Overview
| Comment: | Sandbox ofdns |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
605634184d835242acec1b1f32a72b67 |
| User & Date: | js on 2018-11-04 18:40:43 |
| Other Links: | manifest | tags |
Context
|
2018-11-04
| ||
| 20:11 | OFSecureData: Add support for preallocating memory check-in: 0487a81ced user: js tags: trunk | |
| 18:40 | Sandbox ofdns check-in: 605634184d user: js tags: trunk | |
| 17:51 | ofarc: Use OFSandbox's new unveiling check-in: dec64f3a50 user: js tags: trunk | |
Changes
Modified src/OFDNSResolver.m from [5597695463] to [5e69e0a1d6].
| ︙ | ︙ | |||
63 64 65 66 67 68 69 70 71 72 73 74 75 76 | # include <proto/bsdsocket.h> #endif #ifdef OF_NINTENDO_3DS # include <3ds.h> #endif /* * RFC 1035 doesn't specify if pointers to pointers are allowed, and if so how * many. Since it's unspecified, we have to assume that it might happen, but we * also want to limit it to avoid DoS. Limiting it to 16 levels of pointers and * immediately rejecting pointers to itself seems like a fair balance. */ #define MAX_ALLOWED_POINTERS 16 | > > > > | 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 | # include <proto/bsdsocket.h> #endif #ifdef OF_NINTENDO_3DS # include <3ds.h> #endif #ifndef SOCK_DNS # define SOCK_DNS 0 #endif /* * RFC 1035 doesn't specify if pointers to pointers are allowed, and if so how * many. Since it's unspecified, we have to assume that it might happen, but we * also want to limit it to avoid DoS. Limiting it to 16 levels of pointers and * immediately rejecting pointers to itself seems like a fair balance. */ #define MAX_ALLOWED_POINTERS 16 |
| ︙ | ︙ | |||
1232 1233 1234 1235 1236 1237 1238 | #elif defined(OF_AMIGAOS4) [self of_parseHosts: HOSTS_PATH]; [self of_obtainAmigaOS4SystemConfig]; #elif defined(OF_NINTENDO_3DS) [self of_obtainNintendo3DSSytemConfig]; #elif defined(OF_HAVE_FILES) [self of_parseHosts: HOSTS_PATH]; | < < < < | 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 |
#elif defined(OF_AMIGAOS4)
[self of_parseHosts: HOSTS_PATH];
[self of_obtainAmigaOS4SystemConfig];
#elif defined(OF_NINTENDO_3DS)
[self of_obtainNintendo3DSSytemConfig];
#elif defined(OF_HAVE_FILES)
[self of_parseHosts: HOSTS_PATH];
[self of_parseResolvConf: RESOLV_CONF_PATH];
#endif
if (_staticHosts == nil) {
OFArray *localhost =
#ifdef OF_HAVE_IPV6
[OFArray arrayWithObjects: @"::1", @"127.0.0.1", nil];
|
| ︙ | ︙ | |||
1785 1786 1787 1788 1789 1790 1791 |
#ifdef OF_HAVE_IPV6
case OF_SOCKET_ADDRESS_FAMILY_IPV6:
if (_IPv6Socket == nil) {
of_socket_address_t address =
of_socket_address_parse_ip(@"::", 0);
_IPv6Socket = [[OFUDPSocket alloc] init];
| | > | > | 1785 1786 1787 1788 1789 1790 1791 1792 1793 1794 1795 1796 1797 1798 1799 1800 1801 1802 1803 1804 1805 1806 1807 1808 1809 1810 1811 1812 1813 1814 |
#ifdef OF_HAVE_IPV6
case OF_SOCKET_ADDRESS_FAMILY_IPV6:
if (_IPv6Socket == nil) {
of_socket_address_t address =
of_socket_address_parse_ip(@"::", 0);
_IPv6Socket = [[OFUDPSocket alloc] init];
[_IPv6Socket of_bindToAddress: &address
extraType: SOCK_DNS];
[_IPv6Socket setBlocking: false];
}
sock = _IPv6Socket;
break;
#endif
case OF_SOCKET_ADDRESS_FAMILY_IPV4:
if (_IPv4Socket == nil) {
of_socket_address_t address =
of_socket_address_parse_ip(@"0.0.0.0", 0);
_IPv4Socket = [[OFUDPSocket alloc] init];
[_IPv4Socket of_bindToAddress: &address
extraType: SOCK_DNS];
[_IPv4Socket setBlocking: false];
}
sock = _IPv4Socket;
break;
default:
@throw [OFInvalidArgumentException exception];
|
| ︙ | ︙ |
Modified src/OFUDPSocket+Private.h from [9f1517e8f1] to [c3a3175100].
| ︙ | ︙ | |||
16 17 18 19 20 21 22 | */ #import "OFUDPSocket.h" OF_ASSUME_NONNULL_BEGIN @interface OFUDPSocket () | | > | 16 17 18 19 20 21 22 23 24 25 26 27 | */ #import "OFUDPSocket.h" OF_ASSUME_NONNULL_BEGIN @interface OFUDPSocket () - (uint16_t)of_bindToAddress: (of_socket_address_t *)address extraType: (int)extraType; @end OF_ASSUME_NONNULL_END |
Modified src/OFUDPSocket.m from [11089b6c20] to [c73a7a1b74].
| ︙ | ︙ | |||
121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 |
_blocking = enable;
#else
OF_UNRECOGNIZED_SELECTOR
#endif
}
- (uint16_t)of_bindToAddress: (of_socket_address_t *)address
{
void *pool = objc_autoreleasePoolPush();
OFString *host;
uint16_t port;
#if SOCK_CLOEXEC == 0 && defined(HAVE_FCNTL) && defined(FD_CLOEXEC)
int flags;
#endif
if ((_socket = socket(address->sockaddr.sockaddr.sa_family,
| > | | 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 |
_blocking = enable;
#else
OF_UNRECOGNIZED_SELECTOR
#endif
}
- (uint16_t)of_bindToAddress: (of_socket_address_t *)address
extraType: (int)extraType
{
void *pool = objc_autoreleasePoolPush();
OFString *host;
uint16_t port;
#if SOCK_CLOEXEC == 0 && defined(HAVE_FCNTL) && defined(FD_CLOEXEC)
int flags;
#endif
if ((_socket = socket(address->sockaddr.sockaddr.sa_family,
SOCK_DGRAM | SOCK_CLOEXEC | extraType, 0)) == INVALID_SOCKET) {
host = of_socket_address_ip_string(address, &port);
@throw [OFBindFailedException
exceptionWithHost: host
port: port
socket: self
errNo: of_socket_errno()];
}
|
| ︙ | ︙ | |||
265 266 267 268 269 270 271 | socketAddresses = [[OFThread DNSResolver] resolveSocketAddressesForHost: host addressFamily: OF_SOCKET_ADDRESS_FAMILY_ANY]; address = *(of_socket_address_t *)[socketAddresses itemAtIndex: 0]; of_socket_address_set_port(&address, port); | | > | 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 | socketAddresses = [[OFThread DNSResolver] resolveSocketAddressesForHost: host addressFamily: OF_SOCKET_ADDRESS_FAMILY_ANY]; address = *(of_socket_address_t *)[socketAddresses itemAtIndex: 0]; of_socket_address_set_port(&address, port); port = [self of_bindToAddress: &address extraType: 0]; objc_autoreleasePoolPop(pool); return port; } - (size_t)receiveIntoBuffer: (void *)buffer |
| ︙ | ︙ |
Modified utils/ofdns/OFDNS.m from [01d2c2b54d] to [cfb0eab86c].
| ︙ | ︙ | |||
16 17 18 19 20 21 22 23 24 25 26 27 28 29 | */ #include "config.h" #import "OFApplication.h" #import "OFArray.h" #import "OFDNSResolver.h" #import "OFStdIOStream.h" @interface OFDNS: OFObject <OFApplicationDelegate> @end OF_APPLICATION_DELEGATE(OFDNS) | > | 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 | */ #include "config.h" #import "OFApplication.h" #import "OFArray.h" #import "OFDNSResolver.h" #import "OFSandbox.h" #import "OFStdIOStream.h" @interface OFDNS: OFObject <OFApplicationDelegate> @end OF_APPLICATION_DELEGATE(OFDNS) |
| ︙ | ︙ | |||
55 56 57 58 59 60 61 62 63 64 65 66 67 68 |
{
OFArray OF_GENERIC(OFString *) *arguments = [OFApplication arguments];
of_dns_resource_record_class_t recordClass =
OF_DNS_RESOURCE_RECORD_CLASS_ANY;
of_dns_resource_record_type_t recordType =
OF_DNS_RESOURCE_RECORD_TYPE_ALL;
OFDNSResolver *resolver;
if ([arguments count] < 1 || [arguments count] > 4) {
[of_stderr writeFormat:
@"Usage: %@ host [type [class [server]]]\n",
[OFApplication programName]];
[OFApplication terminateWithStatus: 1];
}
| > > > > > > > > > > > > | 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 |
{
OFArray OF_GENERIC(OFString *) *arguments = [OFApplication arguments];
of_dns_resource_record_class_t recordClass =
OF_DNS_RESOURCE_RECORD_CLASS_ANY;
of_dns_resource_record_type_t recordType =
OF_DNS_RESOURCE_RECORD_TYPE_ALL;
OFDNSResolver *resolver;
#ifdef OF_HAVE_SANDBOX
OFSandbox *sandbox = [[OFSandbox alloc] init];
@try {
[sandbox setAllowsStdIO: true];
[sandbox setAllowsDNS: true];
[OFApplication activateSandbox: sandbox];
} @finally {
[sandbox release];
}
#endif
if ([arguments count] < 1 || [arguments count] > 4) {
[of_stderr writeFormat:
@"Usage: %@ host [type [class [server]]]\n",
[OFApplication programName]];
[OFApplication terminateWithStatus: 1];
}
|
| ︙ | ︙ |