Do not ignore resolv.conf syntax errors

irs_resconf_load() stores the value returned by add_search() into ret without consulting its current value first. This causes any previous errors raised while parsing resolv.conf to be ignored as long as any "domain" or "search" statement is present in the file. Prevent this by returning early in case an error is detected while parsing resolv.conf. Ensure that "searchlist" and "magic" members of the created irs_resconf_t structure are always initialized before isc_resconf_destroy() is called.
2025-08-29 05:28:00 +00:00 · 2018-02-26 10:52:58 +01:00 · 2018-02-26 10:52:58 +01:00 · 1f400b68a8
commit 1f400b68a8
parent 5c0327e8ff
4 changed files with 34 additions and 1 deletions
--- a/lib/irs/resconf.c
+++ b/lib/irs/resconf.c
@ -503,6 +503,7 @@ irs_resconf_load(isc_mem_t *mctx, const char *filename, irs_resconf_t **confp)

 	conf->mctx = mctx;
 	ISC_LIST_INIT(conf->nameservers);
+	ISC_LIST_INIT(conf->searchlist);
 	conf->numns = 0;
 	conf->domainname = NULL;
 	conf->searchnxt = 0;
@ -557,6 +558,10 @@ irs_resconf_load(isc_mem_t *mctx, const char *filename, irs_resconf_t **confp)
 		}
 	}

+	if (ret != ISC_R_SUCCESS) {
+		goto error;
+	}
+
 	/* If we don't find a nameserver fall back to localhost */
 	if (conf->numns == 0U) {
 		INSIST(ISC_LIST_EMPTY(conf->nameservers));
@ -570,7 +575,6 @@ irs_resconf_load(isc_mem_t *mctx, const char *filename, irs_resconf_t **confp)
 	 * Construct unified search list from domain or configured
 	 * search list
 	 */
-	ISC_LIST_INIT(conf->searchlist);
 	if (conf->domainname != NULL) {
 		ret = add_search(conf, conf->domainname);
 	} else if (conf->searchnxt > 0) {
@ -581,6 +585,7 @@ irs_resconf_load(isc_mem_t *mctx, const char *filename, irs_resconf_t **confp)
 		}
 	}

+ error:
 	conf->magic = IRS_RESCONF_MAGIC;

 	if (ret != ISC_R_SUCCESS)
--- a/lib/irs/tests/resconf_test.c
+++ b/lib/irs/tests/resconf_test.c
@ -82,6 +82,12 @@ ATF_TC_BODY(irs_resconf_load, tc) {
 		}, {
 			"testdata/options.conf", ISC_R_SUCCESS,
 			NULL, ISC_R_SUCCESS
+		}, {
+			"testdata/options-bad-ndots.conf", ISC_R_RANGE,
+			NULL, ISC_R_SUCCESS
+		}, {
+			"testdata/options-empty.conf", ISC_R_UNEXPECTEDEND,
+			NULL, ISC_R_SUCCESS
 		}, {
 			"testdata/port.conf", ISC_R_SUCCESS,
 			NULL, ISC_R_SUCCESS
--- a/lib/irs/tests/testdata/options-bad-ndots.conf
+++ b/lib/irs/tests/testdata/options-bad-ndots.conf
@ -0,0 +1,11 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+search example.com example.net
+options ndots:256
--- a/lib/irs/tests/testdata/options-empty.conf
+++ b/lib/irs/tests/testdata/options-empty.conf
@ -0,0 +1,11 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+domain example.com
+options