Pad queries when EDNS0 is enabled.
Behavior is compliant with
https://tools.ietf.org/html/draft-ietf-dprive-padding-policy-04
EDNS0 is only enabled when the netcontext requests it, i.e. in DNS-over-TLS
mode.
Bug: 69623036
Bug: 64133961
Test: Wireshark verified. Integration tests echo padding and pass.
Change-Id: I5ef600e02a572d281441e890cc981614f150629b
diff --git a/libc/dns/resolv/res_mkquery.c b/libc/dns/resolv/res_mkquery.c
index c73d588..1b4c4af 100644
--- a/libc/dns/resolv/res_mkquery.c
+++ b/libc/dns/resolv/res_mkquery.c
@@ -269,8 +269,28 @@
}
ns_put16(flags, cp);
cp += INT16SZ;
+#ifdef EDNS0_PADDING
+ {
+ u_int16_t minlen = (cp - buf) + 3 * INT16SZ;
+ u_int16_t extra = minlen % EDNS0_PADDING;
+ u_int16_t padlen = (EDNS0_PADDING - extra) % EDNS0_PADDING;
+ if (minlen > buflen) {
+ return (-1);
+ }
+ padlen = MIN(padlen, buflen - minlen);
+ ns_put16(padlen + 2 * INT16SZ, cp); /* RDLEN */
+ cp += INT16SZ;
+ ns_put16(NS_OPT_PADDING, cp); /* OPTION-CODE */
+ cp += INT16SZ;
+ ns_put16(padlen, cp); /* OPTION-LENGTH */
+ cp += INT16SZ;
+ memset(cp, 0, padlen);
+ cp += padlen;
+ }
+#else
ns_put16(0, cp); /* RDLEN */
cp += INT16SZ;
+#endif
hp->arcount = htons(ntohs(hp->arcount) + 1);
return (cp - buf);