Import Unbound 1.4.16 to work on in-tree (not yet linked to the build).

These are the direct sources from NLnet Labs upstream, minus these:
compat contrib libunbound/python pythonmod testcode testdata winrc

ok deraadt@ jakob@

2 files changed, 41 insertions, 84 deletions

diff --git a/usr.sbin/unbound/services/cache/rrset.c b/usr.sbin/unbound/services/cache/rrset.c
index 2c855295387..b9d20db0e5d 100644
--- a/usr.sbin/unbound/services/cache/rrset.c
+++ b/usr.sbin/unbound/services/cache/rrset.c
@@ -21,16 +21,16 @@
  * specific prior written permission.
  * 
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
  */
 
 /**
@@ -40,7 +40,6 @@
  */
 #include "config.h"
 #include "services/cache/rrset.h"
-#include "sldns/rrdef.h"
 #include "util/storage/slabhash.h"
 #include "util/config_file.h"
 #include "util/data/packed_rrset.h"
@@ -121,7 +120,7 @@ rrset_cache_touch(struct rrset_cache* r, struct ub_packed_rrset_key* key,
 
 /** see if rrset needs to be updated in the cache */
 static int
-need_to_update_rrset(void* nd, void* cd, time_t timenow, int equal, int ns)
+need_to_update_rrset(void* nd, void* cd, uint32_t timenow, int equal, int ns)
 {
 	struct packed_rrset_data* newd = (struct packed_rrset_data*)nd;
 	struct packed_rrset_data* cached = (struct packed_rrset_data*)cd;
@@ -182,7 +181,7 @@ rrset_update_id(struct rrset_ref* ref, struct alloc_cache* alloc)
 
 int 
 rrset_cache_update(struct rrset_cache* r, struct rrset_ref* ref,
-	struct alloc_cache* alloc, time_t timenow)
+	struct alloc_cache* alloc, uint32_t timenow)
 {
 	struct lruhash_entry* e;
 	struct ub_packed_rrset_key* k = ref->key;
@@ -238,7 +237,7 @@ rrset_cache_update(struct rrset_cache* r, struct rrset_ref* ref,
 
 struct ub_packed_rrset_key* 
 rrset_cache_lookup(struct rrset_cache* r, uint8_t* qname, size_t qnamelen, 
-	uint16_t qtype, uint16_t qclass, uint32_t flags, time_t timenow,
+	uint16_t qtype, uint16_t qclass, uint32_t flags, uint32_t timenow,
 	int wr)
 {
 	struct lruhash_entry* e;
@@ -269,7 +268,7 @@ rrset_cache_lookup(struct rrset_cache* r, uint8_t* qname, size_t qnamelen,
 }
 
 int 
-rrset_array_lock(struct rrset_ref* ref, size_t count, time_t timenow)
+rrset_array_lock(struct rrset_ref* ref, size_t count, uint32_t timenow)
 {
 	size_t i;
 	for(i=0; i<count; i++) {
@@ -304,11 +303,10 @@ rrset_array_unlock_touch(struct rrset_cache* r, struct regional* scratch,
 {
 	hashvalue_t* h;
 	size_t i;
-	if(count > RR_COUNT_MAX || !(h = (hashvalue_t*)regional_alloc(scratch, 
-		sizeof(hashvalue_t)*count))) {
+	if(!(h = (hashvalue_t*)regional_alloc(scratch, 
+		sizeof(hashvalue_t)*count)))
 		log_warn("rrset LRU: memory allocation failed");
-		h = NULL;
-	} else 	/* store hash values */
+	else 	/* store hash values */
 		for(i=0; i<count; i++)
 			h[i] = ref[i].key->entry.hash;
 	/* unlock */
@@ -329,7 +327,7 @@ rrset_array_unlock_touch(struct rrset_cache* r, struct regional* scratch,
 
 void 
 rrset_update_sec_status(struct rrset_cache* r, 
-	struct ub_packed_rrset_key* rrset, time_t now)
+	struct ub_packed_rrset_key* rrset, uint32_t now)
 {
 	struct packed_rrset_data* updata = 
 		(struct packed_rrset_data*)rrset->entry.data;
@@ -368,7 +366,7 @@ rrset_update_sec_status(struct rrset_cache* r,
 
 void 
 rrset_check_sec_status(struct rrset_cache* r, 
-	struct ub_packed_rrset_key* rrset, time_t now)
+	struct ub_packed_rrset_key* rrset, uint32_t now)
 {
 	struct packed_rrset_data* updata = 
 		(struct packed_rrset_data*)rrset->entry.data;
diff --git a/usr.sbin/unbound/smallapp/unbound-checkconf.c b/usr.sbin/unbound/smallapp/unbound-checkconf.c
index 0524edeaab1..8b56f960761 100644
--- a/usr.sbin/unbound/smallapp/unbound-checkconf.c
+++ b/usr.sbin/unbound/smallapp/unbound-checkconf.c
@@ -21,16 +21,16 @@
  * specific prior written permission.
  * 
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
  */
 
 /**
@@ -50,10 +50,8 @@
 #include "util/regional.h"
 #include "iterator/iterator.h"
 #include "iterator/iter_fwd.h"
-#include "iterator/iter_hints.h"
 #include "validator/validator.h"
 #include "services/localzone.h"
-#include "sldns/sbuffer.h"
 #ifdef HAVE_GETOPT_H
 #include <getopt.h>
 #endif
@@ -78,7 +76,6 @@ usage()
 	printf("	Checks unbound configuration file for errors.\n");
 	printf("file	if omitted %s is used.\n", CONFIGFILE);
 	printf("-o option	print value of option to stdout.\n");
-	printf("-f 		output full pathname with chroot applied, eg. with -o pidfile.\n");
 	printf("-h		show this usage help.\n");
 	printf("Version %s\n", PACKAGE_VERSION);
 	printf("BSD licensed, see LICENSE in source package for details.\n");
@@ -91,15 +88,10 @@ usage()
  * @param cfg: config
  * @param opt: option name without trailing :. 
  *	This is different from config_set_option.
- * @param final: if final pathname with chroot applied has to be printed.
  */
 static void
-print_option(struct config_file* cfg, const char* opt, int final)
+print_option(struct config_file* cfg, const char* opt)
 {
-	if(strcmp(opt, "pidfile") == 0 && final) {
-		printf("%s\n", fname_after_chroot(cfg->pidfile, cfg, 1));
-		return;
-	}
 	if(!config_get_option(cfg, opt, config_print_func, stdout))
 		fatal_exit("cannot print option '%s'", opt);
 }
@@ -112,14 +104,14 @@ check_mod(struct config_file* cfg, struct module_func_block* fb)
 	memset(&env, 0, sizeof(env));
 	env.cfg = cfg;
 	env.scratch = regional_create();
-	env.scratch_buffer = sldns_buffer_new(BUFSIZ);
+	env.scratch_buffer = ldns_buffer_new(BUFSIZ);
 	if(!env.scratch || !env.scratch_buffer)
 		fatal_exit("out of memory");
 	if(!(*fb->init)(&env, 0)) {
 		fatal_exit("bad config for %s module", fb->name);
 	}
 	(*fb->deinit)(&env, 0);
-	sldns_buffer_free(env.scratch_buffer);
+	ldns_buffer_free(env.scratch_buffer);
 	regional_destroy(env.scratch);
 }
 
@@ -350,9 +342,9 @@ morechecks(struct config_file* cfg, const char* fname)
 		if(fname[0] != '/') {
 			if(getcwd(buf, sizeof(buf)) == NULL)
 				fatal_exit("getcwd: %s", strerror(errno));
-			(void)strlcat(buf, "/", sizeof(buf));
+			strncat(buf, "/", sizeof(buf)-strlen(buf)-1);
 		}
-		(void)strlcat(buf, fname, sizeof(buf));
+		strncat(buf, fname, sizeof(buf)-strlen(buf)-1);
 		if(strncmp(buf, cfg->chrootdir, strlen(cfg->chrootdir)) != 0)
 			fatal_exit("config file %s is not inside chroot %s",
 				buf, cfg->chrootdir);
@@ -398,17 +390,10 @@ morechecks(struct config_file* cfg, const char* fname)
 	
 	if(strcmp(cfg->module_conf, "iterator") != 0 
 		&& strcmp(cfg->module_conf, "validator iterator") != 0
-		&& strcmp(cfg->module_conf, "dns64 validator iterator") != 0
-		&& strcmp(cfg->module_conf, "dns64 iterator") != 0
 #ifdef WITH_PYTHONMODULE
 		&& strcmp(cfg->module_conf, "python iterator") != 0 
 		&& strcmp(cfg->module_conf, "python validator iterator") != 0 
 		&& strcmp(cfg->module_conf, "validator python iterator") != 0
-		&& strcmp(cfg->module_conf, "dns64 python iterator") != 0 
-		&& strcmp(cfg->module_conf, "dns64 python validator iterator") != 0 
-		&& strcmp(cfg->module_conf, "dns64 validator python iterator") != 0
-		&& strcmp(cfg->module_conf, "python dns64 iterator") != 0 
-		&& strcmp(cfg->module_conf, "python dns64 validator iterator") != 0 
 #endif
 		) {
 		fatal_exit("module conf '%s' is not known to work",
@@ -422,7 +407,7 @@ morechecks(struct config_file* cfg, const char* fname)
 		endpwent();
 	}
 #endif
-	if(cfg->remote_control_enable && cfg->remote_control_use_cert) {
+	if(cfg->remote_control_enable) {
 		check_chroot_string("server-key-file", &cfg->server_key_file,
 			cfg->chrootdir, cfg);
 		check_chroot_string("server-cert-file", &cfg->server_cert_file,
@@ -449,20 +434,9 @@ check_fwd(struct config_file* cfg)
 	forwards_delete(fwd);
 }
 
-/** check hints */
-static void
-check_hints(struct config_file* cfg)
-{
-	struct iter_hints* hints = hints_create();
-	if(!hints || !hints_apply_cfg(hints, cfg)) {
-		fatal_exit("Could not set root or stub hints");
-	}
-	hints_delete(hints);
-}
-
 /** check config file */
 static void
-checkconf(const char* cfgfile, const char* opt, int final)
+checkconf(const char* cfgfile, const char* opt)
 {
 	struct config_file* cfg = config_create();
 	if(!cfg)
@@ -472,11 +446,6 @@ checkconf(const char* cfgfile, const char* opt, int final)
 		config_delete(cfg);
 		exit(1);
 	}
-	if(opt) {
-		print_option(cfg, opt, final);
-		config_delete(cfg);
-		return;
-	}
 	morechecks(cfg, cfgfile);
 	check_mod(cfg, iter_get_funcblock());
 	check_mod(cfg, val_get_funcblock());
@@ -485,8 +454,8 @@ checkconf(const char* cfgfile, const char* opt, int final)
 		check_mod(cfg, pythonmod_get_funcblock());
 #endif
 	check_fwd(cfg);
-	check_hints(cfg);
-	printf("unbound-checkconf: no errors in %s\n", cfgfile);
+	if(opt) print_option(cfg, opt);
+	else	printf("unbound-checkconf: no errors in %s\n", cfgfile);
 	config_delete(cfg);
 }
 
@@ -499,24 +468,14 @@ extern char* optarg;
 int main(int argc, char* argv[])
 {
 	int c;
-	int final = 0;
 	const char* f;
 	const char* opt = NULL;
-	const char* cfgfile = CONFIGFILE;
 	log_ident_set("unbound-checkconf");
 	log_init(NULL, 0, NULL);
 	checklock_start();
-#ifdef USE_WINSOCK
-	/* use registry config file in preference to compiletime location */
-	if(!(cfgfile=w_lookup_reg_str("Software\\Unbound", "ConfigFile")))
-		cfgfile = CONFIGFILE;
-#endif /* USE_WINSOCK */
 	/* parse the options */
-	while( (c=getopt(argc, argv, "fho:")) != -1) {
+	while( (c=getopt(argc, argv, "ho:")) != -1) {
 		switch(c) {
-		case 'f':
-			final = 1;
-			break;
 		case 'o':
 			opt = optarg;
 			break;
@@ -532,8 +491,8 @@ int main(int argc, char* argv[])
 		usage();
 	if(argc == 1)
 		f = argv[0];
-	else	f = cfgfile;
-	checkconf(f, opt, final);
+	else	f = CONFIGFILE;
+	checkconf(f, opt);
 	checklock_stop();
 	return 0;
 }