From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H2,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 24175 invoked from network); 3 Sep 2022 05:43:12 -0000 Received: from second.openwall.net (193.110.157.125) by inbox.vuxu.org with ESMTPUTF8; 3 Sep 2022 05:43:12 -0000 Received: (qmail 32053 invoked by uid 550); 3 Sep 2022 05:43:10 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 32021 invoked from network); 3 Sep 2022 05:43:09 -0000 Date: Sat, 3 Sep 2022 01:42:56 -0400 From: Rich Felker To: musl@lists.openwall.com Message-ID: <20220903054255.GA8773@brightrain.aerifal.cx> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) Subject: [musl] res_query/res_send contract findings In preparation for figuring out what's involved in TCP fallback for DNS queries, I started looking into what res_query/res_send is supposed to do when the result does not fit in the caller's buffer. [Non-]surprisingly, the Linux man pages do not document what's supposed to happen, but probing how glibc behaves, they always return the full length that would be required to store the result. This was kind of surprising to me, but the Solaris man pages are more detailed and document this as expected behavior. (In other words, they're kinda like strlcpy/strlcat, computing something expensive that's partly being thrown away for the sake of knowing how much space is needed to retry, modulo TOCTOU.) So, even if we were happy with just having UDP answers, truncated (TC bit set), with length at most 512 bytes as the canonical answer for "full length if it had fit", the current implementation does not match others (and does not match the poorly documented contract) if the caller provides a buffer shorter than 512 bytes that's too short. In that case, the caller sees an answer falsely claiming that the data it read, truncated on the byte level rather than at RR granularity, is the full length of the response. If we were not making any other action to improve this towards TCP fallback, the right fix might just be having res_send call __res_msend into a temp buffer when anslen<512 and then copy the part that fits to the caller's buffer. But for doing TCP fallback, I think this implies res_query/res_send need to always perform TCP fallback on seeing TC flag, even if the caller's buffer is <= 512 bytes, just so they can return the right value. This is somewhat different from the requirements of getaddrinfo, which probably does not want TCP fallback to happen unless it got zero RRs in the ANSWER section along with the TC flag. So the backend needs a way to be informed whether the caller has any use for "full results". This can probably be done through the resolvconf structure passed to __res_msend, which would also admit having options to customize this if needed.