Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sync with upstream v1.1.62 #12

Merged
merged 21 commits into from
Sep 28, 2024
Merged

Sync with upstream v1.1.62 #12

merged 21 commits into from
Sep 28, 2024

Conversation

developStorm
Copy link
Member

No description provided.

janik-cloudflare and others added 21 commits June 13, 2024 16:13
* Update escapedStringOffset to improve readability

This function was, admittedly, a little difficult to follow. This new
version is slightly more verbose, but, in my opinion, easier to
understand.

* Fix possible out-of-bounds read in endingToTxtSlice caused by escapedStringOffset

If the input had a trailing backslash (normally the start of an escape
sequence) with nothing following it, `escapedStringOffset` would return
the length of the input, plus one (!), as the result index, causing an
out-of-bounds read and panic in `endingToTxtSlice`.

Consistent with, e.g., commit 2230854,
I've decided to make this an error since it definitely indicates that
the string isn't valid.

Credit to OSS-Fuzz -- thank you!
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.18.0 to 0.20.0.
- [Commits](golang/sys@v0.18.0...v0.20.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.22.0 to 0.25.0.
- [Commits](golang/net@v0.22.0...v0.25.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.19.0 to 0.22.0.
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](golang/tools@v0.19.0...v0.22.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Add a hook to catch invalid messages

Currently there are hooks for reading messages off the wire (DecorateReader),
checking if they comply with policy (MsgAcceptFunc), and generating responses
(Handler).  However, there is no hook that notifies the server when a message is
dropped or rejected due to a syntax error.  That makes it hard to monitor these
packets without repeating the parsing process.

This PR adds a hook for notifications about invalid packets.

* s/InvalidMsg/MsgInvalid/g
Signed-off-by: Miek Gieben <miek@miek.nl>
Signed-off-by: Miek Gieben <miek@miek.nl>
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.26.0 to 0.27.0.
- [Commits](golang/net@v0.26.0...v0.27.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.21.0 to 0.22.0.
- [Commits](golang/sys@v0.21.0...v0.22.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Extended DNS Error (EDE) codes were missing for code points 25-30.
These are documented in:
https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#extended-dns-error-codes

Co-authored-by: Christian Elmerot <elmerot@cloudflare.com>
IANA har allocated the NXNAME meta type to indicate an NSEC/NSEC3 record
signals that the name does not exist (corresponds to NXDOMAIN).
NXNAME is a meta type only for use with NSEC/NSEC3 bitmaps and use is
defined in https://datatracker.ietf.org/doc/draft-ietf-dnsop-compact-denial-of-existence/

Co-authored-by: Christian Elmerot <elmerot@cloudflare.com>
net.Error.Temporary has been deprecated since Go 1.18. There
has been some discussion around what to use in server accept loops
instead [1], but the suggestion seems to be that it may be a mistake
to have any sort of retries in place [2].

This PR removes it, which may expose some users to errors that were
previously swallowed and retried, but at the expense of leaking file
descriptors and the like.

1: https://groups.google.com/g/golang-nuts/c/-JcZzOkyqYI/m/xwaZzjCgAwAJ?pli=1
2: https://groups.google.com/g/golang-nuts/c/-JcZzOkyqYI/m/vNNiVn_LAwAJ

Co-authored-by: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com>
Signed-off-by: Miek Gieben <miek@miek.nl>
The bytes read from the reader are returned to a pool and
must not be changed by the decorated reader.
Mostly trickered by:

~~~
-               return &EDNS0_ESU{Code: EDNS0ESU}
+               return new(EDNS0_ESU)
~~~

dont see why this 'case' needs to be different than all the others. Some
various textual changes for the test.

Signed-off-by: Miek Gieben <miek@miek.nl>
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.27.0 to 0.28.0.
- [Commits](golang/net@v0.27.0...v0.28.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@developStorm developStorm self-assigned this Sep 27, 2024
@developStorm developStorm reopened this Sep 27, 2024
@developStorm developStorm changed the title Sync with upstream Sync with upstream v1.1.62 Sep 27, 2024
@zakird zakird merged commit dd1b978 into zmap:master Sep 28, 2024
4 checks passed
@zakird
Copy link
Member

zakird commented Sep 28, 2024

@developStorm @phillip-stephens we should set up a github action that regularly submits PRs to keep us up to date.

@zakird
Copy link
Member

zakird commented Sep 28, 2024

Sees #11 🤦🏽

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

10 participants