This change has two parts:
1. Provide our own local implementation of numeric-only getaddrinfo
in auditdns.c used to audit for DNS leaks, rather than deferring
to dlsym(RTLD_NEXT, "getaddrinfo"), in terms of inet_pton.
To keep review and implementation simple, this is limited to
AI_NUMERICHOST _and_ AI_NUMERICSERV -- this requires that we
arrange to pass AI_NUMERICSERV in callers too.
2. Wherever we implement block_dns, set AI_NUMERICSERV in addition to
AI_NUMERICHOST as needed by the new auditdns.c getaddrinfo.
(In principle this might also avoid other network leaks -- POSIX
guarantees no name resolution service will be invoked, and gives
NIS+ as an example.)
One tiny semantic change to avoid tripping over the auditor:
kadmin(8) now uses the string "749" rather than the string
"kerberos-adm". (Currently we don't audit kadmin(8) for DNS leaks
but let's avoid leaving a rake to step on.) Every other caller I
found is already guaranteed to pass a numeric service rather than
named service to getaddrinfo.
fix https://github.com/heimdal/heimdal/issues/1212
Although not required to address bad code generation in
some versions of gcc 9 and 10, a coding style that requires
explicit comparison of the result to zero before use is
both clearer and would have avoided the generation of bad
code.
This change converts all use of cmp function usage from
```
if (strcmp(a, b) || !strcmp(c, d)) ...
```
to
```
if (strcmp(a, b) != 0 || strcmp(c, d)) == 0
```
for all C library cmp functions and related:
- strcmp(), strncmp()
- strcasecmp(), strncasecmp()
- stricmp(), strnicmp()
- memcmp()
Change-Id: Ic60c15e1e3a07e4faaf10648eefe3adae2543188
Make error reporting in socket test programs consistent with other usages by
removing redundant newline, using strerror() and reporting error in
parentheses.
Similar to f6e0d19cc0 but
fixed in the header by making it a proper static inline
function (as some callers treats it as one, so do it
for all now for consistency).
Seen on Ubuntu 18.04 with
giving:
In file included from getaddrinfo-test.c:36:0:
getaddrinfo-test.c: In function ‘main’:
roken.h:110:24: error: statement with no effect [-Werror=unused-value]
#define rk_SOCK_INIT() 0
^
getaddrinfo-test.c:132:5: note: in expansion of macro ‘rk_SOCK_INIT’
rk_SOCK_INIT();
^~~~~~~~~~~~
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
