X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/2bde51964df7b459f1cc6853ffa7f5466d02554f..ab61e5ff8fdbddafb2a05a3b7a427135701960d6:/src/src/dns.c diff --git a/src/src/dns.c b/src/src/dns.c index 98c44b9f2..490eb883d 100644 --- a/src/src/dns.c +++ b/src/src/dns.c @@ -515,7 +515,7 @@ if ( !h->aa || !(trusted = expand_string(dns_trust_aa)) || !*trusted || !(auth_name = dns_extract_auth_name(dnsa)) - || OK != match_isinlist(auth_name, &trusted, 0, NULL, NULL, + || OK != match_isinlist(auth_name, &trusted, 0, &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) ) return FALSE; @@ -671,13 +671,10 @@ e = previous->data.ptr; val = e->data.val; rc = e->expiry && e->expiry <= time(NULL) ? -1 : val; -DEBUG(D_dns) debug_printf("DNS lookup of %.255s-%s: %scached value %s%s\n", +DEBUG(D_dns) debug_printf("DNS lookup of %.255s (%s): %scached value %s%s\n", name, dns_text_type(type), rc == -1 ? "" : "using ", - val == DNS_NOMATCH ? "DNS_NOMATCH" : - val == DNS_NODATA ? "DNS_NODATA" : - val == DNS_AGAIN ? "DNS_AGAIN" : - val == DNS_FAIL ? "DNS_FAIL" : "??", + dns_rc_names[val], rc == -1 ? " past valid time" : ""); return rc; @@ -694,9 +691,11 @@ packet length has been lost inside libresolv, so we have to guess a replacement value. (The only way to fix this properly would be to re-implement res_search() and res_query() so that they don't muddle their success and packet length return values.) For added safety we only reset -the packet length if the packet header looks plausible. */ +the packet length if the packet header looks plausible. -static void +Return TRUE iff it seemed ok */ + +static BOOL fake_dnsa_len_for_fail(dns_answer * dnsa, int type) { const HEADER * h = (const HEADER *)dnsa->answer; @@ -713,7 +712,11 @@ if ( h->qr == 1 /* a response */ DEBUG(D_dns) debug_printf("faking res_search(%s) response length as %d\n", dns_text_type(type), (int)sizeof(dnsa->answer)); dnsa->answerlen = sizeof(dnsa->answer); + return TRUE; } +DEBUG(D_dns) debug_printf("DNS: couldn't fake dnsa len\n"); +/* Maybe we should just do a second lookup for an SOA? */ +return FALSE; } @@ -727,37 +730,37 @@ dns_expire_from_soa(dns_answer * dnsa, int type) { dns_scan dnss; -fake_dnsa_len_for_fail(dnsa, type); +if (fake_dnsa_len_for_fail(dnsa, type)) + for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_AUTHORITY); + rr; rr = dns_next_rr(dnsa, &dnss, RESET_NEXT) + ) if (rr->type == T_SOA) + { + const uschar * p = rr->data; + uschar discard_buf[256]; + int len; + unsigned long ttl; + + /* Skip the mname & rname strings */ + + if ((len = dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen, + p, (DN_EXPAND_ARG4_TYPE)discard_buf, 256)) < 0) + break; + p += len; + if ((len = dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen, + p, (DN_EXPAND_ARG4_TYPE)discard_buf, 256)) < 0) + break; + p += len; + + /* Skip the SOA serial, refresh, retry & expire. Grab the TTL */ + + if (p > dnsa->answer + dnsa->answerlen - 5 * INT32SZ) + break; + p += 4 * INT32SZ; + GETLONG(ttl, p); + + return time(NULL) + ttl; + } -for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_AUTHORITY); - rr; rr = dns_next_rr(dnsa, &dnss, RESET_NEXT) - ) if (rr->type == T_SOA) - { - const uschar * p = rr->data; - uschar discard_buf[256]; - int len; - unsigned long ttl; - - /* Skip the mname & rname strings */ - - if ((len = dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen, - p, (DN_EXPAND_ARG4_TYPE)discard_buf, 256)) < 0) - break; - p += len; - if ((len = dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen, - p, (DN_EXPAND_ARG4_TYPE)discard_buf, 256)) < 0) - break; - p += len; - - /* Skip the SOA serial, refresh, retry & expire. Grab the TTL */ - - if (p > dnsa->answer + dnsa->answerlen - 5 * INT32SZ) - break; - p += 4 * INT32SZ; - GETLONG(ttl, p); - - return time(NULL) + ttl; - } DEBUG(D_dns) debug_printf("DNS: no SOA record found for neg-TTL\n"); return 0; } @@ -907,8 +910,8 @@ if (dnsa->answerlen < 0) switch (h_errno) #ifndef STAND_ALONE save_domain = deliver_domain; deliver_domain = string_copy(name); /* set $domain */ - rc = match_isinlist(name, (const uschar **)&dns_again_means_nonexist, 0, NULL, NULL, - MCL_DOMAIN, TRUE, NULL); + rc = match_isinlist(name, CUSS &dns_again_means_nonexist, 0, + &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL); deliver_domain = save_domain; if (rc != OK) { @@ -1202,18 +1205,7 @@ switch (type) If the TLD and the 2LD exist but the explicit CSA record lookup failed, then the AUTHORITY SOA will be the 2LD's or a subdomain thereof. */ - if (rc == DNS_NOMATCH) - { - fake_dnsa_len_for_fail(dnsa, T_CSA); - - for (rr = dns_next_rr(dnsa, &dnss, RESET_AUTHORITY); - rr; rr = dns_next_rr(dnsa, &dnss, RESET_NEXT) - ) - if (rr->type != T_SOA) continue; - else if (strcmpic(rr->name, US"") == 0 || - strcmpic(rr->name, tld) == 0) return DNS_NOMATCH; - else break; - } + if (rc == DNS_NOMATCH) return DNS_NOMATCH; for (i = 0; i < limit; i++) {