Skip to content

Commit

Permalink
Merge pull request #2166 from pi-hole/update/dnsmasq
Browse files Browse the repository at this point in the history 
Update dnsmasq to v2.91test9
  • Loading branch information
@DL6ER
DL6ER authored Jan 24, 2025
2 parents 84e2ad1 + 4e6dd97 commit ead34f5
Show file tree
Hide file tree
Showing 15 changed files with 309 additions and 106 deletions.
2 changes: 1 addition & 1 deletion CMakeLists.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,6 @@ set(CMAKE_C_STANDARD 17)

project(PIHOLE_FTL C)

set(DNSMASQ_VERSION pi-hole-v2.91test8)
set(DNSMASQ_VERSION pi-hole-v2.91test9)

add_subdirectory(src)
2 changes: 1 addition & 1 deletion src/database/query-table.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1122,7 +1122,7 @@ void DB_read_queries(void)
}

const int type = sqlite3_column_int(stmt, 2);
const bool mapped_type = type >= TYPE_A && type < TYPE_MAX;
const bool mapped_type = type >= TYPE_NONE && type < TYPE_MAX;
const bool offset_type = type > 100 && type < (100 + UINT16_MAX);
if(!mapped_type && !offset_type)
{
Expand Down
2 changes: 2 additions & 0 deletions src/datastructure.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -690,6 +690,8 @@ const char *get_query_type_str(const enum query_type type, const queriesData *qu
{
switch (type)
{
case TYPE_NONE:
return "NONE";
case TYPE_A:
return "A";
case TYPE_AAAA:
Expand Down
2 changes: 1 addition & 1 deletion src/dnsmasq/auth.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
nameoffset = p - (unsigned char *)header;

/* now extract name as .-concatenated string into name */
if (!extract_name(header, qlen, &p, name, 1, 4))
if (!extract_name(header, qlen, &p, name, EXTR_NAME_EXTRACT, 4))
return 0; /* bad packet */

GETSHORT(qtype, p);
Expand Down
28 changes: 22 additions & 6 deletions src/dnsmasq/cache.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1886,15 +1886,31 @@ int cache_make_stat(struct txt_record *t)
#endif

/* There can be names in the cache containing control chars, don't
mess up logging or open security holes. */
mess up logging or open security holes. Also convert to all-LC
so that 0x20-encoding doesn't make logs look like ransom notes
made out of letters cut from a newspaper.
Overwrites daemon->workspacename */
static char *sanitise(char *name)
{
unsigned char *r;
unsigned char *r = (unsigned char *)name;

if (name)
for (r = (unsigned char *)name; *r; r++)
if (!isprint((int)*r))
return "<name unprintable>";

{
char *d = name = daemon->workspacename;

for (; *r; r++, d++)
if (!isprint((int)*r))
return "<name unprintable>";
else
{
unsigned char c = *r;

*d = (char)((c >= 'A' && c <= 'Z') ? c + 'a' - 'A' : c);
}

*d = 0;
}

return name;
}

Expand Down
8 changes: 7 additions & 1 deletion src/dnsmasq/dnsmasq.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -804,6 +804,7 @@ struct frec {
int forwardall, flags;
time_t time;
u32 forward_timestamp;
unsigned int encode_bitmap;
int forward_delay;
struct blockdata *stash; /* saved query or saved reply, whilst we validate */
size_t stash_len;
Expand Down Expand Up @@ -1404,7 +1405,7 @@ int is_rev_synth(int flag, union all_addr *addr, char *name);
/* rfc1035.c */
int do_doctor(struct dns_header *header, size_t qlen, char *namebuff);
int extract_name(struct dns_header *header, size_t plen, unsigned char **pp,
char *name, int isExtract, int extrabytes);
char *name, int func, unsigned int parm);
unsigned char *skip_name(unsigned char *ansp, struct dns_header *header, size_t plen, int extrabytes);
unsigned char *skip_questions(struct dns_header *header, size_t plen);
unsigned char *skip_section(unsigned char *ansp, int count, struct dns_header *header, size_t plen);
Expand All @@ -1431,6 +1432,11 @@ int add_resource_record(struct dns_header *header, char *limit, int *truncp,
int *offset, unsigned short type, unsigned short class, char *format, ...);
int in_arpa_name_2_addr(char *namein, union all_addr *addrp);
int private_net(struct in_addr addr, int ban_localhost);
/* extract_name ops */
#define EXTR_NAME_EXTRACT 1
#define EXTR_NAME_COMPARE 2
#define EXTR_NAME_NOCASE 3
#define EXTR_NAME_FLIP 4

/* auth.c */
#ifdef HAVE_AUTH
Expand Down
46 changes: 23 additions & 23 deletions src/dnsmasq/dnssec.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -192,7 +192,7 @@ static int get_rdata(struct dns_header *header, size_t plen, struct rdata_state
/* domain-name, canonicalise */
int len;

if (!extract_name(header, plen, &state->ip, state->buff, 1, 0) ||
if (!extract_name(header, plen, &state->ip, state->buff, EXTR_NAME_EXTRACT, 0) ||
(len = to_wire(state->buff)) == 0)
continue;

Expand Down Expand Up @@ -340,7 +340,7 @@ static int explore_rrset(struct dns_header *header, size_t plen, int class, int

pstart = p;

if (!(res = extract_name(header, plen, &p, name, 0, 10)))
if (!(res = extract_name(header, plen, &p, name, EXTR_NAME_COMPARE, 10)))
return 0; /* bad packet */

GETSHORT(stype, p);
Expand Down Expand Up @@ -375,14 +375,14 @@ static int explore_rrset(struct dns_header *header, size_t plen, int class, int
if (gotkey)
{
/* If there's more than one SIG, ensure they all have same keyname */
if (extract_name(header, plen, &p, keyname, 0, 0) != 1)
if (extract_name(header, plen, &p, keyname, EXTR_NAME_COMPARE, 0) != 1)
return 0;
}
else
{
gotkey = 1;

if (!extract_name(header, plen, &p, keyname, 1, 0))
if (!extract_name(header, plen, &p, keyname, EXTR_NAME_EXTRACT, 0))
return 0;

/* RFC 4035 5.3.1 says that the Signer's Name field MUST equal
Expand Down Expand Up @@ -504,7 +504,7 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in
GETLONG(sig_inception, p);
GETSHORT(key_tag, p);

if (!extract_name(header, plen, &p, keyname, 1, 0))
if (!extract_name(header, plen, &p, keyname, EXTR_NAME_EXTRACT, 0))
return STAT_BOGUS;

if (!time_check)
Expand Down Expand Up @@ -575,7 +575,7 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in

p = rrset[i];

if (!extract_name(header, plen, &p, name, 1, 10))
if (!extract_name(header, plen, &p, name, EXTR_NAME_EXTRACT, 10))
return STAT_BOGUS;

name_start = name;
Expand Down Expand Up @@ -668,7 +668,7 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in

/* namebuff used for workspace above, restore to leave unchanged on exit */
p = (unsigned char*)(rrset[0]);
if (!extract_name(header, plen, &p, name, 1, 0))
if (!extract_name(header, plen, &p, name, EXTR_NAME_EXTRACT, 0))
return STAT_BOGUS;

if (key)
Expand Down Expand Up @@ -734,7 +734,7 @@ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, ch
static unsigned char **cached_digest;
static size_t cached_digest_size = 0;

if (ntohs(header->qdcount) != 1 || RCODE(header) != NOERROR || !extract_name(header, plen, &p, name, 1, 4))
if (ntohs(header->qdcount) != 1 || RCODE(header) != NOERROR || !extract_name(header, plen, &p, name, EXTR_NAME_EXTRACT, 4))
return STAT_BOGUS | DNSSEC_FAIL_NOKEY;

GETSHORT(qtype, p);
Expand All @@ -759,7 +759,7 @@ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, ch
for (j = ntohs(header->ancount); j != 0; j--)
{
/* Ensure we have type, class TTL and length */
if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
if (!(rc = extract_name(header, plen, &p, name, EXTR_NAME_COMPARE, 10)))
return STAT_BOGUS; /* bad packet */

GETSHORT(qtype, p);
Expand Down Expand Up @@ -911,7 +911,7 @@ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, ch
for (j = ntohs(header->ancount); j != 0; j--)
{
/* Ensure we have type, class TTL and length */
if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
if (!(rc = extract_name(header, plen, &p, name, EXTR_NAME_COMPARE, 10)))
return STAT_BOGUS; /* bad packet */

GETSHORT(qtype, p);
Expand Down Expand Up @@ -1031,7 +1031,7 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char
}

p = (unsigned char *)(header+1);
if (!extract_name(header, plen, &p, name, 1, 4))
if (!extract_name(header, plen, &p, name, EXTR_NAME_EXTRACT, 4))
return STAT_BOGUS;

p += 4; /* qtype, qclass */
Expand All @@ -1057,7 +1057,7 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char
{
unsigned char *psave;

if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
if (!(rc = extract_name(header, plen, &p, name, EXTR_NAME_COMPARE, 10)))
return STAT_BOGUS; /* bad packet */

GETSHORT(atype, p);
Expand Down Expand Up @@ -1238,12 +1238,12 @@ static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsi
int sig_labels, name_labels;

p = nsecs[i];
if (!extract_name(header, plen, &p, workspace1, 1, 10))
if (!extract_name(header, plen, &p, workspace1, EXTR_NAME_EXTRACT, 10))
return DNSSEC_FAIL_BADPACKET;
p += 8; /* class, type, TTL */
GETSHORT(rdlen, p);
psave = p;
if (!extract_name(header, plen, &p, workspace2, 1, 0))
if (!extract_name(header, plen, &p, workspace2, EXTR_NAME_EXTRACT, 0))
return DNSSEC_FAIL_BADPACKET;

/* If NSEC comes from wildcard expansion, use original wildcard
Expand Down Expand Up @@ -1407,7 +1407,7 @@ static int check_nsec3_coverage(struct dns_header *header, size_t plen, int dige
for (i = 0; i < nsec_count; i++)
if ((p = nsecs[i]))
{
if (!extract_name(header, plen, &p, workspace1, 1, 10) ||
if (!extract_name(header, plen, &p, workspace1, EXTR_NAME_EXTRACT, 10) ||
!(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
return 0;

Expand Down Expand Up @@ -1616,7 +1616,7 @@ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, uns
for (i = 0; i < nsec_count; i++)
if ((p = nsecs[i]))
{
if (!extract_name(header, plen, &p, workspace1, 1, 0))
if (!extract_name(header, plen, &p, workspace1, EXTR_NAME_EXTRACT, 0))
return DNSSEC_FAIL_BADPACKET;

if (!(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
Expand Down Expand Up @@ -1691,7 +1691,7 @@ static int prove_non_existence(struct dns_header *header, size_t plen, char *key
{
unsigned char *pstart = p;

if (!extract_name(header, plen, &p, daemon->workspacename, 1, 10))
if (!extract_name(header, plen, &p, daemon->workspacename, EXTR_NAME_EXTRACT, 10))
return DNSSEC_FAIL_BADPACKET;

GETSHORT(type, p);
Expand Down Expand Up @@ -1742,7 +1742,7 @@ static int prove_non_existence(struct dns_header *header, size_t plen, char *key
{
unsigned char *psav;

if (!(res = extract_name(header, plen, &p1, daemon->workspacename, 0, 10)))
if (!(res = extract_name(header, plen, &p1, daemon->workspacename, EXTR_NAME_COMPARE, 10)))
return DNSSEC_FAIL_BADPACKET;

GETSHORT(type1, p1);
Expand Down Expand Up @@ -1972,7 +1972,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
targets[0] = p1;
targetidx = 1;

if (!extract_name(header, plen, &p1, name, 1, 4))
if (!extract_name(header, plen, &p1, name, EXTR_NAME_EXTRACT, 4))
return STAT_BOGUS;

GETSHORT(qtype, p1);
Expand Down Expand Up @@ -2010,7 +2010,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
if (i != 0 && !ADD_RDLEN(header, p1, plen, rdlen1))
return STAT_BOGUS;

if (!extract_name(header, plen, &p1, name, 1, 10))
if (!extract_name(header, plen, &p1, name, EXTR_NAME_EXTRACT, 10))
return STAT_BOGUS; /* bad packet */

GETSHORT(type1, p1);
Expand All @@ -2025,7 +2025,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
/* Check if we've done this RRset already */
for (p2 = ans_start, j = 0; j < i; j++)
{
if (!(rc = extract_name(header, plen, &p2, name, 0, 10)))
if (!(rc = extract_name(header, plen, &p2, name, EXTR_NAME_COMPARE, 10)))
return STAT_BOGUS; /* bad packet */

GETSHORT(type2, p2);
Expand Down Expand Up @@ -2122,7 +2122,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
if ((p2 = targets[j]))
{
int rc1;
if (!(rc1 = extract_name(header, plen, &p2, name, 0, 10)))
if (!(rc1 = extract_name(header, plen, &p2, name, EXTR_NAME_COMPARE, 10)))
return STAT_BOGUS; /* bad packet */

if (class1 == qclass && rc1 == 1 && (type1 == T_CNAME || type1 == qtype || qtype == T_ANY ))
Expand Down Expand Up @@ -2156,7 +2156,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
if (neganswer)
*neganswer = 1;

if (!extract_name(header, plen, &p2, name, 1, 10))
if (!extract_name(header, plen, &p2, name, EXTR_NAME_EXTRACT, 10))
return STAT_BOGUS; /* bad packet */

/* NXDOMAIN or NODATA reply, unanswered question is (name, qclass, qtype) */
Expand Down
Loading

0 comments on commit ead34f5

Please sign in to comment.