︙ | | | ︙ | |
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
#import "OFOutOfRangeException.h"
#import "OFTruncatedDataException.h"
#ifndef SOCK_DNS
# define SOCK_DNS 0
#endif
#define BUFFER_LENGTH OF_DNS_RESOLVER_BUFFER_LENGTH
#define MAX_DNS_RESPONSE_LENGTH 65536
/*
* RFC 1035 doesn't specify if pointers to pointers are allowed, and if so how
* many. Since it's unspecified, we have to assume that it might happen, but we
* also want to limit it to avoid DoS. Limiting it to 16 levels of pointers and
* immediately rejecting pointers to itself seems like a fair balance.
*/
#define MAX_ALLOWED_POINTERS 16
#define CNAME_RECURSION 3
@interface OFDNSResolver () <OFUDPSocketDelegate, OFTCPSocketDelegate>
- (void)of_contextTimedOut: (OFDNSResolverContext *)context;
@end
OF_DIRECT_MEMBERS
@interface OFDNSResolverContext: OFObject
|
|
|
<
|
<
|
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
#import "OFOutOfRangeException.h"
#import "OFTruncatedDataException.h"
#ifndef SOCK_DNS
# define SOCK_DNS 0
#endif
static const size_t bufferLength = OFDNSResolverBufferLength;
static const size_t maxDNSResponseLength = 65536;
/*
* RFC 1035 doesn't specify if pointers to pointers are allowed, and if so how
* many. Since it's unspecified, we have to assume that it might happen, but we
* also want to limit it to avoid DoS. Limiting it to 16 levels of pointers and
* immediately rejecting pointers to itself seems like a fair balance.
*/
static const uint_fast8_t maxAllowedPointers = 16;
@interface OFDNSResolver () <OFUDPSocketDelegate, OFTCPSocketDelegate>
- (void)of_contextTimedOut: (OFDNSResolverContext *)context;
@end
OF_DIRECT_MEMBERS
@interface OFDNSResolverContext: OFObject
|
︙ | | | ︙ | |
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
|
return [[[OFADNSResourceRecord alloc]
initWithName: name
address: &address
TTL: TTL] autorelease];
} else if (recordType == OFDNSRecordTypeNS) {
size_t j = i;
OFString *authoritativeHost = parseName(buffer, length, &j,
MAX_ALLOWED_POINTERS);
if (j != i + dataLength)
@throw [OFInvalidServerReplyException exception];
return [[[OFNSDNSResourceRecord alloc]
initWithName: name
DNSClass: DNSClass
authoritativeHost: authoritativeHost
TTL: TTL] autorelease];
} else if (recordType == OFDNSRecordTypeCNAME) {
size_t j = i;
OFString *alias = parseName(buffer, length, &j,
MAX_ALLOWED_POINTERS);
if (j != i + dataLength)
@throw [OFInvalidServerReplyException exception];
return [[[OFCNAMEDNSResourceRecord alloc]
initWithName: name
DNSClass: DNSClass
alias: alias
TTL: TTL] autorelease];
} else if (recordType == OFDNSRecordTypeSOA) {
size_t j = i;
OFString *primaryNameServer = parseName(buffer, length, &j,
MAX_ALLOWED_POINTERS);
OFString *responsiblePerson;
uint32_t serialNumber, refreshInterval, retryInterval;
uint32_t expirationInterval, minTTL;
if (j > i + dataLength)
@throw [OFInvalidServerReplyException exception];
responsiblePerson = parseName(buffer, length, &j,
MAX_ALLOWED_POINTERS);
if (dataLength - (j - i) != 20)
@throw [OFInvalidServerReplyException exception];
serialNumber = (buffer[j] << 24) | (buffer[j + 1] << 16) |
(buffer[j + 2] << 8) | buffer[j + 3];
refreshInterval = (buffer[j + 4] << 24) |
|
|
|
|
|
|
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
|
return [[[OFADNSResourceRecord alloc]
initWithName: name
address: &address
TTL: TTL] autorelease];
} else if (recordType == OFDNSRecordTypeNS) {
size_t j = i;
OFString *authoritativeHost = parseName(buffer, length, &j,
maxAllowedPointers);
if (j != i + dataLength)
@throw [OFInvalidServerReplyException exception];
return [[[OFNSDNSResourceRecord alloc]
initWithName: name
DNSClass: DNSClass
authoritativeHost: authoritativeHost
TTL: TTL] autorelease];
} else if (recordType == OFDNSRecordTypeCNAME) {
size_t j = i;
OFString *alias = parseName(buffer, length, &j,
maxAllowedPointers);
if (j != i + dataLength)
@throw [OFInvalidServerReplyException exception];
return [[[OFCNAMEDNSResourceRecord alloc]
initWithName: name
DNSClass: DNSClass
alias: alias
TTL: TTL] autorelease];
} else if (recordType == OFDNSRecordTypeSOA) {
size_t j = i;
OFString *primaryNameServer = parseName(buffer, length, &j,
maxAllowedPointers);
OFString *responsiblePerson;
uint32_t serialNumber, refreshInterval, retryInterval;
uint32_t expirationInterval, minTTL;
if (j > i + dataLength)
@throw [OFInvalidServerReplyException exception];
responsiblePerson = parseName(buffer, length, &j,
maxAllowedPointers);
if (dataLength - (j - i) != 20)
@throw [OFInvalidServerReplyException exception];
serialNumber = (buffer[j] << 24) | (buffer[j + 1] << 16) |
(buffer[j + 2] << 8) | buffer[j + 3];
refreshInterval = (buffer[j + 4] << 24) |
|
︙ | | | ︙ | |
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
|
retryInterval: retryInterval
expirationInterval: expirationInterval
minTTL: minTTL
TTL: TTL] autorelease];
} else if (recordType == OFDNSRecordTypePTR) {
size_t j = i;
OFString *domainName = parseName(buffer, length, &j,
MAX_ALLOWED_POINTERS);
if (j != i + dataLength)
@throw [OFInvalidServerReplyException exception];
return [[[OFPTRDNSResourceRecord alloc]
initWithName: name
DNSClass: DNSClass
|
|
|
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
|
retryInterval: retryInterval
expirationInterval: expirationInterval
minTTL: minTTL
TTL: TTL] autorelease];
} else if (recordType == OFDNSRecordTypePTR) {
size_t j = i;
OFString *domainName = parseName(buffer, length, &j,
maxAllowedPointers);
if (j != i + dataLength)
@throw [OFInvalidServerReplyException exception];
return [[[OFPTRDNSResourceRecord alloc]
initWithName: name
DNSClass: DNSClass
|
︙ | | | ︙ | |
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
|
if (dataLength < 2)
@throw [OFInvalidServerReplyException exception];
preference = (buffer[i] << 8) | buffer[i + 1];
j = i + 2;
mailExchange = parseName(buffer, length, &j,
MAX_ALLOWED_POINTERS);
if (j != i + dataLength)
@throw [OFInvalidServerReplyException exception];
return [[[OFMXDNSResourceRecord alloc]
initWithName: name
DNSClass: DNSClass
|
|
|
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
|
if (dataLength < 2)
@throw [OFInvalidServerReplyException exception];
preference = (buffer[i] << 8) | buffer[i + 1];
j = i + 2;
mailExchange = parseName(buffer, length, &j,
maxAllowedPointers);
if (j != i + dataLength)
@throw [OFInvalidServerReplyException exception];
return [[[OFMXDNSResourceRecord alloc]
initWithName: name
DNSClass: DNSClass
|
︙ | | | ︙ | |
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
|
initWithName: name
DNSClass: DNSClass
textStrings: textStrings
TTL: TTL] autorelease];
} else if (recordType == OFDNSRecordTypeRP) {
size_t j = i;
OFString *mailbox = parseName(buffer, length, &j,
MAX_ALLOWED_POINTERS);
OFString *TXTDomainName;
if (j > i + dataLength)
@throw [OFInvalidServerReplyException exception];
TXTDomainName = parseName(buffer, length, &j,
MAX_ALLOWED_POINTERS);
if (j != i + dataLength)
@throw [OFInvalidServerReplyException exception];
return [[[OFRPDNSResourceRecord alloc]
initWithName: name
DNSClass: DNSClass
|
|
|
|
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
|
initWithName: name
DNSClass: DNSClass
textStrings: textStrings
TTL: TTL] autorelease];
} else if (recordType == OFDNSRecordTypeRP) {
size_t j = i;
OFString *mailbox = parseName(buffer, length, &j,
maxAllowedPointers);
OFString *TXTDomainName;
if (j > i + dataLength)
@throw [OFInvalidServerReplyException exception];
TXTDomainName = parseName(buffer, length, &j,
maxAllowedPointers);
if (j != i + dataLength)
@throw [OFInvalidServerReplyException exception];
return [[[OFRPDNSResourceRecord alloc]
initWithName: name
DNSClass: DNSClass
|
︙ | | | ︙ | |
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
|
@throw [OFInvalidServerReplyException exception];
priority = (buffer[i] << 8) | buffer[i + 1];
weight = (buffer[i + 2] << 8) | buffer[i + 3];
port = (buffer[i + 4] << 8) | buffer[i + 5];
j = i + 6;
target = parseName(buffer, length, &j, MAX_ALLOWED_POINTERS);
if (j != i + dataLength)
@throw [OFInvalidServerReplyException exception];
return [[[OFSRVDNSResourceRecord alloc]
initWithName: name
priority: priority
|
|
|
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
|
@throw [OFInvalidServerReplyException exception];
priority = (buffer[i] << 8) | buffer[i + 1];
weight = (buffer[i + 2] << 8) | buffer[i + 3];
port = (buffer[i + 4] << 8) | buffer[i + 5];
j = i + 6;
target = parseName(buffer, length, &j, maxAllowedPointers);
if (j != i + dataLength)
@throw [OFInvalidServerReplyException exception];
return [[[OFSRVDNSResourceRecord alloc]
initWithName: name
priority: priority
|
︙ | | | ︙ | |
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
|
{
OFMutableDictionary *ret = [OFMutableDictionary dictionary];
OFEnumerator OF_GENERIC(OFMutableArray *) *objectEnumerator;
OFMutableArray *array;
for (uint_fast16_t j = 0; j < count; j++) {
OFString *name = parseName(buffer, length, i,
MAX_ALLOWED_POINTERS);
OFDNSClass DNSClass;
OFDNSRecordType recordType;
uint32_t TTL;
uint16_t dataLength;
OFDNSResourceRecord *record;
if (*i + 10 > length)
|
|
|
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
|
{
OFMutableDictionary *ret = [OFMutableDictionary dictionary];
OFEnumerator OF_GENERIC(OFMutableArray *) *objectEnumerator;
OFMutableArray *array;
for (uint_fast16_t j = 0; j < count; j++) {
OFString *name = parseName(buffer, length, i,
maxAllowedPointers);
OFDNSClass DNSClass;
OFDNSRecordType recordType;
uint32_t TTL;
uint16_t dataLength;
OFDNSResourceRecord *record;
if (*i + 10 > length)
|
︙ | | | ︙ | |
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
|
@throw [OFInvalidArgumentException exception];
}
[sock asyncSendData: context->_queryData
receiver: &context->_usedNameServer
runLoopMode: runLoopMode];
[sock asyncReceiveIntoBuffer: _buffer
length: BUFFER_LENGTH
runLoopMode: runLoopMode];
}
- (void)asyncPerformQuery: (OFDNSQuery *)query
delegate: (id <OFDNSResolverQueryDelegate>)delegate
{
[self asyncPerformQuery: query
|
|
|
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
|
@throw [OFInvalidArgumentException exception];
}
[sock asyncSendData: context->_queryData
receiver: &context->_usedNameServer
runLoopMode: runLoopMode];
[sock asyncReceiveIntoBuffer: _buffer
length: bufferLength
runLoopMode: runLoopMode];
}
- (void)asyncPerformQuery: (OFDNSQuery *)query
delegate: (id <OFDNSResolverQueryDelegate>)delegate
{
[self asyncPerformQuery: query
|
︙ | | | ︙ | |
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
|
[_queries removeObjectForKey: context->_ID];
/*
* Cancel any pending queries, to avoid a send being still pending and
* trying to access the query once it no longer exists.
*/
[_IPv4Socket cancelAsyncRequests];
[_IPv4Socket asyncReceiveIntoBuffer: _buffer length: BUFFER_LENGTH];
#ifdef OF_HAVE_IPV6
[_IPv6Socket cancelAsyncRequests];
[_IPv6Socket asyncReceiveIntoBuffer: _buffer length: BUFFER_LENGTH];
#endif
exception = [OFDNSQueryFailedException
exceptionWithQuery: context->_query
errorCode: OFDNSResolverErrorCodeTimeout];
[context->_delegate resolver: self
|
|
|
|
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
|
[_queries removeObjectForKey: context->_ID];
/*
* Cancel any pending queries, to avoid a send being still pending and
* trying to access the query once it no longer exists.
*/
[_IPv4Socket cancelAsyncRequests];
[_IPv4Socket asyncReceiveIntoBuffer: _buffer length: bufferLength];
#ifdef OF_HAVE_IPV6
[_IPv6Socket cancelAsyncRequests];
[_IPv6Socket asyncReceiveIntoBuffer: _buffer length: bufferLength];
#endif
exception = [OFDNSQueryFailedException
exceptionWithQuery: context->_query
errorCode: OFDNSResolverErrorCodeTimeout];
[context->_delegate resolver: self
|
︙ | | | ︙ | |
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
|
/*
* Skip over the questions - we use the ID to identify the
* query.
*
* TODO: Compare to our query, just in case?
*/
for (uint_fast16_t j = 0; j < numQuestions; j++) {
parseName(buffer, length, &i, MAX_ALLOWED_POINTERS);
i += 4;
}
answerRecords = parseSection(buffer, length, &i, numAnswers);
authorityRecords = parseSection(buffer, length, &i,
numAuthorityRecords);
additionalRecords = parseSection(buffer, length, &i,
|
|
|
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
|
/*
* Skip over the questions - we use the ID to identify the
* query.
*
* TODO: Compare to our query, just in case?
*/
for (uint_fast16_t j = 0; j < numQuestions; j++) {
parseName(buffer, length, &i, maxAllowedPointers);
i += 4;
}
answerRecords = parseSection(buffer, length, &i, numAnswers);
authorityRecords = parseSection(buffer, length, &i,
numAuthorityRecords);
additionalRecords = parseSection(buffer, length, &i,
|
︙ | | | ︙ | |
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
|
[context->_TCPSocket release];
context->_TCPSocket = nil;
context->_responseLength = 0;
return nil;
}
if (context->_TCPBuffer == nil)
context->_TCPBuffer = OFAllocMemory(MAX_DNS_RESPONSE_LENGTH, 1);
[sock asyncReadIntoBuffer: context->_TCPBuffer exactLength: 2];
return nil;
}
- (bool)stream: (OFStream *)stream
didReadIntoBuffer: (void *)buffer
|
|
|
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
|
[context->_TCPSocket release];
context->_TCPSocket = nil;
context->_responseLength = 0;
return nil;
}
if (context->_TCPBuffer == nil)
context->_TCPBuffer = OFAllocMemory(maxDNSResponseLength, 1);
[sock asyncReadIntoBuffer: context->_TCPBuffer exactLength: 2];
return nil;
}
- (bool)stream: (OFStream *)stream
didReadIntoBuffer: (void *)buffer
|
︙ | | | ︙ | |
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
|
if (context->_responseLength == 0) {
unsigned char *ucBuffer = buffer;
OFEnsure(length == 2);
context->_responseLength = (ucBuffer[0] << 8) | ucBuffer[1];
if (context->_responseLength > MAX_DNS_RESPONSE_LENGTH)
@throw [OFOutOfRangeException exception];
if (context->_responseLength == 0)
goto done;
[sock asyncReadIntoBuffer: context->_TCPBuffer
exactLength: context->_responseLength];
|
|
|
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
|
if (context->_responseLength == 0) {
unsigned char *ucBuffer = buffer;
OFEnsure(length == 2);
context->_responseLength = (ucBuffer[0] << 8) | ucBuffer[1];
if (context->_responseLength > maxDNSResponseLength)
@throw [OFOutOfRangeException exception];
if (context->_responseLength == 0)
goto done;
[sock asyncReadIntoBuffer: context->_TCPBuffer
exactLength: context->_responseLength];
|
︙ | | | ︙ | |