Do not ignore resolv.conf syntax errors

irs_resconf_load() stores the value returned by add_search() into ret
without consulting its current value first.  This causes any previous
errors raised while parsing resolv.conf to be ignored as long as any
"domain" or "search" statement is present in the file.

Prevent this by returning early in case an error is detected while
parsing resolv.conf.  Ensure that "searchlist" and "magic" members of
the created irs_resconf_t structure are always initialized before
isc_resconf_destroy() is called.

(cherry picked from commit 1f400b68a8e6b7a1111151b512eaee2c49bae2ad)

diff --git a/lib/irs/resconf.c b/lib/irs/resconf.c
index 2ec6ac85c92e7f99effd5f86f04ea1f57b3bec0b..890855398692a51b8d50a9bc92623f9b4d2670fc 100644 (file)
--- a/lib/irs/resconf.c
+++ b/lib/irs/resconf.c
@@ -505,6 +505,7 @@ irs_resconf_load(isc_mem_t *mctx, const char *filename, irs_resconf_t **confp)
 
        conf->mctx = mctx;
        ISC_LIST_INIT(conf->nameservers);
+       ISC_LIST_INIT(conf->searchlist);
        conf->numns = 0;
        conf->domainname = NULL;
        conf->searchnxt = 0;
@@ -559,6 +560,10 @@ irs_resconf_load(isc_mem_t *mctx, const char *filename, irs_resconf_t **confp)
                }
        }
 
+       if (ret != ISC_R_SUCCESS) {
+               goto error;
+       }
+
        /* If we don't find a nameserver fall back to localhost */
        if (conf->numns == 0U) {
                INSIST(ISC_LIST_EMPTY(conf->nameservers));
@@ -572,7 +577,6 @@ irs_resconf_load(isc_mem_t *mctx, const char *filename, irs_resconf_t **confp)
         * Construct unified search list from domain or configured
         * search list
         */
-       ISC_LIST_INIT(conf->searchlist);
        if (conf->domainname != NULL) {
                ret = add_search(conf, conf->domainname);
        } else if (conf->searchnxt > 0) {
@@ -583,6 +587,7 @@ irs_resconf_load(isc_mem_t *mctx, const char *filename, irs_resconf_t **confp)
                }
        }
 
+ error:
        conf->magic = IRS_RESCONF_MAGIC;
 
        if (ret != ISC_R_SUCCESS)

diff --git a/lib/irs/tests/resconf_test.c b/lib/irs/tests/resconf_test.c
index f2378f557d73dcc5724f462ed7445f62355abb63..647eb7f6f71ba6a59ff70af351abb454519911f6 100644 (file)
--- a/lib/irs/tests/resconf_test.c
+++ b/lib/irs/tests/resconf_test.c
@@ -87,6 +87,12 @@ ATF_TC_BODY(irs_resconf_load, tc) {
                }, {
                        "testdata/options.conf", ISC_R_SUCCESS,
                        NULL, ISC_R_SUCCESS
+               }, {
+                       "testdata/options-bad-ndots.conf", ISC_R_RANGE,
+                       NULL, ISC_R_SUCCESS
+               }, {
+                       "testdata/options-empty.conf", ISC_R_UNEXPECTEDEND,
+                       NULL, ISC_R_SUCCESS
                }, {
                        "testdata/port.conf", ISC_R_SUCCESS,
                        NULL, ISC_R_SUCCESS

diff --git a/lib/irs/tests/testdata/options-bad-ndots.conf b/lib/irs/tests/testdata/options-bad-ndots.conf
new file mode 100644 (file)
index 0000000..5c104c7
--- /dev/null
+++ b/lib/irs/tests/testdata/options-bad-ndots.conf
@@ -0,0 +1,11 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+search example.com example.net
+options ndots:256

diff --git a/lib/irs/tests/testdata/options-empty.conf b/lib/irs/tests/testdata/options-empty.conf
new file mode 100644 (file)
index 0000000..e8b902e
--- /dev/null
+++ b/lib/irs/tests/testdata/options-empty.conf
@@ -0,0 +1,11 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+domain example.com
+options