The existing implementation of the Name.unpack method does not check the
length of the domain name until parsing is complete. This allows a
malicious user to supply an unreasonably large name and wastle cycles
parsing. This change moves an equivalent check into the loop during
process to short-circuit if we've created too large of a name.
For golang/go#77540
Change-Id: I4c4bf20c0342825a09cefd9b0b3c0bdce0c80137
Reviewed-on: https://go-review.googlesource.com/c/net/+/750260
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
This change implements the proposal to add new DNS message types HTTPS and
SVCB in the golang.org/x/net/dns/dnsmessage package, as described in
golang/go#43790.
The implementation includes:
- New types TypeHTTPS and TypeSVCB.
- SVCBResource and HTTPSResource structs, with HTTPSResource embedding
SVCBResource.
- SVCParam and SVCParamKey types for handling service parameters.
- pack and unpack methods for the new resource types.
- Integration into the Parser and Builder.
- Comprehensive tests, including for parameter handling logic.
I implemented the SVCB parsing code so that it performs only two
allocations: one for the []SVCParam slice, and one to hold the SVCParam
values. A test was added to demonstrate that.
Fixesgolang/go#43790
Change-Id: I60439772fe0e339ae3141bd1dd9829564efe0f2a
GitHub-Last-Rev: 49c2ac0102
GitHub-Pull-Request: golang/net#241
Reviewed-on: https://go-review.googlesource.com/c/net/+/710736
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Vinicius Fortuna <fortuna@google.com>
As per RFC 3597:
Receiving servers MUST decompress domain names in RRs of well-known
type, and SHOULD also decompress RRs of type RP, AFSDB, RT, SIG, PX,
NXT, NAPTR, and SRV (although the current specification of the SRV RR
in RFC2782 prohibits compression, RFC2052 mandated it, and some
servers following that earlier specification are still in use).
This change allows SRV resource decompression.
Updates golang/go#36718
Updates golang/go#37362
Change-Id: I473c0d3803758e5b12886f378d2ed54bd5392144
GitHub-Last-Rev: 88d2e0642a
GitHub-Pull-Request: golang/net#199
Reviewed-on: https://go-review.googlesource.com/c/net/+/540375
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
This improves the performance of name compression and makes
the name.Data[name.Length:] not included in the compression
map, it is unnecessary and might cause issues (i.e. reusing
the Name struct, without using the NewName function).
goos: linux
goarch: amd64
pkg: golang.org/x/net/dns/dnsmessage
cpu: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
│ before │ after │
│ sec/op │ sec/op vs base │
Pack-4 15.672µ ± 13% 5.470µ ± 14% -65.10% (p=0.000 n=10)
AppendPack-4 15.144µ ± 12% 5.330µ ± 10% -64.80% (p=0.000 n=10)
geomean 15.41µ 5.400µ -64.95%
│ before │ after │
│ B/op │ B/op vs base │
Pack-4 6.051Ki ± 0% 1.285Ki ± 0% -78.76% (p=0.000 n=10)
AppendPack-4 5684.0 ± 0% 804.0 ± 0% -85.86% (p=0.000 n=10)
geomean 5.795Ki 1.005Ki -82.67%
│ before │ after │
│ allocs/op │ allocs/op vs base │
Pack-4 21.00 ± 0% 11.00 ± 0% -47.62% (p=0.000 n=10)
AppendPack-4 20.00 ± 0% 10.00 ± 0% -50.00% (p=0.000 n=10)
geomean 20.49 10.49 -48.82%
Change-Id: Idf40d5d4790d37eb7253214f089eff859a937c60
GitHub-Last-Rev: a3182830e2
GitHub-Pull-Request: golang/net#190
Reviewed-on: https://go-review.googlesource.com/c/net/+/522817
Run-TryBot: Mateusz Poliwczak <mpoliwczak34@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
In the net package the Parser is copied a lot, the
size of the Parser can be reduced easily by not storing the
entire ResourceHeader in the Parser.
It reduces the size from 328B to 80B.
Also it makes sure that the resource header parsing
methods don't return stale headers (from different
sections).
Change-Id: If05b03ba654ca5c03d536e86446c5a2a7dc79ec3
GitHub-Last-Rev: dacd25cc35
GitHub-Pull-Request: golang/net#186
Reviewed-on: https://go-review.googlesource.com/c/net/+/514855
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
Auto-Submit: Matthew Dempsky <mdempsky@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Mateusz Poliwczak <mpoliwczak34@gmail.com>
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Currently, dnsmessage is not capable of parsing messages that contain
unknown records. Specifically, unpackResourceType returns an error
stating "invalid resource type".
This makes it tricky to use dnsmessage for applications such as
recursive resolvers or DNS forwarders. (I was bitten already, which is
why I'm writing this!)
RFC3597 indicates that name servers and resolvers must treat unknown RRs
as binary data. Quoting the first paragraph from section 3 below:
> To enable new RR types to be deployed without server changes, name
> servers and resolvers MUST handle RRs of unknown type transparently.
> That is, they must treat the RDATA section of such RRs as
> unstructured binary data, storing and transmitting it without change
> [RFC1123].
Fixes#42128
Change-Id: I2a203177e6e6cf51d70c63568c0465fc36a49afe
Reviewed-on: https://go-review.googlesource.com/c/net/+/262037
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Trust: Dmitri Shuralyov <dmitshur@golang.org>
My earlier change CL 220798 avoided a vet warning for string(i),
but neglected to consider that the vet warning was accurate:
the code was wrong. The code assumed that string(rune(i)) would
return a readable version of i, but of course it instead returns
the UTF-8 encoding of i.
Updates golang/go#32479
Change-Id: I7410bf9fcd98cbdd193344118ecc81e967a6fb45
Reviewed-on: https://go-review.googlesource.com/c/net/+/221437
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com>
If during packing, the byte slice gets re-allocated between packing the
ResourceHeader and ResourceBody, the length will get updated in the old
byte slice before re-allocation resulting in a zero length in the final
packed message.
This change fixes the bug by passing the offset at which the length
should be written instead of a slice of the output byte slice from
ResourceHeader encoding step.
Updates golang/go#16218
Change-Id: Ifd7e2f549b7087ed5b52eaa6ae78970fec4ad988
Reviewed-on: https://go-review.googlesource.com/123835
Run-TryBot: Ian Gudger <igudger@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This improves the debugability of the library and eases the transition
to this library. For example, test DNS messages defined with another DNS
library can be packed and then unpacked with this library. These
unpacked messages can have GoString called on them to generate new test
messages defined with this library.
Updates golang/go#16218
Change-Id: I602586500fd8202892ef04187d3bd8a11039cf27
Reviewed-on: https://go-review.googlesource.com/120697
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
This change introduces OPTResourse type to support DNS messages
containing various extension options as defined in RFC 6891.
Parsing and building OPT pseudo records requires allocations like TXT
records.
Also adds DNSSECAllowed, ExtendedRCode and SetEDNS0 methods to
ResourceHeader for convenience.
Updates golang/go#6464.
Updates golang/go#16218.
Change-Id: Ib72cea277201e4122c6b5effa320084ff351c886
Reviewed-on: https://go-review.googlesource.com/47170
Reviewed-by: Ian Gudger <igudger@google.com>
Previously, we only accepted a single string for TXT records and then
chunked it into 255 byte segments. This is wrong. TXT records are a
sequence of strings, each up to 255 bytes.
Updates golang/go#24288
Change-Id: Ib2c085ec127ccecf0c7bda930100b667cabc1f4b
Reviewed-on: https://go-review.googlesource.com/100196
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
The new appending behavior is required for an efficient DNS client.
(*Builder).Start was intended to append, but didn't. This was a mistake
(all tests and examples assumed that it did).
In addition, message compression when appending has been fixed.
Updates golang/go#16218
Change-Id: I3f42aa6e653e2990fa90368a2803e588ea15b85a
Reviewed-on: https://go-review.googlesource.com/97716
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
We mustn't use data from p.header to pre-allocate slices for Message.Question, etc.
Otherwise an attacker can force the allocation of several MiB per parsed message,
which can lead to a DoS via putting pressure on the GC.
Fixesgolang/go#23214
Change-Id: I6c99577f625b08331b438533adb6b8167bcd1ec5
Reviewed-on: https://go-review.googlesource.com/85135
Reviewed-by: Ian Gudger <igudger@google.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Add an AppendPack method to Message that appends the message data into a
byte buffer. Reusing a buffer allows for a reduction in allocations.
name time/op
Pack-8 5.04µs ± 1%
AppendPack-8 4.95µs ± 2%
name alloc/op
Pack-8 6.22kB ± 0%
AppendPack-8 5.71kB ± 0%
name allocs/op
Pack-8 21.0 ± 0%
AppendPack-8 20.0 ± 0%
Change-Id: I8bb6b07787cf2ba9ef32e1e60a3003a585ec55be
Reviewed-on: https://go-review.googlesource.com/45274
Reviewed-by: Ian Gudger <igudger@google.com>
Reviewed-by: Mikio Hara <mikioh.mikioh@gmail.com>
Run-TryBot: Mikio Hara <mikioh.mikioh@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Parsing and building can now be done 100% allocation free for most
types. Non-name variable-length fields such as TXT records still
require allocations. Building with compression still causes allocations
due to the use of a map. Both parsing and building will perform
allocations in error paths.
Updates golang/go#16218
Change-Id: I644a7776bd0bf4ad20def521cee44eeadc5e9c06
Reviewed-on: https://go-review.googlesource.com/41145
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
