aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2008-08-04 20:23:12 +0000
committerDaniel Stenberg <daniel@haxx.se>2008-08-04 20:23:12 +0000
commit931fc45f05e7370fd815c34884863f2b56920b5f (patch)
tree647fe7e0cdd54f186138dcc7e87eeeabcb4b2706
parent6076c7404117940f0625ae643e3c6877fea05dcb (diff)
- Fix by Tofu Linden:
The symptom: * Users (usually, but not always) on 2-Wire routers and the Comcast service and a wired connection to their router would find that the second and subsequent DNS lookups from fresh processes using c-ares to resolve the same address would cause the process to never see a reply (it keeps polling for around 1m15s before giving up). The repro: * On such a machine (and yeah, it took us a lot of QA to find the systems that reproduce such a specific problem!), do 'ahost www.secondlife.com', then do it again. The first process's lookup will work, subsequent lookups will time-out and fail. The cause: * init_id_key() was calling randomize_key() *before* it initialized key->state, meaning that the randomness generated by randomize_key() is immediately overwritten with deterministic values. (/dev/urandom was also being read incorrectly in the c-ares version we were using, but this was fixed in a later version.) * This makes the stream of generated query-IDs from any new c-ares process be an identical and predictable sequence of IDs. * This makes the 2-Wire's default built-in DNS server detect these queries as probable-duplicates and (erroneously) not respond at all.
-rw-r--r--ares/CHANGES28
-rw-r--r--ares/RELEASE-NOTES3
-rw-r--r--ares/ares_init.c2
3 files changed, 31 insertions, 2 deletions
diff --git a/ares/CHANGES b/ares/CHANGES
index d23897216..dff8e8d67 100644
--- a/ares/CHANGES
+++ b/ares/CHANGES
@@ -1,5 +1,33 @@
Changelog for the c-ares project
+* Aug 4 2008 (Daniel Stenberg)
+- Fix by Tofu Linden:
+
+ The symptom:
+ * Users (usually, but not always) on 2-Wire routers and the Comcast service
+ and a wired connection to their router would find that the second and
+ subsequent DNS lookups from fresh processes using c-ares to resolve the same
+ address would cause the process to never see a reply (it keeps polling for
+ around 1m15s before giving up).
+
+ The repro:
+ * On such a machine (and yeah, it took us a lot of QA to find the systems
+ that reproduce such a specific problem!), do 'ahost www.secondlife.com',
+ then do it again. The first process's lookup will work, subsequent lookups
+ will time-out and fail.
+
+ The cause:
+ * init_id_key() was calling randomize_key() *before* it initialized
+ key->state, meaning that the randomness generated by randomize_key() is
+ immediately overwritten with deterministic values. (/dev/urandom was also
+ being read incorrectly in the c-ares version we were using, but this was
+ fixed in a later version.)
+ * This makes the stream of generated query-IDs from any new c-ares process
+ be an identical and predictable sequence of IDs.
+ * This makes the 2-Wire's default built-in DNS server detect these queries
+ as probable-duplicates and (erroneously) not respond at all.
+
+
* Aug 4 2008 (Yang Tse)
- Autoconf 2.62 has changed the behaviour of the AC_AIX macro which we use.
Prior versions of autoconf defined _ALL_SOURCE if _AIX was defined. 2.62
diff --git a/ares/RELEASE-NOTES b/ares/RELEASE-NOTES
index 752c4db41..eb9110dcf 100644
--- a/ares/RELEASE-NOTES
+++ b/ares/RELEASE-NOTES
@@ -8,10 +8,11 @@ This is what's new and changed in the c-ares 1.5.3 release:
o configure process no longer needs nor checks size of curl_off_t
o library will now be built with _REENTRANT symbol defined if needed
o Improved configure detection of number of arguments for getservbyport_r
+ o Improved query-ID randomness
Thanks go to these friendly people for their efforts and contributions:
- Brad House, Yang Tse, Phil Blundell
+ Brad House, Yang Tse, Phil Blundell, Tofu Linden
and obviously Daniel Stenberg
Have fun!
diff --git a/ares/ares_init.c b/ares/ares_init.c
index e33c3973a..20a23a340 100644
--- a/ares/ares_init.c
+++ b/ares/ares_init.c
@@ -1464,11 +1464,11 @@ static int init_id_key(rc4_key* key,int key_data_len)
if (!key_data_ptr)
return ARES_ENOMEM;
- randomize_key(key->state,key_data_len);
state = &key->state[0];
for(counter = 0; counter < 256; counter++)
/* unnecessary AND but it keeps some compilers happier */
state[counter] = (unsigned char)(counter & 0xff);
+ randomize_key(key->state,key_data_len);
key->x = 0;
key->y = 0;
index1 = 0;