diff options
Diffstat (limited to 'vendor/github.com/miekg/dns/msg.go')
| -rw-r--r-- | vendor/github.com/miekg/dns/msg.go | 188 |
1 files changed, 67 insertions, 121 deletions
diff --git a/vendor/github.com/miekg/dns/msg.go b/vendor/github.com/miekg/dns/msg.go index 0d8cc6fb3..b5c074f05 100644 --- a/vendor/github.com/miekg/dns/msg.go +++ b/vendor/github.com/miekg/dns/msg.go @@ -9,6 +9,7 @@ package dns //go:generate go run msg_generate.go +//go:generate go run compress_generate.go import ( crand "crypto/rand" @@ -16,22 +17,9 @@ import ( "math/big" "math/rand" "strconv" + "sync" ) -func init() { - // Initialize default math/rand source using crypto/rand to provide better - // security without the performance trade-off. - buf := make([]byte, 8) - _, err := crand.Read(buf) - if err != nil { - // Failed to read from cryptographic source, fallback to default initial - // seed (1) by returning early - return - } - seed := binary.BigEndian.Uint64(buf) - rand.Seed(int64(seed)) -} - const maxCompressionOffset = 2 << 13 // We have 14 bits for the compression pointer var ( @@ -66,11 +54,45 @@ var ( // dns.Id = func() uint16 { return 3 } var Id func() uint16 = id +var ( + idLock sync.Mutex + idRand *rand.Rand +) + // id returns a 16 bits random number to be used as a // message id. The random provided should be good enough. func id() uint16 { - id32 := rand.Uint32() - return uint16(id32) + idLock.Lock() + + if idRand == nil { + // This (partially) works around + // https://github.com/golang/go/issues/11833 by only + // seeding idRand upon the first call to id. + + var seed int64 + var buf [8]byte + + if _, err := crand.Read(buf[:]); err == nil { + seed = int64(binary.LittleEndian.Uint64(buf[:])) + } else { + seed = rand.Int63() + } + + idRand = rand.New(rand.NewSource(seed)) + } + + // The call to idRand.Uint32 must be within the + // mutex lock because *rand.Rand is not safe for + // concurrent use. + // + // There is no added performance overhead to calling + // idRand.Uint32 inside a mutex lock over just + // calling rand.Uint32 as the global math/rand rng + // is internally protected by a sync.Mutex. + id := uint16(idRand.Uint32()) + + idLock.Unlock() + return id } // MsgHdr is a a manually-unpacked version of (id, bits). @@ -241,7 +263,9 @@ func packDomainName(s string, msg []byte, off int, compression map[string]int, c bsFresh = true } // Don't try to compress '.' - if compress && roBs[begin:] != "." { + // We should only compress when compress it true, but we should also still pick + // up names that can be used for *future* compression(s). + if compression != nil && roBs[begin:] != "." { if p, ok := compression[roBs[begin:]]; !ok { // Only offsets smaller than this can be used. if offset < maxCompressionOffset { @@ -303,6 +327,7 @@ End: // UnpackDomainName unpacks a domain name into a string. func UnpackDomainName(msg []byte, off int) (string, int, error) { s := make([]byte, 0, 64) + labels := 0 off1 := 0 lenmsg := len(msg) ptr := 0 // number of pointers followed @@ -345,6 +370,15 @@ Loop: } } } + // never exceed the allowed label count lenght (63) + if labels >= 63 { + return "", lenmsg, &Error{err: "name exceeds 63 labels"} + } + labels += 1 + // never exceed the allowed doman name length (255 octets) + if len(s) >= 255 { + return "", lenmsg, &Error{err: "name exceeded allowed 255 octets"} + } s = append(s, '.') off += c case 0xC0: @@ -364,6 +398,9 @@ Loop: if ptr++; ptr > 10 { return "", lenmsg, &Error{err: "too many compression pointers"} } + // pointer should guarantee that it advances and points forwards at least + // but the condition on previous three lines guarantees that it's + // at least loop-free off = (c^0xC0)<<8 | int(c1) default: // 0x80 and 0x40 are reserved @@ -710,12 +747,10 @@ func (dns *Msg) PackBuffer(buf []byte) (msg []byte, err error) { // We need the uncompressed length here, because we first pack it and then compress it. msg = buf - compress := dns.Compress - dns.Compress = false - if packLen := dns.Len() + 1; len(msg) < packLen { + uncompressedLen := compressedLen(dns, false) + if packLen := uncompressedLen + 1; len(msg) < packLen { msg = make([]byte, packLen) } - dns.Compress = compress // Pack it in: header and then the pieces. off := 0 @@ -868,16 +903,18 @@ func (dns *Msg) String() string { // If dns.Compress is true compression it is taken into account. Len() // is provided to be a faster way to get the size of the resulting packet, // than packing it, measuring the size and discarding the buffer. -func (dns *Msg) Len() int { +func (dns *Msg) Len() int { return compressedLen(dns, dns.Compress) } + +// compressedLen returns the message length when in compressed wire format +// when compress is true, otherwise the uncompressed length is returned. +func compressedLen(dns *Msg, compress bool) int { // We always return one more than needed. l := 12 // Message header is always 12 bytes - var compression map[string]int - if dns.Compress { - compression = make(map[string]int) - } + compression := map[string]int{} + for i := 0; i < len(dns.Question); i++ { l += dns.Question[i].len() - if dns.Compress { + if compress { compressionLenHelper(compression, dns.Question[i].Name) } } @@ -886,7 +923,7 @@ func (dns *Msg) Len() int { continue } l += dns.Answer[i].len() - if dns.Compress { + if compress { k, ok := compressionLenSearch(compression, dns.Answer[i].Header().Name) if ok { l += 1 - k @@ -904,7 +941,7 @@ func (dns *Msg) Len() int { continue } l += dns.Ns[i].len() - if dns.Compress { + if compress { k, ok := compressionLenSearch(compression, dns.Ns[i].Header().Name) if ok { l += 1 - k @@ -922,7 +959,7 @@ func (dns *Msg) Len() int { continue } l += dns.Extra[i].len() - if dns.Compress { + if compress { k, ok := compressionLenSearch(compression, dns.Extra[i].Header().Name) if ok { l += 1 - k @@ -970,97 +1007,6 @@ func compressionLenSearch(c map[string]int, s string) (int, bool) { return 0, false } -// TODO(miek): should add all types, because the all can be *used* for compression. Autogenerate from msg_generate and put in zmsg.go -func compressionLenHelperType(c map[string]int, r RR) { - switch x := r.(type) { - case *NS: - compressionLenHelper(c, x.Ns) - case *MX: - compressionLenHelper(c, x.Mx) - case *CNAME: - compressionLenHelper(c, x.Target) - case *PTR: - compressionLenHelper(c, x.Ptr) - case *SOA: - compressionLenHelper(c, x.Ns) - compressionLenHelper(c, x.Mbox) - case *MB: - compressionLenHelper(c, x.Mb) - case *MG: - compressionLenHelper(c, x.Mg) - case *MR: - compressionLenHelper(c, x.Mr) - case *MF: - compressionLenHelper(c, x.Mf) - case *MD: - compressionLenHelper(c, x.Md) - case *RT: - compressionLenHelper(c, x.Host) - case *RP: - compressionLenHelper(c, x.Mbox) - compressionLenHelper(c, x.Txt) - case *MINFO: - compressionLenHelper(c, x.Rmail) - compressionLenHelper(c, x.Email) - case *AFSDB: - compressionLenHelper(c, x.Hostname) - case *SRV: - compressionLenHelper(c, x.Target) - case *NAPTR: - compressionLenHelper(c, x.Replacement) - case *RRSIG: - compressionLenHelper(c, x.SignerName) - case *NSEC: - compressionLenHelper(c, x.NextDomain) - // HIP? - } -} - -// Only search on compressing these types. -func compressionLenSearchType(c map[string]int, r RR) (int, bool) { - switch x := r.(type) { - case *NS: - return compressionLenSearch(c, x.Ns) - case *MX: - return compressionLenSearch(c, x.Mx) - case *CNAME: - return compressionLenSearch(c, x.Target) - case *DNAME: - return compressionLenSearch(c, x.Target) - case *PTR: - return compressionLenSearch(c, x.Ptr) - case *SOA: - k, ok := compressionLenSearch(c, x.Ns) - k1, ok1 := compressionLenSearch(c, x.Mbox) - if !ok && !ok1 { - return 0, false - } - return k + k1, true - case *MB: - return compressionLenSearch(c, x.Mb) - case *MG: - return compressionLenSearch(c, x.Mg) - case *MR: - return compressionLenSearch(c, x.Mr) - case *MF: - return compressionLenSearch(c, x.Mf) - case *MD: - return compressionLenSearch(c, x.Md) - case *RT: - return compressionLenSearch(c, x.Host) - case *MINFO: - k, ok := compressionLenSearch(c, x.Rmail) - k1, ok1 := compressionLenSearch(c, x.Email) - if !ok && !ok1 { - return 0, false - } - return k + k1, true - case *AFSDB: - return compressionLenSearch(c, x.Hostname) - } - return 0, false -} - // Copy returns a new RR which is a deep-copy of r. func Copy(r RR) RR { r1 := r.copy(); return r1 } |