/*++ Copyright (c) 1996-2000 Microsoft Corporation Module Name: packet.c Abstract: Domain Name System (DNS) Library Packet writing utilities. Author: Jim Gilroy (jamesg) October, 1996 Environment: User Mode - Win32 Revision History: --*/ #include "local.h" // // Global XID counter, to generate unique XIDs // WORD gwTransactionId = 1; // // Class values for UPDATE packets // (Key concept here -- designed by committee) // // These arrays are indexed by // !wDataLength -- row // Delete flag -- column // WORD PrereqClassArray[2][2] = { DNS_RCLASS_INTERNET, // data != 0, no delete 0, // data != 0, delete => ERROR DNS_RCLASS_ANY, // no data, no delete DNS_RCLASS_NONE, // no data, delete }; WORD UpdateClassArray[2][2] = { DNS_RCLASS_INTERNET, // data != 0, no delete DNS_RCLASS_NONE, // data != 0, delete 0, // no data, no delete => ERROR DNS_RCLASS_ANY, // no data, delete }; PDNS_MSG_BUF Dns_AllocateMsgBuf( IN WORD wBufferLength OPTIONAL ) /*++ Routine Description: Allocate message buffer. Arguments: wBufferLength - optional length of message buffer; default is MAX UDP size Return Value: Ptr to message buffer. NULL on error. --*/ { PDNS_MSG_BUF pmsg; BOOL ftcp = FALSE; // // default allocation to UDP max buffer length // if ( wBufferLength <= DNS_MAX_UDP_PACKET_BUFFER_LENGTH ) { wBufferLength = DNS_MAX_UDP_PACKET_BUFFER_LENGTH; } else { ftcp = TRUE; } pmsg = ALLOCATE_HEAP( SIZEOF_MSG_BUF_OVERHEAD + wBufferLength ); if ( pmsg == NULL ) { return( NULL ); } pmsg->BufferLength = wBufferLength; // // limit UDP sends to classical RFC UDP limit (512 bytes) // write routines use pBufferEnd to determine writeability // if ( !ftcp ) { wBufferLength = DNS_RFC_MAX_UDP_PACKET_LENGTH; } pmsg->pBufferEnd = (PCHAR)&pmsg->MessageHead + wBufferLength; pmsg->fTcp = (BOOLEAN)ftcp; Dns_InitializeMsgBuf( pmsg ); return( pmsg ); } VOID Dns_InitializeMsgBuf( IN OUT PDNS_MSG_BUF pMsg ) /*++ Routine Description: Allocate message buffer. Arguments: wBufferLength - optional length of message buffer; default is MAX UDP size Return Value: Ptr to message buffer. NULL on error. --*/ { // setup addressing info pMsg->Socket = 0; pMsg->RemoteAddressLength = sizeof(SOCKADDR_IN); // set for packet reception if ( pMsg->fTcp ) { SET_MESSAGE_FOR_TCP_RECV( pMsg ); } else { SET_MESSAGE_FOR_UDP_RECV( pMsg ); } // clear header RtlZeroMemory( &pMsg->MessageHead, sizeof( DNS_HEADER ) ); // set for rewriting pMsg->pCurrent = pMsg->MessageBody; } // // Writing to packet // PCHAR _fastcall Dns_WriteDottedNameToPacket( IN OUT PCHAR pch, IN PCHAR pchStop, IN LPSTR pszName, IN LPSTR pszDomain, OPTIONAL IN WORD wDomainOffset, OPTIONAL IN BOOL fUnicodeName ) /*++ Routine Description: Write lookup name to packet. Arguments: pch -- ptr to current position in packet buffer pchStop -- end of packet buffer pszName - dotted FQDN to write pszDomain - domain name already in packet (OPTIONAL); note this is a fragment of the SAME STRING as pszName; i.e. ptr compare NOT strcmp is done to determine if at domain name wDomainOffset - offset in packet of domain name; MUST include this if pszDomain is given fUnicodeName -- pszName is unicode string TRUE -- name is unicode FALSE -- name is UTF8 Return Value: Ptr to next position in packet buffer. NULL on error. --*/ { CHAR ch; PCHAR pchlabelStart; UCHAR countLabel = 0; ULONG countName = 0; CHAR nameBuffer[ DNS_MAX_NAME_BUFFER_LENGTH ]; WCHAR nameWideBuffer[ DNS_MAX_NAME_BUFFER_LENGTH ]; // protect message buffer overrun if ( pch >= pchStop ) { return( NULL ); } // allow root to be indicated by NULL if ( !pszName ) { *pch++ = 0; return( pch ); } // // protect stack buffers from bogus names // if ( fUnicodeName ) { countName = wcslen( (LPWSTR) pszName ); } else { countName = strlen( pszName ); } if ( countName >= DNS_MAX_NAME_BUFFER_LENGTH ) { return NULL; } countName = 0; // // UTF8 name with extended chars? // - then must go up to unicode for downcasing // if ( !fUnicodeName ) { if ( !Dns_IsStringAscii( pszName ) ) { DWORD bufLength = DNS_MAX_NAME_BUFFER_LENGTH_UNICODE; if ( ! Dns_NameCopy( (PCHAR) nameWideBuffer, & bufLength, pszName, 0, // length unknown DnsCharSetUtf8, DnsCharSetUnicode ) ) { return( NULL ); } pszName = (PCHAR) nameWideBuffer; fUnicodeName = TRUE; } } // // convert unicode name to UTF8 // - if extended chars, then downcase before hit the wire // if ( fUnicodeName ) { if ( !Dns_IsWideStringAscii( (PWSTR)pszName ) ) { Dns_DownCaseBuffW( (PWCHAR) pszName, 0 ); } if ( ! Dns_NameCopy( nameBuffer, NULL, // assume adequate length pszName, 0, // length unknown DnsCharSetUnicode, DnsCharSetUtf8 ) ) { return( NULL ); } pszName = nameBuffer; } // // special case "." root name // - allows us to fail all other zero length labels cleanly // if ( *pszName == '.' ) { if ( *(pszName+1) != 0 ) { return( NULL ); } *pch++ = 0; return( pch ); } // // write lookup name // - leave pchlabelStart = pch++; while( ch = *pszName++ ) { // out of space if ( pch >= pchStop ) { return( NULL ); } // not at end of label -- just copy character if ( ch != '.' ) { *pch++ = ch; countLabel++; countName++; continue; } // // at end of label // - write label count // - reset counter // - if reached domain name, write compression and quit // if ( countLabel > DNS_MAX_LABEL_LENGTH || countLabel == 0 || countName > DNS_MAX_NAME_LENGTH ) { return( NULL ); } *pchlabelStart = countLabel; countLabel = 0; countName++; pchlabelStart = pch++; if ( pszName == pszDomain ) { if ( ++pch >= pchStop ) { return( NULL ); } *(UNALIGNED WORD *)pchlabelStart = htons( (WORD)(wDomainOffset | (WORD)0xC000) ); return( pch ); } } if ( countLabel > DNS_MAX_LABEL_LENGTH || countName > DNS_MAX_NAME_LENGTH ) { return( NULL ); } // // NULL terminate // - if no terminating ".", do end of label processing also // - return ptr to char after terminating NULL if ( countLabel ) { *pchlabelStart = countLabel; *pch++ = 0; } else { DNS_ASSERT( pch == pchlabelStart + 1 ); *pchlabelStart = 0; } return( pch ); } PCHAR _fastcall Dns_WriteStringToPacket( IN OUT PCHAR pch, IN PCHAR pchStop, IN LPSTR pszString, IN BOOL fUnicodeString ) /*++ Routine Description: Write string to packet. Arguments: pch -- ptr to current position in packet buffer pchStop -- end of packet buffer pszString - string to write fUnicodeString -- pszString is unicode string Return Value: Ptr to next position in packet buffer. NULL on error. --*/ { DWORD length; // // handle NULL string // if ( !pszString ) { if ( pch >= pchStop ) { return( NULL ); } *pch++ = 0; return( pch ); } // // get string length // - get required buf length, then whack whack off space // for terminating NULL // - zero error case, becomes very large number and is // caught by length>MAXCHAR test // length = Dns_GetBufferLengthForStringCopy( pszString, 0, fUnicodeString ? DnsCharSetUnicode : DnsCharSetUtf8, DnsCharSetUtf8 ); length--; // // set length byte // if ( length > MAXUCHAR ) { SetLastError( ERROR_INVALID_DATA ); return( NULL ); } *pch++ = (UCHAR) length; if ( pch + length > pchStop ) { SetLastError( ERROR_MORE_DATA ); return( NULL ); } // // copy string // // note unicode conversion will write NULL terminator, so // test again for space in packet // if ( fUnicodeString ) { if ( pch + length + 1 > pchStop ) { SetLastError( ERROR_MORE_DATA ); return( NULL ); } Dns_StringCopy( pch, NULL, pszString, length, DnsCharSetUnicode, DnsCharSetUtf8 ); } else { memcpy( pch, pszString, length ); } return( pch+length ); } PCHAR Dns_WriteQuestionToMessage( IN OUT PDNS_MSG_BUF pMsg, IN PDNS_NAME pszName, IN WORD wType, IN BOOL fUnicodeName ) /*++ Routine Description: Write question to packet. Note: Routine DOES NOT clear message info or message header. This is optimized for use immediately following Dns_CreateMessage(). Arguments: pMsg - message info pszName - DNS name of question wType - question type fUnicodeName - name is in unicode Return Value: Ptr to next char in buffer, if successful. NULL if error writing question name. --*/ { PCHAR pch; // use recursion, as default pMsg->MessageHead.RecursionDesired = TRUE; // restart write at message header pch = pMsg->MessageBody; // write question name pch = Dns_WriteDottedNameToPacket( pch, pMsg->pBufferEnd, pszName, NULL, 0, fUnicodeName ); if ( !pch ) { return( NULL ); } // write question structure *(UNALIGNED WORD *) pch = htons( wType ); pch += sizeof(WORD); *(UNALIGNED WORD *) pch = DNS_RCLASS_INTERNET; pch += sizeof(WORD); // set question RR section count pMsg->MessageHead.QuestionCount = 1; // header fields in host order pMsg->fSwapped = FALSE; // reset current ptr pMsg->pCurrent = pch; IF_DNSDBG( INIT ) { DnsDbg_Message( "Packet after question write:", pMsg ); } return( pch ); } DNS_STATUS Dns_WriteRecordStructureToMessage( IN OUT PDNS_MSG_BUF pMsg, IN WORD wType, IN WORD wClass, IN DWORD dwTtl, IN WORD wDataLength ) /*++ Routine Description: No data RR cases: This includes prereqs and deletes except for specific record cases. Arguments: pch - ptr to next byte in packet buffer pchStop - end of packet buffer wClass - class wType - desired RR type dwTtl - time to live wDataLength - data length Return Value: Ptr to next postion in buffer, if successful. NULL on error. --*/ { PDNS_WIRE_RECORD pdnsRR; PCHAR pchdata; IF_DNSDBG( WRITE2 ) { DNS_PRINT(( "Dns_WriteRecordStructureToMessage(%p).\n", pMsg )); } // // out of space // pdnsRR = (PDNS_WIRE_RECORD) pMsg->pCurrent; pchdata = (PCHAR) pdnsRR + sizeof( DNS_WIRE_RECORD ); if ( pchdata + wDataLength >= pMsg->pBufferEnd ) { DNS_PRINT(( "ERROR out of space writing record to packet.\n" )); return( ERROR_MORE_DATA ); } // // write RR wire structure // *(UNALIGNED WORD *) &pdnsRR->RecordType = htons( wType ); *(UNALIGNED WORD *) &pdnsRR->RecordClass = htons( wClass ); *(UNALIGNED DWORD *) &pdnsRR->TimeToLive = htonl( dwTtl ); *(UNALIGNED WORD *) &pdnsRR->DataLength = htons( wDataLength ); // // update current ptr // pMsg->pCurrent = pchdata; return( ERROR_SUCCESS ); } #if 0 DNS_STATUS Dns_WriteOptToMessage( IN OUT PDNS_MSG_BUF pMsg, IN WORD wPayload IN DWORD Rcode, IN BYTE Version, IN PBYTE pData, IN WORD wDataLength ) /*++ Routine Description: Write OPT record to message. Arguments: pMsg -- message wPayload -- max length client can receive in UDP Rcode -- RCODE, if extended some of this ends up in OPT Version -- EDNS version pData -- ptr to data buffer of OPT data wDataLength -- length of pData Return Value: ERROR_SUCCESS if successfully writen. ErrorCode on failure. --*/ { } #endif DNS_STATUS Dns_WriteRecordStructureToPacket( IN OUT PCHAR pchBuf, IN PDNS_RECORD pRecord, IN BOOL fUpdatePacket ) /*++ Routine Description: Write wire record structure for given record. Arguments: pchBuf - ptr to next byte in packet buffer pRecord - record to write fUpdatePacket -- If TRUE, the packet is going to contain an update. Therefore the section flags in the pRecords should be interpreted for update. Otherwise this is for a query and section flags will be interpreted for query. Return Value: None --*/ { PDNS_WIRE_RECORD pwireRecord; WORD class; DWORD ttl; IF_DNSDBG( WRITE2 ) { DNS_PRINT(( "Writing RR struct (%p) to packet buffer at %p.\n", pRecord, pchBuf )); DnsDbg_Record( "Record being written:", pRecord ); } // // get TTL, it will be set to zero for several of the update cases // ttl = pRecord->dwTtl; // // determine class // - class variable is in net order (for perf) // - default is class IN, but may be ANY or NONE for certain updates // if ( fUpdatePacket ) { switch( pRecord->Flags.S.Section ) { case DNSREC_PREREQ: class = PrereqClassArray [ pRecord->wDataLength == 0 ][ pRecord->Flags.S.Delete ]; ttl = 0; break; case DNSREC_UPDATE: case DNSREC_ADDITIONAL: class = UpdateClassArray [ pRecord->wDataLength == 0 ][ pRecord->Flags.S.Delete ]; if ( class != DNS_RCLASS_INTERNET ) { ttl = 0; } break; default: DNS_PRINT(( "ERROR: invalid RR section.\n" )); return( ERROR_INVALID_DATA ); } if ( class == 0 ) { DNS_PRINT(( "ERROR: no update class corresponding to RR flags.\n" )); return( ERROR_INVALID_DATA ); } } else { class = DNS_RCLASS_INTERNET; } // // write RR wire structure // - zero datalength to handle no data case // pwireRecord = (PDNS_WIRE_RECORD) pchBuf; *(UNALIGNED WORD *) &pwireRecord->RecordType = htons( pRecord->wType ); *(UNALIGNED WORD *) &pwireRecord->RecordClass = class; *(UNALIGNED DWORD *) &pwireRecord->TimeToLive = htonl( ttl ); *(UNALIGNED WORD *) &pwireRecord->DataLength = 0; return( ERROR_SUCCESS ); } PCHAR Dns_WriteRecordStructureToPacketEx( IN OUT PCHAR pchBuf, IN WORD wType, IN WORD wClass, IN DWORD dwTtl, IN WORD wDataLength ) /*++ Routine Description: Write wire record structure for given record. Arguments: pchBuf - ptr to next byte in packet buffer Return Value: Ptr to data section of record. --*/ { PDNS_WIRE_RECORD pwireRecord; // DCR_PERF: optimize RR write to packet? pwireRecord = (PDNS_WIRE_RECORD) pchBuf; *(UNALIGNED WORD *) &pwireRecord->RecordType = htons( wType ); *(UNALIGNED WORD *) &pwireRecord->RecordClass = htons( wClass ); *(UNALIGNED DWORD *) &pwireRecord->TimeToLive = htonl( dwTtl ); *(UNALIGNED WORD *) &pwireRecord->DataLength = htons( wDataLength ); return( pchBuf + sizeof(DNS_WIRE_RECORD) ); } VOID Dns_SetRecordDatalength( IN OUT PDNS_WIRE_RECORD pRecord, IN WORD wDataLength ) /*++ Routine Description: Reset record datalength. Arguments: pRecord - wire record to reset wDataLength - data length Return Value: Ptr to data section of record. --*/ { WORD flippedWord; INLINE_WORD_FLIP( flippedWord, wDataLength ); *(UNALIGNED WORD *) &pRecord->DataLength = flippedWord; } DNS_STATUS Dns_AddRecordsToMessage( IN OUT PDNS_MSG_BUF pMsg, IN PDNS_RECORD pRecord, IN BOOL fUpdateMessage ) /*++ Routine Description: Add record or list of records to message.No data RR cases: This includes prereqs and deletes except for specific record cases. Arguments: pMsg - message buffer to write to pRecord - ptr to record (or first of list of records) to write to packet fUpdateMessage -- If TRUE, the message is going to contain an update. Therefore the section flags in the pRecord should be interpreted for update. Otherwise this is for a query message and section flags should be interpreted for query. Return Value: ERROR_SUCCESS if successful. Error code on failure. --*/ { PCHAR pch = pMsg->pCurrent; PCHAR pendBuffer = pMsg->pBufferEnd; WORD currentSection = 0; WORD section; PDNS_NAME pnamePrevious = NULL; WORD compressedPreviousName; WORD offsetPreviousName; PDNS_WIRE_RECORD pwireRecord; PCHAR pchnext; WORD index; DNS_STATUS status = ERROR_SUCCESS; // // write each record in list // while ( pRecord ) { // // determine section for record // - may not write to previous section section = (WORD) pRecord->Flags.S.Section; if ( section < currentSection ) { DNS_PRINT(( "ERROR: Attempt to write record at %p, with section %d\n" "\tless than previous section written %d.\n", pRecord, pRecord->Flags.S.Section, currentSection )); return( ERROR_INVALID_DATA ); } else if ( section > currentSection ) { currentSection = section; SET_CURRENT_RR_COUNT_SECTION( pMsg, section ); } // // write record name // - if same as previous, write compressed name // - if first write from pRecord // - write full name // - clear reserved field for offsetting // if ( pnamePrevious && !strcmp( pnamePrevious, pRecord->pName ) ) { // compression should always be BACK ptr DNS_ASSERT( offsetPreviousName < pch - (PCHAR)&pMsg->MessageHead ); if ( pendBuffer <= pch + sizeof(WORD) ) { return( ERROR_MORE_DATA ); } if ( ! compressedPreviousName ) { compressedPreviousName = htons( (WORD)(0xC000 | offsetPreviousName) ); } *(UNALIGNED WORD *)pch = compressedPreviousName; pch += sizeof( WORD ); } else { offsetPreviousName = (WORD)(pch - (PCHAR)&pMsg->MessageHead); compressedPreviousName = 0; pnamePrevious = pRecord->pName; pch = Dns_WriteDottedNameToPacket( pch, pendBuffer, pnamePrevious, NULL, 0, ( RECORD_CHARSET(pRecord) == DnsCharSetUnicode ) ); if ( !pch ) { // DCR: distinguish out of space errors from name errors during write return( DNS_ERROR_INVALID_NAME ); } } // // write record structure // if ( pch + sizeof(DNS_WIRE_RECORD) >= pendBuffer ) { return( ERROR_MORE_DATA ); } status = Dns_WriteRecordStructureToPacket( pch, pRecord, fUpdateMessage ); if ( status != ERROR_SUCCESS ) { return( status ); } pwireRecord = (PDNS_WIRE_RECORD) pch; pch += sizeof( DNS_WIRE_RECORD ); // // record data // if ( pRecord->wDataLength ) { index = INDEX_FOR_TYPE( pRecord->wType ); DNS_ASSERT( index <= MAX_RECORD_TYPE_INDEX ); if ( index && RRWriteTable[ index ] ) { pchnext = RRWriteTable[ index ]( pRecord, pch, pendBuffer ); if ( ! pchnext ) { status = GetLastError(); DNS_PRINT(( "ERROR: Record write routine failure for record type %d.\n\n" "\tstatus = %p\n", pRecord->wType, status )); return( status ); } } else { // write unknown types -- as RAW data only DNS_PRINT(( "WARNING: Writing unknown type %d to message\n", pRecord->wType )); if ( pendBuffer - pch <= pRecord->wDataLength ) { return( ERROR_MORE_DATA ); } memcpy( pch, (PCHAR) &pRecord->Data, pRecord->wDataLength ); pchnext = pch + pRecord->wDataLength; } // // set packet record data length // DNS_ASSERT( (pchnext - pch) < MAXWORD ); *(UNALIGNED WORD *) &pwireRecord->DataLength = htons( (WORD)(pchnext - pch) ); pch = pchnext; } // increment message record count CURRENT_RR_COUNT_FIELD(pMsg)++; pRecord = pRecord->pNext; } // // resest message current ptr // pMsg->pCurrent = pch; IF_DNSDBG( INIT ) { DnsDbg_Message( "Packet after adding records:", pMsg ); } return( status ); } // // Reading from packet // PCHAR _fastcall Dns_SkipPacketName( IN PCHAR pch, IN PCHAR pchEnd ) /*++ Routine Description: Skips over name in packet Arguments: pch - ptr to start of name to skip pchEnd - ptr to byte after end of packet Return Value: Ptr to next byte in buffer NULL if bad name --*/ { register UCHAR cch; register UCHAR cflag; // // Loop until end of name // while ( pch < pchEnd ) { cch = *pch++; cflag = cch & 0xC0; // // normal label // - skip to next label and continue // - stop only if at 0 (root) label // if ( cflag == 0 ) { if ( cch ) { pch += cch; continue; } return( pch ); } // // compression // - skip second byte in compression and return // else if ( cflag == 0xC0 ) { pch++; return( pch ); } else { DNSDBG( READ, ( "ERROR: bad packet name label byte %02 at 0x%p\n", cch, pch - 1 )); return( NULL ); } } DNSDBG( READ, ( "ERROR: packet name at %p reads past end of packet at %p\n", pch, pchEnd )); return( NULL ); } PCHAR _fastcall Dns_SkipPacketRecord( IN PCHAR pchRecord, IN PCHAR pchMsgEnd ) /*++ Routine Description: Skips over packet RR. This is RR structure and data, not the owner name. Arguments: pchRecord - ptr to start of RR structure. pchMsgEnd - end of message Return Value: Ptr to next record in packet. NULL if RR outside packet or invalid. --*/ { // // skip RR struct // pchRecord += sizeof(DNS_WIRE_RECORD); if ( pchRecord > pchMsgEnd ) { return( NULL ); } // read datalength and skip data // datalength field is a WORD, at end of record header pchRecord += InlineFlipUnalignedWord( pchRecord - sizeof(WORD) ); if ( pchRecord > pchMsgEnd ) { return( NULL ); } return( pchRecord ); } PCHAR Dns_SkipToRecord( IN PDNS_HEADER pMsgHead, IN PCHAR pMsgEnd, IN INT iCount ) /*++ Routine Description: Skips over some number of DNS records. Arguments: pMsgHead -- ptr to begining of DNS message. pMsgEnd -- ptr to end of DNS message iCount -- if > 0, number of records to skip if <= 0, number of records from end of packet Return Value: Ptr to next NULL if bad packet. --*/ { PCHAR pch; INT i; WORD recordCount; // // determine how many records to skip // recordCount = pMsgHead->QuestionCount + pMsgHead->AnswerCount + pMsgHead->NameServerCount + pMsgHead->AdditionalCount; // iCount > 0 is skip count, MUST not be larger than // actual count if ( iCount > 0 ) { if ( iCount > recordCount ) { return( NULL ); } } // iCount <= 0 then (-iCount) is number of records // from the last record else { iCount += recordCount; if ( iCount < 0 ) { return( NULL ); } } // skip message header pch = (PCHAR) (pMsgHead + 1); if ( iCount == 0 ) { return( pch ); } // skip the question/zone section pch = Dns_SkipPacketName( pch, pMsgEnd ); if ( !pch ) { return pch; } pch += sizeof(DNS_WIRE_QUESTION); // // skip regular records // iCount--; for ( i=0; i pchStart && pchEnd > pchStart ); DNS_ASSERT( (pwNameOffset && pfNameSameAsPrevious) || (!pwNameOffset && !pfNameSameAsPrevious) ); // // read through labels and/or compression until reach end of name // pbufferEnd = pchNameBuffer + DNS_MAX_NAME_LENGTH; pchdotted = pchNameBuffer; while ( pch < pchEnd ) { cch = *pch++; // // at root label // - if root name, write single '.' // - otherwise strip trailing dot from last label // - save length written // - NULL teminate name // - set same as previous FALSE // - save packet offset to this name // - return next byte in buffer // if ( cch == 0 ) { if ( pchdotted == pchNameBuffer ) { *pchdotted++ = '.'; } else { pchdotted--; } *pwNameLength = (WORD)(pchdotted - pchNameBuffer); *pchdotted = 0; if ( pwNameOffset ) { *pfNameSameAsPrevious = FALSE; *pwNameOffset = (WORD)(pchName - pchStart); } return( pchreturn ? pchreturn : pch ); } cflag = cch & 0xC0; // // regular label // - copy label to buffer // - jump to next label if ( cflag == 0 ) { PCHAR pchnext = pch + cch; if ( pchnext >= pchEnd ) { DNS_PRINT(( "ERROR: Packet name at %p extends past end of buffer\n", pchName )); goto Failed; } if ( pchdotted + cch + 1 >= pbufferEnd ) { DNS_PRINT(( "ERROR: Packet name at %p exceeds max length\n", pchName )); goto Failed; } memcpy( pchdotted, pch, cch ); pchdotted += cch; *pchdotted++ = '.'; pch = pchnext; continue; } // // offset // - get offset // - if offset at start of name compare to previous name offset // - otherwise follow offset to build new name // if ( cflag == 0xC0 ) { WORD offset; PCHAR pchoffset; offset = (cch ^ 0xC0); offset <<= 8; offset |= *pch; pchoffset = --pch; // // first offset // - save return pointer // // if name is entirely offset // - same as previous offset -- done // - if not still save this offset rather than offset // to name itself (first answer is usually just offset // to question, subsequent answer RRs continue to reference // question offset, not first answer) // if ( !pchreturn ) { DNS_ASSERT( pch >= pchName ); pchreturn = pch+2; if ( pchoffset == pchName && pwNameOffset ) { if ( *pwNameOffset == offset ) { *pfNameSameAsPrevious = TRUE; return( pchreturn ); } else { // save offset that comprises name // then kill out copy of return ptr so don't // return offset to pchName when finish copy *pwNameOffset = offset; *pfNameSameAsPrevious = FALSE; pwNameOffset = NULL; } } } // // make jump to new bytes and continue // - verify offset is BEFORE current name // and BEFORE current ptr pch = pchStart + offset; if ( pch >= pchName || pch >= pchoffset ) { DNS_PRINT(( "ERROR: Bogus name offset %d, encountered at %p\n" "\tto location %p past current position or original name.\n", offset, pchoffset, pch )); goto Failed; } continue; } // any other label byte is bogus else { DNS_PRINT(( "ERROR: bogus name label byte %02x at %p\n", cch, pch - 1 )); goto Failed; } } DNS_PRINT(( "ERROR: packet name at %p reads to ptr %p past end of packet at %p\n", pchName, pch, pchEnd )); // // failed // - return NULL // - set OUT params, keeps prefix happy on higher level calls // Failed: *pwNameLength = 0; if ( pwNameOffset ) { *pwNameOffset = 0; } if ( pfNameSameAsPrevious ) { *pfNameSameAsPrevious = FALSE; } return ( NULL ); } PCHAR _fastcall Dns_ReadPacketNameAllocate( IN OUT PCHAR * ppchName, OUT PWORD pwNameLength, IN OUT PWORD pwPrevNameOffset, OPTIONAL OUT PBOOL pfNameSameAsPrevious, OPTIONAL IN PCHAR pchPacketName, IN PCHAR pchStart, IN PCHAR pchEnd ) /*++ Routine Description: Reads packet name and creates (allocates) a copy in DNS-dotted format. Arguments: ppchName - addr to recv resulting name ptr pwNameLength - length of name written to buffer pwNameOffset - addr with previous names offset (zero if no previous name); on return, contains this name's offset OPTIONAL but must exist if fNameSameAsPrevious exists fNameSameAsPrevious - addr of flag set if this name is same as previous; OPTIONAL but must exist if pwNameOffset exists pchPacketName - pch to name in packet pchStart - start of DNS message pchEnd - ptr to byte after end of DNS message Return Value: Ptr to next byte in packet. NULL on error. --*/ { PCHAR pch; PCHAR pallocName; CHAR nameBuffer[ DNS_MAX_NAME_BUFFER_LENGTH ]; WORD nameLength = DNS_MAX_NAME_BUFFER_LENGTH; // // read packet name into buffer // pch = Dns_ReadPacketName( nameBuffer, & nameLength, pwPrevNameOffset, pfNameSameAsPrevious, pchPacketName, pchStart, pchEnd ); if ( !pch ) { return( pch ); } // // allocate buffer for packet name // - nameLength does not include terminating NULL // nameLength++; pallocName = (PCHAR) ALLOCATE_HEAP( nameLength ); if ( !pallocName ) { return( NULL ); } RtlCopyMemory( pallocName, nameBuffer, nameLength ); *ppchName = pallocName; *pwNameLength = --nameLength; DNSDBG( READ, ( "Allocated copy of packet name %s length %d\n", pallocName, nameLength )); return( pch ); } DNS_STATUS Dns_ExtractRecordsFromMessage( IN PDNS_MSG_BUF pMsg, IN BOOL fUnicode, OUT PDNS_RECORD * ppRecord ) /*++ Routine Description: Extract records from packet. Arguments: pMsg - message buffer to write to fUnicode - flag indicating strings in record should be unicode Return Value: Ptr to parsed record list if any. NULL if no record list or error. --*/ { PDNS_MESSAGE_BUFFER pDnsBuffer = (PDNS_MESSAGE_BUFFER) &pMsg->MessageHead; return Dns_ExtractRecordsFromBuffer( pDnsBuffer, pMsg->MessageLength, fUnicode, ppRecord ); } DNS_STATUS Dns_ExtractRecordsFromBuffer( IN PDNS_MESSAGE_BUFFER pDnsBuffer, IN WORD wMessageLength, IN BOOL fUnicode, OUT PDNS_RECORD * ppRecord ) /*++ Routine Description: Extract records from packet buffer. Arguments: pDnsBuffer - message buffer to read from fUnicode - flag indicating strings in record should be unicode Return Value: Ptr to parsed record list if any. NULL if no record list or error. --*/ { register PCHAR pch; PDNS_HEADER pwireMsg = (PDNS_HEADER) pDnsBuffer; PCHAR pchpacketEnd; DNS_PARSED_RR parsedRR; LPSTR pnameOwner; LPSTR pnameNew = NULL; DNS_CHARSET outCharSet; WORD countRR; WORD countSection; WORD typePrevious = 0; WORD nameOffset = 0; WORD nameLength; WORD index; BYTE section; BOOL fnameSameAsPrevious; PDNS_RECORD pnewRR; DNS_RRSET rrset; DNS_STATUS status; DNS_STATUS rcodeStatus; CHAR nameBuffer[ DNS_MAX_NAME_BUFFER_LENGTH ]; DNS_RECORD recordTemp; PWORD pCurrentCountField = NULL; DNSDBG( READ, ( "Dns_ExtractRecordsFromBuffer( %p, len=%d )\n", pDnsBuffer, wMessageLength )); // // error code // - map RCODE to DNS error // - if other than NAME_ERROR, don't bother parsing // rcodeStatus = pwireMsg->ResponseCode; if ( rcodeStatus != 0 ) { rcodeStatus = Dns_MapRcodeToStatus( pwireMsg->ResponseCode ); if ( rcodeStatus != DNS_ERROR_RCODE_NAME_ERROR ) { DNSDBG( READ, ( "No records extracted from response\n" "\tresponse code = %d\n", pwireMsg->ResponseCode )); return( rcodeStatus ); } } DNS_RRSET_INIT( rrset ); // // detemine char set // if ( fUnicode ) { outCharSet = DnsCharSetUnicode; } else { outCharSet = DnsCharSetUtf8; } // // read RRs in list of records // // loop through all resource records // - skip question // - build DNS_RECORD structure for other records // pchpacketEnd = (PCHAR)pwireMsg + wMessageLength; pch = pDnsBuffer->MessageBody; section = DNSREC_QUESTION; pCurrentCountField = &pwireMsg->QuestionCount; countSection = pwireMsg->QuestionCount; countRR = 0; while( 1 ) { // // changing sections // save section number and RR count for current section // note need immediate loop back to handle empty section // countRR++; if ( countRR > countSection ) { if ( section == DNSREC_ADDITIONAL ) { break; } section++; pCurrentCountField++; countSection = *(pCurrentCountField); countRR = 0; continue; } // validity check next RR if ( pch >= pchpacketEnd ) { DNS_PRINT(( "ERROR: reading bad packet %p.\n" "\tat end of packet length with more records to process\n" "\tpacket length = %ld\n" "\tcurrent offset = %ld\n", wMessageLength, pch - (PCHAR)pwireMsg )); goto PacketError; } // // skip question // if ( section == DNSREC_QUESTION ) { pch = Dns_SkipPacketName( pch, pchpacketEnd ); if ( !pch ) { DNS_PRINT(( "ERROR: bad question name.\n" )); goto PacketError; } pch += sizeof(DNS_WIRE_QUESTION); if ( pch > pchpacketEnd ) { DNS_PRINT(( "ERROR: question exceeds packet length.\n" )); goto PacketError; } continue; } // // read name, determining if same as previous name // IF_DNSDBG( READ2 ) { DnsDbg_Lock(); DNS_PRINT(( "Reading record at offset %x\n", (WORD)(pch - (PCHAR)pwireMsg) )); DnsDbg_PacketName( "Record name ", pch, pwireMsg, pchpacketEnd, "\n" ); DnsDbg_Unlock(); } pch = Dns_ReadPacketName( nameBuffer, & nameLength, & nameOffset, & fnameSameAsPrevious, pch, (PCHAR) pwireMsg, pchpacketEnd ); if ( ! pch ) { DNS_PRINT(( "ERROR: bad packet name.\n" )); goto PacketError; } IF_DNSDBG( READ2 ) { DNS_PRINT(( "Owner name of record %s\n" "\tlength = %d\n" "\toffset = %d\n" "\tfSameAsPrevious = %d\n", nameBuffer, nameLength, nameOffset, fnameSameAsPrevious )); } // // extract RR info, type, datalength // - verify RR within message // pch = Dns_ReadRecordStructureFromPacket( pch, pchpacketEnd, & parsedRR ); if ( !pch ) { DNS_PRINT(( "ERROR: bad RR struct out of packet.\n" )); goto PacketError; } // // on type change, always have new RR set // - setup for new name // if ( parsedRR.Type != typePrevious ) { fnameSameAsPrevious = FALSE; typePrevious = parsedRR.Type; } // // make copy of new name // // DCR_FIX0: name same as previous // flag indicates only that name not compressed to previous // name (or previous compression) // actually need abolute ingnore case compare // with last records name to be sure that name not previous // if ( !fnameSameAsPrevious ) { pnameNew = Dns_NameCopyAllocate( nameBuffer, (UCHAR) nameLength, DnsCharSetUtf8, // UTF8 string in outCharSet ); pnameOwner = pnameNew; DNSDBG( READ2, ( "Copy of owner name of record being read from packet %s\n", pnameOwner )); } DNS_ASSERT( pnameOwner ); DNS_ASSERT( pnameNew || fnameSameAsPrevious ); // // TSIG record requires owner name for versioning // recordTemp.pName = pnameOwner; // // read RR data for type // index = INDEX_FOR_TYPE( parsedRR.Type ); DNS_ASSERT( index <= MAX_RECORD_TYPE_INDEX ); if ( !index || !RRReadTable[ index ] ) { // unknown types -- index to NULL type to use // FlatRecordRead() DNS_PRINT(( "WARNING: Reading unknown record type %d from message\n", parsedRR.Type )); index = DNS_TYPE_NULL; } pnewRR = RRReadTable[ index ]( &recordTemp, outCharSet, (PCHAR) pDnsBuffer, parsedRR.pchData, pch // end of record data ); if ( ! pnewRR ) { status = GetLastError(); ASSERT( status != ERROR_SUCCESS ); DNS_PRINT(( "ERROR: RRReadTable routine failure for type %d.\n" "\tstatus = %p\n" "\tpchdata = %p\n" "\tpchend = %p\n", parsedRR.Type, status, parsedRR.pchData, pch )); if ( status == ERROR_SUCCESS ) { status = DNS_ERROR_NO_MEMORY; } goto Failed; } // // write record info // - first RR in set gets new name allocation // and is responsible for cleanup // - no data cleanup necessary as all data is // contained in the RR allocation // pnewRR->pName = pnameOwner; pnewRR->wType = parsedRR.Type; pnewRR->dwTtl = parsedRR.Ttl; pnewRR->Flags.S.Section = section; pnewRR->Flags.S.CharSet = outCharSet; FLAG_FreeOwner( pnewRR ) = !fnameSameAsPrevious; FLAG_FreeData( pnewRR ) = FALSE; // add RR to list DNS_RRSET_ADD( rrset, pnewRR ); // clear new ptr, as name now part of record // this is strictly used to determine when pnameOwner // must be cleaned up on failure pnameNew = NULL; } // end loop through packet's records // // return parsed record list // - return DNS error for RCODE // - set special return code to differentiate empty response // // DCR: should have special REFERRAL response // - could overload NOTAUTH rcode // DCR: should have special EMPTY_AUTH response // - could have empty-auth overload NXRRSET // // DCR: best check on distinguishing EMPTY_AUTH from REFERRAL // if ( pwireMsg->AnswerCount == 0 && rcodeStatus == 0 ) { if ( !rrset.pFirstRR || rrset.pFirstRR->wType == DNS_TYPE_SOA ) { rcodeStatus = DNS_INFO_NO_RECORDS; DNSDBG( READ, ( "Empty-auth response at %p.\n", pwireMsg )); } #if 0 else if ( rrset.pFirstRR->wType == DNS_TYPE_NS && !pwireMsg->Authoritative ) { rcodeStatus = DNS_INFO_REFERRAL; DNSDBG( READ, ( "Referral response at %p.\n", pwireMsg )); } else { rcodeStatus = DNS_ERROR_BAD_PACKET; DNSDBG( READ, ( "Bogus NO_ERROR response at %p.\n", pwireMsg )); } #endif } // verify never turn RCODE result into SUCCESS ASSERT( pwireMsg->ResponseCode == 0 || rcodeStatus != ERROR_SUCCESS ); ASSERT( pnameNew == NULL ); *ppRecord = rrset.pFirstRR; IF_DNSDBG( RECV ) { DnsDbg_RecordSet( "Extracted records:\n", *ppRecord ); } return( rcodeStatus ); PacketError: DNS_PRINT(( "ERROR: bad packet in buffer.\n" )); status = DNS_ERROR_BAD_PACKET; Failed: if ( pnameNew ) { FREE_HEAP( pnameNew ); } Dns_RecordListFree( rrset.pFirstRR, TRUE // free owner names also ); return( status ); } void Dns_NormalizeAllRecordTtls( IN PDNS_RECORD pRecord ) /*++ Routine Description: Finds the lowest Ttl value in RR set and the sets all records to that value. Arguments: pRecord - record set to normalize ttl values of. Return Value: None --*/ { PDNS_RECORD pTemp = pRecord; DWORD dwTtl; WORD wType; // // Get the Ttl of the first record (if there is one) // if ( pTemp ) { dwTtl = pTemp->dwTtl; wType = pTemp->wType; pTemp = pTemp->pNext; } // // Walk any remaining records looking for an even lower ttl value // while ( pTemp && pTemp->wType == wType && pTemp->Flags.S.Section == DNSREC_ANSWER ) { if ( pTemp->dwTtl < dwTtl ) { dwTtl = pTemp->dwTtl; } pTemp = pTemp->pNext; } // // Set all records to this lowest ttl value // pTemp = pRecord; while ( pTemp && pTemp->wType == wType && pTemp->Flags.S.Section == DNSREC_ANSWER ) { pTemp->dwTtl = dwTtl; pTemp = pTemp->pNext; } } PCHAR Dns_ReadRecordStructureFromPacket( IN PCHAR pchPacket, IN PCHAR pchMsgEnd, IN OUT PDNS_PARSED_RR pParsedRR ) /*++ Routine Description: Read record structure from packet. Arguments: pchPacket - ptr to record structure in packet pRecord - ptr to record structure to receive record structure with fields in host order (and aligned). Return Value: Ptr to next record in packet -- based on datalength. Zero on error. --*/ { DNSDBG( READ2, ( "Dns_ReadRecordStructureFromPacket(%p).\n", pchPacket )); // // verify record structure within packet // if ( pchPacket + sizeof(DNS_WIRE_RECORD) > pchMsgEnd ) { DNS_PRINT(( "ERROR: record structure at %p is not within packet!.\n", pchPacket )); return( 0 ); } // // flip fields and write to aligned struct // pParsedRR->pchRR = pchPacket; pParsedRR->Type = InlineFlipUnalignedWord( pchPacket ); pchPacket += sizeof(WORD); pParsedRR->Class = InlineFlipUnalignedWord( pchPacket ); pchPacket += sizeof(WORD); pParsedRR->Ttl = InlineFlipUnalignedDword( pchPacket ); pchPacket += sizeof(DWORD); pParsedRR->DataLength = InlineFlipUnalignedWord( pchPacket ); pchPacket += sizeof(WORD); pParsedRR->pchData = pchPacket; // // verify datalength does not extend beyond packet end // pchPacket += pParsedRR->DataLength; pParsedRR->pchNextRR = pchPacket; if ( pchPacket > pchMsgEnd ) { DNS_PRINT(( "ERROR: record data at %p (length %d) is not within packet!.\n", pchPacket - pParsedRR->DataLength, pParsedRR->DataLength )); return( 0 ); } // // return ptr to next record in packet // return( pchPacket ); } PDNS_MSG_BUF Dns_BuildPacket( IN PDNS_HEADER pHeader, IN BOOL fNoHeaderCounts, IN LPSTR pszQuestionName, IN WORD wQuestionType, IN PDNS_RECORD pRecords, IN DWORD dwFlags, IN BOOL fUpdatePacket ) /*++ Routine Description: Build packet. Arguments: pHeader -- DNS header to send fNoHeaderCounts - do NOT include record counts in copying header pszName -- DNS name to query wType -- query type pRecords -- address to receive ptr to record list returned from query dwFlags -- query flags aipDnsServers -- specific DNS servers to query; OPTIONAL, if specified overrides normal list associated with machine pDnsNetAdapters -- DNS servers to query; if NULL get current list fUpdatePacket -- If TRUE, the packet is going to contain an update. Therefore the section flags in the pRecords should be interpreted for update. Otherwise this is for a query and section flags will be interpreted for query. Return Value: ERROR_SUCCESS if successful. Error code on failure. --*/ { PDNS_MSG_BUF pmsg; DWORD length; DNS_STATUS status; DNSDBG( WRITE, ( "Dns_BuildPacket()\n" "\tname %s\n" "\ttype %d\n" "\theader %p\n" "\t - counts %d\n" "\trecords %p\n" "\tflags %p\n" "\tfUpdatePacket %p\n", pszQuestionName, wQuestionType, pHeader, fNoHeaderCounts, pRecords, dwFlags, fUpdatePacket )); // // allocate packet // - if just a question, standard UDP will do it // - if contains records, then use TCP buffer // length = 0; if ( pRecords ) { length = DNS_TCP_DEFAULT_PACKET_LENGTH; } pmsg = Dns_AllocateMsgBuf( (WORD)length ); if ( !pmsg ) { status = DNS_ERROR_NO_MEMORY; goto Failed; } // // write question? // if ( pszQuestionName ) { if ( ! Dns_WriteQuestionToMessage( pmsg, pszQuestionName, wQuestionType, (BOOL)!!(dwFlags & DNSQUERY_UNICODE_NAME) ) ) { status = ERROR_INVALID_NAME; goto Failed; } } // // build packet records // if ( pRecords ) { status = Dns_AddRecordsToMessage( pmsg, pRecords, fUpdatePacket ); if ( status != ERROR_SUCCESS ) { DNS_PRINT(( "ERROR: failure writing records to message.\n" )); goto Failed; } } // // overwrite header? // if ( pHeader ) { length = sizeof(DNS_HEADER); if ( fNoHeaderCounts ) { length = sizeof(DWORD); } RtlCopyMemory( & pmsg->MessageHead, pHeader, length ); } // override recursion default, if desired if ( dwFlags & DNS_QUERY_NO_RECURSION ) { pmsg->MessageHead.RecursionDesired = FALSE; } // init XID if not set if ( pmsg->MessageHead.Xid == 0 ) { pmsg->MessageHead.Xid = gwTransactionId++; } return( pmsg ); Failed: SetLastError( status ); FREE_HEAP( pmsg ); return( NULL ); } WORD Dns_GetRandomXid( IN PVOID pSeed ) /*++ Routine Description: Generate "random" XID. Arguments: pSeed -- seed ptr; from stack or heap, provides differentiation beyond time Return Value: XID generated --*/ { SYSTEMTIME systemTime; // // may have multiple sessions to different processes\threads // // use system time hashed in with seed pointer // ptr is first pushed down to count 64-bit boundaries, so lack of // randomness in last 6bits is not preserved // GetSystemTime( &systemTime ); // hash millisecs with arbitrary stack location after knocking off any // 64-bit boundary constraints return (WORD)( systemTime.wMilliseconds * (PtrToUlong(pSeed) >> 6) ); } // // End packet.c //