Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 25 Apr 2017 23:49:50 +0300 (MSK)
From: Alexander Monakov <amonakov@...ras.ru>
To: musl@...ts.openwall.com
Subject: Re: [PATCH v3] Add RES_OPTIONS support for resolv.conf options
 overriding

I see a couple of pre-existing issues in options parsing
(not your problem, just questions for Rich):

On Tue, 25 Apr 2017, Stefan Sedich wrote:
> +void __parse_resolv_opts(struct resolvconf *conf, char *opts)
> +{
> +	char *p, *z;
> +
> +	p = strstr(opts, "ndots:");

This accepts xndots, _ndots, etc.  I think this is undesirable, prefixing a
character could be seen by some users as a way to "comment-out" an option
without deleting it, and such loose matching lays a trap for them. It also
breaks if a valid option ending in 'ndots' appears in the future.

> +	p = strstr(opts, "timeout:");
> +	if (p && (isdigit(p[8]) || p[8]=='.')) {
> +		p += 8;
> +		unsigned long x = strtoul(p, &z, 10);

Either stroul should be strtod, or accepting p[8]=='.' is pointless.
This was introduced in commit d6cb08bcaca4ff1f921375510ca72bccea969c75
that moved this chunk of code from res_msend.c to resolvconf.c and
introduced p[8]=='.' check en passant.

> @@ -89,5 +96,11 @@ no_resolv_conf:
>  
>  	conf->nns = nns;
>  
> +	char *res_opts_env = NULL;
> +	if (!libc.secure) res_opts_env = getenv("RES_OPTIONS");
> +	if (res_opts_env) {
> +		__parse_resolv_opts(conf, res_opts_env);
> +	}

This might look slightly cleaner if written as

	if (!libc.secure) {
		const char *opts = getenv("RES_OPTIONS");
		if (opts) __parse_resolve_opts(conf, opts);
	}

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.