summaryrefslogtreecommitdiff
path: root/vendor/github.com/miekg/dns
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com/miekg/dns')
-rw-r--r--vendor/github.com/miekg/dns/client.go6
-rw-r--r--vendor/github.com/miekg/dns/defaults.go5
-rw-r--r--vendor/github.com/miekg/dns/msg.go5
-rw-r--r--vendor/github.com/miekg/dns/msg_helpers.go10
-rw-r--r--vendor/github.com/miekg/dns/server.go4
-rw-r--r--vendor/github.com/miekg/dns/tsig.go26
-rw-r--r--vendor/github.com/miekg/dns/version.go2
-rw-r--r--vendor/github.com/miekg/dns/xfr.go4
8 files changed, 36 insertions, 26 deletions
diff --git a/vendor/github.com/miekg/dns/client.go b/vendor/github.com/miekg/dns/client.go
index 31bf5759d..9aa658530 100644
--- a/vendor/github.com/miekg/dns/client.go
+++ b/vendor/github.com/miekg/dns/client.go
@@ -24,7 +24,7 @@ func isPacketConn(c net.Conn) bool {
}
if ua, ok := c.LocalAddr().(*net.UnixAddr); ok {
- return ua.Net == "unixgram"
+ return ua.Net == "unixgram" || ua.Net == "unixpacket"
}
return true
@@ -280,7 +280,7 @@ func (co *Conn) ReadMsg() (*Msg, error) {
}
if t := m.IsTsig(); t != nil {
// Need to work on the original message p, as that was used to calculate the tsig.
- err = tsigVerifyProvider(p, co.tsigProvider(), co.tsigRequestMAC, false)
+ err = TsigVerifyWithProvider(p, co.tsigProvider(), co.tsigRequestMAC, false)
}
return m, err
}
@@ -358,7 +358,7 @@ func (co *Conn) WriteMsg(m *Msg) (err error) {
var out []byte
if t := m.IsTsig(); t != nil {
// Set tsigRequestMAC for the next read, although only used in zone transfers.
- out, co.tsigRequestMAC, err = tsigGenerateProvider(m, co.tsigProvider(), co.tsigRequestMAC, false)
+ out, co.tsigRequestMAC, err = TsigGenerateWithProvider(m, co.tsigProvider(), co.tsigRequestMAC, false)
} else {
out, err = m.Pack()
}
diff --git a/vendor/github.com/miekg/dns/defaults.go b/vendor/github.com/miekg/dns/defaults.go
index d47b0b1f2..f2cdbf430 100644
--- a/vendor/github.com/miekg/dns/defaults.go
+++ b/vendor/github.com/miekg/dns/defaults.go
@@ -218,6 +218,11 @@ func IsDomainName(s string) (labels int, ok bool) {
wasDot = false
case '.':
+ if i == 0 && len(s) > 1 {
+ // leading dots are not legal except for the root zone
+ return labels, false
+ }
+
if wasDot {
// two dots back to back is not legal
return labels, false
diff --git a/vendor/github.com/miekg/dns/msg.go b/vendor/github.com/miekg/dns/msg.go
index 60a2e8c3d..89ebb64ab 100644
--- a/vendor/github.com/miekg/dns/msg.go
+++ b/vendor/github.com/miekg/dns/msg.go
@@ -265,6 +265,11 @@ loop:
wasDot = false
case '.':
+ if i == 0 && len(s) > 1 {
+ // leading dots are not legal except for the root zone
+ return len(msg), ErrRdata
+ }
+
if wasDot {
// two dots back to back is not legal
return len(msg), ErrRdata
diff --git a/vendor/github.com/miekg/dns/msg_helpers.go b/vendor/github.com/miekg/dns/msg_helpers.go
index b049028b7..ea2035cd2 100644
--- a/vendor/github.com/miekg/dns/msg_helpers.go
+++ b/vendor/github.com/miekg/dns/msg_helpers.go
@@ -476,7 +476,7 @@ func unpackDataNsec(msg []byte, off int) ([]uint16, int, error) {
length, window, lastwindow := 0, 0, -1
for off < len(msg) {
if off+2 > len(msg) {
- return nsec, len(msg), &Error{err: "overflow unpacking nsecx"}
+ return nsec, len(msg), &Error{err: "overflow unpacking NSEC(3)"}
}
window = int(msg[off])
length = int(msg[off+1])
@@ -484,17 +484,17 @@ func unpackDataNsec(msg []byte, off int) ([]uint16, int, error) {
if window <= lastwindow {
// RFC 4034: Blocks are present in the NSEC RR RDATA in
// increasing numerical order.
- return nsec, len(msg), &Error{err: "out of order NSEC block"}
+ return nsec, len(msg), &Error{err: "out of order NSEC(3) block in type bitmap"}
}
if length == 0 {
// RFC 4034: Blocks with no types present MUST NOT be included.
- return nsec, len(msg), &Error{err: "empty NSEC block"}
+ return nsec, len(msg), &Error{err: "empty NSEC(3) block in type bitmap"}
}
if length > 32 {
- return nsec, len(msg), &Error{err: "NSEC block too long"}
+ return nsec, len(msg), &Error{err: "NSEC(3) block too long in type bitmap"}
}
if off+length > len(msg) {
- return nsec, len(msg), &Error{err: "overflowing NSEC block"}
+ return nsec, len(msg), &Error{err: "overflowing NSEC(3) block in type bitmap"}
}
// Walk the bytes in the window and extract the type bits
diff --git a/vendor/github.com/miekg/dns/server.go b/vendor/github.com/miekg/dns/server.go
index b962e6f35..4e5a9aa8a 100644
--- a/vendor/github.com/miekg/dns/server.go
+++ b/vendor/github.com/miekg/dns/server.go
@@ -646,7 +646,7 @@ func (srv *Server) serveDNS(m []byte, w *response) {
w.tsigStatus = nil
if w.tsigProvider != nil {
if t := req.IsTsig(); t != nil {
- w.tsigStatus = tsigVerifyProvider(m, w.tsigProvider, "", false)
+ w.tsigStatus = TsigVerifyWithProvider(m, w.tsigProvider, "", false)
w.tsigTimersOnly = false
w.tsigRequestMAC = t.MAC
}
@@ -728,7 +728,7 @@ func (w *response) WriteMsg(m *Msg) (err error) {
var data []byte
if w.tsigProvider != nil { // if no provider, dont check for the tsig (which is a longer check)
if t := m.IsTsig(); t != nil {
- data, w.tsigRequestMAC, err = tsigGenerateProvider(m, w.tsigProvider, w.tsigRequestMAC, w.tsigTimersOnly)
+ data, w.tsigRequestMAC, err = TsigGenerateWithProvider(m, w.tsigProvider, w.tsigRequestMAC, w.tsigTimersOnly)
if err != nil {
return err
}
diff --git a/vendor/github.com/miekg/dns/tsig.go b/vendor/github.com/miekg/dns/tsig.go
index 8b37cc841..debfe2dd9 100644
--- a/vendor/github.com/miekg/dns/tsig.go
+++ b/vendor/github.com/miekg/dns/tsig.go
@@ -158,18 +158,17 @@ type timerWireFmt struct {
}
// TsigGenerate fills out the TSIG record attached to the message.
-// The message should contain
-// a "stub" TSIG RR with the algorithm, key name (owner name of the RR),
-// time fudge (defaults to 300 seconds) and the current time
-// The TSIG MAC is saved in that Tsig RR.
-// When TsigGenerate is called for the first time requestMAC is set to the empty string and
-// timersOnly is false.
-// If something goes wrong an error is returned, otherwise it is nil.
+// The message should contain a "stub" TSIG RR with the algorithm, key name
+// (owner name of the RR), time fudge (defaults to 300 seconds) and the current
+// time The TSIG MAC is saved in that Tsig RR. When TsigGenerate is called for
+// the first time requestMAC should be set to the empty string and timersOnly to
+// false.
func TsigGenerate(m *Msg, secret, requestMAC string, timersOnly bool) ([]byte, string, error) {
- return tsigGenerateProvider(m, tsigHMACProvider(secret), requestMAC, timersOnly)
+ return TsigGenerateWithProvider(m, tsigHMACProvider(secret), requestMAC, timersOnly)
}
-func tsigGenerateProvider(m *Msg, provider TsigProvider, requestMAC string, timersOnly bool) ([]byte, string, error) {
+// TsigGenerateWithProvider is similar to TsigGenerate, but allows for a custom TsigProvider.
+func TsigGenerateWithProvider(m *Msg, provider TsigProvider, requestMAC string, timersOnly bool) ([]byte, string, error) {
if m.IsTsig() == nil {
panic("dns: TSIG not last RR in additional")
}
@@ -216,14 +215,15 @@ func tsigGenerateProvider(m *Msg, provider TsigProvider, requestMAC string, time
return mbuf, t.MAC, nil
}
-// TsigVerify verifies the TSIG on a message.
-// If the signature does not validate err contains the
-// error, otherwise it is nil.
+// TsigVerify verifies the TSIG on a message. If the signature does not
+// validate the returned error contains the cause. If the signature is OK, the
+// error is nil.
func TsigVerify(msg []byte, secret, requestMAC string, timersOnly bool) error {
return tsigVerify(msg, tsigHMACProvider(secret), requestMAC, timersOnly, uint64(time.Now().Unix()))
}
-func tsigVerifyProvider(msg []byte, provider TsigProvider, requestMAC string, timersOnly bool) error {
+// TsigVerifyWithProvider is similar to TsigVerify, but allows for a custom TsigProvider.
+func TsigVerifyWithProvider(msg []byte, provider TsigProvider, requestMAC string, timersOnly bool) error {
return tsigVerify(msg, provider, requestMAC, timersOnly, uint64(time.Now().Unix()))
}
diff --git a/vendor/github.com/miekg/dns/version.go b/vendor/github.com/miekg/dns/version.go
index 971a27199..b1a872bd5 100644
--- a/vendor/github.com/miekg/dns/version.go
+++ b/vendor/github.com/miekg/dns/version.go
@@ -3,7 +3,7 @@ package dns
import "fmt"
// Version is current version of this library.
-var Version = v{1, 1, 49}
+var Version = v{1, 1, 50}
// v holds the version of this library.
type v struct {
diff --git a/vendor/github.com/miekg/dns/xfr.go b/vendor/github.com/miekg/dns/xfr.go
index f0dcf61d4..1917e91c8 100644
--- a/vendor/github.com/miekg/dns/xfr.go
+++ b/vendor/github.com/miekg/dns/xfr.go
@@ -237,7 +237,7 @@ func (t *Transfer) ReadMsg() (*Msg, error) {
}
if ts, tp := m.IsTsig(), t.tsigProvider(); ts != nil && tp != nil {
// Need to work on the original message p, as that was used to calculate the tsig.
- err = tsigVerifyProvider(p, tp, t.tsigRequestMAC, t.tsigTimersOnly)
+ err = TsigVerifyWithProvider(p, tp, t.tsigRequestMAC, t.tsigTimersOnly)
t.tsigRequestMAC = ts.MAC
}
return m, err
@@ -247,7 +247,7 @@ func (t *Transfer) ReadMsg() (*Msg, error) {
func (t *Transfer) WriteMsg(m *Msg) (err error) {
var out []byte
if ts, tp := m.IsTsig(), t.tsigProvider(); ts != nil && tp != nil {
- out, t.tsigRequestMAC, err = tsigGenerateProvider(m, tp, t.tsigRequestMAC, t.tsigTimersOnly)
+ out, t.tsigRequestMAC, err = TsigGenerateWithProvider(m, tp, t.tsigRequestMAC, t.tsigTimersOnly)
} else {
out, err = m.Pack()
}
generated by cgit v1.2.3 (git 2.46.0) at 2025-08-05 02:38:07 +0000