diff options
| author | Stuart Henderson <sthen@cvs.openbsd.org> | 2019-12-18 11:03:00 +0000 |
|---|---|---|
| committer | Stuart Henderson <sthen@cvs.openbsd.org> | 2019-12-18 11:03:00 +0000 |
| commit | 80feb8b533ce2d5a9c0115cf2b292e4d5c844f5b (patch) | |
| tree | 258ac62d6196c902741caf0d4fd5664672bdafab | |
| parent | 0044a54030eb7774069bba7e67cdb9b6a0570c75 (diff) | |
import Unbound 1.9.6, ok tb florian
| -rw-r--r-- | usr.sbin/unbound/doc/TODO | 2 | ||||
| -rw-r--r-- | usr.sbin/unbound/ipset/ipset.c | 128 | ||||
| -rw-r--r-- | usr.sbin/unbound/testcode/asynclook.c | 2 | ||||
| -rw-r--r-- | usr.sbin/unbound/testcode/delayer.c | 4 | ||||
| -rwxr-xr-x | usr.sbin/unbound/testcode/mini_tdir.sh | 4 | ||||
| -rw-r--r-- | usr.sbin/unbound/testcode/petal.c | 4 | ||||
| -rw-r--r-- | usr.sbin/unbound/testcode/streamtcp.c | 4 | ||||
| -rw-r--r-- | usr.sbin/unbound/testcode/testbound.c | 27 | ||||
| -rw-r--r-- | usr.sbin/unbound/testcode/testpkts.c | 47 | ||||
| -rw-r--r-- | usr.sbin/unbound/testcode/unitmain.c | 6 | ||||
| -rw-r--r-- | usr.sbin/unbound/testcode/unitregional.c | 4 | ||||
| -rw-r--r-- | usr.sbin/unbound/util/random.h | 13 | ||||
| -rw-r--r-- | usr.sbin/unbound/util/regional.c | 13 |
13 files changed, 165 insertions, 93 deletions
diff --git a/usr.sbin/unbound/doc/TODO b/usr.sbin/unbound/doc/TODO index bfeef4aa47b..a2690451a2b 100644 --- a/usr.sbin/unbound/doc/TODO +++ b/usr.sbin/unbound/doc/TODO @@ -29,7 +29,7 @@ o support OPT record placement on recv anywhere in the additional section. o add local-file: config with authority features. o (option) to make local-data answers be secure for libunbound (default=no) o (option) to make chroot: copy all needed files into jail (or make jail) - perhaps also print reminder to link /dev/random and sysloghack. + perhaps also print reminder to link /dev/urandom and sysloghack. o overhaul outside-network servicedquery to merge with udpwait and tcpwait, to make timers in servicedquery independent of udpwait queues. o check into rebinding ports for efficiency, configure time test. diff --git a/usr.sbin/unbound/ipset/ipset.c b/usr.sbin/unbound/ipset/ipset.c index 85b2edea9ed..f6e2c4a9d8a 100644 --- a/usr.sbin/unbound/ipset/ipset.c +++ b/usr.sbin/unbound/ipset/ipset.c @@ -8,6 +8,7 @@ #include "config.h" #include "ipset/ipset.h" #include "util/regional.h" +#include "util/net_help.h" #include "util/config_file.h" #include "services/cache/dns.h" @@ -96,29 +97,93 @@ static int add_to_ipset(struct mnl_socket *mnl, const char *setname, const void return 0; } -static int ipset_update(struct module_env *env, struct dns_msg *return_msg, struct ipset_env *ie) { +static void +ipset_add_rrset_data(struct ipset_env *ie, struct mnl_socket *mnl, + struct packed_rrset_data *d, const char* setname, int af, + const char* dname) +{ int ret; + size_t j, rr_len, rd_len; + uint8_t *rr_data; - struct mnl_socket *mnl; - - size_t i, j; - - const char *setname; - - struct ub_packed_rrset_key *rrset; - struct packed_rrset_data *d; + /* to d->count, not d->rrsig_count, because we do not want to add the RRSIGs, only the addresses */ + for (j = 0; j < d->count; j++) { + rr_len = d->rr_len[j]; + rr_data = d->rr_data[j]; + + rd_len = sldns_read_uint16(rr_data); + if(af == AF_INET && rd_len != INET_SIZE) + continue; + if(af == AF_INET6 && rd_len != INET6_SIZE) + continue; + if (rr_len - 2 >= rd_len) { + if(verbosity >= VERB_QUERY) { + char ip[128]; + if(inet_ntop(af, rr_data+2, ip, (socklen_t)sizeof(ip)) == 0) + snprintf(ip, sizeof(ip), "(inet_ntop_error)"); + verbose(VERB_QUERY, "ipset: add %s to %s for %s", ip, setname, dname); + } + ret = add_to_ipset(mnl, setname, rr_data + 2, af); + if (ret < 0) { + log_err("ipset: could not add %s into %s", dname, setname); - int af; + mnl_socket_close(mnl); + ie->mnl = NULL; + break; + } + } + } +} +static int +ipset_check_zones_for_rrset(struct module_env *env, struct ipset_env *ie, + struct mnl_socket *mnl, struct ub_packed_rrset_key *rrset, + const char *setname, int af) +{ static char dname[BUFF_LEN]; const char *s; int dlen, plen; struct config_strlist *p; + struct packed_rrset_data *d; - size_t rr_len, rd_len; + dlen = sldns_wire2str_dname_buf(rrset->rk.dname, rrset->rk.dname_len, dname, BUFF_LEN); + if (dlen == 0) { + log_err("bad domain name"); + return -1; + } + if (dname[dlen - 1] == '.') { + dlen--; + } + + for (p = env->cfg->local_zones_ipset; p; p = p->next) { + plen = strlen(p->str); + + if (dlen >= plen) { + s = dname + (dlen - plen); + + if (strncasecmp(p->str, s, plen) == 0) { + d = (struct packed_rrset_data*)rrset->entry.data; + ipset_add_rrset_data(ie, mnl, d, setname, + af, dname); + break; + } + } + } + return 0; +} + +static int ipset_update(struct module_env *env, struct dns_msg *return_msg, struct ipset_env *ie) { + struct mnl_socket *mnl; + + size_t i; + + const char *setname; + + struct ub_packed_rrset_key *rrset; + + int af; - uint8_t *rr_data; mnl = (struct mnl_socket *)ie->mnl; if (!mnl) { @@ -149,44 +214,9 @@ static int ipset_update(struct module_env *env, struct dns_msg *return_msg, stru } if (setname) { - dlen = sldns_wire2str_dname_buf(rrset->rk.dname, rrset->rk.dname_len, dname, BUFF_LEN); - if (dlen == 0) { - log_err("bad domain name"); + if(ipset_check_zones_for_rrset(env, ie, mnl, rrset, + setname, af) == -1) return -1; - } - if (dname[dlen - 1] == '.') { - dlen--; - } - - for (p = env->cfg->local_zones_ipset; p; p = p->next) { - plen = strlen(p->str); - - if (dlen >= plen) { - s = dname + (dlen - plen); - - if (strncasecmp(p->str, s, plen) == 0) { - d = (struct packed_rrset_data*)rrset->entry.data; - /* to d->count, not d->rrsig_count, because we do not want to add the RRSIGs, only the addresses */ - for (j = 0; j < d->count; j++) { - rr_len = d->rr_len[j]; - rr_data = d->rr_data[j]; - - rd_len = sldns_read_uint16(rr_data); - if (rr_len - 2 >= rd_len) { - ret = add_to_ipset(mnl, setname, rr_data + 2, af); - if (ret < 0) { - log_err("ipset: could not add %s into %s", dname, setname); - - mnl_socket_close(mnl); - ie->mnl = NULL; - break; - } - } - } - break; - } - } - } } } diff --git a/usr.sbin/unbound/testcode/asynclook.c b/usr.sbin/unbound/testcode/asynclook.c index f82c6dcab71..660f72a7df8 100644 --- a/usr.sbin/unbound/testcode/asynclook.c +++ b/usr.sbin/unbound/testcode/asynclook.c @@ -482,7 +482,9 @@ int main(int argc, char** argv) ERR_load_SSL_strings(); #endif #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) +# ifndef S_SPLINT_S OpenSSL_add_all_algorithms(); +# endif #else OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS diff --git a/usr.sbin/unbound/testcode/delayer.c b/usr.sbin/unbound/testcode/delayer.c index 655e4a1e7f1..ebf883926cb 100644 --- a/usr.sbin/unbound/testcode/delayer.c +++ b/usr.sbin/unbound/testcode/delayer.c @@ -1042,7 +1042,7 @@ service(const char* bind_str, int bindport, const char* serv_str, } i=0; if(bindport == 0) { - bindport = 1024 + arc4random()%64000; + bindport = 1024 + ((int)arc4random())%64000; i = 100; } while(1) { @@ -1058,7 +1058,7 @@ service(const char* bind_str, int bindport, const char* serv_str, #endif if(i--==0) fatal_exit("cannot bind any port"); - bindport = 1024 + arc4random()%64000; + bindport = 1024 + ((int)arc4random())%64000; } else break; } fd_set_nonblock(s); diff --git a/usr.sbin/unbound/testcode/mini_tdir.sh b/usr.sbin/unbound/testcode/mini_tdir.sh index 96745515e3e..5f02b0862ee 100755 --- a/usr.sbin/unbound/testcode/mini_tdir.sh +++ b/usr.sbin/unbound/testcode/mini_tdir.sh @@ -119,7 +119,11 @@ fi # Copy echo "minitdir copy $1 to $dir" mkdir $dir +if cp --help 2>&1 | grep -- "-a" >/dev/null; then cp -a $name.tdir/* $dir/ +else +cp -R $name.tdir/* $dir/ +fi cd $dir # EXE diff --git a/usr.sbin/unbound/testcode/petal.c b/usr.sbin/unbound/testcode/petal.c index a733017a470..dcc31fdc5d9 100644 --- a/usr.sbin/unbound/testcode/petal.c +++ b/usr.sbin/unbound/testcode/petal.c @@ -301,7 +301,7 @@ setup_ssl(int s, SSL_CTX* ctx) SSL* ssl = SSL_new(ctx); if(!ssl) return NULL; SSL_set_accept_state(ssl); - (void)SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); + (void)SSL_set_mode(ssl, (long)SSL_MODE_AUTO_RETRY); if(!SSL_set_fd(ssl, s)) { SSL_free(ssl); return NULL; @@ -657,7 +657,9 @@ int main(int argc, char* argv[]) ERR_load_SSL_strings(); #endif #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) +# ifndef S_SPLINT_S OpenSSL_add_all_algorithms(); +# endif #else OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS diff --git a/usr.sbin/unbound/testcode/streamtcp.c b/usr.sbin/unbound/testcode/streamtcp.c index 668d6360bb9..65ea8d4bcae 100644 --- a/usr.sbin/unbound/testcode/streamtcp.c +++ b/usr.sbin/unbound/testcode/streamtcp.c @@ -314,7 +314,7 @@ static int get_random(void) if (RAND_bytes((unsigned char*)&r, (int)sizeof(r)) == 1) { return r; } - return arc4random(); + return (int)arc4random(); } /** send the TCP queries and print answers */ @@ -485,7 +485,9 @@ int main(int argc, char** argv) ERR_load_SSL_strings(); #endif #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) +# ifndef S_SPLINT_S OpenSSL_add_all_algorithms(); +# endif #else OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS diff --git a/usr.sbin/unbound/testcode/testbound.c b/usr.sbin/unbound/testcode/testbound.c index 246bc6735b4..4405231c086 100644 --- a/usr.sbin/unbound/testcode/testbound.c +++ b/usr.sbin/unbound/testcode/testbound.c @@ -65,6 +65,23 @@ /** config files (removed at exit) */ static struct config_strlist* cfgfiles = NULL; +#ifdef UNBOUND_ALLOC_STATS +# define strdup(s) unbound_stat_strdup_log(s, __FILE__, __LINE__, __func__) +char* unbound_stat_strdup_log(char* s, const char* file, int line, + const char* func); +char* unbound_stat_strdup_log(char* s, const char* file, int line, + const char* func) { + char* result; + size_t len; + if(!s) return NULL; + len = strlen(s); + log_info("%s:%d %s strdup(%u)", file, line, func, (unsigned)len+1); + result = unbound_stat_malloc(len+1); + memmove(result, s, len+1); + return result; +} +#endif /* UNBOUND_ALLOC_STATS */ + /** give commandline usage for testbound. */ static void testbound_usage(void) @@ -358,7 +375,7 @@ main(int argc, char* argv[]) testbound_selftest(); checklock_stop(); if(log_get_lock()) { - lock_quick_destroy((lock_quick_type*)log_get_lock()); + lock_basic_destroy((lock_basic_type*)log_get_lock()); } exit(0); case '1': @@ -463,8 +480,14 @@ main(int argc, char* argv[]) free(pass_argv[c]); if(res == 0) { log_info("Testbound Exit Success\n"); + /* remove configfile from here, the atexit() is for when + * there is a crash to remove the tmpdir file. + * This one removes the file while alloc and log locks are + * still valid, and can be logged (for memory calculation), + * it leaves the ptr NULL so the atexit does nothing. */ + remove_configfile(); if(log_get_lock()) { - lock_quick_destroy((lock_quick_type*)log_get_lock()); + lock_basic_destroy((lock_basic_type*)log_get_lock()); } #ifdef HAVE_PTHREAD /* dlopen frees its thread state (dlopen of gost engine) */ diff --git a/usr.sbin/unbound/testcode/testpkts.c b/usr.sbin/unbound/testcode/testpkts.c index 6c90567aa32..82c1439677c 100644 --- a/usr.sbin/unbound/testcode/testpkts.c +++ b/usr.sbin/unbound/testcode/testpkts.c @@ -704,6 +704,7 @@ static sldns_rr_type get_qtype(uint8_t* pkt, size_t pktlen) uint8_t* d; size_t dl, sl=0; char* snull = NULL; + int comprloop = 0; if(pktlen < LDNS_HEADER_SIZE) return 0; if(LDNS_QDCOUNT(pkt) == 0) @@ -711,7 +712,7 @@ static sldns_rr_type get_qtype(uint8_t* pkt, size_t pktlen) /* skip over dname with dname-scan routine */ d = pkt+LDNS_HEADER_SIZE; dl = pktlen-LDNS_HEADER_SIZE; - (void)sldns_wire2str_dname_scan(&d, &dl, &snull, &sl, pkt, pktlen); + (void)sldns_wire2str_dname_scan(&d, &dl, &snull, &sl, pkt, pktlen, &comprloop); if(dl < 2) return 0; return sldns_read_uint16(d); @@ -723,6 +724,7 @@ static size_t get_qname_len(uint8_t* pkt, size_t pktlen) uint8_t* d; size_t dl, sl=0; char* snull = NULL; + int comprloop = 0; if(pktlen < LDNS_HEADER_SIZE) return 0; if(LDNS_QDCOUNT(pkt) == 0) @@ -730,7 +732,7 @@ static size_t get_qname_len(uint8_t* pkt, size_t pktlen) /* skip over dname with dname-scan routine */ d = pkt+LDNS_HEADER_SIZE; dl = pktlen-LDNS_HEADER_SIZE; - (void)sldns_wire2str_dname_scan(&d, &dl, &snull, &sl, pkt, pktlen); + (void)sldns_wire2str_dname_scan(&d, &dl, &snull, &sl, pkt, pktlen, &comprloop); return pktlen-dl-LDNS_HEADER_SIZE; } @@ -767,6 +769,7 @@ static uint32_t get_serial(uint8_t* p, size_t plen) size_t walk_len = plen, sl=0; char* snull = NULL; uint16_t i; + int comprloop = 0; if(walk_len < LDNS_HEADER_SIZE) return 0; @@ -776,10 +779,10 @@ static uint32_t get_serial(uint8_t* p, size_t plen) /* skip other records with wire2str_scan */ for(i=0; i < LDNS_QDCOUNT(p); i++) (void)sldns_wire2str_rrquestion_scan(&walk, &walk_len, - &snull, &sl, p, plen); + &snull, &sl, p, plen, &comprloop); for(i=0; i < LDNS_ANCOUNT(p); i++) (void)sldns_wire2str_rr_scan(&walk, &walk_len, &snull, &sl, - p, plen); + p, plen, &comprloop); /* walk through authority section */ for(i=0; i < LDNS_NSCOUNT(p); i++) { @@ -787,7 +790,7 @@ static uint32_t get_serial(uint8_t* p, size_t plen) uint8_t* dstart = walk; size_t dlen = walk_len; (void)sldns_wire2str_dname_scan(&dstart, &dlen, &snull, &sl, - p, plen); + p, plen, &comprloop); if(dlen >= 2 && sldns_read_uint16(dstart) == LDNS_RR_TYPE_SOA) { /* skip type, class, TTL, rdatalen */ if(dlen < 10) @@ -798,9 +801,9 @@ static uint32_t get_serial(uint8_t* p, size_t plen) dlen -= 10; /* check third rdf */ (void)sldns_wire2str_dname_scan(&dstart, &dlen, &snull, - &sl, p, plen); + &sl, p, plen, &comprloop); (void)sldns_wire2str_dname_scan(&dstart, &dlen, &snull, - &sl, p, plen); + &sl, p, plen, &comprloop); if(dlen < 4) return 0; verbose(3, "found serial %u in msg. ", @@ -809,7 +812,7 @@ static uint32_t get_serial(uint8_t* p, size_t plen) } /* move to next RR */ (void)sldns_wire2str_rr_scan(&walk, &walk_len, &snull, &sl, - p, plen); + p, plen, &comprloop); } return 0; } @@ -823,6 +826,7 @@ pkt_find_edns_opt(uint8_t** p, size_t* plen) size_t wlen = *plen, sl=0; char* snull = NULL; uint16_t i; + int comprloop = 0; if(wlen < LDNS_HEADER_SIZE) return 0; @@ -832,11 +836,11 @@ pkt_find_edns_opt(uint8_t** p, size_t* plen) /* skip other records with wire2str_scan */ for(i=0; i < LDNS_QDCOUNT(*p); i++) (void)sldns_wire2str_rrquestion_scan(&w, &wlen, &snull, &sl, - *p, *plen); + *p, *plen, &comprloop); for(i=0; i < LDNS_ANCOUNT(*p); i++) - (void)sldns_wire2str_rr_scan(&w, &wlen, &snull, &sl, *p, *plen); + (void)sldns_wire2str_rr_scan(&w, &wlen, &snull, &sl, *p, *plen, &comprloop); for(i=0; i < LDNS_NSCOUNT(*p); i++) - (void)sldns_wire2str_rr_scan(&w, &wlen, &snull, &sl, *p, *plen); + (void)sldns_wire2str_rr_scan(&w, &wlen, &snull, &sl, *p, *plen, &comprloop); /* walk through additional section */ for(i=0; i < LDNS_ARCOUNT(*p); i++) { @@ -844,14 +848,14 @@ pkt_find_edns_opt(uint8_t** p, size_t* plen) uint8_t* dstart = w; size_t dlen = wlen; (void)sldns_wire2str_dname_scan(&dstart, &dlen, &snull, &sl, - *p, *plen); + *p, *plen, &comprloop); if(dlen >= 2 && sldns_read_uint16(dstart) == LDNS_RR_TYPE_OPT) { *p = dstart+2; *plen = dlen-2; return 1; } /* move to next RR */ - (void)sldns_wire2str_rr_scan(&w, &wlen, &snull, &sl, *p, *plen); + (void)sldns_wire2str_rr_scan(&w, &wlen, &snull, &sl, *p, *plen, &comprloop); } return 0; } @@ -889,25 +893,26 @@ zerottls(uint8_t* pkt, size_t pktlen) char* snull = NULL; uint16_t i; uint16_t num = LDNS_ANCOUNT(pkt)+LDNS_NSCOUNT(pkt)+LDNS_ARCOUNT(pkt); + int comprloop = 0; if(walk_len < LDNS_HEADER_SIZE) return; walk += LDNS_HEADER_SIZE; walk_len -= LDNS_HEADER_SIZE; for(i=0; i < LDNS_QDCOUNT(pkt); i++) (void)sldns_wire2str_rrquestion_scan(&walk, &walk_len, - &snull, &sl, pkt, pktlen); + &snull, &sl, pkt, pktlen, &comprloop); for(i=0; i < num; i++) { /* wipe TTL */ uint8_t* dstart = walk; size_t dlen = walk_len; (void)sldns_wire2str_dname_scan(&dstart, &dlen, &snull, &sl, - pkt, pktlen); + pkt, pktlen, &comprloop); if(dlen < 8) return; sldns_write_uint32(dstart+4, 0); /* go to next RR */ (void)sldns_wire2str_rr_scan(&walk, &walk_len, &snull, &sl, - pkt, pktlen); + pkt, pktlen, &comprloop); } } @@ -1347,10 +1352,11 @@ static int equal_dname(uint8_t* q, size_t qlen, uint8_t* p, size_t plen) char qs[512], ps[512]; size_t qslen = sizeof(qs), pslen = sizeof(ps); char* qss = qs, *pss = ps; + int comprloop = 0; if(!qn || !pn) return 0; - (void)sldns_wire2str_dname_scan(&qn, &qlen, &qss, &qslen, q, qlen); - (void)sldns_wire2str_dname_scan(&pn, &plen, &pss, &pslen, p, plen); + (void)sldns_wire2str_dname_scan(&qn, &qlen, &qss, &qslen, q, qlen, &comprloop); + (void)sldns_wire2str_dname_scan(&pn, &plen, &pss, &pslen, p, plen, &comprloop); return (strcmp(qs, ps) == 0); } @@ -1364,11 +1370,12 @@ static int subdomain_dname(uint8_t* q, size_t qlen, uint8_t* p, size_t plen) char qs[5120], ps[5120]; size_t qslen = sizeof(qs), pslen = sizeof(ps); char* qss = qs, *pss = ps; + int comprloop = 0; if(!qn || !pn) return 0; /* decompresses domain names */ - (void)sldns_wire2str_dname_scan(&qn, &qlen, &qss, &qslen, q, qlen); - (void)sldns_wire2str_dname_scan(&pn, &plen, &pss, &pslen, p, plen); + (void)sldns_wire2str_dname_scan(&qn, &qlen, &qss, &qslen, q, qlen, &comprloop); + (void)sldns_wire2str_dname_scan(&pn, &plen, &pss, &pslen, p, plen, &comprloop); /* same: false, (strict subdomain check)??? */ if(strcmp(qs, ps) == 0) return 1; diff --git a/usr.sbin/unbound/testcode/unitmain.c b/usr.sbin/unbound/testcode/unitmain.c index e28be8c833a..e8e7a44c7cb 100644 --- a/usr.sbin/unbound/testcode/unitmain.c +++ b/usr.sbin/unbound/testcode/unitmain.c @@ -538,10 +538,8 @@ rnd_test(void) struct ub_randstate* r; int num = 1000, i; long int a[1000]; - unsigned int seed = (unsigned)time(NULL); unit_show_feature("ub_random"); - printf("ub_random seed is %u\n", seed); - unit_assert( (r = ub_initstate(seed, NULL)) ); + unit_assert( (r = ub_initstate(NULL)) ); for(i=0; i<num; i++) { a[i] = ub_random(r); unit_assert(a[i] >= 0); @@ -907,7 +905,7 @@ main(int argc, char* argv[]) ecs_test(); #endif /* CLIENT_SUBNET */ if(log_get_lock()) { - lock_quick_destroy((lock_quick_type*)log_get_lock()); + lock_basic_destroy((lock_basic_type*)log_get_lock()); } checklock_stop(); printf("%d checks ok.\n", testcount); diff --git a/usr.sbin/unbound/testcode/unitregional.c b/usr.sbin/unbound/testcode/unitregional.c index 49c8147c944..d21e2caa366 100644 --- a/usr.sbin/unbound/testcode/unitregional.c +++ b/usr.sbin/unbound/testcode/unitregional.c @@ -50,7 +50,9 @@ corner_cases(struct regional* r) size_t s; /* shadow count of allocated memory */ void* a; size_t minsize = sizeof(uint64_t); +#ifndef UNBOUND_ALLOC_NONREGIONAL size_t mysize; +#endif char* str; unit_assert(r); /* alloc cases: @@ -75,6 +77,7 @@ corner_cases(struct regional* r) s+=0; unit_assert(r->available == r->first_size - s); +#ifndef UNBOUND_ALLOC_NONREGIONAL a = regional_alloc(r, 1); unit_assert(a); memset(a, 0x42, 1); @@ -171,6 +174,7 @@ corner_cases(struct regional* r) memset(a, 0x42, mysize); unit_assert(a); unit_assert(r->available == 8); +#endif /* UNBOUND_ALLOC_NONREGIONAL */ /* test if really copied over */ str = "test12345"; diff --git a/usr.sbin/unbound/util/random.h b/usr.sbin/unbound/util/random.h index a05a994a3d5..b257793a444 100644 --- a/usr.sbin/unbound/util/random.h +++ b/usr.sbin/unbound/util/random.h @@ -48,24 +48,13 @@ struct ub_randstate; /** - * Initialize the system randomness. Obtains entropy from the system - * before a chroot or privilege makes it unavailable. - * You do not have to call this, otherwise ub_initstate does so. - * @param seed: seed value to create state (if no good entropy is found). - */ -void ub_systemseed(unsigned int seed); - -/** * Initialize a random generator state for use - * @param seed: seed value to create state contents. - * (ignored for arc4random). * @param from: if not NULL, the seed is taken from this random structure. * can be used to seed random states via a parent-random-state that * is itself seeded with entropy. * @return new state or NULL alloc failure. */ -struct ub_randstate* ub_initstate(unsigned int seed, - struct ub_randstate* from); +struct ub_randstate* ub_initstate(struct ub_randstate* from); /** * Generate next random number from the state passed along. diff --git a/usr.sbin/unbound/util/regional.c b/usr.sbin/unbound/util/regional.c index 899a54edbdd..ff36d0e2124 100644 --- a/usr.sbin/unbound/util/regional.c +++ b/usr.sbin/unbound/util/regional.c @@ -84,6 +84,7 @@ struct regional* regional_create_custom(size_t size) { struct regional* r = (struct regional*)malloc(size); + size = ALIGN_UP(size, ALIGNMENT); log_assert(sizeof(struct regional) <= size); if(!r) return NULL; r->first_size = size; @@ -120,8 +121,18 @@ regional_destroy(struct regional *r) void * regional_alloc(struct regional *r, size_t size) { - size_t a = ALIGN_UP(size, ALIGNMENT); + size_t a; void *s; + if( +#if SIZEOF_SIZE_T == 8 + (unsigned long long)size >= 0xffffffffffffff00ULL +#else + (unsigned)size >= (unsigned)0xffffff00UL +#endif + ) + return NULL; /* protect against integer overflow in + malloc and ALIGN_UP */ + a = ALIGN_UP(size, ALIGNMENT); /* large objects */ if(a > REGIONAL_LARGE_OBJECT_SIZE) { s = malloc(ALIGNMENT + size); |