picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

resolved: enforce a maximum limit on both dns servers and search domains

Browse source
This commit is contained in:
Lennart Poettering 2015-11-24 21:39:14 +01:00
parent 4b95f1798f
commit eed857b717
4 changed files with 50 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
src/resolve/resolved-dns-search-domain.c
View file

@ -31,7 +31,7 @@ int dns_search_domain_new(
const char *name) { const char *name) {
_cleanup_free_ char *normalized = NULL; _cleanup_free_ char *normalized = NULL;
DnsSearchDomain *d, *tail; DnsSearchDomain *d;
int r; int r;
assert(m); assert(m);
@ -48,6 +48,14 @@ int dns_search_domain_new(
if (r > 0) if (r > 0)
return -EINVAL; return -EINVAL;
if (l) {
if (l->n_search_domains >= LINK_SEARCH_DOMAINS_MAX)
return -E2BIG;
} else {
if (m->n_search_domains >= MANAGER_SEARCH_DOMAINS_MAX)
return -E2BIG;
}
d = new0(DnsSearchDomain, 1); d = new0(DnsSearchDomain, 1);
if (!d) if (!d)
return -ENOMEM; return -ENOMEM;
@ -62,13 +70,13 @@ int dns_search_domain_new(
case DNS_SEARCH_DOMAIN_LINK: case DNS_SEARCH_DOMAIN_LINK:
d->link = l; d->link = l;
LIST_FIND_TAIL(domains, l->search_domains, tail); LIST_APPEND(domains, l->search_domains, d);
LIST_INSERT_AFTER(domains, l->search_domains, tail, d); l->n_search_domains++;
break; break;
case DNS_SERVER_SYSTEM: case DNS_SERVER_SYSTEM:
LIST_FIND_TAIL(domains, m->search_domains, tail); LIST_APPEND(domains, m->search_domains, d);
LIST_INSERT_AFTER(domains, m->search_domains, tail, d); m->n_search_domains++;
break; break;
default: default:
@ -120,11 +128,15 @@ void dns_search_domain_unlink(DnsSearchDomain *d) {
case DNS_SEARCH_DOMAIN_LINK: case DNS_SEARCH_DOMAIN_LINK:
assert(d->link); assert(d->link);
assert(d->link->n_search_domains > 0);
LIST_REMOVE(domains, d->link->search_domains, d); LIST_REMOVE(domains, d->link->search_domains, d);
d->link->n_search_domains--;
break; break;
case DNS_SEARCH_DOMAIN_SYSTEM: case DNS_SEARCH_DOMAIN_SYSTEM:
assert(d->manager->n_search_domains > 0);
LIST_REMOVE(domains, d->manager->search_domains, d); LIST_REMOVE(domains, d->manager->search_domains, d);
d->manager->n_search_domains--;
break; break;
} }

30
src/resolve/resolved-dns-server.c
View file

@ -37,12 +37,23 @@ int dns_server_new(
int family, int family,
const union in_addr_union *in_addr) { const union in_addr_union *in_addr) {
DnsServer *s, *tail; DnsServer *s;
assert(m); assert(m);
assert((type == DNS_SERVER_LINK) == !!l); assert((type == DNS_SERVER_LINK) == !!l);
assert(in_addr); assert(in_addr);
if (!IN_SET(family, AF_INET, AF_INET6))
return -EAFNOSUPPORT;
if (l) {
if (l->n_dns_servers >= LINK_DNS_SERVERS_MAX)
return -E2BIG;
} else {
if (m->n_dns_servers >= MANAGER_DNS_SERVERS_MAX)
return -E2BIG;
}
s = new0(DnsServer, 1); s = new0(DnsServer, 1);
if (!s) if (!s)
return -ENOMEM; return -ENOMEM;
@ -58,18 +69,18 @@ int dns_server_new(
case DNS_SERVER_LINK: case DNS_SERVER_LINK:
s->link = l; s->link = l;
LIST_FIND_TAIL(servers, l->dns_servers, tail); LIST_APPEND(servers, l->dns_servers, s);
LIST_INSERT_AFTER(servers, l->dns_servers, tail, s); l->n_dns_servers++;
break; break;
case DNS_SERVER_SYSTEM: case DNS_SERVER_SYSTEM:
LIST_FIND_TAIL(servers, m->dns_servers, tail); LIST_APPEND(servers, m->dns_servers, s);
LIST_INSERT_AFTER(servers, m->dns_servers, tail, s); m->n_dns_servers++;
break; break;
case DNS_SERVER_FALLBACK: case DNS_SERVER_FALLBACK:
LIST_FIND_TAIL(servers, m->fallback_dns_servers, tail); LIST_APPEND(servers, m->fallback_dns_servers, s);
LIST_INSERT_AFTER(servers, m->fallback_dns_servers, tail, s); m->n_dns_servers++;
break; break;
default: default:
@ -131,15 +142,20 @@ void dns_server_unlink(DnsServer *s) {
case DNS_SERVER_LINK: case DNS_SERVER_LINK:
assert(s->link); assert(s->link);
assert(s->link->n_dns_servers > 0);
LIST_REMOVE(servers, s->link->dns_servers, s); LIST_REMOVE(servers, s->link->dns_servers, s);
break; break;
case DNS_SERVER_SYSTEM: case DNS_SERVER_SYSTEM:
assert(s->manager->n_dns_servers > 0);
LIST_REMOVE(servers, s->manager->dns_servers, s); LIST_REMOVE(servers, s->manager->dns_servers, s);
s->manager->n_dns_servers--;
break; break;
case DNS_SERVER_FALLBACK: case DNS_SERVER_FALLBACK:
assert(s->manager->n_dns_servers > 0);
LIST_REMOVE(servers, s->manager->fallback_dns_servers, s); LIST_REMOVE(servers, s->manager->fallback_dns_servers, s);
s->manager->n_dns_servers--;
break; break;
} }

5
src/resolve/resolved-link.h
View file

@ -34,6 +34,9 @@ typedef struct LinkAddress LinkAddress;
#include "resolved-dns-server.h" #include "resolved-dns-server.h"
#include "resolved-manager.h" #include "resolved-manager.h"
#define LINK_SEARCH_DOMAINS_MAX 32
#define LINK_DNS_SERVERS_MAX 32
struct LinkAddress { struct LinkAddress {
Link *link; Link *link;
@ -58,8 +61,10 @@ struct Link {
LIST_HEAD(DnsServer, dns_servers); LIST_HEAD(DnsServer, dns_servers);
DnsServer *current_dns_server; DnsServer *current_dns_server;
unsigned n_dns_servers;
LIST_HEAD(DnsSearchDomain, search_domains); LIST_HEAD(DnsSearchDomain, search_domains);
unsigned n_search_domains;
Support llmnr_support; Support llmnr_support;

5
src/resolve/resolved-manager.h
View file

@ -45,6 +45,9 @@ enum Support {
#include "resolved-dns-stream.h" #include "resolved-dns-stream.h"
#include "resolved-link.h" #include "resolved-link.h"
#define MANAGER_SEARCH_DOMAINS_MAX 32
#define MANAGER_DNS_SERVERS_MAX 32
struct Manager { struct Manager {
sd_event *event; sd_event *event;
@ -70,9 +73,11 @@ struct Manager {
/* Unicast dns */ /* Unicast dns */
LIST_HEAD(DnsServer, dns_servers); LIST_HEAD(DnsServer, dns_servers);
LIST_HEAD(DnsServer, fallback_dns_servers); LIST_HEAD(DnsServer, fallback_dns_servers);
unsigned n_dns_servers; /* counts both main and fallback */
DnsServer *current_dns_server; DnsServer *current_dns_server;
LIST_HEAD(DnsSearchDomain, search_domains); LIST_HEAD(DnsSearchDomain, search_domains);
unsigned n_search_domains;
bool need_builtin_fallbacks:1; bool need_builtin_fallbacks:1;