Index: src/OFDNSResolver.m ================================================================== --- src/OFDNSResolver.m +++ src/OFDNSResolver.m @@ -65,10 +65,14 @@ #ifdef OF_NINTENDO_3DS # include <3ds.h> #endif +#ifndef SOCK_DNS +# define SOCK_DNS 0 +#endif + /* * RFC 1035 doesn't specify if pointers to pointers are allowed, and if so how * many. Since it's unspecified, we have to assume that it might happen, but we * also want to limit it to avoid DoS. Limiting it to 16 levels of pointers and * immediately rejecting pointers to itself seems like a fair balance. @@ -1234,14 +1238,10 @@ [self of_obtainAmigaOS4SystemConfig]; #elif defined(OF_NINTENDO_3DS) [self of_obtainNintendo3DSSytemConfig]; #elif defined(OF_HAVE_FILES) [self of_parseHosts: HOSTS_PATH]; -# ifdef OF_OPENBSD - [self of_parseHosts: @"/etc/resolv.conf.tail"]; -# endif - [self of_parseResolvConf: RESOLV_CONF_PATH]; #endif if (_staticHosts == nil) { OFArray *localhost = @@ -1787,11 +1787,12 @@ if (_IPv6Socket == nil) { of_socket_address_t address = of_socket_address_parse_ip(@"::", 0); _IPv6Socket = [[OFUDPSocket alloc] init]; - [_IPv6Socket of_bindToAddress: &address]; + [_IPv6Socket of_bindToAddress: &address + extraType: SOCK_DNS]; [_IPv6Socket setBlocking: false]; } sock = _IPv6Socket; break; @@ -1800,11 +1801,12 @@ if (_IPv4Socket == nil) { of_socket_address_t address = of_socket_address_parse_ip(@"0.0.0.0", 0); _IPv4Socket = [[OFUDPSocket alloc] init]; - [_IPv4Socket of_bindToAddress: &address]; + [_IPv4Socket of_bindToAddress: &address + extraType: SOCK_DNS]; [_IPv4Socket setBlocking: false]; } sock = _IPv4Socket; break; Index: src/OFUDPSocket+Private.h ================================================================== --- src/OFUDPSocket+Private.h +++ src/OFUDPSocket+Private.h @@ -18,9 +18,10 @@ #import "OFUDPSocket.h" OF_ASSUME_NONNULL_BEGIN @interface OFUDPSocket () -- (uint16_t)of_bindToAddress: (of_socket_address_t *)address; +- (uint16_t)of_bindToAddress: (of_socket_address_t *)address + extraType: (int)extraType; @end OF_ASSUME_NONNULL_END Index: src/OFUDPSocket.m ================================================================== --- src/OFUDPSocket.m +++ src/OFUDPSocket.m @@ -123,20 +123,21 @@ OF_UNRECOGNIZED_SELECTOR #endif } - (uint16_t)of_bindToAddress: (of_socket_address_t *)address + extraType: (int)extraType { void *pool = objc_autoreleasePoolPush(); OFString *host; uint16_t port; #if SOCK_CLOEXEC == 0 && defined(HAVE_FCNTL) && defined(FD_CLOEXEC) int flags; #endif if ((_socket = socket(address->sockaddr.sockaddr.sa_family, - SOCK_DGRAM | SOCK_CLOEXEC, 0)) == INVALID_SOCKET) { + SOCK_DGRAM | SOCK_CLOEXEC | extraType, 0)) == INVALID_SOCKET) { host = of_socket_address_ip_string(address, &port); @throw [OFBindFailedException exceptionWithHost: host port: port socket: self @@ -267,11 +268,12 @@ addressFamily: OF_SOCKET_ADDRESS_FAMILY_ANY]; address = *(of_socket_address_t *)[socketAddresses itemAtIndex: 0]; of_socket_address_set_port(&address, port); - port = [self of_bindToAddress: &address]; + port = [self of_bindToAddress: &address + extraType: 0]; objc_autoreleasePoolPop(pool); return port; } Index: utils/ofdns/OFDNS.m ================================================================== --- utils/ofdns/OFDNS.m +++ utils/ofdns/OFDNS.m @@ -18,10 +18,11 @@ #include "config.h" #import "OFApplication.h" #import "OFArray.h" #import "OFDNSResolver.h" +#import "OFSandbox.h" #import "OFStdIOStream.h" @interface OFDNS: OFObject @end @@ -57,10 +58,22 @@ of_dns_resource_record_class_t recordClass = OF_DNS_RESOURCE_RECORD_CLASS_ANY; of_dns_resource_record_type_t recordType = OF_DNS_RESOURCE_RECORD_TYPE_ALL; OFDNSResolver *resolver; + +#ifdef OF_HAVE_SANDBOX + OFSandbox *sandbox = [[OFSandbox alloc] init]; + @try { + [sandbox setAllowsStdIO: true]; + [sandbox setAllowsDNS: true]; + + [OFApplication activateSandbox: sandbox]; + } @finally { + [sandbox release]; + } +#endif if ([arguments count] < 1 || [arguments count] > 4) { [of_stderr writeFormat: @"Usage: %@ host [type [class [server]]]\n", [OFApplication programName]];