[adns] / src / reply.c

/**/

#include "internal.h"

typedef enum {
  rcode_noerror,
  rcode_formaterror,
  rcode_servfail,
  rcode_nxdomain,
  rcode_notimp,
  rcode_refused
} dns_rcode;

#define GETIL_B(cb) (dgram[*(cb)++])
#define GET_B(cb,tv) ((tv)= GETIL_B((cb)))
#define GET_W(cb,tv) ((tv)=0, (tv)|=(GETIL_B((cb))<<8), (tv)|=GETIL_B(cb), (tv))

static void vbuf__append_quoted1035(vbuf *vb, const byte *buf, int len) {
  char qbuf[10];
  int i;
  
  while (len) {
    qbuf[0]= 0;
    for (i=0; i<len; i++) {
      ch= buf[i];
      if (ch == '.' || ch == '"' || ch == '(' || ch == ')' ||
	  ch == '@' || ch == ';' || ch == '$') {
	sprintf(qbuf,"\\%c",ch);
	break;
      } else if (ch <= ' ' || ch >= 127) {
	sprintf(qbuf,"\\%03o",ch);
	break;
      }
    }
    if (!adns__vbuf_append(vb,buf,i) || !adns__vbuf_append(vb,qbuf,strlen(qbuf)))
      return adns_s_nolocalmem;
    buf+= i; len-= i;
  }
}

static adns_status get_label(const byte *dgram, int dglen, int *max_io,
			     int *cbyte_io, int *lablen_r, int *labstart_r,
			     int *namelen_io) {
  /* If succeeds, *lablen_r may be set to -1 to indicate truncation/overrun */
  int max, cbyte, lablen, namelen;

  max= *max_io;
  cbyte= *cbyte_io;
  
  for (;;) {
    if (cbyte+2 > max) goto x_truncated;
    GET_W(cbyte,lablen);
    if (!(lablen & 0x0c000)) break;
    if ((lablen & 0x0c000) != 0x0c000) return adns_s_unknownreply;
    if (cbyte_io) { *cbyte_io= cbyte; cbyte_io= 0; }
    cbyte= dgram+DNS_HDR_SIZE+(lablen&0x3fff);
    *max_io= max= dglen;
  }
  if (labstart_r) *labstart_r= cbyte;
  if (lablen) {
    namelen= *namelen_io;
    if (namelen) namelen++;
    namelen+= lablen;
    if (namelen > DNS_MAXDOMAIN) return adns_s_domaintoolong;
    *namelen_io= namelen;
    cbyte+= lablen;
    if (cbyte > max) goto x_truncated;
  }
  if (cbyte_io) *cbyte_io= cbyte;
  *lablen_r= lablen;
  return adns_s_ok;

 x_truncated:
  *lablen_r= -1;
  return adns_s_ok;
}

static adns_status get_domain_perm(adns_state ads, adns_query qu, int serv,
				   const byte *dgram, int dglen,
				   int *cbyte_io, int max, char **domain_r) {
  /* Returns 0     for OK (*domain_r set) or truncated (*domain_r null)
   *      or any other adns_s_* value.
   */
  int cbyte, sused, lablen, namelen;

  /* If we follow a pointer we set cbyte_io to 0 to indicate that
   * we've lost our original starting and ending points; we don't
   * put the end of the pointed-to thing into the original *cbyte_io.
   */
  cbyte= *cbyte_io;
  sused= qu->ans.used;
  *domain_r= 0;
  namelen= 0;
  for (;;) {
    st= get_label(dgram,dglen,&max, &cbyte,&lablen,&labstart,&namelen);
    if (st) return st;
    if (lablen<0) goto x_truncated;
    if (!lablen) break;
    if (qu->ans.used != sused)
      if (!adns__vbuf_append(&qu->ans,".",1)) return adns_s_nolocalmem;
    if (qu->flags & adns_qf_anyquote) {
      if (!vbuf__append_quoted1035(&qu->ans,dgram+labstart,lablen))
	return adns_s_nolocalmem;
    } else {
      if (!ctype_isalpha(dgram[labstart])) return adns_s_invaliddomain;
      for (i= cbyte+1; i<cbyte+lablen; i++) {
	ch= dgram[cbyte];
	if (ch != '-' && !ctype_isalpha(ch) && !ctype_isdigit(ch))
	  return adns_s_invaliddomain;
      }
      if (!adns__vbuf_append(&qu->ans,dgram+labstart,lablen))
	return adns_s_nolocalmem;
    }
  }
  if (cbyte_io) *cbyte_io= cbyte;
  if (!adns__vbuf_append(&qu->ans,"",1)) return adns_s_nolocalmem;
  *domain_r= qu->ans.buf+sused;
  return adns_s_ok;

 x_truncated:
  return cbyte_io ? -1 : adns_s_serverfaulty;
}
    
static adns_status get_domain_temp(adns_state ads, adns_query qu, int serv,
				   const byte *dgram, int dglen,
				   int *cbyte_io, int max, char **domain_r) {
  int sused;
  adns_status st;

  sused= qu->ans.used;
  st= get_domain_perm(ads,qu,serv,dgram,dglen,cbyte_io,max,domain_r);
  qu->ans.used= sused;
  return st;
}

static adns_status get_rr_temp(adns_state ads, adns_query qu, int serv,
			       const byte *dgram, int dglen, int *cbyte_io,
			       int *type_r, int *class_r, int *rdlen_r, int *rdstart_r,
			       const byte *eo_dgram, int eo_dglen, int eo_cbyte,
			       int *eo_matched_r) {
  /* _s_ok can have *type_r == -1 and other output invalid, for truncation
   * type_r and class_r must be !0, other _r may be 0.
   * eo_dgram==0 for no comparison, otherwise all eo_ must be valid.
   */
  int cbyte, tmp, rdlen, mismatch;
  int max, lablen, labstart, namelen;
  int eo_max, eo_lablen, eo_labstart, eo_namelen;

  cbyte= *cbyte_io;
  mismatch= eo_dgram ? 1 : 0;

  namelen= 0; eo_namelen= 0;
  max= dglen; eo_max= eo_dglen;
  for (;;) {
    st= get_label(dgram,dglen,&max,
		  &cbyte,&lablen,&labstart,&namelen);
    if (st) return st;
    if (lablen<0) goto x_truncated;

    if (!mismatch) {
      st= get_label(eo_dgram,eo_dglen,&eo_max,
		    &eo_cbyte,&eo_lablen,&eo_labstart,&eo_namelen);
      if (st) return st;
      assert(eo_lablen>=0);
      if (lablen != eo_lablen) mismatch= 1;
      while (!mismatch && lablen-- > 0) {
	ch= dgram[labstart++]; if (ctype_isalpha(ch)) ch &= ~32;
	eo_ch= eo_dgram[eo_labstart++]; if (ctype_isalpha(eo_ch)) eo_ch &= ~32;
	if (ch != eo_ch) mismatch= 1
      }
    }
  }
  if (eo_matched_r) *eo_matched_r= !mismatch;
  
  if (cbyte+10>len) goto x_truncated;
  GET_W(cbyte,tmp); *type_r= tmp;
  GET_W(cbyte,tmp); *class_r= tmp;
  cbyte+= 4; /* we skip the TTL */
  GET_W(cbyte,rdlen); if (rdlen_r) *rdlen_r= tmp;
  if (rdstart_r) *rdstart_r= cbyte;
  cbyte+= rdlen;
  if (cbyte>dglen) goto x_truncated;
  *cbyte_io= cbyte;
  return adns_s_ok;

 x_truncated:
  *type_r= -1;
  return 0;;
}
    
void adns__procdgram(adns_state ads, const byte *dgram, int dglen, int serv) {
  int cbyte, anstart, rrstart, lablen, wantedrrs, get_t, cnamestart;

  cbyte= 0;
  
  if (dglen<DNS_HDR_SIZE) {
    adns__diag(ads,serv,"received datagram too short for message header (%d)",len);
    return;
  }
  GET_W(cbyte,id);
  GET_B(cbyte,f1);
  GET_B(cbyte,f2);
  GET_W(cbyte,qdcount);
  GET_W(cbyte,ancount);
  GET_W(cbyte,nscount);
  GET_W(cbyte,arcount);
  assert(cbyte == DNS_HDR_SIZE);

  flg_ra= f2&0x80;

  if (f1&0x80) {
    adns__diag(ads,serv,"server sent us a query, not a response");
    return;
  }
  if (f1&0x70) {
    adns__diag(ads,serv,"server sent us unknown opcode %d (wanted 0=QUERY)",
	       (f1>>4)&0x70);
    return;
  }
  if (!qdcount) {
    adns__diag(ads,serv,"server sent reply without quoting our question");
    return;
  } else if (qdcount>1) {
    adns__diag(ads,serv,"server claimed to answer %d questions with one message",
	       qdcount);
    return;
  }
  for (qu= ads->timew; qu= nqu; qu++) {
    nqu= qu->next;
    if (qu->id != id) continue;
    if (len < qu->querylen) continue;
    if (memcmp(qu->querymsg+DNSHDRSIZE,dgram+DNSHDRSIZE,qu->querylen-DNSHDRSIZE))
      continue;
    break;
  }
  anstart= qu->querylen;
  if (!qu) {
    adns__debug(ads,serv,"reply not found (id=%02x)",id);
    return;
  }
  if (!(f1&0x01)) {
    adns__diag(ads,serv,"server thinks we didn't ask for recursive lookup");
    adns__query_fail(ads,qu,adns_s_serverfaulty);
    return;
  }

  rcode= (f1&0x0f);
  switch (rcode) {
  case rcode_noerror:
  case rcode_nxdomain:
    break;
  case rcode_formaterror:
    adns__warn(ads,serv,"server cannot understand our query (Format Error)");
    adns__query_fail(ads,qu,adns_s_serverfaulty);
    return;
  case rcode_servfail;
    adns__query_fail(ads,qu,adns_s_serverfailure);
    return;
  case rcode_notimp:
    adns__warn(ads,serv,"server claims not to implement our query");
    adns__query_fail(ads,qu,adns_s_notimplemented);
    return;
  case rcode_refused:
    adns__warn(ads,serv,"server refused our query");
    adns__query_fail(ads,qu,adns_s_refused);
    return;
  default:
    adns__warn(ads,serv,"server gave unknown response code %d",rcode);
    adns__query_fail(ads,qu,adns_s_reasonunknown);
    return;
  }

  /* Now, take a look at the answer section, and see if it is complete.
   * If it has any CNAMEs we stuff them in the answer.
   */
  wantedrrs= 0;
  for (rri= 0; rri<ancount; rri++) {
    rrstart= cbyte;
    if (qu->cname) {
      st= get_rr_temp(ads,qu,serv, dgram,dglen,&cbyte,
		      &rrtype,&rrclass,&rdlength,&rdstart,
		      dgram,dglen,cnamestart, &ownermatched);
    } else {
      st= get_rr_temp(ads,qu,serv, dgram,dglen,&cbyte,
		      &rrtype,&rrclass,&rdlength,&rdstart,
		      qu->querymsg,qu->querylen,DNS_HDR_SIZE, &ownermatched);
    }
    if (st) adns__query_fail(ads,qu,st);
    if (rrtype == -1) goto x_truncated;

    if (rrclass != DNS_CLASS_IN) {
      adns__diag(ads,serv,"ignoring answer RR with wrong class %d (expected IN=%d)",
		 rrclass,DNS_CLASS_IN);
      continue;
    }
    if (!ownermatched) {
      if (ads->iflag & adns_if_debug) {
	st= get_domain_temp(ads,qu,serv, dgram,dglen,&rrstart,dglen, &cowner);
	if (st) adns__debug(ads,serv,"ignoring RR with an irrelevant owner, code %d",st);
	else adns__debug(ads,serv,"ignoring RR with an irrelevant owner \"%s\"",cowner);
      }
      continue;
    }
    if (!qu->cname &&
	(qu->type & adns__rrt_typemask) != adns_cname &&
	rrtype == adns_cname) { /* Ignore second and subsequent CNAMEs */
      st= get_domain_perm(ads,qu,serv, dgram,dglen,
			  &rdstart,rdstart+rdlength,&qu->cname);
      if (st) return st;
      if (!qu->cname) goto x_truncated;
      /* If we find the answer section truncated after this point we restart
       * the query at the CNAME; if beforehand then we obviously have to use
       * TCP.  If there is no truncation we can use the whole answer if
       * it contains the relevant info.
       */
    } else if (rrtype == (qu->type & adns__rrt_typemask)) {
      wantedrrs++;
    } else {
      adns__debug(ads,serv,"ignoring answer RR with irrelevant type %d",rrtype);
    }
  }

  /* If we got here then the answer section is intact. */
  nsstart= cbyte;

  if (!wantedrrs) {
    /* Oops, NODATA or NXDOMAIN or perhaps a referral (which would be a problem) */
    
    if (rcode == rcode_nxdomain) {
      adns__query_finish(ads,qu,adns_s_nxdomain);
      return;
    }

    /* RFC2308: NODATA has _either_ a SOA _or_ _no_ NS records in authority section */
    foundsoa= 0; foundns= 0;
    for (rri= 0; rri<nscount; rri++) {
      rrstart= cbyte;
      st= get_rr_temp(ads,qu,serv, dgram,dglen,&cbyte,
		      &rrtype,&rrclass, &rdlength,&rdstart, 0,0,0,0);
      if (st) return st;
      if (rrtype==-1) goto x_truncated;
      if (rrclass != DNS_CLASS_IN) {
	adns__diag(ads,serv,"ignoring authority RR with wrong class %d (expected IN=%d)",
		   rrclass,DNS_CLASS_IN);
	continue;
      }
      if (rrtype == adns_r_soa_raw) { foundsoa= 1; break; }
      else if (rrtype == adns_r_ns_raw) { foundns= 1; }
    }

    if (foundsoa || !foundns) {
      /* Aha !  A NODATA response, good. */
      adns__query_finish(ads,qu,adns_s_nodata);
      return;
    }

    /* Now what ?  No relevant answers, no SOA, and at least some NS's.
     * Looks like a referral.  Just one last chance ... if we came across
     * a CNAME then perhaps we should do our own CNAME lookup.
     */
    if (qu->cname) {
      cname_recurse(ads,qu);
      return;
    }

    /* Bloody hell, I thought we asked for recursion ? */
    if (!flg_ra) {
      adns__diag(ads,serv,"server is not willing to do recursive lookups for us");
      adns__query_fail(ads,qu,adns_s_norecurse);
      return;
    }
    adns__diag(ads,serv,"server claims to do recursion, but gave us a referral");
    adns__query_fail(ads,qu,adns_s_serverfault);
    return;
  }

  /* Now, we have some RRs which we wanted. */
  rrs= 
    
    }
    } else {
      
{ truncated(ads,qu,flg_ra); return; }    
  
	) {
    if (type 
      if (cbyte+lab
      if (anstart > dgend) { truncated(ads,qu,f1); return; }
  }
    for    

    /* Look for CNAMEs in the answer section */

  }
  
    
    adns__diag(ads,serv,"server refused our query");
    
    case rcode_
    
  case 0: /* NOERROR 
    break;
  case 1: /* Format error */
  case 3: /* Name Error */
  
  qr= f1&0x80;
  
	      
  adns__diag(ads,serv,"received datagram size %d",len);

}

  while (
  switch (type) {
  case adns_r_a:  
  adns_r_a_mf=                  adns_r_a|adns__qtf_masterfmt,
  
  adns_r_ns_raw=             2,
  adns_r_ns=                    adns_r_ns_raw|adns__qtf_deref,
  adns_r_ns_mf=                 adns_r_ns_raw|adns__qtf_masterfmt,
  
  adns_r_cname=              5,
  adns_r_cname_mf=              adns_r_cname|adns__qtf_masterfmt,
  
  adns_r_soa_raw=            6,
  adns_r_soa=                   adns_r_soa_raw|adns__qtf_mail822, 
  adns_r_soa_mf=                adns_r_soa_raw|adns__qtf_masterfmt,
  
  adns_r_null=              10,
  adns_r_null_mf=               adns_r_null|adns__qtf_masterfmt,
  
  adns_r_ptr_raw=           12,
  adns_r_ptr=                   adns_r_ptr_raw|adns__qtf_deref,
  adns_r_ptr_mf=                adns_r_ptr_raw|adns__qtf_masterfmt,
  
  adns_r_hinfo=             13,  
  adns_r_hinfo_mf=              adns_r_hinfo|adns__qtf_masterfmt,
  
  adns_r_mx_raw=            15,
  adns_r_mx=                    adns_r_mx_raw|adns__qtf_deref,
  adns_r_mx_mf=                 adns_r_mx_raw|adns__qtf_masterfmt,
  
  adns_r_txt=               16,
  adns_r_txt_mf=                adns_r_txt|adns__qtf_masterfmt,
  
  adns_r_rp_raw=            17,
  adns_r_rp=                    adns_r_rp_raw|adns__qtf_mail822,
  adns_r_rp_mf=                 adns_r_rp_raw|adns__qtf_masterfmt
Commit	Line	Data
4353a5c4	1	/**/
	2
	3	#include "internal.h"
	4
ec477b9e	5	typedef enum {
	6	rcode_noerror,
	7	rcode_formaterror,
b9de380c	8	rcode_servfail,
ec477b9e	9	rcode_nxdomain,
	10	rcode_notimp,
	11	rcode_refused
	12	} dns_rcode;
	13
b9de380c	14	#define GETIL_B(cb) (dgram[*(cb)++])
	15	#define GET_B(cb,tv) ((tv)= GETIL_B((cb)))
	16	#define GET_W(cb,tv) ((tv)=0, (tv)\|=(GETIL_B((cb))<<8), (tv)\|=GETIL_B(cb), (tv))
	17
	18	static void vbuf__append_quoted1035(vbuf vb, const byte buf, int len) {
	19	char qbuf[10];
	20	int i;
	21
	22	while (len) {
	23	qbuf[0]= 0;
	24	for (i=0; i<len; i++) {
	25	ch= buf[i];
	26	if (ch == '.' \|\| ch == '"' \|\| ch == '(' \|\| ch == ')' \|\|
	27	ch == '@' \|\| ch == ';' \|\| ch == '$') {
	28	sprintf(qbuf,"\\%c",ch);
	29	break;
	30	} else if (ch <= ' ' \|\| ch >= 127) {
	31	sprintf(qbuf,"\\%03o",ch);
	32	break;
	33	}
	34	}
	35	if (!adns__vbuf_append(vb,buf,i) \|\| !adns__vbuf_append(vb,qbuf,strlen(qbuf)))
	36	return adns_s_nolocalmem;
	37	buf+= i; len-= i;
	38	}
	39	}
	40
0ba0614a	41	static adns_status get_label(const byte dgram, int dglen, int max_io,
	42	int cbyte_io, int lablen_r, int *labstart_r,
	43	int *namelen_io) {
	44	/* If succeeds, lablen_r may be set to -1 to indicate truncation/overrun /
	45	int max, cbyte, lablen, namelen;
	46
	47	max= *max_io;
	48	cbyte= *cbyte_io;
	49
	50	for (;;) {
	51	if (cbyte+2 > max) goto x_truncated;
	52	GET_W(cbyte,lablen);
	53	if (!(lablen & 0x0c000)) break;
	54	if ((lablen & 0x0c000) != 0x0c000) return adns_s_unknownreply;
	55	if (cbyte_io) { *cbyte_io= cbyte; cbyte_io= 0; }
	56	cbyte= dgram+DNS_HDR_SIZE+(lablen&0x3fff);
	57	*max_io= max= dglen;
	58	}
	59	if (labstart_r) *labstart_r= cbyte;
	60	if (lablen) {
	61	namelen= *namelen_io;
	62	if (namelen) namelen++;
	63	namelen+= lablen;
	64	if (namelen > DNS_MAXDOMAIN) return adns_s_domaintoolong;
	65	*namelen_io= namelen;
	66	cbyte+= lablen;
	67	if (cbyte > max) goto x_truncated;
	68	}
	69	if (cbyte_io) *cbyte_io= cbyte;
	70	*lablen_r= lablen;
	71	return adns_s_ok;
	72
	73	x_truncated:
	74	*lablen_r= -1;
	75	return adns_s_ok;
	76	}
	77
b9de380c	78	static adns_status get_domain_perm(adns_state ads, adns_query qu, int serv,
	79	const byte *dgram, int dglen,
	80	int cbyte_io, int max, char *domain_r) {
	81	/* Returns 0 for OK (domain_r set) or truncated (domain_r null)
	82	* or any other adns_s_* value.
	83	*/
0ba0614a	84	int cbyte, sused, lablen, namelen;
b9de380c	85
	86	/* If we follow a pointer we set cbyte_io to 0 to indicate that
	87	* we've lost our original starting and ending points; we don't
	88	* put the end of the pointed-to thing into the original *cbyte_io.
	89	*/
	90	cbyte= *cbyte_io;
	91	sused= qu->ans.used;
	92	*domain_r= 0;
0ba0614a	93	namelen= 0;
b9de380c	94	for (;;) {
0ba0614a	95	st= get_label(dgram,dglen,&max, &cbyte,&lablen,&labstart,&namelen);
	96	if (st) return st;
	97	if (lablen<0) goto x_truncated;
b9de380c	98	if (!lablen) break;
b9de380c	99	if (qu->ans.used != sused)
	100	if (!adns__vbuf_append(&qu->ans,".",1)) return adns_s_nolocalmem;
	101	if (qu->flags & adns_qf_anyquote) {
0ba0614a	102	if (!vbuf__append_quoted1035(&qu->ans,dgram+labstart,lablen))
b9de380c	103	return adns_s_nolocalmem;
b9de380c	104	} else {
0ba0614a	105	if (!ctype_isalpha(dgram[labstart])) return adns_s_invaliddomain;
b9de380c	106	for (i= cbyte+1; i<cbyte+lablen; i++) {
	107	ch= dgram[cbyte];
	108	if (ch != '-' && !ctype_isalpha(ch) && !ctype_isdigit(ch))
	109	return adns_s_invaliddomain;
	110	}
0ba0614a	111	if (!adns__vbuf_append(&qu->ans,dgram+labstart,lablen))
b9de380c	112	return adns_s_nolocalmem;
	113	}
	114	}
	115	if (cbyte_io) *cbyte_io= cbyte;
	116	if (!adns__vbuf_append(&qu->ans,"",1)) return adns_s_nolocalmem;
	117	*domain_r= qu->ans.buf+sused;
	118	return adns_s_ok;
	119
	120	x_truncated:
	121	return cbyte_io ? -1 : adns_s_serverfaulty;
	122	}
	123
	124	static adns_status get_domain_temp(adns_state ads, adns_query qu, int serv,
	125	const byte *dgram, int dglen,
	126	int cbyte_io, int max, char *domain_r) {
	127	int sused;
	128	adns_status st;
	129
	130	sused= qu->ans.used;
	131	st= get_domain_perm(ads,qu,serv,dgram,dglen,cbyte_io,max,domain_r);
	132	qu->ans.used= sused;
	133	return st;
	134	}
	135
b9de380c	136	static adns_status get_rr_temp(adns_state ads, adns_query qu, int serv,
0ba0614a	137	const byte dgram, int dglen, int cbyte_io,
b9de380c	138	int type_r, int class_r, int rdlen_r, int rdstart_r,
0ba0614a	139	const byte *eo_dgram, int eo_dglen, int eo_cbyte,
	140	int *eo_matched_r) {
	141	/* _s_ok can have *type_r == -1 and other output invalid, for truncation
	142	* type_r and class_r must be !0, other _r may be 0.
	143	* eo_dgram==0 for no comparison, otherwise all eo_ must be valid.
	144	*/
	145	int cbyte, tmp, rdlen, mismatch;
	146	int max, lablen, labstart, namelen;
	147	int eo_max, eo_lablen, eo_labstart, eo_namelen;
b9de380c	148
b9de380c	149	cbyte= *cbyte_io;
0ba0614a	150	mismatch= eo_dgram ? 1 : 0;
	151
	152	namelen= 0; eo_namelen= 0;
	153	max= dglen; eo_max= eo_dglen;
	154	for (;;) {
	155	st= get_label(dgram,dglen,&max,
	156	&cbyte,&lablen,&labstart,&namelen);
	157	if (st) return st;
	158	if (lablen<0) goto x_truncated;
	159
	160	if (!mismatch) {
	161	st= get_label(eo_dgram,eo_dglen,&eo_max,
	162	&eo_cbyte,&eo_lablen,&eo_labstart,&eo_namelen);
	163	if (st) return st;
	164	assert(eo_lablen>=0);
	165	if (lablen != eo_lablen) mismatch= 1;
	166	while (!mismatch && lablen-- > 0) {
	167	ch= dgram[labstart++]; if (ctype_isalpha(ch)) ch &= ~32;
	168	eo_ch= eo_dgram[eo_labstart++]; if (ctype_isalpha(eo_ch)) eo_ch &= ~32;
	169	if (ch != eo_ch) mismatch= 1
	170	}
	171	}
	172	}
	173	if (eo_matched_r) *eo_matched_r= !mismatch;
b9de380c	174
b9de380c	175	if (cbyte+10>len) goto x_truncated;
0ba0614a	176	GET_W(cbyte,tmp); *type_r= tmp;
0ba0614a	177	GET_W(cbyte,tmp); *class_r= tmp;
b9de380c	178	cbyte+= 4; /* we skip the TTL */
	179	GET_W(cbyte,rdlen); if (rdlen_r) *rdlen_r= tmp;
	180	if (rdstart_r) *rdstart_r= cbyte;
	181	cbyte+= rdlen;
	182	if (cbyte>dglen) goto x_truncated;
	183	*cbyte_io= cbyte;
	184	return adns_s_ok;
	185
	186	x_truncated:
0ba0614a	187	*type_r= -1;
0ba0614a	188	return 0;;
b9de380c	189	}
	190
	191	void adns__procdgram(adns_state ads, const byte *dgram, int dglen, int serv) {
0ba0614a	192	int cbyte, anstart, rrstart, lablen, wantedrrs, get_t, cnamestart;
b9de380c	193
b9de380c	194	cbyte= 0;
ec477b9e	195
b9de380c	196	if (dglen<DNS_HDR_SIZE) {
ec477b9e	197	adns__diag(ads,serv,"received datagram too short for message header (%d)",len);
	198	return;
	199	}
b9de380c	200	GET_W(cbyte,id);
	201	GET_B(cbyte,f1);
	202	GET_B(cbyte,f2);
	203	GET_W(cbyte,qdcount);
	204	GET_W(cbyte,ancount);
	205	GET_W(cbyte,nscount);
	206	GET_W(cbyte,arcount);
	207	assert(cbyte == DNS_HDR_SIZE);
ec477b9e	208
0ba0614a	209	flg_ra= f2&0x80;
0ba0614a	210
ec477b9e	211	if (f1&0x80) {
	212	adns__diag(ads,serv,"server sent us a query, not a response");
	213	return;
	214	}
	215	if (f1&0x70) {
	216	adns__diag(ads,serv,"server sent us unknown opcode %d (wanted 0=QUERY)",
	217	(f1>>4)&0x70);
	218	return;
	219	}
	220	if (!qdcount) {
	221	adns__diag(ads,serv,"server sent reply without quoting our question");
	222	return;
	223	} else if (qdcount>1) {
	224	adns__diag(ads,serv,"server claimed to answer %d questions with one message",
	225	qdcount);
	226	return;
	227	}
	228	for (qu= ads->timew; qu= nqu; qu++) {
	229	nqu= qu->next;
	230	if (qu->id != id) continue;
	231	if (len < qu->querylen) continue;
b9de380c	232	if (memcmp(qu->querymsg+DNSHDRSIZE,dgram+DNSHDRSIZE,qu->querylen-DNSHDRSIZE))
b9de380c	233	continue;
ec477b9e	234	break;
ec477b9e	235	}
b9de380c	236	anstart= qu->querylen;
ec477b9e	237	if (!qu) {
	238	adns__debug(ads,serv,"reply not found (id=%02x)",id);
	239	return;
	240	}
ec477b9e	241	if (!(f1&0x01)) {
	242	adns__diag(ads,serv,"server thinks we didn't ask for recursive lookup");
	243	adns__query_fail(ads,qu,adns_s_serverfaulty);
	244	return;
	245	}
b9de380c	246
	247	rcode= (f1&0x0f);
	248	switch (rcode) {
	249	case rcode_noerror:
	250	case rcode_nxdomain:
ec477b9e	251	break;
b9de380c	252	case rcode_formaterror:
b9de380c	253	adns__warn(ads,serv,"server cannot understand our query (Format Error)");
ec477b9e	254	adns__query_fail(ads,qu,adns_s_serverfaulty);
ec477b9e	255	return;
b9de380c	256	case rcode_servfail;
ec477b9e	257	adns__query_fail(ads,qu,adns_s_serverfailure);
ec477b9e	258	return;
b9de380c	259	case rcode_notimp:
	260	adns__warn(ads,serv,"server claims not to implement our query");
	261	adns__query_fail(ads,qu,adns_s_notimplemented);
	262	return;
	263	case rcode_refused:
	264	adns__warn(ads,serv,"server refused our query");
	265	adns__query_fail(ads,qu,adns_s_refused);
	266	return;
	267	default:
	268	adns__warn(ads,serv,"server gave unknown response code %d",rcode);
	269	adns__query_fail(ads,qu,adns_s_reasonunknown);
	270	return;
	271	}
	272
	273	/* Now, take a look at the answer section, and see if it is complete.
	274	* If it has any CNAMEs we stuff them in the answer.
	275	*/
	276	wantedrrs= 0;
	277	for (rri= 0; rri<ancount; rri++) {
	278	rrstart= cbyte;
0ba0614a	279	if (qu->cname) {
	280	st= get_rr_temp(ads,qu,serv, dgram,dglen,&cbyte,
	281	&rrtype,&rrclass,&rdlength,&rdstart,
	282	dgram,dglen,cnamestart, &ownermatched);
	283	} else {
	284	st= get_rr_temp(ads,qu,serv, dgram,dglen,&cbyte,
	285	&rrtype,&rrclass,&rdlength,&rdstart,
	286	qu->querymsg,qu->querylen,DNS_HDR_SIZE, &ownermatched);
	287	}
b9de380c	288	if (st) adns__query_fail(ads,qu,st);
0ba0614a	289	if (rrtype == -1) goto x_truncated;
0ba0614a	290
b9de380c	291	if (rrclass != DNS_CLASS_IN) {
0ba0614a	292	adns__diag(ads,serv,"ignoring answer RR with wrong class %d (expected IN=%d)",
b9de380c	293	rrclass,DNS_CLASS_IN);
	294	continue;
	295	}
0ba0614a	296	if (!ownermatched) {
	297	if (ads->iflag & adns_if_debug) {
	298	st= get_domain_temp(ads,qu,serv, dgram,dglen,&rrstart,dglen, &cowner);
	299	if (st) adns__debug(ads,serv,"ignoring RR with an irrelevant owner, code %d",st);
	300	else adns__debug(ads,serv,"ignoring RR with an irrelevant owner \"%s\"",cowner);
	301	}
b9de380c	302	continue;
	303	}
	304	if (!qu->cname &&
	305	(qu->type & adns__rrt_typemask) != adns_cname &&
	306	rrtype == adns_cname) { /* Ignore second and subsequent CNAMEs */
0ba0614a	307	st= get_domain_perm(ads,qu,serv, dgram,dglen,
	308	&rdstart,rdstart+rdlength,&qu->cname);
	309	if (st) return st;
	310	if (!qu->cname) goto x_truncated;
	311	/* If we find the answer section truncated after this point we restart
	312	* the query at the CNAME; if beforehand then we obviously have to use
	313	* TCP. If there is no truncation we can use the whole answer if
	314	* it contains the relevant info.
	315	*/
b9de380c	316	} else if (rrtype == (qu->type & adns__rrt_typemask)) {
	317	wantedrrs++;
	318	} else {
	319	adns__debug(ads,serv,"ignoring answer RR with irrelevant type %d",rrtype);
	320	}
	321	}
	322
	323	/* If we got here then the answer section is intact. */
	324	nsstart= cbyte;
	325
	326	if (!wantedrrs) {
	327	/* Oops, NODATA or NXDOMAIN or perhaps a referral (which would be a problem) */
	328
	329	if (rcode == rcode_nxdomain) {
0ba0614a	330	adns__query_finish(ads,qu,adns_s_nxdomain);
b9de380c	331	return;
	332	}
	333
	334	/* RFC2308: NODATA has _either_ a SOA _or_ _no_ NS records in authority section */
0ba0614a	335	foundsoa= 0; foundns= 0;
b9de380c	336	for (rri= 0; rri<nscount; rri++) {
0ba0614a	337	rrstart= cbyte;
	338	st= get_rr_temp(ads,qu,serv, dgram,dglen,&cbyte,
	339	&rrtype,&rrclass, &rdlength,&rdstart, 0,0,0,0);
	340	if (st) return st;
	341	if (rrtype==-1) goto x_truncated;
	342	if (rrclass != DNS_CLASS_IN) {
	343	adns__diag(ads,serv,"ignoring authority RR with wrong class %d (expected IN=%d)",
	344	rrclass,DNS_CLASS_IN);
	345	continue;
	346	}
	347	if (rrtype == adns_r_soa_raw) { foundsoa= 1; break; }
	348	else if (rrtype == adns_r_ns_raw) { foundns= 1; }
b9de380c	349	}
0ba0614a	350
	351	if (foundsoa \|\| !foundns) {
	352	/* Aha ! A NODATA response, good. */
	353	adns__query_finish(ads,qu,adns_s_nodata);
	354	return;
	355	}
	356
	357	/* Now what ? No relevant answers, no SOA, and at least some NS's.
	358	* Looks like a referral. Just one last chance ... if we came across
	359	* a CNAME then perhaps we should do our own CNAME lookup.
	360	*/
	361	if (qu->cname) {
	362	cname_recurse(ads,qu);
	363	return;
	364	}
	365
	366	/* Bloody hell, I thought we asked for recursion ? */
	367	if (!flg_ra) {
	368	adns__diag(ads,serv,"server is not willing to do recursive lookups for us");
	369	adns__query_fail(ads,qu,adns_s_norecurse);
	370	return;
	371	}
	372	adns__diag(ads,serv,"server claims to do recursion, but gave us a referral");
	373	adns__query_fail(ads,qu,adns_s_serverfault);
b9de380c	374	return;
	375	}
	376
0ba0614a	377	/* Now, we have some RRs which we wanted. */
	378	rrs=
	379
	380	}
	381	} else {
	382
	383	{ truncated(ads,qu,flg_ra); return; }
b9de380c	384
	385	) {
	386	if (type
	387	if (cbyte+lab
	388	if (anstart > dgend) { truncated(ads,qu,f1); return; }
	389	}
	390	for
	391
	392	/* Look for CNAMEs in the answer section */
	393
	394	}
	395
	396
	397	adns__diag(ads,serv,"server refused our query");
	398
	399	case rcode_
	400
	401	case 0: /* NOERROR
	402	break;
	403	case 1: /* Format error */
ec477b9e	404	case 3: /* Name Error */
	405
	406	qr= f1&0x80;
	407
	408
4353a5c4	409	adns__diag(ads,serv,"received datagram size %d",len);
ec477b9e	410
4353a5c4	411	}
0ba0614a	412
	413	while (
	414	switch (type) {
	415	case adns_r_a:
	416	adns_r_a_mf= adns_r_a\|adns__qtf_masterfmt,
	417
	418	adns_r_ns_raw= 2,
	419	adns_r_ns= adns_r_ns_raw\|adns__qtf_deref,
	420	adns_r_ns_mf= adns_r_ns_raw\|adns__qtf_masterfmt,
	421
	422	adns_r_cname= 5,
	423	adns_r_cname_mf= adns_r_cname\|adns__qtf_masterfmt,
	424
	425	adns_r_soa_raw= 6,
	426	adns_r_soa= adns_r_soa_raw\|adns__qtf_mail822,
	427	adns_r_soa_mf= adns_r_soa_raw\|adns__qtf_masterfmt,
	428
	429	adns_r_null= 10,
	430	adns_r_null_mf= adns_r_null\|adns__qtf_masterfmt,
	431
	432	adns_r_ptr_raw= 12,
	433	adns_r_ptr= adns_r_ptr_raw\|adns__qtf_deref,
	434	adns_r_ptr_mf= adns_r_ptr_raw\|adns__qtf_masterfmt,
	435
	436	adns_r_hinfo= 13,
	437	adns_r_hinfo_mf= adns_r_hinfo\|adns__qtf_masterfmt,
	438
	439	adns_r_mx_raw= 15,
	440	adns_r_mx= adns_r_mx_raw\|adns__qtf_deref,
	441	adns_r_mx_mf= adns_r_mx_raw\|adns__qtf_masterfmt,
	442
	443	adns_r_txt= 16,
	444	adns_r_txt_mf= adns_r_txt\|adns__qtf_masterfmt,
	445
	446	adns_r_rp_raw= 17,
	447	adns_r_rp= adns_r_rp_raw\|adns__qtf_mail822,
	448	adns_r_rp_mf= adns_r_rp_raw\|adns__qtf_masterfmt
	449
	450