA_SIG_new" @@ -18800,6 +18806,10 @@ _ACEOF fi ;; + *) + # disable dsa by default, RFC 8624 section 3.1, validators MUST NOT + # support DSA for DNSSEC Validation. + ;; esac # Check whether --enable-ed25519 was given. @@ -21431,7 +21441,7 @@ version=1.9.7 date=`date +'%b %e, %Y'` -ac_config_files="$ac_config_files Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h dnscrypt/dnscrypt_config.h contrib/libunbound.pc contrib/unbound.socket contrib/unbound.service" +ac_config_files="$ac_config_files Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h dnscrypt/dnscrypt_config.h contrib/libunbound.pc contrib/unbound.socket contrib/unbound.service contrib/unbound_nochroot.service" ac_config_headers="$ac_config_headers config.h" @@ -22437,6 +22447,7 @@ do "contrib/libunbound.pc") CONFIG_FILES="$CONFIG_FILES contrib/libunbound.pc" ;; "contrib/unbound.socket") CONFIG_FILES="$CONFIG_FILES contrib/unbound.socket" ;; "contrib/unbound.service") CONFIG_FILES="$CONFIG_FILES contrib/unbound.service" ;; + "contrib/unbound_nochroot.service") CONFIG_FILES="$CONFIG_FILES contrib/unbound_nochroot.service" ;; "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; diff --git a/configure.ac b/configure.ac index 99c662792..a356dcf7d 100644 --- a/configure.ac +++ b/configure.ac @@ -1072,9 +1072,7 @@ esac AC_ARG_ENABLE(dsa, AC_HELP_STRING([--disable-dsa], [Disable DSA support])) use_dsa="no" case "$enable_dsa" in - no) - ;; - *) + yes) # detect if DSA is supported, and turn it off if not. if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then AC_CHECK_FUNC(DSA_SIG_new, [ @@ -1105,6 +1103,10 @@ AC_INCLUDES_DEFAULT AC_DEFINE_UNQUOTED([USE_DSA], [1], [Define this to enable DSA support.]) fi ;; + *) + # disable dsa by default, RFC 8624 section 3.1, validators MUST NOT + # support DSA for DNSSEC Validation. + ;; esac AC_ARG_ENABLE(ed25519, AC_HELP_STRING([--disable-ed25519], [Disable ED25519 support])) diff --git a/doc/Changelog b/doc/Changelog index e372886d0..e38191ebb 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,8 @@ 27 January 2020: Wouter - Merge PR#155 from Rober Edmonds: contrib/libunbound.pc.in: Fixes to Libs/Requires for crypto library dependencies. + - Fix #153: Disable validation for DSA algorithms. RFC 8624 + compliance. 23 January 2020: Wouter - Merge PR#150 from Frzk: Systemd unit without chroot. It add From 41621fb1df69bd4437073bfdba5b103ff0ad6976 Mon Sep 17 00:00:00 2001 From: Ralph Dolmans Date: Mon, 27 Jan 2020 15:50:12 +0100 Subject: [PATCH 121/123] - Add changelog entry for RP#154 - autoconf after PR#154 --- config.h.in | 14 ++++++ configure | 117 +++++++++++++++++++++++++++++++++++++++++++++++--- doc/Changelog | 6 ++- 3 files changed, 130 insertions(+), 7 deletions(-) diff --git a/config.h.in b/config.h.in index 8c2aa3b94..15940c04f 100644 --- a/config.h.in +++ b/config.h.in @@ -63,6 +63,12 @@ /* Whether the C compiler accepts the "weak" attribute */ #undef HAVE_ATTR_WEAK +/* Define to 1 if you have the header file. */ +#undef HAVE_BSD_STDLIB_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_BSD_STRING_H + /* Define to 1 if you have the `chown' function. */ #undef HAVE_CHOWN @@ -311,6 +317,9 @@ /* Define to 1 if you have the `kill' function. */ #undef HAVE_KILL +/* Use portable libbsd functions */ +#undef HAVE_LIBBSD + /* Define to 1 if you have the header file. */ #undef HAVE_LIBKERN_OSBYTEORDER_H @@ -1231,6 +1240,11 @@ char *strptime(const char *s, const char *format, struct tm *tm); void *reallocarray(void *ptr, size_t nmemb, size_t size); #endif +#ifdef HAVE_LIBBSD +#include +#include +#endif + #ifdef HAVE_LIBRESSL # if !HAVE_DECL_STRLCPY size_t strlcpy(char *dst, const char *src, size_t siz); diff --git a/configure b/configure index d5f8d8cee..c22850d4b 100755 --- a/configure +++ b/configure @@ -673,6 +673,7 @@ UNBOUND_EVENT_UNINSTALL UNBOUND_EVENT_INSTALL SUBNET_HEADER SUBNET_OBJ +PC_LIBBSD_DEPENDENCY SSLLIB HAVE_SSL PC_CRYPTO_DEPENDENCY @@ -802,6 +803,7 @@ infodir docdir oldincludedir includedir +runstatedir localstatedir sharedstatedir sysconfdir @@ -860,6 +862,7 @@ enable_swig_version_check with_nss with_nettle with_ssl +with_libbsd enable_sha1 enable_sha2 enable_subnet @@ -948,6 +951,7 @@ datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' +runstatedir='${localstatedir}/run' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' @@ -1200,6 +1204,15 @@ do | -silent | --silent | --silen | --sile | --sil) silent=yes ;; + -runstatedir | --runstatedir | --runstatedi | --runstated \ + | --runstate | --runstat | --runsta | --runst | --runs \ + | --run | --ru | --r) + ac_prev=runstatedir ;; + -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ + | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ + | --run=* | --ru=* | --r=*) + runstatedir=$ac_optarg ;; + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ @@ -1337,7 +1350,7 @@ fi for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir + libdir localedir mandir runstatedir do eval ac_val=\$$ac_var # Remove trailing slashes. @@ -1490,6 +1503,7 @@ Fine tuning of the installation directories: --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] @@ -1621,6 +1635,7 @@ Optional Packages: --with-ssl=pathname enable SSL (will check /usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr) + --with-libbsd Use portable libbsd functions --with-libevent=pathname use libevent (will check /usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr or you can specify @@ -15645,7 +15660,7 @@ else We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -15691,7 +15706,7 @@ else We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -15715,7 +15730,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -15760,7 +15775,7 @@ else We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -15784,7 +15799,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -18450,6 +18465,96 @@ fi fi +# libbsd + +# Check whether --with-libbsd was given. +if test "${with_libbsd+set}" = set; then : + withval=$with_libbsd; + for ac_header in bsd/string.h bsd/stdlib.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default +" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + if test "x$ac_cv_header_bsd_string_h" = xyes -a "x$ac_cv_header_bsd_stdlib_h" = xyes; then + for func in strlcpy strlcat arc4random arc4random_uniform reallocarray; do + as_ac_Search=`$as_echo "ac_cv_search_$func" | $as_tr_sh` +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing $func" >&5 +$as_echo_n "checking for library containing $func... " >&6; } +if eval \${$as_ac_Search+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char $func (); +int +main () +{ +return $func (); + ; + return 0; +} +_ACEOF +for ac_lib in '' bsd; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + eval "$as_ac_Search=\$ac_res" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if eval \${$as_ac_Search+:} false; then : + break +fi +done +if eval \${$as_ac_Search+:} false; then : + +else + eval "$as_ac_Search=no" +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +eval ac_res=\$$as_ac_Search + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +eval ac_res=\$$as_ac_Search +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + + +$as_echo "#define HAVE_LIBBSD 1" >>confdefs.h + + PC_LIBBSD_DEPENDENCY=libbsd + + +fi + + done + fi + +fi + # Check whether --enable-sha1 was given. if test "${enable_sha1+set}" = set; then : diff --git a/doc/Changelog b/doc/Changelog index e38191ebb..f5ae1fc80 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,5 +1,9 @@ +27 January 2020: Ralph + - Merge PR#154; Allow use of libbsd functions with configure option + --with-libbsd. By Robert Edmonds and Steven Chamberlain. + 27 January 2020: Wouter - - Merge PR#155 from Rober Edmonds: contrib/libunbound.pc.in: Fixes + - Merge PR#155 from Robert Edmonds: contrib/libunbound.pc.in: Fixes to Libs/Requires for crypto library dependencies. - Fix #153: Disable validation for DSA algorithms. RFC 8624 compliance. From 0feee99055786c24205970faacac6ed39835be28 Mon Sep 17 00:00:00 2001 From: Ralph Dolmans Date: Mon, 27 Jan 2020 16:06:06 +0100 Subject: [PATCH 122/123] - Add changelog entry for PR#148. --- doc/Changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/Changelog b/doc/Changelog index f5ae1fc80..b6ff710a1 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,7 @@ 27 January 2020: Ralph - Merge PR#154; Allow use of libbsd functions with configure option --with-libbsd. By Robert Edmonds and Steven Chamberlain. + - Merge PR#148; Add some TLS stats to unbound_munin_. By Fredrik Pettai. 27 January 2020: Wouter - Merge PR#155 from Robert Edmonds: contrib/libunbound.pc.in: Fixes From f6287fc718527a9f3f7bffc5425781403c700ba7 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 28 Jan 2020 12:25:37 +0100 Subject: [PATCH 123/123] - iana portlist updated. --- doc/Changelog | 3 +++ util/iana_ports.inc | 1 + 2 files changed, 4 insertions(+) diff --git a/doc/Changelog b/doc/Changelog index b6ff710a1..6e0fb35f6 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +28 January 2020: Wouter + - iana portlist updated. + 27 January 2020: Ralph - Merge PR#154; Allow use of libbsd functions with configure option --with-libbsd. By Robert Edmonds and Steven Chamberlain. diff --git a/util/iana_ports.inc b/util/iana_ports.inc index 3e6f3e6be..3b8afe54e 100644 --- a/util/iana_ports.inc +++ b/util/iana_ports.inc @@ -3904,6 +3904,7 @@ 4600, 4601, 4621, +4646, 4658, 4659, 4660,