jdk-sandbox: comparison jdk/src/share/classes/com/sun/jndi/dns/DnsClient.java

equal deleted inserted replaced

-:3e78d4a02113
+:4a8ca39187ef
 import java.io.IOException;
 import java.net.DatagramSocket;
 import java.net.DatagramPacket;
 import java.net.InetAddress;
 import java.net.Socket;
+import java.security.SecureRandom;
 import javax.naming.*;
 import java.util.Collections;
 import java.util.Map;
 import java.util.HashMap;
-import java.util.Set;
-import java.util.HashSet;
+import sun.security.jca.JCAUtil;
 // Some of this code began life as part of sun.javaos.net.DnsClient
 // originally by sritchie@eng 1/96.  It was first hacked up for JNDI
 // use by caveh@eng 6/97.
 "DNS operation not supported",
 "DNS service refused"
 };
 private static final int DEFAULT_PORT = 53;
+private static final int TRANSACTION_ID_BOUND = 0x10000;
+private static final SecureRandom random = JCAUtil.getSecureRandom();
 private InetAddress[] servers;
 private int[] serverPorts;
 private int timeout;                // initial timeout on UDP queries in ms
 private int retries;                // number of UDP retries
 private DatagramSocket udpSocket;
 // Requests sent
-private Set<Integer> reqs;
+private Map<Integer, ResourceRecord> reqs;
 // Responses received
 private Map<Integer, byte[]> resps;
 //-------------------------------------------------------------------------
 "Unknown DNS server: " + server);
 ne.setRootCause(e);
 throw ne;
 }
 }
-reqs = Collections.synchronizedSet(new HashSet<Integer>());
+reqs = Collections.synchronizedMap(
+new HashMap<Integer, ResourceRecord>());
 resps = Collections.synchronizedMap(new HashMap<Integer, byte[]>());
 }
 protected void finalize() {
 close();
 synchronized (queuesLock) {
 reqs.clear();
 resps.clear();
 }
 }
-private int ident = 0;              // used to set the msg ID field
-private Object identLock = new Object();
 /*
 * If recursion is true, recursion is requested on the query.
 * If auth is true, only authoritative responses are accepted; other
 * responses throw NameNotFoundException.
 ResourceRecords query(DnsName fqdn, int qclass, int qtype,
 boolean recursion, boolean auth)
 throws NamingException {
 int xid;
-synchronized (identLock) {
+Packet pkt;
-ident = 0xFFFF & (ident + 1);
+ResourceRecord collision;
-xid = ident;
-}
+do {
+// Generate a random transaction ID
-// enqueue the outstanding request
+xid = random.nextInt(TRANSACTION_ID_BOUND);
-reqs.add(xid);
+pkt = makeQueryPacket(fqdn, xid, qclass, qtype, recursion);
-Packet pkt = makeQueryPacket(fqdn, xid, qclass, qtype, recursion);
+// enqueue the outstanding request
+collision = reqs.putIfAbsent(xid, new ResourceRecord(pkt.getData(),
+pkt.length(), Header.HEADER_SIZE, true, false));
+} while (collision != null);
 Exception caughtException = null;
 boolean[] doNotRetry = new boolean[servers.length];
 //
 }
 ResourceRecords queryZone(DnsName zone, int qclass, boolean recursion)
 throws NamingException {
-int xid;
+int xid = random.nextInt(TRANSACTION_ID_BOUND);
-synchronized (identLock) {
-ident = 0xFFFF & (ident + 1);
-xid = ident;
-}
 Packet pkt = makeQueryPacket(zone, xid, qclass,
 ResourceRecord.QTYPE_AXFR, recursion);
 Exception caughtException = null;
 // Try each name server.
 synchronized (udpSocket) {
 DatagramPacket opkt = new DatagramPacket(
 pkt.getData(), pkt.length(), server, port);
 DatagramPacket ipkt = new DatagramPacket(new byte[8000], 8000);
+// Packets may only be sent to or received from this server address
 udpSocket.connect(server, port);
 int pktTimeout = (timeout * (1 << retry));
 try {
 udpSocket.send(opkt);
 /*
 * Checks the header of an incoming DNS response.
 * Returns true if it matches the given xid and throws a naming
 * exception, if appropriate, based on the response code.
+*
+* Also checks that the domain name, type and class in the response
+* match those in the original query.
 */
 private boolean isMatchResponse(byte[] pkt, int xid)
 throws NamingException {
 Header hdr = new Header(pkt, pkt.length);
 if (hdr.query) {
 throw new CommunicationException("DNS error: expecting response");
 }
-if (!reqs.contains(xid)) { // already received, ignore the response
+if (!reqs.containsKey(xid)) { // already received, ignore the response
 return false;
 }
 // common case- the request sent matches the subsequent response read
 if (hdr.xid == xid) {
 if (debug) {
 dprint("XID MATCH:" + xid);
 }
 checkResponseCode(hdr);
-// remove the response for the xid if received by some other thread.
+if (!hdr.query && hdr.numQuestions == 1) {
-synchronized (queuesLock) {
-resps.remove(xid);
+ResourceRecord rr = new ResourceRecord(pkt, pkt.length,
-reqs.remove(xid);
+Header.HEADER_SIZE, true, false);
-}
-return true;
+// Retrieve the original query
+ResourceRecord query = reqs.get(xid);
+int qtype = query.getType();
+int qclass = query.getRrclass();
+DnsName qname = query.getName();
+// Check that the type/class/name in the query section of the
+// response match those in the original query
+if ((qtype == ResourceRecord.QTYPE_STAR ||
+qtype == rr.getType()) &&
+(qclass == ResourceRecord.QCLASS_STAR ||
+qclass == rr.getRrclass()) &&
+qname.equals(rr.getName())) {
+if (debug) {
+dprint("MATCH NAME:" + qname + " QTYPE:" + qtype +
+" QCLASS:" + qclass);
+}
+// Remove the response for the xid if received by some other
+// thread.
+synchronized (queuesLock) {
+resps.remove(xid);
+reqs.remove(xid);
+}
+return true;
+} else {
+if (debug) {
+dprint("NO-MATCH NAME:" + qname + " QTYPE:" + qtype +
+" QCLASS:" + qclass);
+}
+}
+}
+return false;
 }
 //
 // xid mis-match: enqueue the response, it may belong to some other
 // thread that has not yet had a chance to read its response.
 // enqueue only the first response, responses for retries are ignored.
 //
 synchronized (queuesLock) {
-if (reqs.contains(hdr.xid)) { // enqueue only the first response
+if (reqs.containsKey(hdr.xid)) { // enqueue only the first response
 resps.put(hdr.xid, pkt);
 }
 }
 if (debug) {

changeset 23904	4a8ca39187ef
parent 22992	e7fcc52b1b29
child 25808	e113d0a0fde0