From: Christopher Faulet <cfaulet@haproxy.com>
Date: Wed, 27 May 2026 13:37:35 +0000 (+0200)
Subject: Revert "BUG/MEDIUM: dns: fix long loops in additional records parse on name failure"
X-Git-Tag: v3.4.0~85
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=091768ab3ed11ce78ca60168bd2bcca950896758;p=thirdparty%2Fhaproxy.git

Revert "BUG/MEDIUM: dns: fix long loops in additional records parse on name failure"

This reverts commit fefce297ab5d0c36d6d6773092c976ea6166dc1e.

The commit broke the resolvers. All responses are marked as invalid. The
resolv_read_name() function can return 0 on error, but it seems also
possible to return 0 when no label name was found. And depending on the
caller, it can be an error... or not.

So, let's revert it. This might trigger a watchdog but doesn't seem to and
once fixed it makes things worse.

Must be backported as far as 2.4.
---

diff --git a/src/resolvers.c b/src/resolvers.c
index ffdc3163c..bb07ae566 100644
--- a/src/resolvers.c
+++ b/src/resolvers.c
@@ -1420,7 +1420,7 @@ static int resolv_validate_dns_response(unsigned char *resp, unsigned char *bufe
 		len = resolv_read_name(resp, bufend, reader, tmpname, DNS_MAX_NAME_SIZE,
 		                    &offset, 0);
 		if (len == 0)
-			goto invalid_resp;
+			continue;
 
 		if (reader + offset + 10 > bufend)
 			goto invalid_resp;
@@ -1456,8 +1456,11 @@ static int resolv_validate_dns_response(unsigned char *resp, unsigned char *bufe
 		offset = 0;
 		len = resolv_read_name(resp, bufend, reader, tmpname, DNS_MAX_NAME_SIZE, &offset, 0);
 
-		if (len == 0)
-			goto invalid_resp;
+		if (len == 0) {
+			pool_free(resolv_answer_item_pool, answer_record);
+			answer_record = NULL;
+			continue;
+		}
 
 		memcpy(answer_record->name, tmpname, len);
 		answer_record->name[len] = 0;