42d7e7a402
This fixes some vulnerabilities in the resolver that make spoofing DNS queries somewhat trivial due to the code failing to randomize xid, as well as match the reply xid with the query, and the origin of the packet: - xid of the query was fixed at zero - xid from the reply was never checked - source address of the reply was never checked This means anyone can flood the host with a fake reply with xid 0, guessing the source port is trivial as it's less than 16bits (2^16 - 1024), which would cause odin to resolve a hostname to whatever an attacker wanted. While here also plug in two memory leaks. Since this is CVE material, I've contacted @kelimion before hand which instructed to put it in a PR. There are also more bugs as the code conflates answer section, authority section and aditional section into one, while in reality only the anwer section should be taken into consideration.
The Data-Oriented Language for Sane Software Development.
The Odin Programming Language
Odin is a general-purpose programming language with distinct typing, built for high performance, modern systems, and built-in data-oriented data types. The Odin Programming Language, the C alternative for the joy of programming.
Website: https://odin-lang.org/
package main
import "core:fmt"
main :: proc() {
program := "+ + * 😃 - /"
accumulator := 0
for token in program {
switch token {
case '+': accumulator += 1
case '-': accumulator -= 1
case '*': accumulator *= 2
case '/': accumulator /= 2
case '😃': accumulator *= accumulator
case: // Ignore everything else
}
}
fmt.printf("The program \"%s\" calculates the value %d\n",
program, accumulator)
}
Documentation
Getting Started
Instructions for downloading and installing the Odin compiler and libraries.
Nightly Builds
Get the latest nightly builds of Odin.
Learning Odin
Overview of Odin
An overview of the Odin programming language.
Frequently Asked Questions (FAQ)
Answers to common questions about Odin.
Packages
Documentation for all the official packages part of the core and vendor library collections.
Examples
Examples on how to write idiomatic Odin code. Shows how to accomplish specific tasks in Odin, as well as how to use packages from core and vendor.
Odin Documentation
Documentation for the Odin language itself.
Odin Discord
Get live support and talk with other Odin programmers on the Odin Discord.
Articles
The Odin Blog
The official blog of the Odin programming language, featuring announcements, news, and in-depth articles by the Odin team and guests.
Warnings
- The Odin compiler is still in development.