Skip to content

netdb/dns: validate nameserver input in dns_add_nameserver#18670

Open
masc2008 wants to merge 1 commit intoapache:masterfrom
masc2008:dns-add-nameserver-validate
Open

netdb/dns: validate nameserver input in dns_add_nameserver#18670
masc2008 wants to merge 1 commit intoapache:masterfrom
masc2008:dns-add-nameserver-validate

Conversation

@masc2008
Copy link
Copy Markdown
Contributor

@masc2008 masc2008 commented Apr 3, 2026
edited
Loading

Note: Please adhere to Contributing Guidelines.

Summary

from user space, it may receive un-valid dns and call netlib_set_ipvxdnsaddr.
so if add a check in nuttx kernel, it can avoid invalid dns setting.

Impact

it's avoid invalid dns setting, when invalid dns set, dns will fail to work.

Testing

from app, set a dns with addr: 0.0.0.0, then ping domain fails to work.
after add this check, such invaid addr can't be added, so it will continue work.

Tested on BES chip.

@github-actions github-actions bot added Area: OS Components OS Components issues Size: S The size of the change in this PR is small labels Apr 3, 2026
@masc2008 masc2008 force-pushed the dns-add-nameserver-validate branch from 0fd80d4 to 26d1bbe Compare April 3, 2026 13:55
@ankohuu
Copy link
Copy Markdown
Contributor

ankohuu commented Apr 4, 2026

Thanks Jerry, not only for this patch

If no /etc/resolv.conf && stream = fopen(CONFIG_NETDB_RESOLVCONF_PATH, "a+"); then errout,
is there a empty file we don't want?

@masc2008
netdb/dns: validate nameserver input in dns_add_nameserver
c699efe 
It can't be zero or broadcast addr for a valid dns server.

Signed-off-by: shichunma <masc2008@gmail.com>
@masc2008 masc2008 force-pushed the dns-add-nameserver-validate branch from 26d1bbe to c699efe Compare April 5, 2026 10:02
@github-actions github-actions bot added Size: M The size of the change in this PR is medium and removed Size: S The size of the change in this PR is small labels Apr 5, 2026
@masc2008
Copy link
Copy Markdown
Contributor Author

masc2008 commented Apr 5, 2026

Thanks Jerry, not only for this patch

If no /etc/resolv.conf && stream = fopen(CONFIG_NETDB_RESOLVCONF_PATH, "a+"); then errout, is there a empty file we don't want?

thanks, I got your point, and updated.

@masc2008 masc2008 force-pushed the dns-add-nameserver-validate branch from cd495a3 to c699efe Compare April 6, 2026 00:46
xiaoxiang781216
xiaoxiang781216 reviewed Apr 6, 2026
View reviewed changes
libs/libc/netdb/lib_dnsaddserver.c

errout:
dns_unlock();
fclose(stream);
Copy link
Copy Markdown
Contributor

@xiaoxiang781216 xiaoxiang781216 Apr 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

don't need change

libs/libc/netdb/lib_dnsaddserver.c
ret = OK;
}

dns_unlock();
Copy link
Copy Markdown
Contributor

@xiaoxiang781216 xiaoxiang781216 Apr 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

goto errout

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xiaoxiang781216 xiaoxiang781216 xiaoxiang781216 left review comments

@masayuki2009 masayuki2009 Awaiting requested review from masayuki2009

@jerpelea jerpelea Awaiting requested review from jerpelea

@simbit18 simbit18 Awaiting requested review from simbit18

@anchao anchao Awaiting requested review from anchao

@Donny9 Donny9 Awaiting requested review from Donny9

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

Area: OS Components OS Components issues Size: M The size of the change in this PR is medium

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@masc2008 @ankohuu @xiaoxiang781216