new file mode 100644

@@ -0,0 +1,2134 @@

+From e14a27723cc3a154d67f3f26e719d08c0ba9ad25 Mon Sep 17 00:00:00 2001

+From: Florian Weimer <fweimer@redhat.com>

+Date: Thu, 13 Apr 2017 13:09:38 +0200

+Subject: [PATCH 1/1] resolv: Reduce EDNS payload size to 1200 bytes [BZ

+ #21361]

+

+This hardens the stub resolver against fragmentation-based attacks.

+---

+ ChangeLog                |  21 ++

+ NEWS                     |   3 +-

+ include/resolv.h         |   3 -

+ resolv/Makefile          |   2 +

+ resolv/res_mkquery.c     |  28 ++-

+ resolv/res_query.c       |  23 ++-

+ resolv/resolv-internal.h |  18 ++

+ resolv/tst-resolv-edns.c | 501 +++++++++++++++++++++++++++++++++++++++++++++++

+ support/resolv_test.c    |  56 +++++-

+ support/resolv_test.h    |  11 ++

+ 10 files changed, 652 insertions(+), 14 deletions(-)

+ create mode 100644 resolv/tst-resolv-edns.c

+

+diff --git a/include/resolv.h b/include/resolv.h

+index 95dcd3c..e8f477c 100644

+--- a/include/resolv.h

+@@ -38,8 +38,6 @@

+ extern int res_ourserver_p (const res_state __statp,

+ 			    const struct sockaddr_in6 *__inp);

+ extern void __res_iclose (res_state statp, bool free_addr);

+-extern int __res_nopt(res_state statp, int n0, u_char *buf, int buflen,

+-		      int anslen);

+ libc_hidden_proto (__res_ninit)

+ libc_hidden_proto (__res_maybe_init)

+ libc_hidden_proto (__res_nclose)

+@@ -91,7 +89,6 @@ libresolv_hidden_proto (__res_nameinquery)

+ libresolv_hidden_proto (__res_queriesmatch)

+ libresolv_hidden_proto (__res_nsend)

+ libresolv_hidden_proto (__b64_ntop)

+-libresolv_hidden_proto (__res_nopt)

+ libresolv_hidden_proto (__dn_count_labels)

+ libresolv_hidden_proto (__p_secstodate)

+ 

+diff --git a/resolv/Makefile b/resolv/Makefile

+index c69b24b..d41fd46 100644

+--- a/resolv/Makefile

+@@ -39,7 +39,9 @@

+ ifeq ($(have-thread-library),yes)

+ extra-libs += libanl

+ routines += gai_sigqueue

+-tests += tst-res_hconf_reorder

++tests += \

++  tst-res_hconf_reorder \

++  tst-resolv-edns

+ 

+ # This test sends millions of packets and is rather slow.

+ xtests += tst-resolv-qtypes

+@@ -124,3 +126,4 @@

+ 	$(evaluate-test)

+ 

+ $(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library)

++$(objpfx)tst-resolv-edns: $(objpfx)libresolv.so $(shared-thread-library)

+diff --git a/resolv/res_mkquery.c b/resolv/res_mkquery.c

+index 4532b58..8279d15 100644

+--- a/resolv/res_mkquery.c

+@@ -69,7 +69,7 @@

+ #include <netinet/in.h>

+ #include <arpa/nameser.h>

+ #include <netdb.h>

+-#include <resolv.h>

++#include <resolv/resolv-internal.h>

+ #include <stdio.h>

+ #include <string.h>

+ #include <sys/time.h>

+@@ -225,7 +225,30 @@ __res_nopt(res_state statp,

+ 	*cp++ = 0;	/* "." */

+ 

+ 	NS_PUT16(T_OPT, cp);	/* TYPE */

+-	NS_PUT16(MIN(anslen, 0xffff), cp);	/* CLASS = UDP payload size */

++

++	/* Lowering the advertised buffer size based on the actual

++	   answer buffer size is desirable because the server will

++	   minimize the reply to fit into the UDP packet (and A

++	   non-minimal response might not fit the buffer).

++

++	   The RESOLV_EDNS_BUFFER_SIZE limit could still result in TCP

++	   fallback and a non-minimal response which has to be

++	   hard-truncated in the stub resolver, but this is price to

++	   pay for avoiding fragmentation.  (This issue does not

++	   affect the nss_dns functions because they use the stub

++	   resolver in such a way that it allocates a properly sized

++	   response buffer.)  */

++	{

++	  uint16_t buffer_size;

++	  if (anslen < 512)

++	    buffer_size = 512;

++	  else if (anslen > RESOLV_EDNS_BUFFER_SIZE)

++	    buffer_size = RESOLV_EDNS_BUFFER_SIZE;

++	  else

++	    buffer_size = anslen;

++	  NS_PUT16 (buffer_size, cp);

++	}

++

+ 	*cp++ = NOERROR;	/* extended RCODE */

+ 	*cp++ = 0;		/* EDNS version */

+ 

+@@ -243,4 +266,3 @@ __res_nopt(res_state statp,

+ 

+ 	return cp - buf;

+ }

+-libresolv_hidden_def (__res_nopt)

+diff --git a/resolv/res_query.c b/resolv/res_query.c

+index 6f3eada..c3ebcbf 100644

+--- a/resolv/res_query.c

+@@ -78,6 +78,7 @@

+ #include <stdio.h>

+ #include <stdlib.h>

+ #include <string.h>

++#include <resolv/resolv-internal.h>

+ 

+ /* Options.  Leave them on. */

+ /* #undef DEBUG */

+@@ -147,7 +148,10 @@ __libc_res_nquery(res_state statp,

+ 		if ((oflags & RES_F_EDNS0ERR) == 0

+ 		    && (statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC)) != 0)

+ 		  {

+-		    n = __res_nopt(statp, n, query1, bufsize, anslen / 2);

++		    /* Use RESOLV_EDNS_BUFFER_SIZE because the receive

++		       buffer can be reallocated.  */

++		    n = __res_nopt (statp, n, query1, bufsize,

++				    RESOLV_EDNS_BUFFER_SIZE);

+ 		    if (n < 0)

+ 		      goto unspec_nomem;

+ 		  }

+@@ -168,8 +172,10 @@ __libc_res_nquery(res_state statp,

+ 		if (n > 0

+ 		    && (oflags & RES_F_EDNS0ERR) == 0

+ 		    && (statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC)) != 0)

+-		  n = __res_nopt(statp, n, query2, bufsize - nused - n,

+-				 anslen / 2);

++		  /* Use RESOLV_EDNS_BUFFER_SIZE because the receive

++		     buffer can be reallocated.  */

++		  n = __res_nopt (statp, n, query2, bufsize,

++				  RESOLV_EDNS_BUFFER_SIZE);

+ 		nquery2 = n;

+ 	      }

+ 

+@@ -183,7 +189,16 @@ __libc_res_nquery(res_state statp,

+ 	    if (n > 0

+ 		&& (oflags & RES_F_EDNS0ERR) == 0

+ 		&& (statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC)) != 0)

+-	      n = __res_nopt(statp, n, query1, bufsize, anslen);

++	      {

++		/* Use RESOLV_EDNS_BUFFER_SIZE if the receive buffer

++		   can be reallocated.  */

++		size_t advertise;

++		if (answerp == NULL)

++		  advertise = anslen;

++		else

++		  advertise = RESOLV_EDNS_BUFFER_SIZE;

++		n = __res_nopt (statp, n, query1, bufsize, advertise);

++	      }

+ 

+ 	    nquery1 = n;

+ 	  }

+diff --git a/resolv/resolv-internal.h b/resolv/resolv-internal.h

+new file mode 100644

+index d35df1c..0d69ce1

+--- /dev/null

+@@ -0,0 +1,59 @@

++/* libresolv interfaces for internal use across glibc.

++   Copyright (C) 2016-2017 Free Software Foundation, Inc.

++   This file is part of the GNU C Library.

++

++   The GNU C Library is free software; you can redistribute it and/or

++   modify it under the terms of the GNU Lesser General Public

++   License as published by the Free Software Foundation; either

++   version 2.1 of the License, or (at your option) any later version.

++

++   The GNU C Library is distributed in the hope that it will be useful,

++   but WITHOUT ANY WARRANTY; without even the implied warranty of

++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

++   Lesser General Public License for more details.

++

++   You should have received a copy of the GNU Lesser General Public

++   License along with the GNU C Library; if not, see

++   <http://www.gnu.org/licenses/>.  */

++

++#ifndef _RESOLV_INTERNAL_H

++#define _RESOLV_INTERNAL_H 1

++

++#include <resolv.h>

++#include <stdbool.h>

++

++/* Resolver flags.  Used for _flags in struct __res_state.  */

++#define RES_F_VC        0x00000001 /* Socket is TCP.  */

++#define RES_F_CONN      0x00000002 /* Socket is connected.  */

++#define RES_F_EDNS0ERR  0x00000004 /* EDNS0 caused errors.  */

++

++

++/* Internal version of RES_USE_INET6 which does not trigger a

++   deprecation warning.  */

++#define DEPRECATED_RES_USE_INET6 0x00002000

++

++static inline bool

++res_use_inet6 (void)

++{

++  return _res.options & DEPRECATED_RES_USE_INET6;

++}

++

++enum

++  {

++    /* The advertized EDNS buffer size.  The value 1200 is derived

++       from the IPv6 minimum MTU (1280 bytes) minus some arbitrary

++       space for tunneling overhead.  If the DNS server does not react

++       to ICMP Fragmentation Needed But DF Set messages, this should

++       avoid all UDP fragments on current networks.  Avoiding UDP

++       fragments is desirable because it prevents fragmentation-based

++       spoofing attacks because the randomness in a DNS packet is

++       concentrated in the first fragment (with the headers) and does

++       not protect subsequent fragments.  */

++    RESOLV_EDNS_BUFFER_SIZE = 1200,

++  };

++

++/* Add an OPT record to a DNS query.  */

++int __res_nopt (res_state, int n0, unsigned char *buf, int buflen,

++                int anslen) attribute_hidden;

++

++#endif  /* _RESOLV_INTERNAL_H */

+diff --git a/resolv/tst-resolv-edns.c b/resolv/tst-resolv-edns.c

+new file mode 100644

+index 0000000..f17dbc3

+--- /dev/null

+@@ -0,0 +1,501 @@

++/* Test EDNS handling in the stub resolver.

++   Copyright (C) 2016-2017 Free Software Foundation, Inc.

++   This file is part of the GNU C Library.

++

++   The GNU C Library is free software; you can redistribute it and/or

++   modify it under the terms of the GNU Lesser General Public

++   License as published by the Free Software Foundation; either

++   version 2.1 of the License, or (at your option) any later version.

++

++   The GNU C Library is distributed in the hope that it will be useful,

++   but WITHOUT ANY WARRANTY; without even the implied warranty of

++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

++   Lesser General Public License for more details.

++

++   You should have received a copy of the GNU Lesser General Public

++   License along with the GNU C Library; if not, see

++   <http://www.gnu.org/licenses/>.  */

++

++#include <errno.h>

++#include <netdb.h>

++#include <stdio.h>

++#include <stdlib.h>

++#include <string.h>

++#include <support/check.h>

++#include <support/resolv_test.h>

++#include <support/support.h>

++#include <support/test-driver.h>

++#include <support/xthread.h>

++

++/* Data produced by a test query.  */

++struct response_data

++{

++  char *qname;

++  uint16_t qtype;

++  struct resolv_edns_info edns;

++};

++

++/* Global array used by put_response and get_response to record

++   response data.  The test DNS server returns the index of the array

++   element which contains the actual response data.  This enables the

++   test case to return arbitrary amounts of data with the limited

++   number of bits which fit into an IP addres.

++

++   The volatile specifier is needed because the test case accesses

++   these variables from a callback function called from a function

++   which is marked as __THROW (i.e., a leaf function which actually is

++   not).  */

++static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;

++static struct response_data ** volatile response_data_array;

++volatile static size_t response_data_count;

++

++/* Extract information from the query, store it in a struct

++   response_data object, and return its index in the

++   response_data_array.  */

++static unsigned int

++put_response (const struct resolv_response_context *ctx,

++                 const char *qname, uint16_t qtype)

++{

++  xpthread_mutex_lock (&mutex);

++  ++response_data_count;

++  /* We only can represent 2**24 indexes in 10.0.0.0/8.  */

++  TEST_VERIFY (response_data_count < (1 << 24));

++  response_data_array = xrealloc

++    (response_data_array, sizeof (*response_data_array) * response_data_count);

++  unsigned int index = response_data_count - 1;

++  struct response_data *data = xmalloc (sizeof (*data));

++  *data = (struct response_data)

++    {

++      .qname = xstrdup (qname),

++      .qtype = qtype,

++      .edns = ctx->edns,

++    };

++  response_data_array[index] = data;

++  xpthread_mutex_unlock (&mutex);

++  return index;

++}

++

++/* Verify the index into the response_data array and return the data

++   at it.  */

++static struct response_data *

++get_response (unsigned int index)

++{

++  xpthread_mutex_lock (&mutex);

++  TEST_VERIFY_EXIT (index < response_data_count);

++  struct response_data *result = response_data_array[index];

++  xpthread_mutex_unlock (&mutex);

++  return result;

++}

++

++/* Deallocate all response data.  */

++static void

++free_response_data (void)

++{

++  xpthread_mutex_lock (&mutex);

++  size_t count = response_data_count;

++  struct response_data **array = response_data_array;

++  for (unsigned int i = 0; i < count; ++i)

++    {

++      struct response_data *data = array[i];

++      free (data->qname);

++      free (data);

++    }

++  free (array);

++  response_data_array = NULL;

++  response_data_count = 0;

++  xpthread_mutex_unlock (&mutex);

++}

++

++#define EDNS_PROBE_EXAMPLE "edns-probe.example"

++

++static void

++response (const struct resolv_response_context *ctx,

++          struct resolv_response_builder *b,

++          const char *qname, uint16_t qclass, uint16_t qtype)

++{

++  TEST_VERIFY_EXIT (qname != NULL);

++

++  /* The "tcp." prefix can be used to request TCP fallback.  */

++  const char *qname_compare = qname;

++  bool force_tcp;

++  if (strncmp ("tcp.", qname_compare, strlen ("tcp.")) == 0)

++    {

++      force_tcp = true;

++      qname_compare += strlen ("tcp.");

++    }

++  else

++    force_tcp = false;

++

++  enum {edns_probe} requested_qname;

++  if (strcmp (qname_compare, EDNS_PROBE_EXAMPLE) == 0)

++    requested_qname = edns_probe;

++  else

++    {

++      support_record_failure ();

++      printf ("error: unexpected QNAME: %s\n", qname);

++      return;

++    }

++  TEST_VERIFY_EXIT (qclass == C_IN);

++  struct resolv_response_flags flags = {.tc = force_tcp && !ctx->tcp};

++  resolv_response_init (b, flags);

++  resolv_response_add_question (b, qname, qclass, qtype);

++  if (flags.tc)

++    return;

++

++  if (test_verbose)

++    printf ("info: edns=%d payload_size=%d\n",

++            ctx->edns.active, ctx->edns.payload_size);

++

++  /* Encode the response_data object in multiple address records.

++     Each record carries two bytes of payload data, and an index.  */

++  resolv_response_section (b, ns_s_an);

++  switch (requested_qname)

++    {

++    case edns_probe:

++      {

++        unsigned int index = put_response (ctx, qname, qtype);

++        switch (qtype)

++          {

++          case T_A:

++            {

++              uint32_t addr = htonl (0x0a000000 | index);

++              resolv_response_open_record (b, qname, qclass, qtype, 0);

++              resolv_response_add_data (b, &addr, sizeof (addr));

++              resolv_response_close_record (b);

++            }

++            break;

++          case T_AAAA:

++            {

++              char addr[16]

++                = {0x20, 0x01, 0xd, 0xb8, 0, 0, 0, 0, 0, 0, 0, 0, 0,

++                   index >> 16, index >> 8, index};

++              resolv_response_open_record (b, qname, qclass, qtype, 0);

++              resolv_response_add_data (b, &addr, sizeof (addr));

++              resolv_response_close_record (b);

++            }

++          }

++      }

++      break;

++    }

++}

++

++/* Update *DATA with data from ADDRESS of SIZE.  Set the corresponding

++   flag in SHADOW for each byte written.  */

++static struct response_data *

++decode_address (const void *address, size_t size)

++{

++  switch (size)

++    {

++    case 4:

++      TEST_VERIFY (memcmp (address, "\x0a", 1) == 0);

++      break;

++    case 16:

++      TEST_VERIFY (memcmp (address, "\x20\x01\x0d\xb8", 4) == 0);

++      break;

++    default:

++      FAIL_EXIT1 ("unexpected address size %zu", size);

++    }

++  const unsigned char *addr = address;

++  unsigned int index = addr[size - 3] * 256 * 256

++    + addr[size - 2] * 256

++    + addr[size - 1];

++  return get_response (index);

++}

++

++static struct response_data *

++decode_hostent (struct hostent *e)

++{

++  TEST_VERIFY_EXIT (e != NULL);

++  TEST_VERIFY_EXIT (e->h_addr_list[0] != NULL);

++  TEST_VERIFY (e->h_addr_list[1] == NULL);

++  return decode_address (e->h_addr_list[0], e->h_length);

++}

++

++static struct response_data *

++decode_addrinfo (struct addrinfo *ai, int family)

++{

++  struct response_data *data = NULL;

++  while (ai != NULL)

++    {

++      if (ai->ai_family == family)

++        {

++          struct response_data *new_data;

++          switch (family)

++            {

++            case AF_INET:

++              {

++                struct sockaddr_in *pin = (struct sockaddr_in *) ai->ai_addr;

++                new_data = decode_address (&pin->sin_addr.s_addr, 4);

++              }

++              break;

++            case AF_INET6:

++              {

++                struct sockaddr_in6 *pin = (struct sockaddr_in6 *) ai->ai_addr;

++                new_data = decode_address (&pin->sin6_addr.s6_addr, 16);

++              }

++              break;

++            default:

++              FAIL_EXIT1 ("invalid address family %d", ai->ai_family);

++            }

++          if (data == NULL)

++            data = new_data;

++          else

++            /* Check pointer equality because this should be the same

++               response (same index).  */

++            TEST_VERIFY (data == new_data);

++        }

++      ai = ai->ai_next;

++    }

++  TEST_VERIFY_EXIT (data != NULL);

++  return data;

++}

++

++/* Updated by the main test loop in accordance with what is set in

++   _res.options.  */

++static bool use_edns;

++static bool use_dnssec;

++

++/* Verify the decoded response data against the flags above.  */

++static void

++verify_response_data_payload (struct response_data *data,

++                              size_t expected_payload)

++{

++  bool edns = use_edns || use_dnssec;

++  TEST_VERIFY (data->edns.active == edns);

++  if (!edns)

++    expected_payload = 0;

++  if (data->edns.payload_size != expected_payload)

++    {

++      support_record_failure ();

++      printf ("error: unexpected payload size %d (edns=%d)\n",

++              (int) data->edns.payload_size, edns);

++    }

++  uint16_t expected_flags = 0;

++  if (use_dnssec)

++    expected_flags |= 0x8000;   /* DO flag.  */

++  if (data->edns.flags != expected_flags)

++    {

++      support_record_failure ();

++      printf ("error: unexpected EDNS flags 0x%04x (edns=%d)\n",

++              (int) data->edns.flags, edns);

++    }

++}

++

++/* Same as verify_response_data_payload, but use the default

++   payload.  */

++static void

++verify_response_data (struct response_data *data)

++{

++  verify_response_data_payload (data, 1200);

++}

++

++static void

++check_hostent (struct hostent *e)

++{

++  TEST_VERIFY_EXIT (e != NULL);

++  verify_response_data (decode_hostent (e));

++}

++

++static void

++do_ai (int family)

++{

++  struct addrinfo hints = { .ai_family = family };

++  struct addrinfo *ai;

++  int ret = getaddrinfo (EDNS_PROBE_EXAMPLE, "80", &hints, &ai);

++  TEST_VERIFY_EXIT (ret == 0);

++  switch (family)

++    {

++    case AF_INET:

++    case AF_INET6:

++      verify_response_data (decode_addrinfo (ai, family));

++      break;

++    case AF_UNSPEC:

++      verify_response_data (decode_addrinfo (ai, AF_INET));

++      verify_response_data (decode_addrinfo (ai, AF_INET6));

++      break;

++    default:

++      FAIL_EXIT1 ("invalid address family %d", family);

++    }

++  freeaddrinfo (ai);

++}

++

++enum res_op

++{

++  res_op_search,

++  res_op_query,

++  res_op_querydomain,

++  res_op_nsearch,

++  res_op_nquery,

++  res_op_nquerydomain,

++

++  res_op_last = res_op_nquerydomain,

++};

++

++static const char *

++res_op_string (enum res_op op)

++{

++  switch (op)

++    {

++      case res_op_search:

++        return "res_search";

++      case res_op_query:

++        return "res_query";

++      case res_op_querydomain:

++        return "res_querydomain";

++      case res_op_nsearch:

++        return "res_nsearch";

++      case res_op_nquery:

++        return "res_nquery";

++      case res_op_nquerydomain:

++        return "res_nquerydomain";

++    }

++  FAIL_EXIT1 ("invalid res_op value %d", (int) op);

++}

++

++/* Call libresolv function OP to look up PROBE_NAME, with an answer

++   buffer of SIZE bytes.  Check that the advertised UDP buffer size is

++   in fact EXPECTED_BUFFER_SIZE.  */

++static void

++do_res_search (const char *probe_name, enum res_op op, size_t size,

++               size_t expected_buffer_size)

++{

++  if (test_verbose)

++    printf ("info: testing %s with buffer size %zu\n",

++            res_op_string (op), size);

++  unsigned char *buffer = xmalloc (size);

++  int ret = -1;

++  switch (op)

++    {

++    case res_op_search:

++      ret = res_search (probe_name, C_IN, T_A, buffer, size);

++      break;

++    case res_op_query:

++      ret = res_query (probe_name, C_IN, T_A, buffer, size);

++      break;

++    case res_op_nsearch:

++      ret = res_nsearch (&_res, probe_name, C_IN, T_A, buffer, size);

++      break;

++    case res_op_nquery:

++      ret = res_nquery (&_res, probe_name, C_IN, T_A, buffer, size);

++      break;

++    case res_op_querydomain:

++    case res_op_nquerydomain:

++      {

++        char *example_stripped = xstrdup (probe_name);

++        char *dot_example = strstr (example_stripped, ".example");

++        if (dot_example != NULL && strcmp (dot_example, ".example") == 0)

++          {

++            /* Truncate the domain name.  */

++            *dot_example = '\0';

++            if (op == res_op_querydomain)

++              ret = res_querydomain

++              (example_stripped, "example", C_IN, T_A, buffer, size);

++            else

++              ret = res_nquerydomain

++                (&_res, example_stripped, "example", C_IN, T_A, buffer, size);

++          }

++        else

++          FAIL_EXIT1 ("invalid probe name: %s", probe_name);

++        free (example_stripped);

++      }

++      break;

++    }

++  TEST_VERIFY_EXIT (ret > 12);

++  unsigned char *end = buffer + ret;

++

++  HEADER *hd = (HEADER *) buffer;

++  TEST_VERIFY (ntohs (hd->qdcount) == 1);

++  TEST_VERIFY (ntohs (hd->ancount) == 1);

++  /* Skip over the header.  */

++  unsigned char *p = buffer + sizeof (*hd);

++  /* Skip over the question.  */

++  ret = dn_skipname (p, end);

++  TEST_VERIFY_EXIT (ret > 0);

++  p += ret;

++  TEST_VERIFY_EXIT (end - p >= 4);

++  p += 4;

++  /* Skip over the RNAME and the RR header, but stop at the RDATA

++     length.  */

++  ret = dn_skipname (p, end);

++  TEST_VERIFY_EXIT (ret > 0);

++  p += ret;

++  TEST_VERIFY_EXIT (end - p >= 2 + 2 + 4 + 2 + 4);

++  p += 2 + 2 + 4;

++  /* The IP address should be 4 bytes long.  */

++  TEST_VERIFY_EXIT (p[0] == 0);

++  TEST_VERIFY_EXIT (p[1] == 4);

++  /* Extract the address information.   */

++  p += 2;

++  struct response_data *data = decode_address (p, 4);

++

++  verify_response_data_payload (data, expected_buffer_size);

++

++  free (buffer);

++}

++

++static void

++run_test (const char *probe_name)

++{

++  if (test_verbose)

++    printf ("\ninfo: * use_edns=%d use_dnssec=%d\n",

++            use_edns, use_dnssec);

++  check_hostent (gethostbyname (probe_name));

++  check_hostent (gethostbyname2 (probe_name, AF_INET));

++  check_hostent (gethostbyname2 (probe_name, AF_INET6));

++  do_ai (AF_UNSPEC);

++  do_ai (AF_INET);

++  do_ai (AF_INET6);

++

++  for (int op = 0; op <= res_op_last; ++op)

++    {

++      do_res_search (probe_name, op, 301, 512);

++      do_res_search (probe_name, op, 511, 512);

++      do_res_search (probe_name, op, 512, 512);

++      do_res_search (probe_name, op, 513, 513);

++      do_res_search (probe_name, op, 657, 657);

++      do_res_search (probe_name, op, 1199, 1199);

++      do_res_search (probe_name, op, 1200, 1200);

++      do_res_search (probe_name, op, 1201, 1200);

++      do_res_search (probe_name, op, 65535, 1200);

++    }

++}

++

++static int

++do_test (void)

++{

++  for (int do_edns = 0; do_edns < 2; ++do_edns)

++    for (int do_dnssec = 0; do_dnssec < 2; ++do_dnssec)

++      for (int do_tcp = 0; do_tcp < 2; ++do_tcp)

++        {

++          struct resolv_test *aux = resolv_test_start

++            ((struct resolv_redirect_config)

++             {

++               .response_callback = response,

++                 });

++

++          use_edns = do_edns;

++          if (do_edns)

++            _res.options |= RES_USE_EDNS0;

++          use_dnssec = do_dnssec;

++          if (do_dnssec)

++            _res.options |= RES_USE_DNSSEC;

++

++          char *probe_name = xstrdup (EDNS_PROBE_EXAMPLE);

++          if (do_tcp)

++            {

++              char *n = xasprintf ("tcp.%s", probe_name);

++              free (probe_name);

++              probe_name = n;

++            }

++

++          run_test (probe_name);

++

++          free (probe_name);

++          resolv_test_end (aux);

++        }

++

++  free_response_data ();

++  return 0;

++}

++

++#include <support/test-driver.c>

+diff --git a/support/resolv_test.c b/support/resolv_test.c

+new file mode 100644

+index 49ed210..5c5a463

+--- /dev/null

+@@ -0,0 +1,1201 @@

++/* DNS test framework and libresolv redirection.

++   Copyright (C) 2016-2017 Free Software Foundation, Inc.

++   This file is part of the GNU C Library.

++

++   The GNU C Library is free software; you can redistribute it and/or

++   modify it under the terms of the GNU Lesser General Public

++   License as published by the Free Software Foundation; either

++   version 2.1 of the License, or (at your option) any later version.

++

++   The GNU C Library is distributed in the hope that it will be useful,

++   but WITHOUT ANY WARRANTY; without even the implied warranty of

++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

++   Lesser General Public License for more details.

++

++   You should have received a copy of the GNU Lesser General Public

++   License along with the GNU C Library; if not, see

++   <http://www.gnu.org/licenses/>.  */

++

++#include <support/resolv_test.h>

++

++#include <arpa/inet.h>

++#include <errno.h>

++#include <fcntl.h>

++#include <nss.h>

++#include <resolv.h>

++#include <search.h>

++#include <stdlib.h>

++#include <string.h>

++#include <support/check.h>

++#include <support/namespace.h>

++#include <support/support.h>

++#include <support/test-driver.h>

++#include <support/xsocket.h>

++#include <support/xthread.h>

++#include <support/xunistd.h>

++#include <unistd.h>

++

++/* Response builder.  */

++

++enum

++  {

++    max_response_length = 65536

++  };

++

++/* List of pointers to be freed.  The hash table implementation

++   (struct hsearch_data) does not provide a way to deallocate all

++   objects, so this approach is used to avoid memory leaks.  */

++struct to_be_freed

++{

++  struct to_be_freed *next;

++  void *ptr;

++};

++

++struct resolv_response_builder

++{

++  const unsigned char *query_buffer;

++  size_t query_length;

++

++  size_t offset;                /* Bytes written so far in buffer.  */

++  ns_sect section;              /* Current section in the DNS packet.  */

++  unsigned int truncate_bytes;  /* Bytes to remove at end of response. */

++  bool drop;                    /* Discard generated response.  */

++  bool close;                   /* Close TCP client connection.  */

++

++  /* Offset of the two-byte RDATA length field in the currently

++     written RDATA sub-structure.  0 if no RDATA is being written.  */

++  size_t current_rdata_offset;

++

++  /* Hash table for locating targets for label compression.  */

++  struct hsearch_data compression_offsets;

++  /* List of pointers which need to be freed.  Used for domain names

++     involved in label compression.  */

++  struct to_be_freed *to_be_freed;

++

++  /* Must be last.  Not zeroed for performance reasons.  */

++  unsigned char buffer[max_response_length];

++};

++

++/* Response builder. */

++

++/* Add a pointer to the list of pointers to be freed when B is

++   deallocated.  */

++static void

++response_push_pointer_to_free (struct resolv_response_builder *b, void *ptr)

++{

++  if (ptr == NULL)

++    return;

++  struct to_be_freed *e = xmalloc (sizeof (*e));

++  *e = (struct to_be_freed) {b->to_be_freed, ptr};

++  b->to_be_freed = e;

++}

++

++void

++resolv_response_init (struct resolv_response_builder *b,

++                      struct resolv_response_flags flags)

++{

++  if (b->offset > 0)

++    FAIL_EXIT1 ("response_init: called at offset %zu", b->offset);

++  if (b->query_length < 12)

++    FAIL_EXIT1 ("response_init called for a query of size %zu",

++                b->query_length);

++  if (flags.rcode > 15)

++    FAIL_EXIT1 ("response_init: invalid RCODE %u", flags.rcode);

++

++  /* Copy the transaction ID.  */

++  b->buffer[0] = b->query_buffer[0];

++  b->buffer[1] = b->query_buffer[1];

++

++  /* Initialize the flags.  */

++  b->buffer[2] = 0x80;                       /* Mark as response.   */

++  b->buffer[2] |= b->query_buffer[2] & 0x01; /* Copy the RD bit.  */

++  if (flags.tc)

++    b->buffer[2] |= 0x02;

++  b->buffer[3] = 0x80 | flags.rcode; /* Always set RA.  */

++

++  /* Fill in the initial section count values.  */

++  b->buffer[4] = flags.qdcount >> 8;

++  b->buffer[5] = flags.qdcount;

++  b->buffer[6] = flags.ancount >> 8;

++  b->buffer[7] = flags.ancount;

++  b->buffer[8] = flags.nscount >> 8;

++  b->buffer[9] = flags.nscount;

++  b->buffer[10] = flags.adcount >> 8;

++  b->buffer[11] = flags.adcount;

++

++  b->offset = 12;

++}

++

++void

++resolv_response_section (struct resolv_response_builder *b, ns_sect section)

++{

++  if (b->offset == 0)

++    FAIL_EXIT1 ("resolv_response_section: response_init not called before");

++  if (section < b->section)

++    FAIL_EXIT1 ("resolv_response_section: cannot go back to previous section");

++  b->section = section;

++}

++

++/* Add a single byte to B.  */

++static inline void

++response_add_byte (struct resolv_response_builder *b, unsigned char ch)

++{

++  if (b->offset == max_response_length)