update unbound from upstream

external/unbound/util/config_file.c

@@ -1105,7 +1105,7 @@ cfg_count_numbers(const char* s)
 	/* sp ::= (space|tab)*      */
 	int num = 0;
 	while(*s) {
-		while(*s && isspace((int)*s))
+		while(*s && isspace((unsigned char)*s))
 			s++;
 		if(!*s) /* end of string */
 			break;
@@ -1113,9 +1113,9 @@ cfg_count_numbers(const char* s)
 			s++;
 		if(!*s) /* only - not allowed */
 			return 0;
-		if(!isdigit((int)*s)) /* bad character */
+		if(!isdigit((unsigned char)*s)) /* bad character */
 			return 0;
-		while(*s && isdigit((int)*s))
+		while(*s && isdigit((unsigned char)*s))
 			s++;
 		num++;
 	}
@@ -1127,7 +1127,7 @@ static int isalldigit(const char* str, size_t l)
 {
 	size_t i;
 	for(i=0; i<l; i++)
-		if(!isdigit(str[i]))
+		if(!isdigit((unsigned char)str[i]))
 			return 0;
 	return 1;
 }
@@ -1153,13 +1153,13 @@ cfg_parse_memsize(const char* str, size_t* res)
 	else if(len > 1 && str[len-1] == 'B') 
 		len--;
 	
-	if(len > 1 && tolower(str[len-1]) == 'g')
+	if(len > 1 && tolower((unsigned char)str[len-1]) == 'g')
 		mult = 1024*1024*1024;
-	else if(len > 1 && tolower(str[len-1]) == 'm')
+	else if(len > 1 && tolower((unsigned char)str[len-1]) == 'm')
 		mult = 1024*1024;
-	else if(len > 1 && tolower(str[len-1]) == 'k')
+	else if(len > 1 && tolower((unsigned char)str[len-1]) == 'k')
 		mult = 1024;
-	else if(len > 0 && isdigit(str[len-1]))
+	else if(len > 0 && isdigit((unsigned char)str[len-1]))
 		mult = 1;
 	else {
 		log_err("unknown size specifier: '%s'", str);
@@ -1322,7 +1322,7 @@ cfg_parse_local_zone(struct config_file* cfg, const char* val)
 
 	/* parse it as: [zone_name] [between stuff] [zone_type] */
 	name = val;
-	while(*name && isspace(*name))
+	while(*name && isspace((unsigned char)*name))
 		name++;
 	if(!*name) {
 		log_err("syntax error: too short: %s", val);
@@ -1341,7 +1341,7 @@ cfg_parse_local_zone(struct config_file* cfg, const char* val)
 	buf[name_end-name] = '\0';
 
 	type = last_space_pos(name_end);
-	while(type && *type && isspace(*type))
+	while(type && *type && isspace((unsigned char)*type))
 		type++;
 	if(!type || !*type) {
 		log_err("syntax error: expected zone type: %s", val);
@@ -1368,7 +1368,7 @@ char* cfg_ptr_reverse(char* str)
 
 	/* parse it as: [IP] [between stuff] [name] */
 	ip = str;
-	while(*ip && isspace(*ip))
+	while(*ip && isspace((unsigned char)*ip))
 		ip++;
 	if(!*ip) {
 		log_err("syntax error: too short: %s", str);
@@ -1423,7 +1423,7 @@ char* cfg_ptr_reverse(char* str)
 	}
 
 	/* printed the reverse address, now the between goop and name on end */
-	while(*ip_end && isspace(*ip_end))
+	while(*ip_end && isspace((unsigned char)*ip_end))
 		ip_end++;
 	if(name>ip_end) {
 		snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "%.*s", 

external/unbound/util/configlexer.c

@@ -10,7 +10,7 @@
 #define FLEX_SCANNER
 #define YY_FLEX_MAJOR_VERSION 2
 #define YY_FLEX_MINOR_VERSION 5
-#define YY_FLEX_SUBMINOR_VERSION 36
+#define YY_FLEX_SUBMINOR_VERSION 37
 #if YY_FLEX_SUBMINOR_VERSION > 0
 #define FLEX_BETA
 #endif
@@ -3787,7 +3787,7 @@ YY_BUFFER_STATE yy_scan_bytes  (yyconst char * yybytes, yy_size_t  _yybytes_len
 	YY_BUFFER_STATE b;
 	char *buf;
 	yy_size_t n;
-	int i;
+	yy_size_t i;
     
 	/* Get memory for full buffer, including space for trailing EOB's. */
 	n = _yybytes_len + 2;

external/unbound/util/configparser.h

@@ -1,4 +1,4 @@
-/* A Bison parser, made by GNU Bison 2.6.1.  */
+/* A Bison parser, made by GNU Bison 2.7.  */
 
 /* Bison interface for Yacc-like parsers in C
    
@@ -30,8 +30,8 @@
    This special exception was added by the Free Software Foundation in
    version 2.2 of Bison.  */
 
-#ifndef YY_UTIL_CONFIGPARSER_H
-# define YY_UTIL_CONFIGPARSER_H
+#ifndef YY_YY_UTIL_CONFIGPARSER_H_INCLUDED
+# define YY_YY_UTIL_CONFIGPARSER_H_INCLUDED
 /* Enabling traces.  */
 #ifndef YYDEBUG
 # define YYDEBUG 0
@@ -347,13 +347,13 @@ extern int yydebug;
 #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
 typedef union YYSTYPE
 {
-/* Line 2049 of yacc.c  */
+/* Line 2058 of yacc.c  */
 #line 64 "./util/configparser.y"
 
 	char*	str;
 
 
-/* Line 2049 of yacc.c  */
+/* Line 2058 of yacc.c  */
 #line 358 "util/configparser.h"
 } YYSTYPE;
 # define YYSTYPE_IS_TRIVIAL 1
@@ -377,4 +377,4 @@ int yyparse ();
 #endif
 #endif /* ! YYPARSE_PARAM */
 
-#endif /* !YY_UTIL_CONFIGPARSER_H  */
+#endif /* !YY_YY_UTIL_CONFIGPARSER_H_INCLUDED  */

external/unbound/util/data/dname.c

@@ -114,8 +114,8 @@ query_dname_compare(register uint8_t* d1, register uint8_t* d2)
 		while(lab1--) {
 			/* compare bytes first for speed */
 			if(*d1 != *d2 && 
-				tolower((int)*d1) != tolower((int)*d2)) {
-				if(tolower((int)*d1) < tolower((int)*d2))
+				tolower((unsigned char)*d1) != tolower((unsigned char)*d2)) {
+				if(tolower((unsigned char)*d1) < tolower((unsigned char)*d2))
 					return -1;
 				return 1;
 			}
@@ -138,7 +138,7 @@ query_dname_tolower(uint8_t* dname)
 	while(labellen) {
 		dname++;
 		while(labellen--) {
-			*dname = (uint8_t)tolower((int)*dname);
+			*dname = (uint8_t)tolower((unsigned char)*dname);
 			dname++;
 		}
 		labellen = *dname;
@@ -167,7 +167,7 @@ pkt_dname_tolower(sldns_buffer* pkt, uint8_t* dname)
 		if(dname+lablen >= sldns_buffer_end(pkt))
 			return;
 		while(lablen--) {
-			*dname = (uint8_t)tolower((int)*dname);
+			*dname = (uint8_t)tolower((unsigned char)*dname);
 			dname++;
 		}
 		if(dname >= sldns_buffer_end(pkt))
@@ -256,8 +256,8 @@ dname_pkt_compare(sldns_buffer* pkt, uint8_t* d1, uint8_t* d2)
 		log_assert(len1 == len2 && len1 != 0);
 		/* compare labels */
 		while(len1--) {
-			if(tolower((int)*d1++) != tolower((int)*d2++)) {
-				if(tolower((int)d1[-1]) < tolower((int)d2[-1]))
+			if(tolower((unsigned char)*d1++) != tolower((unsigned char)*d2++)) {
+				if(tolower((unsigned char)d1[-1]) < tolower((unsigned char)d2[-1]))
 					return -1;
 				return 1;
 			}
@@ -282,7 +282,7 @@ dname_query_hash(uint8_t* dname, hashvalue_t h)
 		labuf[0] = lablen;
 		i=0;
 		while(lablen--)
-			labuf[++i] = (uint8_t)tolower((int)*dname++);
+			labuf[++i] = (uint8_t)tolower((unsigned char)*dname++);
 		h = hashlittle(labuf, labuf[0] + 1, h);
 		lablen = *dname++;
 	}
@@ -310,7 +310,7 @@ dname_pkt_hash(sldns_buffer* pkt, uint8_t* dname, hashvalue_t h)
 		labuf[0] = lablen;
 		i=0;
 		while(lablen--)
-			labuf[++i] = (uint8_t)tolower((int)*dname++);
+			labuf[++i] = (uint8_t)tolower((unsigned char)*dname++);
 		h = hashlittle(labuf, labuf[0] + 1, h);
 		lablen = *dname++;
 	}
@@ -423,8 +423,8 @@ static int
 memlowercmp(uint8_t* p1, uint8_t* p2, uint8_t len)
 {
 	while(len--) {
-		if(*p1 != *p2 && tolower((int)*p1) != tolower((int)*p2)) {
-			if(tolower((int)*p1) < tolower((int)*p2))
+		if(*p1 != *p2 && tolower((unsigned char)*p1) != tolower((unsigned char)*p2)) {
+			if(tolower((unsigned char)*p1) < tolower((unsigned char)*p2))
 				return -1;
 			return 1;
 		}
@@ -480,10 +480,10 @@ dname_lab_cmp(uint8_t* d1, int labs1, uint8_t* d2, int labs2, int* mlabs)
 			 *	lastdiff = c;
 			 *	lastmlabs = atlabel; } apart from d1++,d2++ */
 			while(len1) {
-				if(*d1 != *d2 && tolower((int)*d1) 
-					!= tolower((int)*d2)) {
-					if(tolower((int)*d1) < 
-						tolower((int)*d2)) {
+				if(*d1 != *d2 && tolower((unsigned char)*d1) 
+					!= tolower((unsigned char)*d2)) {
+					if(tolower((unsigned char)*d1) < 
+						tolower((unsigned char)*d2)) {
 						lastdiff = -1;
 						lastmlabs = atlabel;
 						d1 += len1;
@@ -561,7 +561,7 @@ void dname_str(uint8_t* dname, char* str)
 			return;
 		}
 		while(lablen--) {
-			if(isalnum((int)*dname) 
+			if(isalnum((unsigned char)*dname) 
 				|| *dname == '-' || *dname == '_' 
 				|| *dname == '*')
 				*s++ = *(char*)dname++;

external/unbound/util/data/msgreply.c

@@ -576,10 +576,12 @@ reply_info_delete(void* d, void* ATTR_UNUSED(arg))
 }
 
 hashvalue_t 
-query_info_hash(struct query_info *q)
+query_info_hash(struct query_info *q, uint16_t flags)
 {
 	hashvalue_t h = 0xab;
 	h = hashlittle(&q->qtype, sizeof(q->qtype), h);
+	if(q->qtype == LDNS_RR_TYPE_AAAA && (flags&BIT_CD))
+		h++;
 	h = hashlittle(&q->qclass, sizeof(q->qclass), h);
 	h = dname_query_hash(q->qname, h);
 	return h;
@@ -771,15 +773,14 @@ log_dns_msg(const char* str, struct query_info* qinfo, struct reply_info* rep)
 		region, 65535, 1)) {
 		log_info("%s: log_dns_msg: out of memory", str);
 	} else {
-		char* str = sldns_wire2str_pkt(sldns_buffer_begin(buf),
+		char* s = sldns_wire2str_pkt(sldns_buffer_begin(buf),
 			sldns_buffer_limit(buf));
-		if(!str) {
+		if(!s) {
 			log_info("%s: log_dns_msg: ldns tostr failed", str);
 		} else {
-			log_info("%s %s", 
-				str, (char*)sldns_buffer_begin(buf));
+			log_info("%s %s", str, s);
 		}
-		free(str);
+		free(s);
 	}
 	sldns_buffer_free(buf);
 	regional_destroy(region);

external/unbound/util/data/msgreply.h

@@ -305,8 +305,9 @@ void query_entry_delete(void *q, void* arg);
 /** delete reply_info data structure */
 void reply_info_delete(void* d, void* arg);
 
-/** calculate hash value of query_info, lowercases the qname */
-hashvalue_t query_info_hash(struct query_info *q);
+/** calculate hash value of query_info, lowercases the qname,
+ * uses CD flag for AAAA qtype */
+hashvalue_t query_info_hash(struct query_info *q, uint16_t flags);
 
 /**
  * Setup query info entry

external/unbound/util/fptr_wlist.c

@@ -280,7 +280,7 @@ fptr_whitelist_modenv_detach_subs(void (*fptr)(
 int 
 fptr_whitelist_modenv_attach_sub(int (*fptr)(
         struct module_qstate* qstate, struct query_info* qinfo,
-        uint16_t qflags, int prime, struct module_qstate** newq))
+        uint16_t qflags, int prime, int valrec, struct module_qstate** newq))
 {
 	if(fptr == &mesh_attach_sub) return 1;
 	return 0;
@@ -296,7 +296,7 @@ fptr_whitelist_modenv_kill_sub(void (*fptr)(struct module_qstate* newq))
 int 
 fptr_whitelist_modenv_detect_cycle(int (*fptr)(        
 	struct module_qstate* qstate, struct query_info* qinfo,         
-	uint16_t flags, int prime))
+	uint16_t flags, int prime, int valrec))
 {
 	if(fptr == &mesh_detect_cycle) return 1;
 	return 0;

external/unbound/util/fptr_wlist.h

@@ -233,7 +233,7 @@ int fptr_whitelist_modenv_detach_subs(void (*fptr)(
  */
 int fptr_whitelist_modenv_attach_sub(int (*fptr)(
 	struct module_qstate* qstate, struct query_info* qinfo, 
-	uint16_t qflags, int prime, struct module_qstate** newq));
+	uint16_t qflags, int prime, int valrec, struct module_qstate** newq));
 
 /**
  * Check function pointer whitelist for module_env kill_sub callback values.
@@ -251,7 +251,7 @@ int fptr_whitelist_modenv_kill_sub(void (*fptr)(struct module_qstate* newq));
  */
 int fptr_whitelist_modenv_detect_cycle(int (*fptr)(
 	struct module_qstate* qstate, struct query_info* qinfo, 
-	uint16_t flags, int prime));
+	uint16_t flags, int prime, int valrec));
 
 /**
  * Check function pointer whitelist for module init call values.

external/unbound/util/iana_ports.inc

@@ -2061,6 +2061,7 @@
 2423,
 2424,
 2425,
+2426,
 2427,
 2428,
 2429,
@@ -3964,6 +3965,7 @@
 4785,
 4789,
 4790,
+4791,
 4800,
 4801,
 4802,
@@ -4225,6 +4227,7 @@
 5463,
 5464,
 5465,
+5474,
 5500,
 5501,
 5502,
@@ -5351,9 +5354,11 @@
 35004,
 35355,
 36001,
+36411,
 36865,
 37475,
 37654,
+38002,
 38201,
 38202,
 38203,

external/unbound/util/mini_event.h

@@ -58,6 +58,21 @@
 #define HAVE_EVENT_BASE_FREE
 #endif 
 
+/* redefine to use our own namespace so that on platforms where
+ * linkers crosslink library-private symbols with other symbols, it works */
+#define event_init minievent_init
+#define event_get_version minievent_get_version
+#define event_get_method minievent_get_method
+#define event_base_dispatch minievent_base_dispatch
+#define event_base_loopexit minievent_base_loopexit
+#define event_base_free minievent_base_free
+#define event_set minievent_set
+#define event_base_set minievent_base_set
+#define event_add minievent_add
+#define event_del minievent_del
+#define signal_add minisignal_add
+#define signal_del minisignal_del
+
 /** event timeout */
 #define EV_TIMEOUT	0x01
 /** event fd readable */

external/unbound/util/module.h

@@ -256,13 +256,14 @@ struct module_env {
 	 * @param qinfo: what to query for (copied).
 	 * @param qflags: what flags to use (RD, CD flag or not).
 	 * @param prime: if it is a (stub) priming query.
+	 * @param valrec: validation lookup recursion, does not need validation
 	 * @param newq: If the new subquery needs initialisation, it is 
 	 * 	returned, otherwise NULL is returned.
 	 * @return: false on error, true if success (and init may be needed).
 	 */ 
 	int (*attach_sub)(struct module_qstate* qstate, 
 		struct query_info* qinfo, uint16_t qflags, int prime, 
-		struct module_qstate** newq);
+		int valrec, struct module_qstate** newq);
 
 	/**
 	 * Kill newly attached sub. If attach_sub returns newq for 
@@ -280,13 +281,15 @@ struct module_env {
 	 * @param qinfo: query info for dependency. 
 	 * @param flags: query flags of dependency, RD/CD flags.
 	 * @param prime: if dependency is a priming query or not.
+	 * @param valrec: validation lookup recursion, does not need validation
 	 * @return true if the name,type,class exists and the given 
 	 * 	qstate mesh exists as a dependency of that name. Thus 
 	 * 	if qstate becomes dependent on name,type,class then a 
 	 * 	cycle is created.
 	 */
 	int (*detect_cycle)(struct module_qstate* qstate, 
-		struct query_info* qinfo, uint16_t flags, int prime);
+		struct query_info* qinfo, uint16_t flags, int prime,
+		int valrec);
 
 	/** region for temporary usage. May be cleared after operate() call. */
 	struct regional* scratch;
@@ -397,6 +400,9 @@ struct module_qstate {
 	uint16_t query_flags;
 	/** if this is a (stub or root) priming query (with hints) */
 	int is_priming;
+	/** if this is a validation recursion query that does not get
+	 * validation itself */
+	int is_valrec;
 
 	/** comm_reply contains server replies */
 	struct comm_reply* reply;

external/unbound/util/net_help.c

@@ -613,12 +613,17 @@ void* listen_sslctx_create(char* key, char* pem, char* verifypem)
 		log_crypto_err("could not SSL_CTX_new");
 		return NULL;
 	}
-	/* no SSLv2 because has defects */
+	/* no SSLv2, SSLv3 because has defects */
 	if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){
 		log_crypto_err("could not set SSL_OP_NO_SSLv2");
 		SSL_CTX_free(ctx);
 		return NULL;
 	}
+	if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)){
+		log_crypto_err("could not set SSL_OP_NO_SSLv3");
+		SSL_CTX_free(ctx);
+		return NULL;
+	}
 	if(!SSL_CTX_use_certificate_file(ctx, pem, SSL_FILETYPE_PEM)) {
 		log_err("error for cert file: %s", pem);
 		log_crypto_err("error in SSL_CTX use_certificate_file");
@@ -668,6 +673,11 @@ void* connect_sslctx_create(char* key, char* pem, char* verifypem)
 		SSL_CTX_free(ctx);
 		return NULL;
 	}
+	if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)) {
+		log_crypto_err("could not set SSL_OP_NO_SSLv3");
+		SSL_CTX_free(ctx);
+		return NULL;
+	}
 	if(key && key[0]) {
 		if(!SSL_CTX_use_certificate_file(ctx, pem, SSL_FILETYPE_PEM)) {
 			log_err("error in client certificate %s", pem);
@@ -689,7 +699,7 @@ void* connect_sslctx_create(char* key, char* pem, char* verifypem)
 		}
 	}
 	if(verifypem && verifypem[0]) {
-		if(!SSL_CTX_load_verify_locations(ctx, verifypem, NULL) != 1) {
+		if(!SSL_CTX_load_verify_locations(ctx, verifypem, NULL)) {
 			log_crypto_err("error in SSL_CTX verify");
 			SSL_CTX_free(ctx);
 			return NULL;

external/unbound/util/winsock_event.h

@@ -90,6 +90,21 @@
 #define HAVE_EVENT_BASE_FREE
 #endif
 
+/* redefine the calls to different names so that there is no name
+ * collision with other code that uses libevent names. (that uses libunbound)*/
+#define event_init winsockevent_init
+#define event_get_version winsockevent_get_version
+#define event_get_method winsockevent_get_method
+#define event_base_dispatch winsockevent_base_dispatch
+#define event_base_loopexit winsockevent_base_loopexit
+#define event_base_free winsockevent_base_free
+#define event_set winsockevent_set
+#define event_base_set winsockevent_base_set
+#define event_add winsockevent_add
+#define event_del winsockevent_del
+#define signal_add winsocksignal_add
+#define signal_del winsocksignal_del
+
 /** event timeout */
 #define EV_TIMEOUT      0x01
 /** event fd readable */