diff --git a/CHANGES b/CHANGES index 6fa1e7d3bb..d430d79ace 100644 --- a/CHANGES +++ b/CHANGES @@ -1,8 +1,8 @@ + --- 9.10.0b1 released --- + 3755. [func] Add stats counters for known EDNS options + others. [RT #35447] - --- 9.10.0b1 released --- - 3754. [cleanup] win32: Installer now places files in the Program Files area rather than system services. [RT #35361] diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c index 2c76b6d94e..b3f176fb49 100644 --- a/bin/dig/dighost.c +++ b/bin/dig/dighost.c @@ -2073,7 +2073,7 @@ static void compute_cookie(unsigned char *cookie, size_t len) { /* XXXMPA need to fix, should be per server. */ INSIST(len >= 8U); - memcpy(cookie, cookie_secret, 8); + memmove(cookie, cookie_secret, 8); } #endif diff --git a/bin/named/client.c b/bin/named/client.c index bec52423f6..7b011486a7 100644 --- a/bin/named/client.c +++ b/bin/named/client.c @@ -1560,29 +1560,25 @@ compute_sit(ns_client_t *client, isc_uint32_t when, isc_uint32_t nonce, isc_buffer_putmem(buf, client->cookie, 8); isc_buffer_putuint32(buf, nonce); isc_buffer_putuint32(buf, when); - memcpy(input, cp, 8); + memmove(input, cp, 16); + isc_aes128_crypt(ns_g_server->secret, input, digest); + for (i = 0; i < 8; i++) + input[i] = digest[i] ^ digest[i + 8]; isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr); switch (netaddr.family) { case AF_INET: - memcpy(input + 8, (unsigned char *)&netaddr.type.in, 4); + memmove(input + 8, (unsigned char *)&netaddr.type.in, 4); memset(input + 12, 0, 4); isc_aes128_crypt(ns_g_server->secret, input, digest); break; case AF_INET6: - memcpy(input + 8, (unsigned char *)&netaddr.type.in6, 16); + memmove(input + 8, (unsigned char *)&netaddr.type.in6, 16); isc_aes128_crypt(ns_g_server->secret, input, digest); for (i = 0; i < 8; i++) input[i + 8] = digest[i] ^ digest[i + 8]; isc_aes128_crypt(ns_g_server->secret, input + 8, digest); break; - default: - isc_aes128_crypt(ns_g_server->secret, input, digest); - break; } - memcpy(input, client->cookie, 8); - for (i = 0; i < 8; i++) - input[i + 8] = digest[i] ^ digest[i + 8]; - isc_aes128_crypt(ns_g_server->secret, input, digest); for (i = 0; i < 8; i++) digest[i] ^= digest[i + 8]; isc_buffer_putmem(buf, digest, 8); @@ -1601,7 +1597,7 @@ compute_sit(ns_client_t *client, isc_uint32_t when, isc_uint32_t nonce, isc_hmacsha1_init(&hmacsha1, ns_g_server->secret, ISC_SHA1_DIGESTLENGTH); - isc_hmacsha1_update(&hmacsha1, cp, 8); + isc_hmacsha1_update(&hmacsha1, cp, 16); isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr); switch (netaddr.family) { case AF_INET: @@ -1632,7 +1628,7 @@ compute_sit(ns_client_t *client, isc_uint32_t when, isc_uint32_t nonce, isc_hmacsha256_init(&hmacsha256, ns_g_server->secret, ISC_SHA256_DIGESTLENGTH); - isc_hmacsha256_update(&hmacsha256, cp, 8); + isc_hmacsha256_update(&hmacsha256, cp, 16); isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr); switch (netaddr.family) { case AF_INET: @@ -1671,7 +1667,7 @@ process_sit(ns_client_t *client, isc_buffer_t *buf, size_t optlen) { * Not our token. */ if (optlen >= 8U) - memcpy(client->cookie, isc_buffer_current(buf), 8); + memmove(client->cookie, isc_buffer_current(buf), 8); else memset(client->cookie, 0, 8); isc_buffer_forward(buf, (unsigned int)optlen); @@ -1689,7 +1685,7 @@ process_sit(ns_client_t *client, isc_buffer_t *buf, size_t optlen) { * Process all of the incoming buffer. */ old = isc_buffer_current(buf); - memcpy(client->cookie, old, 8); + memmove(client->cookie, old, 8); isc_buffer_forward(buf, 8); nonce = isc_buffer_getuint32(buf); when = isc_buffer_getuint32(buf); diff --git a/lib/dns/adb.c b/lib/dns/adb.c index fbd67a70e9..f65e744efd 100644 --- a/lib/dns/adb.c +++ b/lib/dns/adb.c @@ -4286,7 +4286,7 @@ dns_adb_setsit(dns_adb_t *adb, dns_adbaddrinfo_t *addr, } if (addr->entry->sit != NULL) - memcpy(addr->entry->sit, sit, len); + memmove(addr->entry->sit, sit, len); UNLOCK(&adb->entrylocks[bucket]); } @@ -4304,7 +4304,7 @@ dns_adb_getsit(dns_adb_t *adb, dns_adbaddrinfo_t *addr, if (sit != NULL && addr->entry->sit != NULL && len >= addr->entry->sitlen) { - memcpy(sit, addr->entry->sit, addr->entry->sitlen); + memmove(sit, addr->entry->sit, addr->entry->sitlen); len = addr->entry->sitlen; } else len = 0; diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c index 7a3df5a13a..7245558da5 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -1753,17 +1753,17 @@ compute_cc(resquery_t *query, unsigned char *sit, size_t len) { isc_netaddr_fromsockaddr(&netaddr, &query->addrinfo->sockaddr); switch (netaddr.family) { case AF_INET: - memcpy(input, (unsigned char *)&netaddr.type.in, 4); + memmove(input, (unsigned char *)&netaddr.type.in, 4); memset(input + 4, 0, 12); break; case AF_INET6: - memcpy(input, (unsigned char *)&netaddr.type.in6, 16); + memmove(input, (unsigned char *)&netaddr.type.in6, 16); break; } isc_aes128_crypt(query->fctx->res->view->secret, input, digest); for (i = 0; i < 8; i++) digest[i] ^= digest[i + 8]; - memcpy(sit, digest, 8); + memmove(sit, digest, 8); #endif #ifdef HMAC_SHA1_SIT unsigned char digest[ISC_SHA1_DIGESTLENGTH]; @@ -1786,7 +1786,7 @@ compute_cc(resquery_t *query, unsigned char *sit, size_t len) { break; } isc_hmacsha1_sign(&hmacsha1, digest, sizeof(digest)); - memcpy(sit, digest, 8); + memmove(sit, digest, 8); isc_hmacsha1_invalidate(&hmacsha1); #endif #ifdef HMAC_SHA256_SIT @@ -1810,7 +1810,7 @@ compute_cc(resquery_t *query, unsigned char *sit, size_t len) { break; } isc_hmacsha256_sign(&hmacsha256, digest, sizeof(digest)); - memcpy(sit, digest, 8); + memmove(sit, digest, 8); isc_hmacsha256_invalidate(&hmacsha256); #endif }