Adds a directory walker, a method of exposing and retrieving errors from
the existing read directory iterator, allows reusing of the existing
read directory iterator, and adds a file clone procedure
This fixes some vulnerabilities in the resolver that make spoofing DNS
queries somewhat trivial due to the code failing to randomize xid, as
well as match the reply xid with the query, and the origin of the packet:
- xid of the query was fixed at zero
- xid from the reply was never checked
- source address of the reply was never checked
This means anyone can flood the host with a fake reply with xid 0,
guessing the source port is trivial as it's less than 16bits (2^16 -
1024), which would cause odin to resolve a hostname to whatever an
attacker wanted.
While here also plug in two memory leaks.
Since this is CVE material, I've contacted @kelimion before hand which
instructed to put it in a PR.
There are also more bugs as the code conflates answer section,
authority section and aditional section into one, while in reality
only the anwer section should be taken into consideration.
Comparing SIMD vectors with `==` was checking that the mask of elements
that matched was not 0, meaning it succeeded if *any* element was equal,
rather than if *all* elements were equal.
`typeid` used to be a fancy index with extra metadata stored on it. Now it is direct hash of the type.
This is safe to do in practice since any possible collisions are checked at compile time AND the chances of having a 1% collision are around 1 in 600K (see the Birthday Paradox).
Therefore accessing a `^Type_Info` is now a hash table lookup with linear probing. The table is twice the size than necessary so prevent too much probing due to an overly dense hash table.
Laytan Laats
gingerBill
gingerBill
Barinzaya
Keenan Woodall
Jeroen van Rijn
Christiano Haesbaert