resolve: refuse to resolve empty hostname

Previously, varlink or dbus methods return
io.systemd.Resolve.NoNameServers or BUS_ERROR_NO_NAME_SERVERS if an
empty hostname is provided, and thus nss-resolve returns NSS_STATUS_TRYAGAIN.

That causes getaddrinfo() returns 'Temporary failure in name resolution'
instead of 'Name or service not known'.

This makes calling varlink or dbus method with an empty hostname result
-EINVAL, and hence nss-resolve returns NSS_STATUS_NOTFOUND.

Fixes RHBZ#2039854 (https://bugzilla.redhat.com/show_bug.cgi?id=2039854).

diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c
index 48e5321d79a8965068de021c52693ee87cb93478..9978d35727b39ae3436b1874770afb19e96bd6ad 100644 (file)
--- a/src/resolve/resolved-bus.c
+++ b/src/resolve/resolved-bus.c
@@ -433,6 +433,9 @@ static int bus_method_resolve_hostname(sd_bus_message *message, void *userdata,
         if (r != 0)
                 return r;
 
+        if (dns_name_is_empty(hostname))
+                return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Empty hostname");
+
         r = dns_name_is_valid(hostname);
         if (r < 0)
                 return r;
@@ -740,6 +743,9 @@ static int bus_method_resolve_record(sd_bus_message *message, void *userdata, sd
         if (ifindex < 0)
                 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid interface index");
 
+        if (dns_name_is_empty(name))
+                return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Empty name");
+
         r = dns_name_is_valid(name);
         if (r < 0)
                 return r;

diff --git a/src/resolve/resolved-varlink.c b/src/resolve/resolved-varlink.c
index cc684608a601185688746283b24807766651a3fa..feca5f74f1fcc30a684893c23bb7d8526bd1d083 100644 (file)
--- a/src/resolve/resolved-varlink.c
+++ b/src/resolve/resolved-varlink.c
@@ -303,6 +303,9 @@ static int vl_method_resolve_hostname(Varlink *link, JsonVariant *parameters, Va
         if (p.ifindex < 0)
                 return varlink_error_invalid_parameter(link, JSON_VARIANT_STRING_CONST("ifindex"));
 
+        if (dns_name_is_empty(p.name))
+                return varlink_error_invalid_parameter(link, JSON_VARIANT_STRING_CONST("name"));
+
         r = dns_name_is_valid(p.name);
         if (r < 0)
                 return r;

diff --git a/src/shared/dns-domain.h b/src/shared/dns-domain.h
index c25fcaacc2a74cb6ac077f3935d1742fb39fa002..24bf00bd58b79c076ad8694cd6ede2ed0f3c4eec 100644 (file)
--- a/src/shared/dns-domain.h
+++ b/src/shared/dns-domain.h
@@ -60,6 +60,10 @@ static inline int dns_name_is_valid_ldh(const char *s) {
         return 1;
 }
 
+static inline bool dns_name_is_empty(const char *s) {
+        return isempty(s) || streq(s, ".");
+}
+
 void dns_name_hash_func(const char *s, struct siphash *state);
 int dns_name_compare_func(const char *a, const char *b);
 extern const struct hash_ops dns_name_hash_ops;