Revamp dns.c -- catch up with 9 years, fix some bugs, add some features

.github/workflows/ci.yml

@@ -0,0 +1,187 @@
+name: CI
+
+on:
+  push:
+    branches: [ master, main ]
+  pull_request:
+    branches: [ master, main ]
+
+jobs:
+  linux:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Install dependencies
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y libyaml-dev ragel
+
+    - name: Build CLI tools
+      run: |
+        cd src
+        make dns cache spf zone
+
+    - name: Run tests
+      run: |
+        cd regress
+        make check
+
+    - name: Test CLI tools
+      run: |
+        cd src
+        ./dns -V
+        ./dns parse-domain example.com
+        ./dns print-arpa 192.168.1.1
+        ./cache -h
+        ./zone -h
+        ./spf -h
+
+  mingw:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Install dependencies
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y mingw-w64
+
+    - name: Build CLI tools
+      run: |
+        cd src
+        make dns.exe
+
+  macos:
+    runs-on: macos-latest
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Install dependencies
+      run: |
+        brew install libyaml ragel
+
+    - name: Build CLI tools
+      run: |
+        cd src
+        make dns cache spf zone
+
+    - name: Run tests
+      env:
+        CPPFLAGS: -I/opt/homebrew/include
+        LDFLAGS: -L/opt/homebrew/lib
+      run: |
+        cd regress
+        make check
+
+    - name: Test CLI tools
+      run: |
+        cd src
+        ./dns -V
+        ./dns parse-domain example.com
+        ./dns print-arpa 192.168.1.1
+        ./cache -h
+        ./zone -h
+        ./spf -h
+
+  windows:
+    runs-on: windows-latest
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Setup MSVC
+      uses: ilammy/msvc-dev-cmd@v1
+
+    - name: Install dependencies
+      run: |
+        vcpkg install getopt:x64-windows
+
+    - name: Build CLI tools
+      shell: cmd
+      run: |
+        cd src
+        clang-cl /nologo /W3 /DDNS_DEBUG=0 /DDNS_MAIN /D_CRT_SECURE_NO_WARNINGS /D_WINSOCK_DEPRECATED_NO_WARNINGS /I"%VCPKG_INSTALLATION_ROOT%\installed\x64-windows\include" dns.c /link /LIBPATH:"%VCPKG_INSTALLATION_ROOT%\installed\x64-windows\lib" getopt.lib ws2_32.lib iphlpapi.lib advapi32.lib /out:dns.exe
+
+    - name: Test CLI tools
+      shell: cmd
+      run: |
+        set PATH=%VCPKG_INSTALLATION_ROOT%\installed\x64-windows\bin;%PATH%
+        cd src
+        dns.exe -V
+        dns.exe parse-domain example.com
+        dns.exe print-arpa 192.168.1.1
+
+#  freebsd:
+#    runs-on: ubuntu-latest
+#    steps:
+#    - uses: actions/checkout@v4
+#    - name: Build and test on FreeBSD
+#      uses: vmactions/freebsd-vm@v1
+#      with:
+#        usesh: true
+#        run: |
+#          pkg install -y ragel libyaml
+#          cd src
+#          cc -std=gnu99 -Wall -Wextra -Wshadow -Wstrict-prototypes -Wmissing-prototypes -Wold-style-definition -Werror -g -DDNS_DEBUG=0 -c dns.c -o dns.o
+#          cc -std=gnu99 -Wall -Wextra -Wshadow -Wstrict-prototypes -Wmissing-prototypes -Wold-style-definition -Werror -g -DDNS_DEBUG=0 -DDNS_MAIN -o dns dns.c
+#          ./dns -V
+#          cc -std=gnu99 -Wall -Wextra -Wshadow -Wstrict-prototypes -Wmissing-prototypes -Wold-style-definition -Werror -g -c cache.c -o cache.o
+#          cc -std=gnu99 -Wall -Wextra -Wshadow -Wstrict-prototypes -Wmissing-prototypes -Wold-style-definition -Werror -g -DCACHE_MAIN -o cache cache.c
+#          ./cache -V
+#          cd ../regress
+#          make check
+
+#  openindiana:
+#    runs-on: ubuntu-latest
+#    steps:
+#    - uses: actions/checkout@v4
+#    - name: Build and test on OpenIndiana
+#      uses: vmactions/openindiana-vm@v1
+#      with:
+#        run: |
+#          pkg install developer/gcc
+#          cd src
+#          gcc -std=gnu99 -Wall -Wextra -Wshadow -Wstrict-prototypes -Wmissing-prototypes -Wold-style-definition -Werror -g -DDNS_DEBUG=0 -c dns.c -o dns.o
+#          gcc -std=gnu99 -Wall -Wextra -Wshadow -Wstrict-prototypes -Wmissing-prototypes -Wold-style-definition -Werror -g -DDNS_DEBUG=0 -DDNS_MAIN -o dns dns.c
+#          ./dns -V
+#          cc -std=gnu99 -Wall -Wextra -Wshadow -Wstrict-prototypes -Wmissing-prototypes -Wold-style-definition -Werror -g -c cache.c -o cache.o
+#          cc -std=gnu99 -Wall -Wextra -Wshadow -Wstrict-prototypes -Wmissing-prototypes -Wold-style-definition -Werror -g -DCACHE_MAIN -o cache cache.c
+#          ./cache -V
+#          make check
+
+  fuzz:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Install LLVM
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y clang llvm
+
+    - name: Build fuzzer
+      run: |
+        cd regress
+        clang -g -O1 -fsanitize=fuzzer,address,undefined \
+              -DDNS_DEBUG=0 -I../src -o fuzz_dns fuzz_dns.c
+
+    - name: Create corpus directory with existing crash files
+      run: |
+        mkdir -p regress/corpus
+        cp regress/crash-* regress/corpus/ 2>/dev/null || true
+
+    - name: Run fuzzer
+      run: |
+        cd regress
+        timeout 330 ./fuzz_dns corpus/ -max_len=4096 -max_total_time=300 || test $? -eq 124
+
+    - name: Upload crash artifacts
+      if: always()
+      uses: actions/upload-artifact@v4
+      with:
+        name: fuzz-crashes
+        path: |
+          regress/crash-*
+          regress/oom-*
+          regress/timeout-*
+        if-no-files-found: ignore

.gitignore

@@ -0,0 +1,35 @@
+*~
+*.a
+*.dll
+*.dylib
+*.exe
+*.exp
+*.lib
+*.map
+*.o
+*.obj
+*.pc
+*.pyc
+*.so
+.*.sw?
+*cscope.in.out
+*cscope.out
+*cscope.po.out
+contrib/socket
+src/dns
+src/spf.c
+src/zone.c
+regress/20-rr-parse
+regress/fuzz_dns
+doc/dns.aux
+doc/dns.glg
+doc/dns.glo
+doc/dns.gls
+doc/dns.idx
+doc/dns.ilg
+doc/dns.ind
+doc/dns.ist
+doc/dns.log
+doc/dns.out
+doc/dns.pdf
+doc/dns.toc

contrib/Makefile

@@ -3,7 +3,7 @@ cc-option = $(shell if $(CC) $(CFLAGS) $(1) -S -o /dev/null -xc /dev/null \
 	> /dev/null 2>&1; then echo "$(1)"; else echo "$(2)"; fi;)
 
 override CPPFLAGS := $(CPPFLAGS) -I../src -DSOCKET_DEBUG -DSOCKET_MAIN
-override CFLAGS   := $(CFLAGS) -std=gnu99 -Wall -Wno-unused-function -Wno-unused-parameter $(call cc-option, -Wno-initializer-overrides,) -O2 -g -fstack-protector
+override CFLAGS   := $(CFLAGS) -std=gnu99 -Wall -Wno-unused-function -Wno-unused-parameter $(call cc-option, -Wno-initializer-overrides, $(call cc-option, -Wno-override-init,)) -O2 -g -fstack-protector
 override LIBS     := -lssl -lcrypto
 
 ifeq ($(shell uname -s), Darwin)

contrib/socket.c

@@ -202,7 +202,6 @@ static void so_trace(enum so_trace event, int fd, const struct addrinfo *host, .
 	char addr[64], who[256];
 	in_port_t port;
 	va_list ap;
-	SSL *ctx;
 	const void *data;
 	size_t count;
 	const char *fmt;
@@ -240,7 +239,7 @@ static void so_trace(enum so_trace event, int fd, const struct addrinfo *host, .
 
 		break;
 	case SO_T_STARTTLS:
-		ctx = va_arg(ap, SSL *);
+		(void)va_arg(ap, SSL *); /* ctx - unused */
 		fmt = va_arg(ap, char *);
 
 		fprintf(stderr, "starttls(%s): ", who);
@@ -1633,16 +1632,24 @@ int so_starttls(struct socket *so, SSL_CTX *ctx) {
 		goto error;
 
 	/*
-	 * NOTE: SSLv3_server_method()->ssl_connect should be a reference to
-	 * OpenSSL's internal ssl_undefined_function().
+	 * Detect whether the SSL context is configured for server mode.
 	 *
-	 * Server methods such as SSLv23_server_method(), etc. should have
-	 * their .ssl_connect method set to this value.
+	 * For OpenSSL < 1.1.0, we checked internal method pointers, but
+	 * that API is no longer available (SSL_METHOD is now opaque and
+	 * SSLv3_server_method() was removed).
+	 *
+	 * For OpenSSL 1.1.0+, we default to client mode. Server sockets
+	 * should have so->todo containing SO_S_LISTEN if so_listen() was
+	 * called, which we use to detect server mode.
 	 */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	(void)method;
+	so->ssl.accept = (so->todo & SO_S_LISTEN) ? 1 : 0;
+#else
 	method = SSL_get_ssl_method(so->ssl.ctx);
-
 	if (!method->ssl_connect || method->ssl_connect == SSLv3_server_method()->ssl_connect)
 		so->ssl.accept = 1;
+#endif
 
 	if (tmp)
 		SSL_CTX_free(tmp);

contrib/socket.h

@@ -179,7 +179,11 @@ struct so_options {
  *
  * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
 
-#define SA_UNIX defined(AF_UNIX) && !_WIN32
+#if defined(AF_UNIX) && !defined(_WIN32)
+#define SA_UNIX 1
+#else
+#define SA_UNIX 0
+#endif
 
 /*
  * GCC 4.4's strong aliasing constraints complain about casting through