mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 13:38:26 +00:00
Code Issues Releases Wiki Activity

Do not ignore resolv.conf syntax errors

Browse Source 
irs_resconf_load() stores the value returned by add_search() into ret
without consulting its current value first.  This causes any previous
errors raised while parsing resolv.conf to be ignored as long as any
"domain" or "search" statement is present in the file.

Prevent this by returning early in case an error is detected while
parsing resolv.conf.  Ensure that "searchlist" and "magic" members of
the created irs_resconf_t structure are always initialized before
isc_resconf_destroy() is called.
This commit is contained in:
Michał Kępień 2018-02-26 10:52:58 +01:00
parent 5c0327e8ff
commit 1f400b68a8
4 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/irs/resconf.c
View File

@ -503,6 +503,7 @@ irs_resconf_load(isc_mem_t *mctx, const char *filename, irs_resconf_t **confp)
conf->mctx = mctx; conf->mctx = mctx;
ISC_LIST_INIT(conf->nameservers); ISC_LIST_INIT(conf->nameservers);
ISC_LIST_INIT(conf->searchlist);
conf->numns = 0; conf->numns = 0;
conf->domainname = NULL; conf->domainname = NULL;
conf->searchnxt = 0; conf->searchnxt = 0;
@ -557,6 +558,10 @@ irs_resconf_load(isc_mem_t *mctx, const char *filename, irs_resconf_t **confp)
} }
} }
if (ret != ISC_R_SUCCESS) {
goto error;
}
/* If we don't find a nameserver fall back to localhost */ /* If we don't find a nameserver fall back to localhost */
if (conf->numns == 0U) { if (conf->numns == 0U) {
INSIST(ISC_LIST_EMPTY(conf->nameservers)); INSIST(ISC_LIST_EMPTY(conf->nameservers));
@ -570,7 +575,6 @@ irs_resconf_load(isc_mem_t *mctx, const char *filename, irs_resconf_t **confp)
* Construct unified search list from domain or configured * Construct unified search list from domain or configured
* search list * search list
*/ */
ISC_LIST_INIT(conf->searchlist);
if (conf->domainname != NULL) { if (conf->domainname != NULL) {
ret = add_search(conf, conf->domainname); ret = add_search(conf, conf->domainname);
} else if (conf->searchnxt > 0) { } else if (conf->searchnxt > 0) {
@ -581,6 +585,7 @@ irs_resconf_load(isc_mem_t *mctx, const char *filename, irs_resconf_t **confp)
} }
} }
error:
conf->magic = IRS_RESCONF_MAGIC; conf->magic = IRS_RESCONF_MAGIC;
if (ret != ISC_R_SUCCESS) if (ret != ISC_R_SUCCESS)

6
lib/irs/tests/resconf_test.c
View File

@ -82,6 +82,12 @@ ATF_TC_BODY(irs_resconf_load, tc) {
}, { }, {
"testdata/options.conf", ISC_R_SUCCESS, "testdata/options.conf", ISC_R_SUCCESS,
NULL, ISC_R_SUCCESS NULL, ISC_R_SUCCESS
}, {
"testdata/options-bad-ndots.conf", ISC_R_RANGE,
NULL, ISC_R_SUCCESS
}, {
"testdata/options-empty.conf", ISC_R_UNEXPECTEDEND,
NULL, ISC_R_SUCCESS
}, { }, {
"testdata/port.conf", ISC_R_SUCCESS, "testdata/port.conf", ISC_R_SUCCESS,
NULL, ISC_R_SUCCESS NULL, ISC_R_SUCCESS

11
lib/irs/tests/testdata/options-bad-ndots.conf vendored Normal file
View File

@ -0,0 +1,11 @@
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
search example.com example.net
options ndots:256

11
lib/irs/tests/testdata/options-empty.conf vendored Normal file
View File

@ -0,0 +1,11 @@
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
domain example.com
options