From: Lennart Poettering Date: Tue, 9 Apr 2024 15:29:33 +0000 (+0200) Subject: resolved: dns_name_equal() can fail, handle that reasonably X-Git-Tag: v256-rc1~242 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3ee27b2580b2b4c47dbc98cbcf2ffe7a45b0ef35;p=thirdparty%2Fsystemd.git resolved: dns_name_equal() can fail, handle that reasonably Ignoring errors can be OK sometimes, but we should make this explicit. --- diff --git a/src/resolve/resolved-dns-rr.c b/src/resolve/resolved-dns-rr.c index 2739bed41a3..204d4a625ee 100644 --- a/src/resolve/resolved-dns-rr.c +++ b/src/resolve/resolved-dns-rr.c @@ -196,7 +196,7 @@ bool dns_resource_key_is_dnssd_two_label_ptr(const DnsResourceKey *key) { if (dns_name_parent(&name) <= 0) return false; - return dns_name_equal(name, "_tcp.local") || dns_name_equal(name, "_udp.local"); + return dns_name_equal(name, "_tcp.local") > 0 || dns_name_equal(name, "_udp.local") > 0; } int dns_resource_key_equal(const DnsResourceKey *a, const DnsResourceKey *b) { @@ -679,19 +679,24 @@ int dns_resource_record_payload_equal(const DnsResourceRecord *a, const DnsResou case DNS_TYPE_RRSIG: /* do the fast comparisons first */ - return a->rrsig.type_covered == b->rrsig.type_covered && - a->rrsig.algorithm == b->rrsig.algorithm && - a->rrsig.labels == b->rrsig.labels && - a->rrsig.original_ttl == b->rrsig.original_ttl && - a->rrsig.expiration == b->rrsig.expiration && - a->rrsig.inception == b->rrsig.inception && - a->rrsig.key_tag == b->rrsig.key_tag && - FIELD_EQUAL(a->rrsig, b->rrsig, signature) && - dns_name_equal(a->rrsig.signer, b->rrsig.signer); + if (!(a->rrsig.type_covered == b->rrsig.type_covered && + a->rrsig.algorithm == b->rrsig.algorithm && + a->rrsig.labels == b->rrsig.labels && + a->rrsig.original_ttl == b->rrsig.original_ttl && + a->rrsig.expiration == b->rrsig.expiration && + a->rrsig.inception == b->rrsig.inception && + a->rrsig.key_tag == b->rrsig.key_tag && + FIELD_EQUAL(a->rrsig, b->rrsig, signature))) + return false; + + return dns_name_equal(a->rrsig.signer, b->rrsig.signer); case DNS_TYPE_NSEC: - return dns_name_equal(a->nsec.next_domain_name, b->nsec.next_domain_name) && - bitmap_equal(a->nsec.types, b->nsec.types); + r = dns_name_equal(a->nsec.next_domain_name, b->nsec.next_domain_name); + if (r <= 0) + return r; + + return bitmap_equal(a->nsec.types, b->nsec.types); case DNS_TYPE_NSEC3: return a->nsec3.algorithm == b->nsec3.algorithm && @@ -709,9 +714,12 @@ int dns_resource_record_payload_equal(const DnsResourceRecord *a, const DnsResou case DNS_TYPE_SVCB: case DNS_TYPE_HTTPS: - return a->svcb.priority == b->svcb.priority && - dns_name_equal(a->svcb.target_name, b->svcb.target_name) && - dns_svc_params_equal(a->svcb.params, b->svcb.params); + + if (!(a->svcb.priority == b->svcb.priority && + dns_svc_params_equal(a->svcb.params, b->svcb.params))) + return false; + + return dns_name_equal(a->svcb.target_name, b->svcb.target_name); case DNS_TYPE_CAA: return a->caa.flags == b->caa.flags && diff --git a/src/resolve/resolved-dnssd.c b/src/resolve/resolved-dnssd.c index 7f8f99717c0..aadac3f1025 100644 --- a/src/resolve/resolved-dnssd.c +++ b/src/resolve/resolved-dnssd.c @@ -364,7 +364,7 @@ int dnssd_signal_conflict(Manager *manager, const char *name) { if (s->withdrawn) continue; - if (dns_name_equal(dns_resource_key_name(s->srv_rr->key), name)) { + if (dns_name_equal(dns_resource_key_name(s->srv_rr->key), name) > 0) { _cleanup_free_ char *path = NULL; s->withdrawn = true;