From: Willy Tarreau <w@1wt.eu>
Date: Thu, 14 May 2026 23:01:36 +0000 (+0000)
Subject: BUG/MINOR: config/dns: properly fail on duplicate nameserver name detection
X-Git-Tag: v3.4-dev13~77
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=bcb4f9cd4a2a779e4b289bf218ee35b84ccef760;p=thirdparty%2Fhaproxy.git

BUG/MINOR: config/dns: properly fail on duplicate nameserver name detection

In cfg_parse_resolvers(), two duplicate name checks set err_code but lacked
'goto out', allowing execution to fall through and create the duplicate entry.
This would result in new resolvers and nameservers to be created after the
error was displayed, and a leak of the previous one. It's mostly harmless
since we're exiting after such errors. This can be backported if desired.
---

diff --git a/src/resolvers.c b/src/resolvers.c
index 0200be4c5..6556cc8a5 100644
--- a/src/resolvers.c
+++ b/src/resolvers.c
@@ -3712,6 +3712,7 @@ int cfg_parse_resolvers(const char *file, int linenum, char **args, int kwm)
 				ha_alert("Parsing [%s:%d]: resolvers '%s' has same name as another resolvers (declared at %s:%d).\n",
 					 file, linenum, args[1], curr_resolvers->conf.file, curr_resolvers->conf.line);
 				err_code |= ERR_ALERT | ERR_ABORT;
+				goto out;
 			}
 		}
 
@@ -3749,6 +3750,7 @@ int cfg_parse_resolvers(const char *file, int linenum, char **args, int kwm)
 				ha_alert("Parsing [%s:%d]: nameserver '%s' has same name as another nameserver (declared at %s:%d).\n",
 					 file, linenum, args[1], newnameserver->conf.file, newnameserver->conf.line);
 				err_code |= ERR_ALERT | ERR_FATAL;
+				goto out;
 			}
 		}