Fix occasional crashes with DNSSEC and large nunbers of --address configs.

Commit 3e659bd4ec removed the concept of
an usptream DNS server which is capable of DNSSEC: they are all
(at least in theory) now usable. As a very unfortunate side-effect,
this removed the filter that ensured that dnssec_server() ONLY
returns servers, and not domains with literal addresses.

If we try and do DNSSEC queries for a domain, and there's
a --address line which matches the domain, then dnssec_server()
will return that. This would break DNSSEC validation, but that's
turns out not to matter, because under these circumstances
dnssec_server() will probably return an out-of-bounds index into
the servers[] array, and the process dies with SIGSEGV.

Many thanks to the hard workers at the Tomato project who
found this bug and provided enough information to diagnose it.

CHANGELOG

@@ -1,13 +1,13 @@
 version 2.92
-        Redesign the interaction between DNSSEC vaildation and per-domain
+        Redesign the interaction between DNSSEC validation and per-domain
 	servers, specified as --server=/<domain>/<ip-address>. This should
 	just work in all cases now. If the normal chain-of-trust exists into
 	the delegated domain then whether the domain is signed or not, DNSSEC
-	validation will function normally. In the case the delgated domain
+	validation will function normally. In the case the delegated domain
 	is an "overlay" on top of the global DNS and no NS and/or DS records
 	exist connecting it to the global dns, then if the domain is
 	unsigned the situation will be handled by synthesising a
-	proof-of-non-existance-of-DS for the domain and queries will be
+	proof-of-non-existence-of-DS for the domain and queries will be
 	answered unvalidated; this action will be logged. A signed domain
 	without chain-of-trust can be validated if a suitable trust-anchor
 	is provided using --trust-anchor. This change should be backwards
@@ -141,7 +141,7 @@ version 2.91
 	changing the behaviour of an installation with --no-x20-encode.
 	
 	Fix a long-standing problem when two queries which are identical
-	in every repect _except_ case, get combined by dnsmasq. If
+	in every respect _except_ case, get combined by dnsmasq. If
 	dnsmasq gets eg, two queries for example.com and Example.com
 	in quick succession it will get the answer for example.com from
 	upstream and send that answer to both requestors. This means that
@@ -159,7 +159,7 @@ version 2.90
 	for a particular domain. Thanks to Daniel Danzberger for
 	spotting this bug.
 
-	Set the default maximum DNS UDP packet sice to 1232. This
+	Set the default maximum DNS UDP packet size to 1232. This
 	has been the recommended value since 2020 because it's the
 	largest value that avoid fragmentation, and fragmentation
 	is just not reliable on the modern internet, especially
@@ -167,14 +167,14 @@ version 2.90
 	--edns-packet-max for special circumstances.
 
 	Add --no-dhcpv4-interface and --no-dhcpv6-interface for
-	better control over which inetrfaces are providing DHCP service.
+	better control over which interfaces are providing DHCP service.
 
 	Fix issue with stale caching: After replying with stale data,
 	dnsmasq sends the query upstream to refresh the cache asynchronously
 	and sometimes sends the wrong packet: packet length can be wrong,
 	and if an EDE marking stale data is added to the answer that can
 	end up in the query also. This bug only seems to cause problems
-	when the usptream server is a DOH/DOT proxy. Thanks to Justin He
+	when the upstream server is a DOH/DOT proxy. Thanks to Justin He
 	for the bug report.
 
 	Add configurable caching for arbitrary RR-types.
@@ -212,7 +212,7 @@ version 2.90
 	Applied Cybersecurity ATHENE for finding this vulnerability.
 
 	CVE 2023-50387 and CVE 2023-50868 apply.
-	Note that the is a security vulnerablity only when DNSSEC validation
+	Note that this a security vulnerability only when DNSSEC validation
 	is enabled.
 	
 	Fix memory-leak when attempting to cache SRV records with zero TTL.
@@ -298,7 +298,7 @@ version 2.88
 	upstream servers from /etc/resolv.conf or other sources that
 	can change dnsmasq tries to avoid memory fragmentation by re-using
 	existing records that are being re-read unchanged. This involves
-	seaching all the server records for each new one installed.
+	searching all the server records for each new one installed.
 	During startup this search is pointless, and can cause long
 	start times with thousands of --server options because the work
 	needed is O(n^2). Handle this case more intelligently.
@@ -361,7 +361,7 @@ version 2.87
 
 	Enhance --domain to accept, for instance,
 	--domain=net2.thekelleys.org.uk,eth2 so that hosts get a domain
-	which relects the interface they are attached to in a way which
+	which reflects the interface they are attached to in a way which
 	doesn't require hard-coding addresses. Thanks to Sten Spans for
 	the idea.
 
@@ -735,22 +735,22 @@ version 2.80
         but those which used the default of no checking will need to be
         altered to explicitly select no checking. The new default is
         because switching off checking for unsigned replies is
-	inherently dangerous. Not only does it open the possiblity of forged
+	inherently dangerous. Not only does it open the possibility of forged
         replies, but it allows everything to appear to be working even
         when the upstream namesevers do not support DNSSEC, and in this
-        case no DNSSEC validation at all is occuring.
+        case no DNSSEC validation at all is occurring.
 
         Fix DHCP broken-ness when --no-ping AND --dhcp-sequential-ip
 	are set. Thanks to Daniel Miess for help with this.
 
-	Add a facilty to store DNS packets sent/recieved in a
+	Add a facility to store DNS packets sent/received in a
 	pcap-format file for later debugging. The file location
 	is given by the --dumpfile option, and a bitmap controlling
 	which packets should be dumped is given by the --dumpmask
 	option.
 
 	Handle the case of both standard and constructed dhcp-ranges on the
-	same interface better. We don't now contruct a dhcp-range if there's
+	same interface better. We don't now construct a dhcp-range if there's
 	already one specified. This allows the specified interface to
 	have different parameters and avoids advertising the same
 	prefix twice. Thanks to Luis Marsano for spotting this case.
@@ -1220,7 +1220,7 @@ version 2.73
 
 	Use inotify for checking on updates to /etc/resolv.conf and
 	friends under Linux. This fixes race conditions when the files are 
-	updated rapidly and saves CPU by noy polling. To build
+	updated rapidly and saves CPU by not polling. To build
 	a binary that runs on old Linux kernels without inotify,
 	use make COPTS=-DNO_INOTIFY
 
@@ -1560,7 +1560,7 @@ version 2.68
 	are dynamic and works much better than the previous
 	work-around which exempted constructed DHCP ranges from the
 	IP address filtering. As a consequence, that work-around
-	is removed. Under certain circumstances, this change wil
+	is removed. Under certain circumstances, this change will
 	break existing configuration: if you're relying on the
 	constructed-range exception, you need to change --auth-zone
 	to specify the same interface as is used to construct your

man/dnsmasq.8

@@ -873,7 +873,7 @@ Set the maximum number of concurrent DNS queries. The default value is
 150, which should be fine for most setups. The only known situation
 where this needs to be increased is when using web-server log file
 resolvers, which can generate large numbers of concurrent queries. This
-parameter actually controls the number of concurrent queries per server group, where a server group is the set of server(s) associated with a single domain. So if a domain has it's own server via --server=/example.com/1.2.3.4 and 1.2.3.4 is not responding, but queries for *.example.com cannot go elsewhere, then other queries will not be affected. On configurations with many such server groups and tight resources, this value may need to be reduced.
+parameter actually controls the number of concurrent queries per server group, where a server group is the set of server(s) associated with a single domain. So if a domain has its own server via --server=/example.com/1.2.3.4 and 1.2.3.4 is not responding, but queries for *.example.com cannot go elsewhere, then other queries will not be affected. On configurations with many such server groups and tight resources, this value may need to be reduced.
 .TP
 .B --dnssec
 Validate DNS replies and cache DNSSEC data. When forwarding DNS queries, dnsmasq requests the 

src/dhcp6.c

@@ -812,7 +812,7 @@ void dhcp_construct_contexts(time_t now)
 	{
 	  if ((context->flags & CONTEXT_RA) || option_bool(OPT_RA))
 	    {
-	      /* previously constructed context has gone. advertise it's demise */
+	      /* previously constructed context has gone; advertise its demise */
 	      context->flags |= CONTEXT_OLD;
 	      context->address_lost_time = now;
 	      /* Apply same ceiling of configured lease time as in radv.c */

src/domain-match.c

@@ -467,7 +467,7 @@ int dnssec_server(struct server *server, char *keyname, int *firstp, int *lastp)
   /* Find server to send DNSSEC query to. This will normally be the 
      same as for the original query, but may be another if
      servers for domains are involved. */		      
-  if (!lookup_domain(keyname, F_DNSSECOK, &first, &last))
+  if (!lookup_domain(keyname, F_SERVER | F_DNSSECOK, &first, &last))
     return -1;
 
   for (index = first; index != last; index++)

src/forward.c

@@ -801,7 +801,7 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
       if (daemon->doctors && do_doctor(header, n, daemon->namebuff))
 	cache_secure = 0;
       
-      /* check_for_bogus_wildcard() does it's own caching, so
+      /* check_for_bogus_wildcard() does its own caching, so
 	 don't call extract_addresses() if it triggers. */
       if (daemon->bogus_addr && rcode != NXDOMAIN &&
 	  check_for_bogus_wildcard(header, n, daemon->namebuff, now))

src/option.c

@@ -961,7 +961,7 @@ char *parse_server(char *arg, struct server_details *sdetails)
       hints.ai_family = AF_UNSPEC;
 
       /* Get addresses suitable for sending datagrams. We assume that we can use the
-	 same addresses for TCP connections. Settting this to zero gets each address
+	 same addresses for TCP connections. Setting this to zero gets each address
 	 threes times, for SOCK_STREAM, SOCK_RAW and SOCK_DGRAM, which is not useful. */
       hints.ai_socktype = SOCK_DGRAM;
 
@@ -3987,7 +3987,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	while (arg)
 	  {
 	    comma = split(arg);
-	    if (strchr(arg, ':')) /* ethernet address, netid or binary CLID */
+	    if (strchr(arg, ':')) /* Ethernet address, netid or binary CLID */
 	      {
 		if ((arg[0] == 'i' || arg[0] == 'I') &&
 		    (arg[1] == 'd' || arg[1] == 'D') &&

src/poll.c

@@ -98,7 +98,7 @@ void poll_listen(int fd, short event)
      {
        if (arrsize == nfds)
 	 {
-	   /* Array too small, extend. */
+	   /* Array too small. Extend. */
 	   struct pollfd *new;
 
 	   arrsize = (arrsize == 0) ? 64 : arrsize * 2;

src/radv.c

@@ -411,7 +411,7 @@ static void send_ra_alias(time_t now, int iface, char *iface_name, struct in6_ad
   if (!old_prefix && !parm.found_context)
     return; 
   
-  /* If we're sending router address instead of prefix in at least on prefix,
+  /* If we're sending router address instead of prefix in at least one prefix,
      include the advertisement interval option. */
   if (parm.adv_router)
     {
@@ -825,10 +825,10 @@ time_t periodic_ra(time_t now)
 	}
       else if (iface_enumerate(AF_INET6, &param, (callback_t){.af_inet6=iface_search}))
 	/* There's a context overdue, but we can't find an interface
-	   associated with it, because it's for a subnet we dont 
+	   associated with it, because it's for a subnet we don't
 	   have an interface on. Probably we're doing DHCP on
 	   a remote subnet via a relay. Zero the timer, since we won't
-	   ever be able to send ra's and satisfy it. */
+	   ever be able to send RAs to satisfy it. */
 	context->ra_time = 0;
       
       if (param.iface != 0 &&

src/rfc2131.c

@@ -1345,7 +1345,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
 	  else if (!lease && (ltmp = lease_find_by_addr(mess->yiaddr)))
 	    {
 	      /* If a host is configured with more than one MAC address, it's OK to 'nix 
-		 a lease from one of it's MACs to give the address to another. */
+		 a lease from one of its MACs to give the address to another. */
 	      if (config && config_has_mac(config, ltmp->hwaddr, ltmp->hwaddr_len, ltmp->hwaddr_type))
 		{
 		  inet_ntop(AF_INET, &ltmp->addr, daemon->addrbuff, ADDRSTRLEN);

src/slaac.c

@@ -61,7 +61,7 @@ void slaac_add_addrs(struct dhcp_lease *lease, time_t now, int force)
 	else if (lease->clid_len == 9 && 
 		 lease->clid[0] ==  ARPHRD_EUI64 &&
 		 lease->hwaddr_type == ARPHRD_IEEE1394)
-	  /* firewire has EUI-64 identifier as clid */
+	  /* FireWire has EUI-64 identifier as clid */
 	  memcpy(&addr.s6_addr[8], &lease->clid[1], 8);
 #endif
 	else

src/tftp.c

@@ -274,7 +274,7 @@ void tftp_request(struct listener *listen, time_t now)
 	}
       
       /* Enforce simultaneous transfer limit. In non-single-port mode
-	 this is doene by not listening on the server socket when
+	 this is done by not listening on the server socket when
 	 too many transfers are in progress. */
       if (!transfer && tftp_cnt >= daemon->tftp_max)
 	return;