Coverage Report

Created: 2024-05-04 12:45

/proc/self/cwd/external/curl/lib/doh.c
Line
Count
Source (jump to first uncovered line)
1
/***************************************************************************
2
 *                                  _   _ ____  _
3
 *  Project                     ___| | | |  _ \| |
4
 *                             / __| | | | |_) | |
5
 *                            | (__| |_| |  _ <| |___
6
 *                             \___|\___/|_| \_\_____|
7
 *
8
 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
9
 *
10
 * This software is licensed as described in the file COPYING, which
11
 * you should have received as part of this distribution. The terms
12
 * are also available at https://curl.se/docs/copyright.html.
13
 *
14
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15
 * copies of the Software, and permit persons to whom the Software is
16
 * furnished to do so, under the terms of the COPYING file.
17
 *
18
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19
 * KIND, either express or implied.
20
 *
21
 * SPDX-License-Identifier: curl
22
 *
23
 ***************************************************************************/
24
25
#include "curl_setup.h"
26
27
#ifndef CURL_DISABLE_DOH
28
29
#include "urldata.h"
30
#include "curl_addrinfo.h"
31
#include "doh.h"
32
33
#include "sendf.h"
34
#include "multiif.h"
35
#include "url.h"
36
#include "share.h"
37
#include "curl_base64.h"
38
#include "connect.h"
39
#include "strdup.h"
40
#include "dynbuf.h"
41
/* The last 3 #include files should be in this order */
42
#include "curl_printf.h"
43
#include "curl_memory.h"
44
#include "memdebug.h"
45
46
0
#define DNS_CLASS_IN 0x01
47
48
#ifndef CURL_DISABLE_VERBOSE_STRINGS
49
static const char * const errors[]={
50
  "",
51
  "Bad label",
52
  "Out of range",
53
  "Label loop",
54
  "Too small",
55
  "Out of memory",
56
  "RDATA length",
57
  "Malformat",
58
  "Bad RCODE",
59
  "Unexpected TYPE",
60
  "Unexpected CLASS",
61
  "No content",
62
  "Bad ID",
63
  "Name too long"
64
};
65
66
static const char *doh_strerror(DOHcode code)
67
0
{
68
0
  if((code >= DOH_OK) && (code <= DOH_DNS_NAME_TOO_LONG))
69
0
    return errors[code];
70
0
  return "bad error code";
71
0
}
72
#endif
73
74
/* @unittest 1655
75
 */
76
UNITTEST DOHcode doh_encode(const char *host,
77
                            DNStype dnstype,
78
                            unsigned char *dnsp, /* buffer */
79
                            size_t len,  /* buffer size */
80
                            size_t *olen) /* output length */
81
0
{
82
0
  const size_t hostlen = strlen(host);
83
0
  unsigned char *orig = dnsp;
84
0
  const char *hostp = host;
85
86
  /* The expected output length is 16 bytes more than the length of
87
   * the QNAME-encoding of the host name.
88
   *
89
   * A valid DNS name may not contain a zero-length label, except at
90
   * the end.  For this reason, a name beginning with a dot, or
91
   * containing a sequence of two or more consecutive dots, is invalid
92
   * and cannot be encoded as a QNAME.
93
   *
94
   * If the host name ends with a trailing dot, the corresponding
95
   * QNAME-encoding is one byte longer than the host name. If (as is
96
   * also valid) the hostname is shortened by the omission of the
97
   * trailing dot, then its QNAME-encoding will be two bytes longer
98
   * than the host name.
99
   *
100
   * Each [ label, dot ] pair is encoded as [ length, label ],
101
   * preserving overall length.  A final [ label ] without a dot is
102
   * also encoded as [ length, label ], increasing overall length
103
   * by one. The encoding is completed by appending a zero byte,
104
   * representing the zero-length root label, again increasing
105
   * the overall length by one.
106
   */
107
108
0
  size_t expected_len;
109
0
  DEBUGASSERT(hostlen);
110
0
  expected_len = 12 + 1 + hostlen + 4;
111
0
  if(host[hostlen-1]!='.')
112
0
    expected_len++;
113
114
0
  if(expected_len > (256 + 16)) /* RFCs 1034, 1035 */
115
0
    return DOH_DNS_NAME_TOO_LONG;
116
117
0
  if(len < expected_len)
118
0
    return DOH_TOO_SMALL_BUFFER;
119
120
0
  *dnsp++ = 0; /* 16 bit id */
121
0
  *dnsp++ = 0;
122
0
  *dnsp++ = 0x01; /* |QR|   Opcode  |AA|TC|RD| Set the RD bit */
123
0
  *dnsp++ = '\0'; /* |RA|   Z    |   RCODE   |                */
124
0
  *dnsp++ = '\0';
125
0
  *dnsp++ = 1;    /* QDCOUNT (number of entries in the question section) */
126
0
  *dnsp++ = '\0';
127
0
  *dnsp++ = '\0'; /* ANCOUNT */
128
0
  *dnsp++ = '\0';
129
0
  *dnsp++ = '\0'; /* NSCOUNT */
130
0
  *dnsp++ = '\0';
131
0
  *dnsp++ = '\0'; /* ARCOUNT */
132
133
  /* encode each label and store it in the QNAME */
134
0
  while(*hostp) {
135
0
    size_t labellen;
136
0
    char *dot = strchr(hostp, '.');
137
0
    if(dot)
138
0
      labellen = dot - hostp;
139
0
    else
140
0
      labellen = strlen(hostp);
141
0
    if((labellen > 63) || (!labellen)) {
142
      /* label is too long or too short, error out */
143
0
      *olen = 0;
144
0
      return DOH_DNS_BAD_LABEL;
145
0
    }
146
    /* label is non-empty, process it */
147
0
    *dnsp++ = (unsigned char)labellen;
148
0
    memcpy(dnsp, hostp, labellen);
149
0
    dnsp += labellen;
150
0
    hostp += labellen;
151
    /* advance past dot, but only if there is one */
152
0
    if(dot)
153
0
      hostp++;
154
0
  } /* next label */
155
156
0
  *dnsp++ = 0; /* append zero-length label for root */
157
158
  /* There are assigned TYPE codes beyond 255: use range [1..65535]  */
159
0
  *dnsp++ = (unsigned char)(255 & (dnstype>>8)); /* upper 8 bit TYPE */
160
0
  *dnsp++ = (unsigned char)(255 & dnstype);      /* lower 8 bit TYPE */
161
162
0
  *dnsp++ = '\0'; /* upper 8 bit CLASS */
163
0
  *dnsp++ = DNS_CLASS_IN; /* IN - "the Internet" */
164
165
0
  *olen = dnsp - orig;
166
167
  /* verify that our estimation of length is valid, since
168
   * this has led to buffer overflows in this function */
169
0
  DEBUGASSERT(*olen == expected_len);
170
0
  return DOH_OK;
171
0
}
172
173
static size_t
174
doh_write_cb(const void *contents, size_t size, size_t nmemb, void *userp)
175
0
{
176
0
  size_t realsize = size * nmemb;
177
0
  struct dynbuf *mem = (struct dynbuf *)userp;
178
179
0
  if(Curl_dyn_addn(mem, contents, realsize))
180
0
    return 0;
181
182
0
  return realsize;
183
0
}
184
185
/* called from multi.c when this DoH transfer is complete */
186
static int doh_done(struct Curl_easy *doh, CURLcode result)
187
0
{
188
0
  struct Curl_easy *data = doh->set.dohfor;
189
0
  struct dohdata *dohp = data->req.doh;
190
  /* so one of the DoH request done for the 'data' transfer is now complete! */
191
0
  dohp->pending--;
192
0
  infof(data, "a DoH request is completed, %u to go", dohp->pending);
193
0
  if(result)
194
0
    infof(data, "DoH request %s", curl_easy_strerror(result));
195
196
0
  if(!dohp->pending) {
197
    /* DoH completed */
198
0
    curl_slist_free_all(dohp->headers);
199
0
    dohp->headers = NULL;
200
0
    Curl_expire(data, 0, EXPIRE_RUN_NOW);
201
0
  }
202
0
  return 0;
203
0
}
204
205
0
#define ERROR_CHECK_SETOPT(x,y) \
206
0
do {                                          \
207
0
  result = curl_easy_setopt(doh, x, y);       \
208
0
  if(result &&                                \
209
0
     result != CURLE_NOT_BUILT_IN &&          \
210
0
     result != CURLE_UNKNOWN_OPTION)          \
211
0
    goto error;                               \
212
0
} while(0)
213
214
static CURLcode dohprobe(struct Curl_easy *data,
215
                         struct dnsprobe *p, DNStype dnstype,
216
                         const char *host,
217
                         const char *url, CURLM *multi,
218
                         struct curl_slist *headers)
219
0
{
220
0
  struct Curl_easy *doh = NULL;
221
0
  char *nurl = NULL;
222
0
  CURLcode result = CURLE_OK;
223
0
  timediff_t timeout_ms;
224
0
  DOHcode d = doh_encode(host, dnstype, p->dohbuffer, sizeof(p->dohbuffer),
225
0
                         &p->dohlen);
226
0
  if(d) {
227
0
    failf(data, "Failed to encode DoH packet [%d]", d);
228
0
    return CURLE_OUT_OF_MEMORY;
229
0
  }
230
231
0
  p->dnstype = dnstype;
232
0
  Curl_dyn_init(&p->serverdoh, DYN_DOH_RESPONSE);
233
234
0
  timeout_ms = Curl_timeleft(data, NULL, TRUE);
235
0
  if(timeout_ms <= 0) {
236
0
    result = CURLE_OPERATION_TIMEDOUT;
237
0
    goto error;
238
0
  }
239
  /* Curl_open() is the internal version of curl_easy_init() */
240
0
  result = Curl_open(&doh);
241
0
  if(!result) {
242
    /* pass in the struct pointer via a local variable to please coverity and
243
       the gcc typecheck helpers */
244
0
    struct dynbuf *resp = &p->serverdoh;
245
0
    doh->internal = true;
246
0
    ERROR_CHECK_SETOPT(CURLOPT_URL, url);
247
0
    ERROR_CHECK_SETOPT(CURLOPT_DEFAULT_PROTOCOL, "https");
248
0
    ERROR_CHECK_SETOPT(CURLOPT_WRITEFUNCTION, doh_write_cb);
249
0
    ERROR_CHECK_SETOPT(CURLOPT_WRITEDATA, resp);
250
0
    ERROR_CHECK_SETOPT(CURLOPT_POSTFIELDS, p->dohbuffer);
251
0
    ERROR_CHECK_SETOPT(CURLOPT_POSTFIELDSIZE, (long)p->dohlen);
252
0
    ERROR_CHECK_SETOPT(CURLOPT_HTTPHEADER, headers);
253
#ifdef USE_HTTP2
254
    ERROR_CHECK_SETOPT(CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2TLS);
255
#endif
256
0
#ifndef CURLDEBUG
257
    /* enforce HTTPS if not debug */
258
0
    ERROR_CHECK_SETOPT(CURLOPT_PROTOCOLS, CURLPROTO_HTTPS);
259
#else
260
    /* in debug mode, also allow http */
261
    ERROR_CHECK_SETOPT(CURLOPT_PROTOCOLS, CURLPROTO_HTTP|CURLPROTO_HTTPS);
262
#endif
263
0
    ERROR_CHECK_SETOPT(CURLOPT_TIMEOUT_MS, (long)timeout_ms);
264
0
    ERROR_CHECK_SETOPT(CURLOPT_SHARE, data->share);
265
0
    if(data->set.err && data->set.err != stderr)
266
0
      ERROR_CHECK_SETOPT(CURLOPT_STDERR, data->set.err);
267
0
    if(data->set.verbose)
268
0
      ERROR_CHECK_SETOPT(CURLOPT_VERBOSE, 1L);
269
0
    if(data->set.no_signal)
270
0
      ERROR_CHECK_SETOPT(CURLOPT_NOSIGNAL, 1L);
271
272
0
    ERROR_CHECK_SETOPT(CURLOPT_SSL_VERIFYHOST,
273
0
      data->set.doh_verifyhost ? 2L : 0L);
274
0
    ERROR_CHECK_SETOPT(CURLOPT_SSL_VERIFYPEER,
275
0
      data->set.doh_verifypeer ? 1L : 0L);
276
0
    ERROR_CHECK_SETOPT(CURLOPT_SSL_VERIFYSTATUS,
277
0
      data->set.doh_verifystatus ? 1L : 0L);
278
279
    /* Inherit *some* SSL options from the user's transfer. This is a
280
       best-guess as to which options are needed for compatibility. #3661
281
282
       Note DoH does not inherit the user's proxy server so proxy SSL settings
283
       have no effect and are not inherited. If that changes then two new
284
       options should be added to check doh proxy insecure separately,
285
       CURLOPT_DOH_PROXY_SSL_VERIFYHOST and CURLOPT_DOH_PROXY_SSL_VERIFYPEER.
286
       */
287
0
    if(data->set.ssl.falsestart)
288
0
      ERROR_CHECK_SETOPT(CURLOPT_SSL_FALSESTART, 1L);
289
0
    if(data->set.str[STRING_SSL_CAFILE]) {
290
0
      ERROR_CHECK_SETOPT(CURLOPT_CAINFO,
291
0
                         data->set.str[STRING_SSL_CAFILE]);
292
0
    }
293
0
    if(data->set.blobs[BLOB_CAINFO]) {
294
0
      ERROR_CHECK_SETOPT(CURLOPT_CAINFO_BLOB,
295
0
                         data->set.blobs[BLOB_CAINFO]);
296
0
    }
297
0
    if(data->set.str[STRING_SSL_CAPATH]) {
298
0
      ERROR_CHECK_SETOPT(CURLOPT_CAPATH,
299
0
                         data->set.str[STRING_SSL_CAPATH]);
300
0
    }
301
0
    if(data->set.str[STRING_SSL_CRLFILE]) {
302
0
      ERROR_CHECK_SETOPT(CURLOPT_CRLFILE,
303
0
                         data->set.str[STRING_SSL_CRLFILE]);
304
0
    }
305
0
    if(data->set.ssl.certinfo)
306
0
      ERROR_CHECK_SETOPT(CURLOPT_CERTINFO, 1L);
307
0
    if(data->set.ssl.fsslctx)
308
0
      ERROR_CHECK_SETOPT(CURLOPT_SSL_CTX_FUNCTION, data->set.ssl.fsslctx);
309
0
    if(data->set.ssl.fsslctxp)
310
0
      ERROR_CHECK_SETOPT(CURLOPT_SSL_CTX_DATA, data->set.ssl.fsslctxp);
311
0
    if(data->set.fdebug)
312
0
      ERROR_CHECK_SETOPT(CURLOPT_DEBUGFUNCTION, data->set.fdebug);
313
0
    if(data->set.debugdata)
314
0
      ERROR_CHECK_SETOPT(CURLOPT_DEBUGDATA, data->set.debugdata);
315
0
    if(data->set.str[STRING_SSL_EC_CURVES]) {
316
0
      ERROR_CHECK_SETOPT(CURLOPT_SSL_EC_CURVES,
317
0
                         data->set.str[STRING_SSL_EC_CURVES]);
318
0
    }
319
320
0
    {
321
0
      long mask =
322
0
        (data->set.ssl.enable_beast ?
323
0
         CURLSSLOPT_ALLOW_BEAST : 0) |
324
0
        (data->set.ssl.no_revoke ?
325
0
         CURLSSLOPT_NO_REVOKE : 0) |
326
0
        (data->set.ssl.no_partialchain ?
327
0
         CURLSSLOPT_NO_PARTIALCHAIN : 0) |
328
0
        (data->set.ssl.revoke_best_effort ?
329
0
         CURLSSLOPT_REVOKE_BEST_EFFORT : 0) |
330
0
        (data->set.ssl.native_ca_store ?
331
0
         CURLSSLOPT_NATIVE_CA : 0) |
332
0
        (data->set.ssl.auto_client_cert ?
333
0
         CURLSSLOPT_AUTO_CLIENT_CERT : 0);
334
335
0
      (void)curl_easy_setopt(doh, CURLOPT_SSL_OPTIONS, mask);
336
0
    }
337
338
0
    doh->set.fmultidone = doh_done;
339
0
    doh->set.dohfor = data; /* identify for which transfer this is done */
340
0
    p->easy = doh;
341
342
    /* DoH private_data must be null because the user must have a way to
343
       distinguish their transfer's handle from DoH handles in user
344
       callbacks (ie SSL CTX callback). */
345
0
    DEBUGASSERT(!doh->set.private_data);
346
347
0
    if(curl_multi_add_handle(multi, doh))
348
0
      goto error;
349
0
  }
350
0
  else
351
0
    goto error;
352
0
  free(nurl);
353
0
  return CURLE_OK;
354
355
0
error:
356
0
  free(nurl);
357
0
  Curl_close(&doh);
358
0
  return result;
359
0
}
360
361
/*
362
 * Curl_doh() resolves a name using DoH. It resolves a name and returns a
363
 * 'Curl_addrinfo *' with the address information.
364
 */
365
366
struct Curl_addrinfo *Curl_doh(struct Curl_easy *data,
367
                               const char *hostname,
368
                               int port,
369
                               int *waitp)
370
0
{
371
0
  CURLcode result = CURLE_OK;
372
0
  int slot;
373
0
  struct dohdata *dohp;
374
0
  struct connectdata *conn = data->conn;
375
0
  *waitp = TRUE; /* this never returns synchronously */
376
0
  (void)hostname;
377
0
  (void)port;
378
379
0
  DEBUGASSERT(!data->req.doh);
380
0
  DEBUGASSERT(conn);
381
382
  /* start clean, consider allocating this struct on demand */
383
0
  dohp = data->req.doh = calloc(sizeof(struct dohdata), 1);
384
0
  if(!dohp)
385
0
    return NULL;
386
387
0
  conn->bits.doh = TRUE;
388
0
  dohp->host = hostname;
389
0
  dohp->port = port;
390
0
  dohp->headers =
391
0
    curl_slist_append(NULL,
392
0
                      "Content-Type: application/dns-message");
393
0
  if(!dohp->headers)
394
0
    goto error;
395
396
  /* create IPv4 DoH request */
397
0
  result = dohprobe(data, &dohp->probe[DOH_PROBE_SLOT_IPADDR_V4],
398
0
                    DNS_TYPE_A, hostname, data->set.str[STRING_DOH],
399
0
                    data->multi, dohp->headers);
400
0
  if(result)
401
0
    goto error;
402
0
  dohp->pending++;
403
404
0
#ifdef ENABLE_IPV6
405
0
  if((conn->ip_version != CURL_IPRESOLVE_V4) && Curl_ipv6works(data)) {
406
    /* create IPv6 DoH request */
407
0
    result = dohprobe(data, &dohp->probe[DOH_PROBE_SLOT_IPADDR_V6],
408
0
                      DNS_TYPE_AAAA, hostname, data->set.str[STRING_DOH],
409
0
                      data->multi, dohp->headers);
410
0
    if(result)
411
0
      goto error;
412
0
    dohp->pending++;
413
0
  }
414
0
#endif
415
0
  return NULL;
416
417
0
error:
418
0
  curl_slist_free_all(dohp->headers);
419
0
  data->req.doh->headers = NULL;
420
0
  for(slot = 0; slot < DOH_PROBE_SLOTS; slot++) {
421
0
    Curl_close(&dohp->probe[slot].easy);
422
0
  }
423
0
  Curl_safefree(data->req.doh);
424
0
  return NULL;
425
0
}
426
427
static DOHcode skipqname(const unsigned char *doh, size_t dohlen,
428
                         unsigned int *indexp)
429
0
{
430
0
  unsigned char length;
431
0
  do {
432
0
    if(dohlen < (*indexp + 1))
433
0
      return DOH_DNS_OUT_OF_RANGE;
434
0
    length = doh[*indexp];
435
0
    if((length & 0xc0) == 0xc0) {
436
      /* name pointer, advance over it and be done */
437
0
      if(dohlen < (*indexp + 2))
438
0
        return DOH_DNS_OUT_OF_RANGE;
439
0
      *indexp += 2;
440
0
      break;
441
0
    }
442
0
    if(length & 0xc0)
443
0
      return DOH_DNS_BAD_LABEL;
444
0
    if(dohlen < (*indexp + 1 + length))
445
0
      return DOH_DNS_OUT_OF_RANGE;
446
0
    *indexp += 1 + length;
447
0
  } while(length);
448
0
  return DOH_OK;
449
0
}
450
451
static unsigned short get16bit(const unsigned char *doh, int index)
452
0
{
453
0
  return (unsigned short)((doh[index] << 8) | doh[index + 1]);
454
0
}
455
456
static unsigned int get32bit(const unsigned char *doh, int index)
457
0
{
458
   /* make clang and gcc optimize this to bswap by incrementing
459
      the pointer first. */
460
0
   doh += index;
461
462
   /* avoid undefined behavior by casting to unsigned before shifting
463
      24 bits, possibly into the sign bit. codegen is same, but
464
      ub sanitizer won't be upset */
465
0
  return ( (unsigned)doh[0] << 24) | (doh[1] << 16) |(doh[2] << 8) | doh[3];
466
0
}
467
468
static DOHcode store_a(const unsigned char *doh, int index, struct dohentry *d)
469
0
{
470
  /* silently ignore addresses over the limit */
471
0
  if(d->numaddr < DOH_MAX_ADDR) {
472
0
    struct dohaddr *a = &d->addr[d->numaddr];
473
0
    a->type = DNS_TYPE_A;
474
0
    memcpy(&a->ip.v4, &doh[index], 4);
475
0
    d->numaddr++;
476
0
  }
477
0
  return DOH_OK;
478
0
}
479
480
static DOHcode store_aaaa(const unsigned char *doh,
481
                          int index,
482
                          struct dohentry *d)
483
0
{
484
  /* silently ignore addresses over the limit */
485
0
  if(d->numaddr < DOH_MAX_ADDR) {
486
0
    struct dohaddr *a = &d->addr[d->numaddr];
487
0
    a->type = DNS_TYPE_AAAA;
488
0
    memcpy(&a->ip.v6, &doh[index], 16);
489
0
    d->numaddr++;
490
0
  }
491
0
  return DOH_OK;
492
0
}
493
494
static DOHcode store_cname(const unsigned char *doh,
495
                           size_t dohlen,
496
                           unsigned int index,
497
                           struct dohentry *d)
498
0
{
499
0
  struct dynbuf *c;
500
0
  unsigned int loop = 128; /* a valid DNS name can never loop this much */
501
0
  unsigned char length;
502
503
0
  if(d->numcname == DOH_MAX_CNAME)
504
0
    return DOH_OK; /* skip! */
505
506
0
  c = &d->cname[d->numcname++];
507
0
  do {
508
0
    if(index >= dohlen)
509
0
      return DOH_DNS_OUT_OF_RANGE;
510
0
    length = doh[index];
511
0
    if((length & 0xc0) == 0xc0) {
512
0
      int newpos;
513
      /* name pointer, get the new offset (14 bits) */
514
0
      if((index + 1) >= dohlen)
515
0
        return DOH_DNS_OUT_OF_RANGE;
516
517
      /* move to the new index */
518
0
      newpos = (length & 0x3f) << 8 | doh[index + 1];
519
0
      index = newpos;
520
0
      continue;
521
0
    }
522
0
    else if(length & 0xc0)
523
0
      return DOH_DNS_BAD_LABEL; /* bad input */
524
0
    else
525
0
      index++;
526
527
0
    if(length) {
528
0
      if(Curl_dyn_len(c)) {
529
0
        if(Curl_dyn_addn(c, STRCONST(".")))
530
0
          return DOH_OUT_OF_MEM;
531
0
      }
532
0
      if((index + length) > dohlen)
533
0
        return DOH_DNS_BAD_LABEL;
534
535
0
      if(Curl_dyn_addn(c, &doh[index], length))
536
0
        return DOH_OUT_OF_MEM;
537
0
      index += length;
538
0
    }
539
0
  } while(length && --loop);
540
541
0
  if(!loop)
542
0
    return DOH_DNS_LABEL_LOOP;
543
0
  return DOH_OK;
544
0
}
545
546
static DOHcode rdata(const unsigned char *doh,
547
                     size_t dohlen,
548
                     unsigned short rdlength,
549
                     unsigned short type,
550
                     int index,
551
                     struct dohentry *d)
552
0
{
553
  /* RDATA
554
     - A (TYPE 1):  4 bytes
555
     - AAAA (TYPE 28): 16 bytes
556
     - NS (TYPE 2): N bytes */
557
0
  DOHcode rc;
558
559
0
  switch(type) {
560
0
  case DNS_TYPE_A:
561
0
    if(rdlength != 4)
562
0
      return DOH_DNS_RDATA_LEN;
563
0
    rc = store_a(doh, index, d);
564
0
    if(rc)
565
0
      return rc;
566
0
    break;
567
0
  case DNS_TYPE_AAAA:
568
0
    if(rdlength != 16)
569
0
      return DOH_DNS_RDATA_LEN;
570
0
    rc = store_aaaa(doh, index, d);
571
0
    if(rc)
572
0
      return rc;
573
0
    break;
574
0
  case DNS_TYPE_CNAME:
575
0
    rc = store_cname(doh, dohlen, index, d);
576
0
    if(rc)
577
0
      return rc;
578
0
    break;
579
0
  case DNS_TYPE_DNAME:
580
    /* explicit for clarity; just skip; rely on synthesized CNAME  */
581
0
    break;
582
0
  default:
583
    /* unsupported type, just skip it */
584
0
    break;
585
0
  }
586
0
  return DOH_OK;
587
0
}
588
589
UNITTEST void de_init(struct dohentry *de)
590
0
{
591
0
  int i;
592
0
  memset(de, 0, sizeof(*de));
593
0
  de->ttl = INT_MAX;
594
0
  for(i = 0; i < DOH_MAX_CNAME; i++)
595
0
    Curl_dyn_init(&de->cname[i], DYN_DOH_CNAME);
596
0
}
597
598
599
UNITTEST DOHcode doh_decode(const unsigned char *doh,
600
                            size_t dohlen,
601
                            DNStype dnstype,
602
                            struct dohentry *d)
603
0
{
604
0
  unsigned char rcode;
605
0
  unsigned short qdcount;
606
0
  unsigned short ancount;
607
0
  unsigned short type = 0;
608
0
  unsigned short rdlength;
609
0
  unsigned short nscount;
610
0
  unsigned short arcount;
611
0
  unsigned int index = 12;
612
0
  DOHcode rc;
613
614
0
  if(dohlen < 12)
615
0
    return DOH_TOO_SMALL_BUFFER; /* too small */
616
0
  if(!doh || doh[0] || doh[1])
617
0
    return DOH_DNS_BAD_ID; /* bad ID */
618
0
  rcode = doh[3] & 0x0f;
619
0
  if(rcode)
620
0
    return DOH_DNS_BAD_RCODE; /* bad rcode */
621
622
0
  qdcount = get16bit(doh, 4);
623
0
  while(qdcount) {
624
0
    rc = skipqname(doh, dohlen, &index);
625
0
    if(rc)
626
0
      return rc; /* bad qname */
627
0
    if(dohlen < (index + 4))
628
0
      return DOH_DNS_OUT_OF_RANGE;
629
0
    index += 4; /* skip question's type and class */
630
0
    qdcount--;
631
0
  }
632
633
0
  ancount = get16bit(doh, 6);
634
0
  while(ancount) {
635
0
    unsigned short class;
636
0
    unsigned int ttl;
637
638
0
    rc = skipqname(doh, dohlen, &index);
639
0
    if(rc)
640
0
      return rc; /* bad qname */
641
642
0
    if(dohlen < (index + 2))
643
0
      return DOH_DNS_OUT_OF_RANGE;
644
645
0
    type = get16bit(doh, index);
646
0
    if((type != DNS_TYPE_CNAME)    /* may be synthesized from DNAME */
647
0
       && (type != DNS_TYPE_DNAME) /* if present, accept and ignore */
648
0
       && (type != dnstype))
649
      /* Not the same type as was asked for nor CNAME nor DNAME */
650
0
      return DOH_DNS_UNEXPECTED_TYPE;
651
0
    index += 2;
652
653
0
    if(dohlen < (index + 2))
654
0
      return DOH_DNS_OUT_OF_RANGE;
655
0
    class = get16bit(doh, index);
656
0
    if(DNS_CLASS_IN != class)
657
0
      return DOH_DNS_UNEXPECTED_CLASS; /* unsupported */
658
0
    index += 2;
659
660
0
    if(dohlen < (index + 4))
661
0
      return DOH_DNS_OUT_OF_RANGE;
662
663
0
    ttl = get32bit(doh, index);
664
0
    if(ttl < d->ttl)
665
0
      d->ttl = ttl;
666
0
    index += 4;
667
668
0
    if(dohlen < (index + 2))
669
0
      return DOH_DNS_OUT_OF_RANGE;
670
671
0
    rdlength = get16bit(doh, index);
672
0
    index += 2;
673
0
    if(dohlen < (index + rdlength))
674
0
      return DOH_DNS_OUT_OF_RANGE;
675
676
0
    rc = rdata(doh, dohlen, rdlength, type, index, d);
677
0
    if(rc)
678
0
      return rc; /* bad rdata */
679
0
    index += rdlength;
680
0
    ancount--;
681
0
  }
682
683
0
  nscount = get16bit(doh, 8);
684
0
  while(nscount) {
685
0
    rc = skipqname(doh, dohlen, &index);
686
0
    if(rc)
687
0
      return rc; /* bad qname */
688
689
0
    if(dohlen < (index + 8))
690
0
      return DOH_DNS_OUT_OF_RANGE;
691
692
0
    index += 2 + 2 + 4; /* type, class and ttl */
693
694
0
    if(dohlen < (index + 2))
695
0
      return DOH_DNS_OUT_OF_RANGE;
696
697
0
    rdlength = get16bit(doh, index);
698
0
    index += 2;
699
0
    if(dohlen < (index + rdlength))
700
0
      return DOH_DNS_OUT_OF_RANGE;
701
0
    index += rdlength;
702
0
    nscount--;
703
0
  }
704
705
0
  arcount = get16bit(doh, 10);
706
0
  while(arcount) {
707
0
    rc = skipqname(doh, dohlen, &index);
708
0
    if(rc)
709
0
      return rc; /* bad qname */
710
711
0
    if(dohlen < (index + 8))
712
0
      return DOH_DNS_OUT_OF_RANGE;
713
714
0
    index += 2 + 2 + 4; /* type, class and ttl */
715
716
0
    if(dohlen < (index + 2))
717
0
      return DOH_DNS_OUT_OF_RANGE;
718
719
0
    rdlength = get16bit(doh, index);
720
0
    index += 2;
721
0
    if(dohlen < (index + rdlength))
722
0
      return DOH_DNS_OUT_OF_RANGE;
723
0
    index += rdlength;
724
0
    arcount--;
725
0
  }
726
727
0
  if(index != dohlen)
728
0
    return DOH_DNS_MALFORMAT; /* something is wrong */
729
730
0
  if((type != DNS_TYPE_NS) && !d->numcname && !d->numaddr)
731
    /* nothing stored! */
732
0
    return DOH_NO_CONTENT;
733
734
0
  return DOH_OK; /* ok */
735
0
}
736
737
#ifndef CURL_DISABLE_VERBOSE_STRINGS
738
static void showdoh(struct Curl_easy *data,
739
                    const struct dohentry *d)
740
0
{
741
0
  int i;
742
0
  infof(data, "TTL: %u seconds", d->ttl);
743
0
  for(i = 0; i < d->numaddr; i++) {
744
0
    const struct dohaddr *a = &d->addr[i];
745
0
    if(a->type == DNS_TYPE_A) {
746
0
      infof(data, "DoH A: %u.%u.%u.%u",
747
0
            a->ip.v4[0], a->ip.v4[1],
748
0
            a->ip.v4[2], a->ip.v4[3]);
749
0
    }
750
0
    else if(a->type == DNS_TYPE_AAAA) {
751
0
      int j;
752
0
      char buffer[128];
753
0
      char *ptr;
754
0
      size_t len;
755
0
      msnprintf(buffer, 128, "DoH AAAA: ");
756
0
      ptr = &buffer[10];
757
0
      len = 118;
758
0
      for(j = 0; j < 16; j += 2) {
759
0
        size_t l;
760
0
        msnprintf(ptr, len, "%s%02x%02x", j?":":"", d->addr[i].ip.v6[j],
761
0
                  d->addr[i].ip.v6[j + 1]);
762
0
        l = strlen(ptr);
763
0
        len -= l;
764
0
        ptr += l;
765
0
      }
766
0
      infof(data, "%s", buffer);
767
0
    }
768
0
  }
769
0
  for(i = 0; i < d->numcname; i++) {
770
0
    infof(data, "CNAME: %s", Curl_dyn_ptr(&d->cname[i]));
771
0
  }
772
0
}
773
#else
774
#define showdoh(x,y)
775
#endif
776
777
/*
778
 * doh2ai()
779
 *
780
 * This function returns a pointer to the first element of a newly allocated
781
 * Curl_addrinfo struct linked list filled with the data from a set of DoH
782
 * lookups.  Curl_addrinfo is meant to work like the addrinfo struct does for
783
 * a IPv6 stack, but usable also for IPv4, all hosts and environments.
784
 *
785
 * The memory allocated by this function *MUST* be free'd later on calling
786
 * Curl_freeaddrinfo().  For each successful call to this function there
787
 * must be an associated call later to Curl_freeaddrinfo().
788
 */
789
790
static struct Curl_addrinfo *
791
doh2ai(const struct dohentry *de, const char *hostname, int port)
792
0
{
793
0
  struct Curl_addrinfo *ai;
794
0
  struct Curl_addrinfo *prevai = NULL;
795
0
  struct Curl_addrinfo *firstai = NULL;
796
0
  struct sockaddr_in *addr;
797
0
#ifdef ENABLE_IPV6
798
0
  struct sockaddr_in6 *addr6;
799
0
#endif
800
0
  CURLcode result = CURLE_OK;
801
0
  int i;
802
0
  size_t hostlen = strlen(hostname) + 1; /* include null-terminator */
803
804
0
  if(!de)
805
    /* no input == no output! */
806
0
    return NULL;
807
808
0
  for(i = 0; i < de->numaddr; i++) {
809
0
    size_t ss_size;
810
0
    CURL_SA_FAMILY_T addrtype;
811
0
    if(de->addr[i].type == DNS_TYPE_AAAA) {
812
#ifndef ENABLE_IPV6
813
      /* we can't handle IPv6 addresses */
814
      continue;
815
#else
816
0
      ss_size = sizeof(struct sockaddr_in6);
817
0
      addrtype = AF_INET6;
818
0
#endif
819
0
    }
820
0
    else {
821
0
      ss_size = sizeof(struct sockaddr_in);
822
0
      addrtype = AF_INET;
823
0
    }
824
825
0
    ai = calloc(1, sizeof(struct Curl_addrinfo) + ss_size + hostlen);
826
0
    if(!ai) {
827
0
      result = CURLE_OUT_OF_MEMORY;
828
0
      break;
829
0
    }
830
0
    ai->ai_addr = (void *)((char *)ai + sizeof(struct Curl_addrinfo));
831
0
    ai->ai_canonname = (void *)((char *)ai->ai_addr + ss_size);
832
0
    memcpy(ai->ai_canonname, hostname, hostlen);
833
834
0
    if(!firstai)
835
      /* store the pointer we want to return from this function */
836
0
      firstai = ai;
837
838
0
    if(prevai)
839
      /* make the previous entry point to this */
840
0
      prevai->ai_next = ai;
841
842
0
    ai->ai_family = addrtype;
843
844
    /* we return all names as STREAM, so when using this address for TFTP
845
       the type must be ignored and conn->socktype be used instead! */
846
0
    ai->ai_socktype = SOCK_STREAM;
847
848
0
    ai->ai_addrlen = (curl_socklen_t)ss_size;
849
850
    /* leave the rest of the struct filled with zero */
851
852
0
    switch(ai->ai_family) {
853
0
    case AF_INET:
854
0
      addr = (void *)ai->ai_addr; /* storage area for this info */
855
0
      DEBUGASSERT(sizeof(struct in_addr) == sizeof(de->addr[i].ip.v4));
856
0
      memcpy(&addr->sin_addr, &de->addr[i].ip.v4, sizeof(struct in_addr));
857
0
      addr->sin_family = addrtype;
858
0
      addr->sin_port = htons((unsigned short)port);
859
0
      break;
860
861
0
#ifdef ENABLE_IPV6
862
0
    case AF_INET6:
863
0
      addr6 = (void *)ai->ai_addr; /* storage area for this info */
864
0
      DEBUGASSERT(sizeof(struct in6_addr) == sizeof(de->addr[i].ip.v6));
865
0
      memcpy(&addr6->sin6_addr, &de->addr[i].ip.v6, sizeof(struct in6_addr));
866
0
      addr6->sin6_family = addrtype;
867
0
      addr6->sin6_port = htons((unsigned short)port);
868
0
      break;
869
0
#endif
870
0
    }
871
872
0
    prevai = ai;
873
0
  }
874
875
0
  if(result) {
876
0
    Curl_freeaddrinfo(firstai);
877
0
    firstai = NULL;
878
0
  }
879
880
0
  return firstai;
881
0
}
882
883
#ifndef CURL_DISABLE_VERBOSE_STRINGS
884
static const char *type2name(DNStype dnstype)
885
0
{
886
0
  return (dnstype == DNS_TYPE_A)?"A":"AAAA";
887
0
}
888
#endif
889
890
UNITTEST void de_cleanup(struct dohentry *d)
891
0
{
892
0
  int i = 0;
893
0
  for(i = 0; i < d->numcname; i++) {
894
0
    Curl_dyn_free(&d->cname[i]);
895
0
  }
896
0
}
897
898
CURLcode Curl_doh_is_resolved(struct Curl_easy *data,
899
                              struct Curl_dns_entry **dnsp)
900
0
{
901
0
  CURLcode result;
902
0
  struct dohdata *dohp = data->req.doh;
903
0
  *dnsp = NULL; /* defaults to no response */
904
0
  if(!dohp)
905
0
    return CURLE_OUT_OF_MEMORY;
906
907
0
  if(!dohp->probe[DOH_PROBE_SLOT_IPADDR_V4].easy &&
908
0
     !dohp->probe[DOH_PROBE_SLOT_IPADDR_V6].easy) {
909
0
    failf(data, "Could not DoH-resolve: %s", data->state.async.hostname);
910
0
    return CONN_IS_PROXIED(data->conn)?CURLE_COULDNT_RESOLVE_PROXY:
911
0
      CURLE_COULDNT_RESOLVE_HOST;
912
0
  }
913
0
  else if(!dohp->pending) {
914
0
    DOHcode rc[DOH_PROBE_SLOTS] = {
915
0
      DOH_OK, DOH_OK
916
0
    };
917
0
    struct dohentry de;
918
0
    int slot;
919
    /* remove DoH handles from multi handle and close them */
920
0
    for(slot = 0; slot < DOH_PROBE_SLOTS; slot++) {
921
0
      curl_multi_remove_handle(data->multi, dohp->probe[slot].easy);
922
0
      Curl_close(&dohp->probe[slot].easy);
923
0
    }
924
    /* parse the responses, create the struct and return it! */
925
0
    de_init(&de);
926
0
    for(slot = 0; slot < DOH_PROBE_SLOTS; slot++) {
927
0
      struct dnsprobe *p = &dohp->probe[slot];
928
0
      if(!p->dnstype)
929
0
        continue;
930
0
      rc[slot] = doh_decode(Curl_dyn_uptr(&p->serverdoh),
931
0
                            Curl_dyn_len(&p->serverdoh),
932
0
                            p->dnstype,
933
0
                            &de);
934
0
      Curl_dyn_free(&p->serverdoh);
935
0
      if(rc[slot]) {
936
0
        infof(data, "DoH: %s type %s for %s", doh_strerror(rc[slot]),
937
0
              type2name(p->dnstype), dohp->host);
938
0
      }
939
0
    } /* next slot */
940
941
0
    result = CURLE_COULDNT_RESOLVE_HOST; /* until we know better */
942
0
    if(!rc[DOH_PROBE_SLOT_IPADDR_V4] || !rc[DOH_PROBE_SLOT_IPADDR_V6]) {
943
      /* we have an address, of one kind or other */
944
0
      struct Curl_dns_entry *dns;
945
0
      struct Curl_addrinfo *ai;
946
947
0
      infof(data, "DoH Host name: %s", dohp->host);
948
0
      showdoh(data, &de);
949
950
0
      ai = doh2ai(&de, dohp->host, dohp->port);
951
0
      if(!ai) {
952
0
        de_cleanup(&de);
953
0
        return CURLE_OUT_OF_MEMORY;
954
0
      }
955
956
0
      if(data->share)
957
0
        Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
958
959
      /* we got a response, store it in the cache */
960
0
      dns = Curl_cache_addr(data, ai, dohp->host, 0, dohp->port);
961
962
0
      if(data->share)
963
0
        Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
964
965
0
      if(!dns) {
966
        /* returned failure, bail out nicely */
967
0
        Curl_freeaddrinfo(ai);
968
0
      }
969
0
      else {
970
0
        data->state.async.dns = dns;
971
0
        *dnsp = dns;
972
0
        result = CURLE_OK;      /* address resolution OK */
973
0
      }
974
0
    } /* address processing done */
975
976
    /* Now process any build-specific attributes retrieved from DNS */
977
978
    /* All done */
979
0
    de_cleanup(&de);
980
0
    Curl_safefree(data->req.doh);
981
0
    return result;
982
983
0
  } /* !dohp->pending */
984
985
  /* else wait for pending DoH transactions to complete */
986
0
  return CURLE_OK;
987
0
}
988
989
#endif /* CURL_DISABLE_DOH */