From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 20 Jan 2022 18:03:45 +0000 (+0900)
Subject: resolve: refuse to resolve empty hostname
X-Git-Tag: v251-rc1~487
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6e8ecb8974db74eba716bfd75231987172e10d83;p=thirdparty%2Fsystemd.git

resolve: refuse to resolve empty hostname

Previously, varlink or dbus methods return
io.systemd.Resolve.NoNameServers or BUS_ERROR_NO_NAME_SERVERS if an
empty hostname is provided, and thus nss-resolve returns NSS_STATUS_TRYAGAIN.

That causes getaddrinfo() returns 'Temporary failure in name resolution'
instead of 'Name or service not known'.

This makes calling varlink or dbus method with an empty hostname result
-EINVAL, and hence nss-resolve returns NSS_STATUS_NOTFOUND.

Fixes RHBZ#2039854 (https://bugzilla.redhat.com/show_bug.cgi?id=2039854).
---

diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c
index 48e5321d79a..9978d35727b 100644
--- a/src/resolve/resolved-bus.c
+++ b/src/resolve/resolved-bus.c
@@ -433,6 +433,9 @@ static int bus_method_resolve_hostname(sd_bus_message *message, void *userdata,
         if (r != 0)
                 return r;
 
+        if (dns_name_is_empty(hostname))
+                return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Empty hostname");
+
         r = dns_name_is_valid(hostname);
         if (r < 0)
                 return r;
@@ -740,6 +743,9 @@ static int bus_method_resolve_record(sd_bus_message *message, void *userdata, sd
         if (ifindex < 0)
                 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid interface index");
 
+        if (dns_name_is_empty(name))
+                return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Empty name");
+
         r = dns_name_is_valid(name);
         if (r < 0)
                 return r;
diff --git a/src/resolve/resolved-varlink.c b/src/resolve/resolved-varlink.c
index cc684608a60..feca5f74f1f 100644
--- a/src/resolve/resolved-varlink.c
+++ b/src/resolve/resolved-varlink.c
@@ -303,6 +303,9 @@ static int vl_method_resolve_hostname(Varlink *link, JsonVariant *parameters, Va
         if (p.ifindex < 0)
                 return varlink_error_invalid_parameter(link, JSON_VARIANT_STRING_CONST("ifindex"));
 
+        if (dns_name_is_empty(p.name))
+                return varlink_error_invalid_parameter(link, JSON_VARIANT_STRING_CONST("name"));
+
         r = dns_name_is_valid(p.name);
         if (r < 0)
                 return r;
diff --git a/src/shared/dns-domain.h b/src/shared/dns-domain.h
index c25fcaacc2a..24bf00bd58b 100644
--- a/src/shared/dns-domain.h
+++ b/src/shared/dns-domain.h
@@ -60,6 +60,10 @@ static inline int dns_name_is_valid_ldh(const char *s) {
         return 1;
 }
 
+static inline bool dns_name_is_empty(const char *s) {
+        return isempty(s) || streq(s, ".");
+}
+
 void dns_name_hash_func(const char *s, struct siphash *state);
 int dns_name_compare_func(const char *a, const char *b);
 extern const struct hash_ops dns_name_hash_ops;