From: Willy Tarreau Date: Fri, 3 Oct 2025 07:00:13 +0000 (+0200) Subject: BUG/MEDIUM: resolvers: break an infinite loop in resolv_get_ip_from_response() X-Git-Tag: v3.3-dev9~1 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ced9784df482a5a476bef3e153e120efd7f78329;p=thirdparty%2Fhaproxy.git BUG/MEDIUM: resolvers: break an infinite loop in resolv_get_ip_from_response() The fix in 3023e98199 ("BUG/MINOR: resolvers: Restore round-robin selection on records in DNS answers") still contained an issue not addressed f6dfbbe870 ("BUG/MEDIUM: resolvers: Test for empty tree when getting a record from DNS answer"). Indeed, if the next element is the same as the first one, then we can end up with an endless loop because the test at the end compares the next pointer (possibly null) with the end one (first). Let's move the null->first transition at the end. This must be backported where the patches above were backported (3.2 for now). --- diff --git a/src/resolvers.c b/src/resolvers.c index 9b6abc82a..789007807 100644 --- a/src/resolvers.c +++ b/src/resolvers.c @@ -1651,15 +1651,12 @@ int resolv_get_ip_from_response(struct resolv_response *r_res, * The result with the biggest score is returned. */ eb32 = (!r_res->next) ? eb32_first(&r_res->answer_tree) : r_res->next; - end = r_res->next; + end = eb32; r_res->next = eb32_next(eb32); /* get node for the next lookup */ do { void *ip; unsigned char ip_type; - if (eb32 == NULL) - eb32 = eb32_first(&r_res->answer_tree); - record = eb32_entry(eb32, typeof(*record), link); if (record->type == DNS_RTYPE_A && (resolv_active_families() & RSLV_ACCEPT_IPV4)) { ip_type = AF_INET; @@ -1758,6 +1755,8 @@ int resolv_get_ip_from_response(struct resolv_response *r_res, } next: eb32 = eb32_next(eb32); + if (eb32 == NULL) + eb32 = eb32_first(&r_res->answer_tree); } while (eb32 != end); /* list for each record entries */ /* No IP found in the response */