| /* dnsmasq is Copyright (c) 2000-2021 Simon Kelley |
| |
| This program is free software; you can redistribute it and/or modify |
| it under the terms of the GNU General Public License as published by |
| the Free Software Foundation; version 2 dated June, 1991, or |
| (at your option) version 3 dated 29 June, 2007. |
| |
| This program is distributed in the hope that it will be useful, |
| but WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| GNU General Public License for more details. |
| |
| You should have received a copy of the GNU General Public License |
| along with this program. If not, see <http://www.gnu.org/licenses/>. |
| */ |
| |
| /* The SURF random number generator was taken from djbdns-1.05, by |
| Daniel J Bernstein, which is public domain. */ |
| |
| |
| #include "dnsmasq.h" |
| |
| #ifdef HAVE_BROKEN_RTC |
| #include <sys/times.h> |
| #endif |
| |
| #if defined(HAVE_LIBIDN2) |
| #include <idn2.h> |
| #elif defined(HAVE_IDN) |
| #include <idna.h> |
| #endif |
| |
| #ifdef HAVE_LINUX_NETWORK |
| #include <sys/utsname.h> |
| #endif |
| |
| /* SURF random number generator */ |
| |
| static u32 seed[32]; |
| static u32 in[12]; |
| static u32 out[8]; |
| static int outleft = 0; |
| |
| void rand_init() |
| { |
| int fd = open(RANDFILE, O_RDONLY); |
| |
| if (fd == -1 || |
| !read_write(fd, (unsigned char *)&seed, sizeof(seed), 1) || |
| !read_write(fd, (unsigned char *)&in, sizeof(in), 1)) |
| die(_("failed to seed the random number generator: %s"), NULL, EC_MISC); |
| |
| close(fd); |
| } |
| |
| #define ROTATE(x,b) (((x) << (b)) | ((x) >> (32 - (b)))) |
| #define MUSH(i,b) x = t[i] += (((x ^ seed[i]) + sum) ^ ROTATE(x,b)); |
| |
| static void surf(void) |
| { |
| u32 t[12]; u32 x; u32 sum = 0; |
| int r; int i; int loop; |
| |
| for (i = 0;i < 12;++i) t[i] = in[i] ^ seed[12 + i]; |
| for (i = 0;i < 8;++i) out[i] = seed[24 + i]; |
| x = t[11]; |
| for (loop = 0;loop < 2;++loop) { |
| for (r = 0;r < 16;++r) { |
| sum += 0x9e3779b9; |
| MUSH(0,5) MUSH(1,7) MUSH(2,9) MUSH(3,13) |
| MUSH(4,5) MUSH(5,7) MUSH(6,9) MUSH(7,13) |
| MUSH(8,5) MUSH(9,7) MUSH(10,9) MUSH(11,13) |
| } |
| for (i = 0;i < 8;++i) out[i] ^= t[i + 4]; |
| } |
| } |
| |
| unsigned short rand16(void) |
| { |
| if (!outleft) |
| { |
| if (!++in[0]) if (!++in[1]) if (!++in[2]) ++in[3]; |
| surf(); |
| outleft = 8; |
| } |
| |
| return (unsigned short) out[--outleft]; |
| } |
| |
| u32 rand32(void) |
| { |
| if (!outleft) |
| { |
| if (!++in[0]) if (!++in[1]) if (!++in[2]) ++in[3]; |
| surf(); |
| outleft = 8; |
| } |
| |
| return out[--outleft]; |
| } |
| |
| u64 rand64(void) |
| { |
| static int outleft = 0; |
| |
| if (outleft < 2) |
| { |
| if (!++in[0]) if (!++in[1]) if (!++in[2]) ++in[3]; |
| surf(); |
| outleft = 8; |
| } |
| |
| outleft -= 2; |
| |
| return (u64)out[outleft+1] + (((u64)out[outleft]) << 32); |
| } |
| |
| /* returns 2 if names is OK but contains one or more underscores */ |
| static int check_name(char *in) |
| { |
| /* remove trailing . |
| also fail empty string and label > 63 chars */ |
| size_t dotgap = 0, l = strlen(in); |
| char c; |
| int nowhite = 0; |
| int hasuscore = 0; |
| |
| if (l == 0 || l > MAXDNAME) return 0; |
| |
| if (in[l-1] == '.') |
| { |
| in[l-1] = 0; |
| nowhite = 1; |
| } |
| |
| for (; (c = *in); in++) |
| { |
| if (c == '.') |
| dotgap = 0; |
| else if (++dotgap > MAXLABEL) |
| return 0; |
| else if (isascii((unsigned char)c) && iscntrl((unsigned char)c)) |
| /* iscntrl only gives expected results for ascii */ |
| return 0; |
| #if !defined(HAVE_IDN) && !defined(HAVE_LIBIDN2) |
| else if (!isascii((unsigned char)c)) |
| return 0; |
| #endif |
| else if (c != ' ') |
| { |
| nowhite = 1; |
| if (c == '_') |
| hasuscore = 1; |
| } |
| } |
| |
| if (!nowhite) |
| return 0; |
| |
| return hasuscore ? 2 : 1; |
| } |
| |
| /* Hostnames have a more limited valid charset than domain names |
| so check for legal char a-z A-Z 0-9 - _ |
| Note that this may receive a FQDN, so only check the first label |
| for the tighter criteria. */ |
| int legal_hostname(char *name) |
| { |
| char c; |
| int first; |
| |
| if (!check_name(name)) |
| return 0; |
| |
| for (first = 1; (c = *name); name++, first = 0) |
| /* check for legal char a-z A-Z 0-9 - _ . */ |
| { |
| if ((c >= 'A' && c <= 'Z') || |
| (c >= 'a' && c <= 'z') || |
| (c >= '0' && c <= '9')) |
| continue; |
| |
| if (!first && (c == '-' || c == '_')) |
| continue; |
| |
| /* end of hostname part */ |
| if (c == '.') |
| return 1; |
| |
| return 0; |
| } |
| |
| return 1; |
| } |
| |
| char *canonicalise(char *in, int *nomem) |
| { |
| char *ret = NULL; |
| int rc; |
| |
| if (nomem) |
| *nomem = 0; |
| |
| if (!(rc = check_name(in))) |
| return NULL; |
| |
| #if defined(HAVE_LIBIDN2) && (!defined(IDN2_VERSION_NUMBER) || IDN2_VERSION_NUMBER < 0x02000003) |
| /* older libidn2 strips underscores, so don't do IDN processing |
| if the name has an underscore (check_name() returned 2) */ |
| if (rc != 2) |
| #endif |
| #if defined(HAVE_IDN) || defined(HAVE_LIBIDN2) |
| { |
| # ifdef HAVE_LIBIDN2 |
| rc = idn2_to_ascii_lz(in, &ret, IDN2_NONTRANSITIONAL); |
| if (rc == IDN2_DISALLOWED) |
| rc = idn2_to_ascii_lz(in, &ret, IDN2_TRANSITIONAL); |
| # else |
| rc = idna_to_ascii_lz(in, &ret, 0); |
| # endif |
| if (rc != IDNA_SUCCESS) |
| { |
| if (ret) |
| free(ret); |
| |
| if (nomem && (rc == IDNA_MALLOC_ERROR || rc == IDNA_DLOPEN_ERROR)) |
| { |
| my_syslog(LOG_ERR, _("failed to allocate memory")); |
| *nomem = 1; |
| } |
| |
| return NULL; |
| } |
| |
| return ret; |
| } |
| #endif |
| |
| if ((ret = whine_malloc(strlen(in)+1))) |
| strcpy(ret, in); |
| else if (nomem) |
| *nomem = 1; |
| |
| return ret; |
| } |
| |
| unsigned char *do_rfc1035_name(unsigned char *p, char *sval, char *limit) |
| { |
| int j; |
| |
| while (sval && *sval) |
| { |
| unsigned char *cp = p++; |
| |
| if (limit && p > (unsigned char*)limit) |
| return NULL; |
| |
| for (j = 0; *sval && (*sval != '.'); sval++, j++) |
| { |
| if (limit && p + 1 > (unsigned char*)limit) |
| return NULL; |
| |
| #ifdef HAVE_DNSSEC |
| if (option_bool(OPT_DNSSEC_VALID) && *sval == NAME_ESCAPE) |
| *p++ = (*(++sval))-1; |
| else |
| #endif |
| *p++ = *sval; |
| } |
| |
| *cp = j; |
| if (*sval) |
| sval++; |
| } |
| |
| return p; |
| } |
| |
| /* for use during startup */ |
| void *safe_malloc(size_t size) |
| { |
| void *ret = calloc(1, size); |
| |
| if (!ret) |
| die(_("could not get memory"), NULL, EC_NOMEM); |
| |
| return ret; |
| } |
| |
| /* Ensure limited size string is always terminated. |
| * Can be replaced by (void)strlcpy() on some platforms */ |
| void safe_strncpy(char *dest, const char *src, size_t size) |
| { |
| if (size != 0) |
| { |
| dest[size-1] = '\0'; |
| strncpy(dest, src, size-1); |
| } |
| } |
| |
| void safe_pipe(int *fd, int read_noblock) |
| { |
| if (pipe(fd) == -1 || |
| !fix_fd(fd[1]) || |
| (read_noblock && !fix_fd(fd[0]))) |
| die(_("cannot create pipe: %s"), NULL, EC_MISC); |
| } |
| |
| void *whine_malloc(size_t size) |
| { |
| void *ret = calloc(1, size); |
| |
| if (!ret) |
| my_syslog(LOG_ERR, _("failed to allocate %d bytes"), (int) size); |
| |
| return ret; |
| } |
| |
| int sockaddr_isequal(const union mysockaddr *s1, const union mysockaddr *s2) |
| { |
| if (s1->sa.sa_family == s2->sa.sa_family) |
| { |
| if (s1->sa.sa_family == AF_INET && |
| s1->in.sin_port == s2->in.sin_port && |
| s1->in.sin_addr.s_addr == s2->in.sin_addr.s_addr) |
| return 1; |
| |
| if (s1->sa.sa_family == AF_INET6 && |
| s1->in6.sin6_port == s2->in6.sin6_port && |
| s1->in6.sin6_scope_id == s2->in6.sin6_scope_id && |
| IN6_ARE_ADDR_EQUAL(&s1->in6.sin6_addr, &s2->in6.sin6_addr)) |
| return 1; |
| } |
| return 0; |
| } |
| |
| int sa_len(union mysockaddr *addr) |
| { |
| #ifdef HAVE_SOCKADDR_SA_LEN |
| return addr->sa.sa_len; |
| #else |
| if (addr->sa.sa_family == AF_INET6) |
| return sizeof(addr->in6); |
| else |
| return sizeof(addr->in); |
| #endif |
| } |
| |
| /* don't use strcasecmp and friends here - they may be messed up by LOCALE */ |
| int hostname_isequal(const char *a, const char *b) |
| { |
| unsigned int c1, c2; |
| |
| do { |
| c1 = (unsigned char) *a++; |
| c2 = (unsigned char) *b++; |
| |
| if (c1 >= 'A' && c1 <= 'Z') |
| c1 += 'a' - 'A'; |
| if (c2 >= 'A' && c2 <= 'Z') |
| c2 += 'a' - 'A'; |
| |
| if (c1 != c2) |
| return 0; |
| } while (c1); |
| |
| return 1; |
| } |
| |
| /* is b equal to or a subdomain of a return 2 for equal, 1 for subdomain */ |
| int hostname_issubdomain(char *a, char *b) |
| { |
| char *ap, *bp; |
| unsigned int c1, c2; |
| |
| /* move to the end */ |
| for (ap = a; *ap; ap++); |
| for (bp = b; *bp; bp++); |
| |
| /* a shorter than b or a empty. */ |
| if ((bp - b) < (ap - a) || ap == a) |
| return 0; |
| |
| do |
| { |
| c1 = (unsigned char) *(--ap); |
| c2 = (unsigned char) *(--bp); |
| |
| if (c1 >= 'A' && c1 <= 'Z') |
| c1 += 'a' - 'A'; |
| if (c2 >= 'A' && c2 <= 'Z') |
| c2 += 'a' - 'A'; |
| |
| if (c1 != c2) |
| return 0; |
| } while (ap != a); |
| |
| if (bp == b) |
| return 2; |
| |
| if (*(--bp) == '.') |
| return 1; |
| |
| return 0; |
| } |
| |
| |
| time_t dnsmasq_time(void) |
| { |
| #ifdef HAVE_BROKEN_RTC |
| struct tms dummy; |
| static long tps = 0; |
| |
| if (tps == 0) |
| tps = sysconf(_SC_CLK_TCK); |
| |
| return (time_t)(times(&dummy)/tps); |
| /* CRADLEPOINT */ |
| #elif defined(CPLINUX) |
| struct timespec tv; |
| |
| if (clock_gettime(CLOCK_MONOTONIC, &tv) == -1) { |
| my_syslog(LOG_ERR, _("Failed to get micro uptime: %s"), strerror(errno)); |
| return -1; |
| } |
| |
| return tv.tv_sec; |
| /* CRADLEPOINT */ |
| #else |
| return time(NULL); |
| #endif |
| } |
| |
| int netmask_length(struct in_addr mask) |
| { |
| int zero_count = 0; |
| |
| while (0x0 == (mask.s_addr & 0x1) && zero_count < 32) |
| { |
| mask.s_addr >>= 1; |
| zero_count++; |
| } |
| |
| return 32 - zero_count; |
| } |
| |
| int is_same_net(struct in_addr a, struct in_addr b, struct in_addr mask) |
| { |
| return (a.s_addr & mask.s_addr) == (b.s_addr & mask.s_addr); |
| } |
| |
| int is_same_net6(struct in6_addr *a, struct in6_addr *b, int prefixlen) |
| { |
| int pfbytes = prefixlen >> 3; |
| int pfbits = prefixlen & 7; |
| |
| if (memcmp(&a->s6_addr, &b->s6_addr, pfbytes) != 0) |
| return 0; |
| |
| if (pfbits == 0 || |
| (a->s6_addr[pfbytes] >> (8 - pfbits) == b->s6_addr[pfbytes] >> (8 - pfbits))) |
| return 1; |
| |
| return 0; |
| } |
| |
| /* return least significant 64 bits if IPv6 address */ |
| u64 addr6part(struct in6_addr *addr) |
| { |
| int i; |
| u64 ret = 0; |
| |
| for (i = 8; i < 16; i++) |
| ret = (ret << 8) + addr->s6_addr[i]; |
| |
| return ret; |
| } |
| |
| void setaddr6part(struct in6_addr *addr, u64 host) |
| { |
| int i; |
| |
| for (i = 15; i >= 8; i--) |
| { |
| addr->s6_addr[i] = host; |
| host = host >> 8; |
| } |
| } |
| |
| |
| /* returns port number from address */ |
| int prettyprint_addr(union mysockaddr *addr, char *buf) |
| { |
| int port = 0; |
| |
| if (addr->sa.sa_family == AF_INET) |
| { |
| inet_ntop(AF_INET, &addr->in.sin_addr, buf, ADDRSTRLEN); |
| port = ntohs(addr->in.sin_port); |
| } |
| else if (addr->sa.sa_family == AF_INET6) |
| { |
| char name[IF_NAMESIZE]; |
| inet_ntop(AF_INET6, &addr->in6.sin6_addr, buf, ADDRSTRLEN); |
| if (addr->in6.sin6_scope_id != 0 && |
| if_indextoname(addr->in6.sin6_scope_id, name) && |
| strlen(buf) + strlen(name) + 2 <= ADDRSTRLEN) |
| { |
| strcat(buf, "%"); |
| strcat(buf, name); |
| } |
| port = ntohs(addr->in6.sin6_port); |
| } |
| |
| return port; |
| } |
| |
| void prettyprint_time(char *buf, unsigned int t) |
| { |
| if (t == 0xffffffff) |
| sprintf(buf, _("infinite")); |
| else |
| { |
| unsigned int x, p = 0; |
| if ((x = t/86400)) |
| p += sprintf(&buf[p], "%ud", x); |
| if ((x = (t/3600)%24)) |
| p += sprintf(&buf[p], "%uh", x); |
| if ((x = (t/60)%60)) |
| p += sprintf(&buf[p], "%um", x); |
| if ((x = t%60)) |
| p += sprintf(&buf[p], "%us", x); |
| } |
| } |
| |
| |
| /* in may equal out, when maxlen may be -1 (No max len). |
| Return -1 for extraneous no-hex chars found. */ |
| int parse_hex(char *in, unsigned char *out, int maxlen, |
| unsigned int *wildcard_mask, int *mac_type) |
| { |
| int done = 0, mask = 0, i = 0; |
| char *r; |
| |
| if (mac_type) |
| *mac_type = 0; |
| |
| while (!done && (maxlen == -1 || i < maxlen)) |
| { |
| for (r = in; *r != 0 && *r != ':' && *r != '-' && *r != ' '; r++) |
| if (*r != '*' && !isxdigit((unsigned char)*r)) |
| return -1; |
| |
| if (*r == 0) |
| done = 1; |
| |
| if (r != in ) |
| { |
| if (*r == '-' && i == 0 && mac_type) |
| { |
| *r = 0; |
| *mac_type = strtol(in, NULL, 16); |
| mac_type = NULL; |
| } |
| else |
| { |
| *r = 0; |
| if (strcmp(in, "*") == 0) |
| { |
| mask = (mask << 1) | 1; |
| i++; |
| } |
| else |
| { |
| int j, bytes = (1 + (r - in))/2; |
| for (j = 0; j < bytes; j++) |
| { |
| char sav = sav; |
| if (j < bytes - 1) |
| { |
| sav = in[(j+1)*2]; |
| in[(j+1)*2] = 0; |
| } |
| /* checks above allow mix of hexdigit and *, which |
| is illegal. */ |
| if (strchr(&in[j*2], '*')) |
| return -1; |
| out[i] = strtol(&in[j*2], NULL, 16); |
| mask = mask << 1; |
| if (++i == maxlen) |
| break; |
| if (j < bytes - 1) |
| in[(j+1)*2] = sav; |
| } |
| } |
| } |
| } |
| in = r+1; |
| } |
| |
| if (wildcard_mask) |
| *wildcard_mask = mask; |
| |
| return i; |
| } |
| |
| /* return 0 for no match, or (no matched octets) + 1 */ |
| int memcmp_masked(unsigned char *a, unsigned char *b, int len, unsigned int mask) |
| { |
| int i, count; |
| for (count = 1, i = len - 1; i >= 0; i--, mask = mask >> 1) |
| if (!(mask & 1)) |
| { |
| if (a[i] == b[i]) |
| count++; |
| else |
| return 0; |
| } |
| return count; |
| } |
| |
| /* _note_ may copy buffer */ |
| int expand_buf(struct iovec *iov, size_t size) |
| { |
| void *new; |
| |
| if (size <= (size_t)iov->iov_len) |
| return 1; |
| |
| if (!(new = whine_malloc(size))) |
| { |
| errno = ENOMEM; |
| return 0; |
| } |
| |
| if (iov->iov_base) |
| { |
| memcpy(new, iov->iov_base, iov->iov_len); |
| free(iov->iov_base); |
| } |
| |
| iov->iov_base = new; |
| iov->iov_len = size; |
| |
| return 1; |
| } |
| |
| char *print_mac(char *buff, unsigned char *mac, int len) |
| { |
| char *p = buff; |
| int i; |
| |
| if (len == 0) |
| sprintf(p, "<null>"); |
| else |
| for (i = 0; i < len; i++) |
| p += sprintf(p, "%.2x%s", mac[i], (i == len - 1) ? "" : ":"); |
| |
| return buff; |
| } |
| |
| /* rc is return from sendto and friends. |
| Return 1 if we should retry. |
| Set errno to zero if we succeeded. */ |
| int retry_send(ssize_t rc) |
| { |
| static int retries = 0; |
| struct timespec waiter; |
| |
| if (rc != -1) |
| { |
| retries = 0; |
| errno = 0; |
| return 0; |
| } |
| |
| /* Linux kernels can return EAGAIN in perpetuity when calling |
| sendmsg() and the relevant interface has gone. Here we loop |
| retrying in EAGAIN for 1 second max, to avoid this hanging |
| dnsmasq. */ |
| |
| if (errno == EAGAIN || errno == EWOULDBLOCK) |
| { |
| waiter.tv_sec = 0; |
| waiter.tv_nsec = 10000; |
| nanosleep(&waiter, NULL); |
| if (retries++ < 1000) |
| return 1; |
| } |
| |
| retries = 0; |
| |
| if (errno == EINTR) |
| return 1; |
| |
| return 0; |
| } |
| |
| int read_write(int fd, unsigned char *packet, int size, int rw) |
| { |
| ssize_t n, done; |
| |
| for (done = 0; done < size; done += n) |
| { |
| do { |
| if (rw) |
| n = read(fd, &packet[done], (size_t)(size - done)); |
| else |
| n = write(fd, &packet[done], (size_t)(size - done)); |
| |
| if (n == 0) |
| return 0; |
| |
| } while (retry_send(n) || errno == ENOMEM || errno == ENOBUFS); |
| |
| if (errno != 0) |
| return 0; |
| } |
| |
| return 1; |
| } |
| |
| /* close all fds except STDIN, STDOUT and STDERR, spare1, spare2 and spare3 */ |
| void close_fds(long max_fd, int spare1, int spare2, int spare3) |
| { |
| /* On Linux, use the /proc/ filesystem to find which files |
| are actually open, rather than iterate over the whole space, |
| for efficiency reasons. If this fails we drop back to the dumb code. */ |
| #ifdef HAVE_LINUX_NETWORK |
| DIR *d; |
| |
| if ((d = opendir("/proc/self/fd"))) |
| { |
| struct dirent *de; |
| |
| while ((de = readdir(d))) |
| { |
| long fd; |
| char *e = NULL; |
| |
| errno = 0; |
| fd = strtol(de->d_name, &e, 10); |
| |
| if (errno != 0 || !e || *e || fd == dirfd(d) || |
| fd == STDOUT_FILENO || fd == STDERR_FILENO || fd == STDIN_FILENO || |
| fd == spare1 || fd == spare2 || fd == spare3) |
| continue; |
| |
| close(fd); |
| } |
| |
| closedir(d); |
| return; |
| } |
| #endif |
| |
| /* fallback, dumb code. */ |
| for (max_fd--; max_fd >= 0; max_fd--) |
| if (max_fd != STDOUT_FILENO && max_fd != STDERR_FILENO && max_fd != STDIN_FILENO && |
| max_fd != spare1 && max_fd != spare2 && max_fd != spare3) |
| close(max_fd); |
| } |
| |
| /* Basically match a string value against a wildcard pattern. */ |
| int wildcard_match(const char* wildcard, const char* match) |
| { |
| while (*wildcard && *match) |
| { |
| if (*wildcard == '*') |
| return 1; |
| |
| if (*wildcard != *match) |
| return 0; |
| |
| ++wildcard; |
| ++match; |
| } |
| |
| return *wildcard == *match; |
| } |
| |
| /* The same but comparing a maximum of NUM characters, like strncmp. */ |
| int wildcard_matchn(const char* wildcard, const char* match, int num) |
| { |
| while (*wildcard && *match && num) |
| { |
| if (*wildcard == '*') |
| return 1; |
| |
| if (*wildcard != *match) |
| return 0; |
| |
| ++wildcard; |
| ++match; |
| --num; |
| } |
| |
| return (!num) || (*wildcard == *match); |
| } |
| |
| #ifdef HAVE_LINUX_NETWORK |
| int kernel_version(void) |
| { |
| struct utsname utsname; |
| int version; |
| char *split; |
| |
| if (uname(&utsname) < 0) |
| die(_("failed to find kernel version: %s"), NULL, EC_MISC); |
| |
| split = strtok(utsname.release, "."); |
| version = (split ? atoi(split) : 0); |
| split = strtok(NULL, "."); |
| version = version * 256 + (split ? atoi(split) : 0); |
| split = strtok(NULL, "."); |
| return version * 256 + (split ? atoi(split) : 0); |
| } |
| #endif |