1/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley 2 3 This program is free software; you can redistribute it and/or modify 4 it under the terms of the GNU General Public License as published by 5 the Free Software Foundation; version 2 dated June, 1991, or 6 (at your option) version 3 dated 29 June, 2007. 7 8 This program is distributed in the hope that it will be useful, 9 but WITHOUT ANY WARRANTY; without even the implied warranty of 10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 GNU General Public License for more details. 12 13 You should have received a copy of the GNU General Public License 14 along with this program. If not, see <http://www.gnu.org/licenses/>. 15*/ 16 17/* The SURF random number generator was taken from djbdns-1.05, by 18 Daniel J Bernstein, which is public domain. */ 19 20 21#include "dnsmasq.h" 22 23#ifdef HAVE_BROKEN_RTC 24#include <sys/times.h> 25#endif 26 27#if defined(LOCALEDIR) || defined(HAVE_IDN) 28#include <idna.h> 29#endif 30 31/* SURF random number generator */ 32 33static u32 seed[32]; 34static u32 in[12]; 35static u32 out[8]; 36static int outleft = 0; 37 38void rand_init() 39{ 40 int fd = open(RANDFILE, O_RDONLY); 41 42 if (fd == -1 || 43 !read_write(fd, (unsigned char *)&seed, sizeof(seed), 1) || 44 !read_write(fd, (unsigned char *)&in, sizeof(in), 1)) 45 die(_("failed to seed the random number generator: %s"), NULL, EC_MISC); 46 47 close(fd); 48} 49 50#define ROTATE(x,b) (((x) << (b)) | ((x) >> (32 - (b)))) 51#define MUSH(i,b) x = t[i] += (((x ^ seed[i]) + sum) ^ ROTATE(x,b)); 52 53static void surf(void) 54{ 55 u32 t[12]; u32 x; u32 sum = 0; 56 int r; int i; int loop; 57 58 for (i = 0;i < 12;++i) t[i] = in[i] ^ seed[12 + i]; 59 for (i = 0;i < 8;++i) out[i] = seed[24 + i]; 60 x = t[11]; 61 for (loop = 0;loop < 2;++loop) { 62 for (r = 0;r < 16;++r) { 63 sum += 0x9e3779b9; 64 MUSH(0,5) MUSH(1,7) MUSH(2,9) MUSH(3,13) 65 MUSH(4,5) MUSH(5,7) MUSH(6,9) MUSH(7,13) 66 MUSH(8,5) MUSH(9,7) MUSH(10,9) MUSH(11,13) 67 } 68 for (i = 0;i < 8;++i) out[i] ^= t[i + 4]; 69 } 70} 71 72unsigned short rand16(void) 73{ 74 if (!outleft) 75 { 76 if (!++in[0]) if (!++in[1]) if (!++in[2]) ++in[3]; 77 surf(); 78 outleft = 8; 79 } 80 81 return (unsigned short) out[--outleft]; 82} 83 84u32 rand32(void) 85{ 86 if (!outleft) 87 { 88 if (!++in[0]) if (!++in[1]) if (!++in[2]) ++in[3]; 89 surf(); 90 outleft = 8; 91 } 92 93 return out[--outleft]; 94} 95 96u64 rand64(void) 97{ 98 static int outleft = 0; 99 100 if (outleft < 2) 101 { 102 if (!++in[0]) if (!++in[1]) if (!++in[2]) ++in[3]; 103 surf(); 104 outleft = 8; 105 } 106 107 outleft -= 2; 108 109 return (u64)out[outleft+1] + (((u64)out[outleft]) << 32); 110} 111 112static int check_name(char *in) 113{ 114 /* remove trailing . 115 also fail empty string and label > 63 chars */ 116 size_t dotgap = 0, l = strlen(in); 117 char c; 118 int nowhite = 0; 119 120 if (l == 0 || l > MAXDNAME) return 0; 121 122 if (in[l-1] == '.') 123 { 124 in[l-1] = 0; 125 nowhite = 1; 126 } 127 128 for (; (c = *in); in++) 129 { 130 if (c == '.') 131 dotgap = 0; 132 else if (++dotgap > MAXLABEL) 133 return 0; 134 else if (isascii((unsigned char)c) && iscntrl((unsigned char)c)) 135 /* iscntrl only gives expected results for ascii */ 136 return 0; 137#if !defined(LOCALEDIR) && !defined(HAVE_IDN) 138 else if (!isascii((unsigned char)c)) 139 return 0; 140#endif 141 else if (c != ' ') 142 nowhite = 1; 143 } 144 145 if (!nowhite) 146 return 0; 147 148 return 1; 149} 150 151/* Hostnames have a more limited valid charset than domain names 152 so check for legal char a-z A-Z 0-9 - _ 153 Note that this may receive a FQDN, so only check the first label 154 for the tighter criteria. */ 155int legal_hostname(char *name) 156{ 157 char c, *at; 158 int first; 159 160 if (!check_name(name)) 161 return 0; 162 163 at = strchr(name, '@'); 164 165 for (first = 1; (c = *name); name++, first = 0) 166 /* check for legal char a-z A-Z 0-9 - _ . */ 167 { 168 if ((c >= 'A' && c <= 'Z') || 169 (c >= 'a' && c <= 'z') || 170 (c >= '0' && c <= '9')) 171 continue; 172 173 if (!first && (c == '-' || c == '_')) 174 continue; 175 176 /* relax name part */ 177 if (at && (name <= at) && (c >= 33) && (c < 127)) 178 continue; 179 180 /* end of hostname part */ 181 if (c == '.') 182 return 1; 183 184 return 0; 185 } 186 187 return 1; 188} 189 190char *canonicalise(char *in, int *nomem) 191{ 192 char *ret = NULL; 193#if defined(LOCALEDIR) || defined(HAVE_IDN) 194 int rc; 195#endif 196 197 if (nomem) 198 *nomem = 0; 199 200 if (!check_name(in)) 201 return NULL; 202 203#if defined(LOCALEDIR) || defined(HAVE_IDN) 204 if ((rc = idna_to_ascii_lz(in, &ret, 0)) != IDNA_SUCCESS) 205 { 206 if (ret) 207 free(ret); 208 209 if (nomem && (rc == IDNA_MALLOC_ERROR || rc == IDNA_DLOPEN_ERROR)) 210 { 211 my_syslog(LOG_ERR, _("failed to allocate memory")); 212 *nomem = 1; 213 } 214 215 return NULL; 216 } 217#else 218 if ((ret = whine_malloc(strlen(in)+1))) 219 strcpy(ret, in); 220 else if (nomem) 221 *nomem = 1; 222#endif 223 224 return ret; 225} 226 227unsigned char *do_rfc1035_name(unsigned char *p, char *sval) 228{ 229 int j; 230 231 while (sval && *sval) 232 { 233 unsigned char *cp = p++; 234 for (j = 0; *sval && (*sval != '.'); sval++, j++) 235 { 236#ifdef HAVE_DNSSEC 237 if (option_bool(OPT_DNSSEC_VALID) && *sval == NAME_ESCAPE) 238 *p++ = (*(++sval))-1; 239 else 240#endif 241 *p++ = *sval; 242 } 243 *cp = j; 244 if (*sval) 245 sval++; 246 } 247 return p; 248} 249 250/* for use during startup */ 251void *safe_malloc(size_t size) 252{ 253 void *ret = malloc(size); 254 255 if (!ret) 256 die(_("could not get memory"), NULL, EC_NOMEM); 257 258 return ret; 259} 260 261void safe_pipe(int *fd, int read_noblock) 262{ 263 if (pipe(fd) == -1 || 264 !fix_fd(fd[1]) || 265 (read_noblock && !fix_fd(fd[0]))) 266 die(_("cannot create pipe: %s"), NULL, EC_MISC); 267} 268 269void *whine_malloc(size_t size) 270{ 271 void *ret = malloc(size); 272 273 if (!ret) 274 my_syslog(LOG_ERR, _("failed to allocate %d bytes"), (int) size); 275 276 return ret; 277} 278 279int sockaddr_isequal(union mysockaddr *s1, union mysockaddr *s2) 280{ 281 if (s1->sa.sa_family == s2->sa.sa_family) 282 { 283 if (s1->sa.sa_family == AF_INET && 284 s1->in.sin_port == s2->in.sin_port && 285 s1->in.sin_addr.s_addr == s2->in.sin_addr.s_addr) 286 return 1; 287#ifdef HAVE_IPV6 288 if (s1->sa.sa_family == AF_INET6 && 289 s1->in6.sin6_port == s2->in6.sin6_port && 290 s1->in6.sin6_scope_id == s2->in6.sin6_scope_id && 291 IN6_ARE_ADDR_EQUAL(&s1->in6.sin6_addr, &s2->in6.sin6_addr)) 292 return 1; 293#endif 294 } 295 return 0; 296} 297 298int sa_len(union mysockaddr *addr) 299{ 300#ifdef HAVE_SOCKADDR_SA_LEN 301 return addr->sa.sa_len; 302#else 303#ifdef HAVE_IPV6 304 if (addr->sa.sa_family == AF_INET6) 305 return sizeof(addr->in6); 306 else 307#endif 308 return sizeof(addr->in); 309#endif 310} 311 312/* don't use strcasecmp and friends here - they may be messed up by LOCALE */ 313int hostname_isequal(const char *a, const char *b) 314{ 315 unsigned int c1, c2; 316 317 do { 318 c1 = (unsigned char) *a++; 319 c2 = (unsigned char) *b++; 320 321 if (c1 >= 'A' && c1 <= 'Z') 322 c1 += 'a' - 'A'; 323 if (c2 >= 'A' && c2 <= 'Z') 324 c2 += 'a' - 'A'; 325 326 if (c1 != c2) 327 return 0; 328 } while (c1); 329 330 return 1; 331} 332 333time_t dnsmasq_time(void) 334{ 335#ifdef HAVE_BROKEN_RTC 336 struct tms dummy; 337 static long tps = 0; 338 339 if (tps == 0) 340 tps = sysconf(_SC_CLK_TCK); 341 342 return (time_t)(times(&dummy)/tps); 343#else 344 return time(NULL); 345#endif 346} 347 348int netmask_length(struct in_addr mask) 349{ 350 int zero_count = 0; 351 352 while (0x0 == (mask.s_addr & 0x1) && zero_count < 32) 353 { 354 mask.s_addr >>= 1; 355 zero_count++; 356 } 357 358 return 32 - zero_count; 359} 360 361int is_same_net(struct in_addr a, struct in_addr b, struct in_addr mask) 362{ 363 return (a.s_addr & mask.s_addr) == (b.s_addr & mask.s_addr); 364} 365 366#ifdef HAVE_IPV6 367int is_same_net6(struct in6_addr *a, struct in6_addr *b, int prefixlen) 368{ 369 int pfbytes = prefixlen >> 3; 370 int pfbits = prefixlen & 7; 371 372 if (memcmp(&a->s6_addr, &b->s6_addr, pfbytes) != 0) 373 return 0; 374 375 if (pfbits == 0 || 376 (a->s6_addr[pfbytes] >> (8 - pfbits) == b->s6_addr[pfbytes] >> (8 - pfbits))) 377 return 1; 378 379 return 0; 380} 381 382/* return least signigicant 64 bits if IPv6 address */ 383u64 addr6part(struct in6_addr *addr) 384{ 385 int i; 386 u64 ret = 0; 387 388 for (i = 8; i < 16; i++) 389 ret = (ret << 8) + addr->s6_addr[i]; 390 391 return ret; 392} 393 394void setaddr6part(struct in6_addr *addr, u64 host) 395{ 396 int i; 397 398 for (i = 15; i >= 8; i--) 399 { 400 addr->s6_addr[i] = host; 401 host = host >> 8; 402 } 403} 404 405#endif 406 407 408/* returns port number from address */ 409int prettyprint_addr(union mysockaddr *addr, char *buf) 410{ 411 int port = 0; 412 413#ifdef HAVE_IPV6 414 if (addr->sa.sa_family == AF_INET) 415 { 416 inet_ntop(AF_INET, &addr->in.sin_addr, buf, ADDRSTRLEN); 417 port = ntohs(addr->in.sin_port); 418 } 419 else if (addr->sa.sa_family == AF_INET6) 420 { 421 char name[IF_NAMESIZE]; 422 inet_ntop(AF_INET6, &addr->in6.sin6_addr, buf, ADDRSTRLEN); 423 if (addr->in6.sin6_scope_id != 0 && 424 if_indextoname(addr->in6.sin6_scope_id, name) && 425 strlen(buf) + strlen(name) + 2 <= ADDRSTRLEN) 426 { 427 strcat(buf, "%"); 428 strcat(buf, name); 429 } 430 port = ntohs(addr->in6.sin6_port); 431 } 432#else 433 strcpy(buf, inet_ntoa(addr->in.sin_addr)); 434 port = ntohs(addr->in.sin_port); 435#endif 436 437 return port; 438} 439 440void prettyprint_time(char *buf, unsigned int t) 441{ 442 if (t == 0xffffffff) 443 sprintf(buf, _("infinite")); 444 else 445 { 446 unsigned int x, p = 0; 447 if ((x = t/86400)) 448 p += sprintf(&buf[p], "%dd", x); 449 if ((x = (t/3600)%24)) 450 p += sprintf(&buf[p], "%dh", x); 451 if ((x = (t/60)%60)) 452 p += sprintf(&buf[p], "%dm", x); 453 if ((x = t%60)) 454 p += sprintf(&buf[p], "%ds", x); 455 } 456} 457 458 459/* in may equal out, when maxlen may be -1 (No max len). 460 Return -1 for extraneous no-hex chars found. */ 461int parse_hex(char *in, unsigned char *out, int maxlen, 462 unsigned int *wildcard_mask, int *mac_type) 463{ 464 int mask = 0, i = 0; 465 char *r; 466 467 if (mac_type) 468 *mac_type = 0; 469 470 while (maxlen == -1 || i < maxlen) 471 { 472 for (r = in; *r != 0 && *r != ':' && *r != '-' && *r != ' '; r++) 473 if (*r != '*' && !isxdigit((unsigned char)*r)) 474 return -1; 475 476 if (*r == 0) 477 maxlen = i; 478 479 if (r != in ) 480 { 481 if (*r == '-' && i == 0 && mac_type) 482 { 483 *r = 0; 484 *mac_type = strtol(in, NULL, 16); 485 mac_type = NULL; 486 } 487 else 488 { 489 *r = 0; 490 if (strcmp(in, "*") == 0) 491 { 492 mask = (mask << 1) | 1; 493 i++; 494 } 495 else 496 { 497 int j, bytes = (1 + (r - in))/2; 498 for (j = 0; j < bytes; j++) 499 { 500 char sav = sav; 501 if (j < bytes - 1) 502 { 503 sav = in[(j+1)*2]; 504 in[(j+1)*2] = 0; 505 } 506 out[i] = strtol(&in[j*2], NULL, 16); 507 mask = mask << 1; 508 i++; 509 if (j < bytes - 1) 510 in[(j+1)*2] = sav; 511 } 512 } 513 } 514 } 515 in = r+1; 516 } 517 518 if (wildcard_mask) 519 *wildcard_mask = mask; 520 521 return i; 522} 523 524/* return 0 for no match, or (no matched octets) + 1 */ 525int memcmp_masked(unsigned char *a, unsigned char *b, int len, unsigned int mask) 526{ 527 int i, count; 528 for (count = 1, i = len - 1; i >= 0; i--, mask = mask >> 1) 529 if (!(mask & 1)) 530 { 531 if (a[i] == b[i]) 532 count++; 533 else 534 return 0; 535 } 536 return count; 537} 538 539/* _note_ may copy buffer */ 540int expand_buf(struct iovec *iov, size_t size) 541{ 542 void *new; 543 544 if (size <= (size_t)iov->iov_len) 545 return 1; 546 547 if (!(new = whine_malloc(size))) 548 { 549 errno = ENOMEM; 550 return 0; 551 } 552 553 if (iov->iov_base) 554 { 555 memcpy(new, iov->iov_base, iov->iov_len); 556 free(iov->iov_base); 557 } 558 559 iov->iov_base = new; 560 iov->iov_len = size; 561 562 return 1; 563} 564 565char *print_mac(char *buff, unsigned char *mac, int len) 566{ 567 char *p = buff; 568 int i; 569 570 if (len == 0) 571 sprintf(p, "<null>"); 572 else 573 for (i = 0; i < len; i++) 574 p += sprintf(p, "%.2x%s", mac[i], (i == len - 1) ? "" : ":"); 575 576 return buff; 577} 578 579/* rc is return from sendto and friends. 580 Return 1 if we should retry. 581 Set errno to zero if we succeeded. */ 582int retry_send(ssize_t rc) 583{ 584 static int retries = 0; 585 struct timespec waiter; 586 587 if (rc != -1) 588 { 589 retries = 0; 590 errno = 0; 591 return 0; 592 } 593 594 /* Linux kernels can return EAGAIN in perpetuity when calling 595 sendmsg() and the relevant interface has gone. Here we loop 596 retrying in EAGAIN for 1 second max, to avoid this hanging 597 dnsmasq. */ 598 599 if (errno == EAGAIN || errno == EWOULDBLOCK) 600 { 601 waiter.tv_sec = 0; 602 waiter.tv_nsec = 10000; 603 nanosleep(&waiter, NULL); 604 if (retries++ < 1000) 605 return 1; 606 } 607 608 retries = 0; 609 610 if (errno == EINTR) 611 return 1; 612 613 return 0; 614} 615 616int read_write(int fd, unsigned char *packet, int size, int rw) 617{ 618 ssize_t n, done; 619 620 for (done = 0; done < size; done += n) 621 { 622 do { 623 if (rw) 624 n = read(fd, &packet[done], (size_t)(size - done)); 625 else 626 n = write(fd, &packet[done], (size_t)(size - done)); 627 628 if (n == 0) 629 return 0; 630 631 } while (retry_send(n) || errno == ENOMEM || errno == ENOBUFS); 632 633 if (errno != 0) 634 return 0; 635 } 636 637 return 1; 638} 639 640/* Basically match a string value against a wildcard pattern. */ 641int wildcard_match(const char* wildcard, const char* match) 642{ 643 while (*wildcard && *match) 644 { 645 if (*wildcard == '*') 646 return 1; 647 648 if (*wildcard != *match) 649 return 0; 650 651 ++wildcard; 652 ++match; 653 } 654 655 return *wildcard == *match; 656} 657 658/* The same but comparing a maximum of NUM characters, like strncmp. */ 659int wildcard_matchn(const char* wildcard, const char* match, int num) 660{ 661 while (*wildcard && *match && num) 662 { 663 if (*wildcard == '*') 664 return 1; 665 666 if (*wildcard != *match) 667 return 0; 668 669 ++wildcard; 670 ++match; 671 --num; 672 } 673 674 return (!num) || (*wildcard == *match); 675} 676