Gentoo Archives: gentoo-commits

From: "Markos Chandras (hwoarang)" <hwoarang@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in net-libs/adns/files: adns-1.4-cnamechain.patch
Date: Tue, 10 Nov 2009 13:53:38
Message-Id: E1N7rA7-0001Fz-VT@stork.gentoo.org
1 hwoarang 09/11/10 13:53:35
2
3 Added: adns-1.4-cnamechain.patch
4 Log:
5 Fix cname issue ( bug #292545 ). EAPI2fy it
6 (Portage version: 2.2_rc49/cvs/Linux x86_64)
7
8 Revision Changes Path
9 1.1 net-libs/adns/files/adns-1.4-cnamechain.patch
10
11 file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-libs/adns/files/adns-1.4-cnamechain.patch?rev=1.1&view=markup
12 plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-libs/adns/files/adns-1.4-cnamechain.patch?rev=1.1&content-type=text/plain
13
14 Index: adns-1.4-cnamechain.patch
15 ===================================================================
16 [ADNS] Re: CNAME chains
17 Brad Spencer spencer at infointeractive.com
18 Mon, 28 Aug 2006 14:43:00 -0300
19
20 Previous message: CNAME chains
21 Next message: CNAME chains option
22 Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
23 --pf9I7BMVVzbSWLtt
24 Content-Type: text/plain; charset=us-ascii
25 Content-Disposition: inline
26
27 On Fri, Aug 25, 2006 at 11:36:04AM -0700, William Ahern wrote:
28 > On Fri, Aug 25, 2006 at 09:39:01AM +0100, peter burden wrote:
29 > > Hello,
30 > > Is there any way to make ADNS follow CNAME chains ?
31 > >
32 > > I have set the adns_qf_cname_loose query flag and it seems OK for a
33 > > single
34 > > CNAME - e.g. (output from 'dig')
35
36 I posted a small patch back in 2003 that made changes to adns so that
37 it would follow CNAME chains. See
38
39 http://www.chiark.greenend.org.uk/pipermail/adns-discuss/2003/001072.html
40
41 The patch included in that post is against an old adns version, so I
42 have attached my latest version of the patch to this message. (I have
43 not tested that the attached patch applied cleanly to the current adns
44 source, but it may be slightly more in sync with the current version.)
45
46 > CNAME chains are technically not allowed. Such chains are violations of the
47 > specifications. Also, I believe MX host lookups returning CNAMEs (i.e. MX
48 > yahoo.com -> A mail.yahoo.com -> CNAME foo) is also illegal.
49
50 I have also been told that CNAME chains are illegal, but I can not
51 find any actual text that says that a resolver should fail when it
52 encounters them. In fact, RFC 1034 Section 3.6.2 says:
53
54 Domain names in RRs which point at another name should always point at
55 the primary name and not the alias. This avoids extra indirections in
56 accessing information. For example, the address to name RR for the
57 above host should be:
58
59 52.0.0.10.IN-ADDR.ARPA IN PTR C.ISI.EDU
60
61 rather than pointing at USC-ISIC.ARPA.
62
63 The above implies that CNAME chains are illegal, IMO. But then, the
64 next sentence is:
65
66 Of course, by the robustness principle, domain software should not
67 fail when presented with CNAME chains or loops; CNAME chains
68 should be followed and CNAME loops signalled as an error.
69
70 This advice, coupled with the fact that CNAME chains exist in the
71 wild, triggered me to create the patch in the first place. My patch
72 doesn't detect loops, but instead simply won't follow chains longer
73 than a certain (hard-coded) size.
74
75 Hope this helps!
76
77 --
78 ------------------------------------------------------------------
79 Brad Spencer - spencer@×××××××××××××××.com - "It's quite nice..."
80 Systems Architect | InfoInterActive Corp. | A Canadian AOL Company
81
82 --pf9I7BMVVzbSWLtt
83 Content-Type: text/plain; charset=us-ascii
84 Content-Disposition: attachment; filename="cname_chains.diff"
85
86 Index: src/internal.h
87 ===================================================================
88 RCS file: /iia/cvsroot/3rdParty/gnu/adns/adns-1.0/src/internal.h,v
89 retrieving revision 1.3
90 retrieving revision 1.4
91 diff -u -p -r1.3 -r1.4
92 --- src/internal.h 2 Oct 2003 17:01:46 -0000 1.3
93 +++ src/internal.h 2 Oct 2003 17:14:29 -0000 1.4
94 @@ -206,6 +206,9 @@ struct adns__query {
95 int cname_dglen, cname_begin;
96 /* If non-0, has been allocated using . */
97
98 + int cname_alias_hops_left;
99 + /* The number of cname alias hops we will allow */
100 +
101 vbuf search_vb;
102 int search_origlen, search_pos, search_doneabs;
103 /* Used by the searching algorithm. The query domain in textual form
104 Index: src/query.c
105 ===================================================================
106 RCS file: /iia/cvsroot/3rdParty/gnu/adns/adns-1.0/src/query.c,v
107 retrieving revision 1.3
108 retrieving revision 1.4
109 diff -u -p -r1.3 -r1.4
110 --- src/query.c 2 Oct 2003 17:01:47 -0000 1.3
111 +++ src/query.c 2 Oct 2003 17:14:29 -0000 1.4
112 @@ -63,6 +63,8 @@ static adns_query query_alloc(adns_state
113
114 qu->cname_dgram= 0;
115 qu->cname_dglen= qu->cname_begin= 0;
116 + /* Allow CNAME chains up to some sane limit */
117 + qu->cname_alias_hops_left = 10;
118
119 adns__vbuf_init(&qu->search_vb);
120 qu->search_origlen= qu->search_pos= qu->search_doneabs= 0;
121 Index: src/reply.c
122 ===================================================================
123 RCS file: /iia/cvsroot/3rdParty/gnu/adns/adns-1.0/src/reply.c,v
124 retrieving revision 1.3
125 retrieving revision 1.4
126 diff -u -p -r1.3 -r1.4
127 --- src/reply.c 2 Oct 2003 17:01:47 -0000 1.3
128 +++ src/reply.c 2 Oct 2003 17:14:30 -0000 1.4
129 @@ -191,12 +191,13 @@ void adns__procdgram(adns_state ads, con
130 if (qu->flags & adns_qf_cname_forbid) {
131 adns__query_fail(qu,adns_s_prohibitedcname);
132 return;
133 - } else if (qu->cname_dgram) { /* Ignore second and subsequent CNAME(s) */
134 + } else if (qu->cname_dgram && --(qu->cname_alias_hops_left) <= 0) { /* Don't follow "too long" CNAME chains */
135 adns__debug(ads,serv,qu,"allegedly canonical name %s"
136 - " is actually alias for %s", qu->answer->cname,
137 + " is actually alias for %s and aliases too deep",
138 + qu->answer->cname,
139 adns__diag_domain(ads,serv,qu, &qu->vb,
140 dgram,dglen,rdstart));
141 - adns__query_fail(qu,adns_s_prohibitedcname);
142 + adns__query_fail(qu,adns_s_norecurse);
143 return;
144 } else if (wantedrrs) { /* Ignore CNAME(s) after RR(s). */
145 adns__debug(ads,serv,qu,"ignoring CNAME (to %s) coexisting with RR",
146
147 --pf9I7BMVVzbSWLtt--