commit 16b293a7a6f65d8ff348a603d19e8fd4372fa3a9

Author: Siddhesh Poyarekar <siddhesh@redhat.com>

Date:   Wed Apr 30 11:48:43 2014 +0530

    Do not fail if one of the two responses to AF_UNSPEC fails (BZ #14308)

    [Fixes BZ #14308, #12994, #13651]

    AF_UNSPEC results in sending two queries in parallel, one for the A

    record and the other for the AAAA record.  If one of these is a

    referral, then the query fails, which is wrong.  It should return at

    least the one successful response.

    The fix has two parts.  The first part makes the referral fall back to

    the SERVFAIL path, which results in using the successful response.

    There is a bug in that path however, due to which the second part is

    necessary.  The bug here is that if the first response is a failure

    and the second succeeds, __libc_res_nsearch does not detect that and

    assumes a failure.  The case where the first response is a success and

    the second fails, works correctly.

    This condition is produced by buggy routers, so here's a crude

    interposable library that can simulate such a condition.  The library

    overrides the recvfrom syscall and modifies the header of the packet

    received to reproduce this scenario.  It has two key variables:

    mod_packet and first_error.

    The mod_packet variable when set to 0, results in odd packets being

    modified to be a referral.  When set to 1, even packets are modified

    to be a referral.

    The first_error causes the first response to be a failure so that a

    domain-appended search is performed to test the second part of the

    __libc_nsearch fix.

    The driver for this fix is a simple getaddrinfo program that does an

    AF_UNSPEC query.  I have omitted this since it should be easy to

    implement.

    I have tested this on x86_64.

    The interceptor library source:

    /* Override recvfrom and modify the header of the first DNS response to make it

       a referral and reproduce bz #845218.  We have to resort to this ugly hack

       because we cannot make bind return the buggy response of a referral for the

       AAAA record and an authoritative response for the A record.  */

     #define _GNU_SOURCE

     #include <sys/types.h>

     #include <sys/socket.h>

     #include <netinet/in.h>

     #include <arpa/inet.h>

     #include <stdio.h>

     #include <stdbool.h>

     #include <endian.h>

     #include <dlfcn.h>

     #include <stdlib.h>

    /* Lifted from resolv/arpa/nameser_compat.h.  */

    typedef struct {

        unsigned        id :16;         /*%< query identification number */

     #if BYTE_ORDER == BIG_ENDIAN

        /* fields in third byte */

        unsigned        qr: 1;          /*%< response flag */

        unsigned        opcode: 4;      /*%< purpose of message */

        unsigned        aa: 1;          /*%< authoritive answer */

        unsigned        tc: 1;          /*%< truncated message */

        unsigned        rd: 1;          /*%< recursion desired */

        /* fields

         * in

         * fourth

         * byte

         * */

        unsigned        ra: 1;          /*%< recursion available */

        unsigned        unused :1;      /*%< unused bits (MBZ as of 4.9.3a3) */

        unsigned        ad: 1;          /*%< authentic data from named */

        unsigned        cd: 1;          /*%< checking disabled by resolver */

        unsigned        rcode :4;       /*%< response code */

     #endif

     #if BYTE_ORDER == LITTLE_ENDIAN || BYTE_ORDER == PDP_ENDIAN

        /* fields

         * in

         * third

         * byte

         * */

        unsigned        rd :1;          /*%< recursion desired */

        unsigned        tc :1;          /*%< truncated message */

        unsigned        aa :1;          /*%< authoritive answer */

        unsigned        opcode :4;      /*%< purpose of message */

        unsigned        qr :1;          /*%< response flag */

        /* fields

         * in

         * fourth

         * byte

         * */

        unsigned        rcode :4;       /*%< response code */

        unsigned        cd: 1;          /*%< checking disabled by resolver */

        unsigned        ad: 1;          /*%< authentic data from named */

        unsigned        unused :1;      /*%< unused bits (MBZ as of 4.9.3a3) */

        unsigned        ra :1;          /*%< recursion available */

     #endif

        /* remaining

         * bytes

         * */

        unsigned        qdcount :16;    /*%< number of question entries */

        unsigned        ancount :16;    /*%< number of answer entries */

        unsigned        nscount :16;    /*%< number of authority entries */

        unsigned        arcount :16;    /*%< number of resource entries */

    } HEADER;

    static int done = 0;

    /* Packets to modify.  0 for the odd packets and 1 for even packets.  */

    static const int mod_packet = 0;

    /* Set to true if the first request should result in an error, resulting in a

       search query.  */

    static bool first_error = true;

    static ssize_t (*real_recvfrom) (int sockfd, void *buf, size_t len, int flags,

    			  struct sockaddr *src_addr, socklen_t *addrlen);

    void

    __attribute__ ((constructor))

    init (void)

    {

      real_recvfrom = dlsym (RTLD_NEXT, "recvfrom");

      if (real_recvfrom == NULL)

        {

          printf ("Failed to get reference to recvfrom: %s\n", dlerror ());

          printf ("Cannot simulate test\n");

          abort ();

        }

    }

    /* Modify the second packet that we receive to set the header in a manner as to

       reproduce BZ #845218.  */

    static void

    mod_buf (HEADER *h, int port)

    {

      if (done % 2 == mod_packet || (first_error && done == 1))

        {

          printf ("(Modifying header)");

          if (first_error && done == 1)

    	h->rcode = 3;

          else

    	h->rcode = 0;	/* NOERROR == 0.  */

          h->ancount = 0;

          h->aa = 0;

          h->ra = 0;

          h->arcount = 0;

        }

      done++;

    }

    ssize_t

    recvfrom (int sockfd, void *buf, size_t len, int flags,

    	  struct sockaddr *src_addr, socklen_t *addrlen)

    {

      ssize_t ret = real_recvfrom (sockfd, buf, len, flags, src_addr, addrlen);

      int port = htons (((struct sockaddr_in *) src_addr)->sin_port);

      struct in_addr addr = ((struct sockaddr_in *) src_addr)->sin_addr;

      const char *host = inet_ntoa (addr);

      printf ("\n*** From %s:%d: ", host, port);

      mod_buf (buf, port);

      printf ("returned %zd\n", ret);

      return ret;

    }

 ChangeLog          | 11 +++++++++++

 NEWS               | 14 +++++++-------

 resolv/res_query.c |  7 +++++--

 resolv/res_send.c  |  2 +-

 4 files changed, 24 insertions(+), 10 deletions(-)

commit e35c53e397e7abbd41fedacdedcfa5af7b5c2c52

Author: Siddhesh Poyarekar <siddhesh@redhat.com>

Date:   Tue Jul 8 16:40:24 2014 +0530

    Check value at resplen2 if it is not NULL

    There was a typo in the previous patch due to which resplen2 was

    checked for non-zero instead of the value at resplen2.  Fix that and

    improve the condition by checking resplen2 for non-NULL (instead of

    answerp2) and also adding the check in a third place.

 ChangeLog          | 3 +++

 resolv/res_query.c | 9 +++++----

 2 files changed, 8 insertions(+), 4 deletions(-)

diff -pruN glibc-2.17-c758a686/resolv/res_query.c glibc-2.17-c758a686/resolv/res_query.c

--- glibc-2.17-c758a686/resolv/res_query.c	2012-12-25 08:32:13.000000000 +0530

+++ glibc-2.17-c758a686/resolv/res_query.c	2014-09-05 14:28:06.439191017 +0530

@@ -378,7 +378,9 @@ __libc_res_nsearch(res_state statp,

 		ret = __libc_res_nquerydomain(statp, name, NULL, class, type,

 					      answer, anslen, answerp,

 					      answerp2, nanswerp2, resplen2);

-		if (ret > 0 || trailing_dot)

+		if (ret > 0 || trailing_dot

+		    /* If the second response is valid then we use that.  */

+		    || (ret == 0 && resplen2 != NULL && *resplen2 > 0))

 			return (ret);

 		saved_herrno = h_errno;

 		tried_as_is++;

@@ -418,7 +420,8 @@ __libc_res_nsearch(res_state statp,

 						      answer, anslen, answerp,

 						      answerp2, nanswerp2,

 						      resplen2);

-			if (ret > 0)

+			if (ret > 0 || (ret == 0 && resplen2 != NULL

+					&& *resplen2 > 0))

 				return (ret);

 			if (answerp && *answerp != answer) {

@@ -487,7 +490,8 @@ __libc_res_nsearch(res_state statp,

 		ret = __libc_res_nquerydomain(statp, name, NULL, class, type,

 					      answer, anslen, answerp,

 					      answerp2, nanswerp2, resplen2);

-		if (ret > 0)

+		if (ret > 0 || (ret == 0 && resplen2 != NULL

+				&& *resplen2 > 0))

 			return (ret);

 	}

diff -pruN glibc-2.17-c758a686/resolv/res_send.c glibc-2.17-c758a686/resolv/res_send.c

--- glibc-2.17-c758a686/resolv/res_send.c	2014-09-05 14:28:30.039337246 +0530

+++ glibc-2.17-c758a686/resolv/res_send.c	2014-09-05 14:28:06.439191017 +0530

@@ -1343,6 +1343,7 @@ send_dg(res_state statp,

 				(*thisresplenp > *thisanssizp)

 				? *thisanssizp : *thisresplenp);

+		next_ns:

 			if (recvresp1 || (buf2 != NULL && recvresp2)) {

 			  *resplen2 = 0;

 			  return resplen;

@@ -1360,7 +1361,6 @@ send_dg(res_state statp,

 			    goto wait;

 			  }

-		next_ns:

 			__res_iclose(statp, false);

 			/* don't retry if called from dig */

 			if (!statp->pfcode)