[PATCH v3] Add RES_OPTIONS support for resolv.conf options overriding

[PATCH v3] Add RES_OPTIONS support for resolv.conf options overriding

[Stefan Sedich]

Currently glibc supports using the RES_OPTIONS environment variable
to customize the resolv.conf options on a per-process basis, this
adds the same support to musl
---
Changes in v3:
  - initialize res_opts_env

 src/network/resolvconf.c | 49 ++++++++++++++++++++++++++++++------------------
 1 file changed, 31 insertions(+), 18 deletions(-)

diff --git a/src/network/resolvconf.c b/src/network/resolvconf.c
index 4c3e4c4b..177c6877 100644
--- a/src/network/resolvconf.c
+++ b/src/network/resolvconf.c
@@ -5,6 +5,30 @@
 #include <string.h>
 #include <netinet/in.h>
 
+void __parse_resolv_opts(struct resolvconf *conf, char *opts)
+{
+	char *p, *z;
+
+	p = strstr(opts, "ndots:");
+	if (p && isdigit(p[6])) {
+		p += 6;
+		unsigned long x = strtoul(p, &z, 10);
+		if (z != p) conf->ndots = x > 15 ? 15 : x;
+	}
+	p = strstr(opts, "attempts:");
+	if (p && isdigit(p[9])) {
+		p += 9;
+		unsigned long x = strtoul(p, &z, 10);
+		if (z != p) conf->attempts = x > 10 ? 10 : x;
+	}
+	p = strstr(opts, "timeout:");
+	if (p && (isdigit(p[8]) || p[8]=='.')) {
+		p += 8;
+		unsigned long x = strtoul(p, &z, 10);
+		if (z != p) conf->timeout = x > 60 ? 60 : x;
+	}
+}
+
 int __get_resolv_conf(struct resolvconf *conf, char *search, size_t search_sz)
 {
 	char line[256];
@@ -38,24 +62,7 @@ int __get_resolv_conf(struct resolvconf *conf, char *search, size_t search_sz)
 			continue;
 		}
 		if (!strncmp(line, "options", 7) && isspace(line[7])) {
-			p = strstr(line, "ndots:");
-			if (p && isdigit(p[6])) {
-				p += 6;
-				unsigned long x = strtoul(p, &z, 10);
-				if (z != p) conf->ndots = x > 15 ? 15 : x;
-			}
-			p = strstr(line, "attempts:");
-			if (p && isdigit(p[9])) {
-				p += 9;
-				unsigned long x = strtoul(p, &z, 10);
-				if (z != p) conf->attempts = x > 10 ? 10 : x;
-			}
-			p = strstr(line, "timeout:");
-			if (p && (isdigit(p[8]) || p[8]=='.')) {
-				p += 8;
-				unsigned long x = strtoul(p, &z, 10);
-				if (z != p) conf->timeout = x > 60 ? 60 : x;
-			}
+			__parse_resolv_opts(conf, line);
 			continue;
 		}
 		if (!strncmp(line, "nameserver", 10) && isspace(line[10])) {
@@ -89,5 +96,11 @@ no_resolv_conf:
 
 	conf->nns = nns;
 
+	char *res_opts_env = NULL;
+	if (!libc.secure) res_opts_env = getenv("RES_OPTIONS");
+	if (res_opts_env) {
+		__parse_resolv_opts(conf, res_opts_env);
+	}
+
 	return 0;
 }
-- 
2.11.0

Re: [PATCH v3] Add RES_OPTIONS support for resolv.conf options overriding

[Alexander Monakov]

I see a couple of pre-existing issues in options parsing
(not your problem, just questions for Rich):

On Tue, 25 Apr 2017, Stefan Sedich wrote:
> +void __parse_resolv_opts(struct resolvconf *conf, char *opts)
> +{
> +	char *p, *z;
> +
> +	p = strstr(opts, "ndots:");

This accepts xndots, _ndots, etc.  I think this is undesirable, prefixing a
character could be seen by some users as a way to "comment-out" an option
without deleting it, and such loose matching lays a trap for them. It also
breaks if a valid option ending in 'ndots' appears in the future.

> +	p = strstr(opts, "timeout:");
> +	if (p && (isdigit(p[8]) || p[8]=='.')) {
> +		p += 8;
> +		unsigned long x = strtoul(p, &z, 10);

Either stroul should be strtod, or accepting p[8]=='.' is pointless.
This was introduced in commit d6cb08bcaca4ff1f921375510ca72bccea969c75
that moved this chunk of code from res_msend.c to resolvconf.c and
introduced p[8]=='.' check en passant.

> @@ -89,5 +96,11 @@ no_resolv_conf:
>  
>  	conf->nns = nns;
>  
> +	char *res_opts_env = NULL;
> +	if (!libc.secure) res_opts_env = getenv("RES_OPTIONS");
> +	if (res_opts_env) {
> +		__parse_resolv_opts(conf, res_opts_env);
> +	}

This might look slightly cleaner if written as

	if (!libc.secure) {
		const char *opts = getenv("RES_OPTIONS");
		if (opts) __parse_resolve_opts(conf, opts);
	}

Alexander

Re: [PATCH v3] Add RES_OPTIONS support for resolv.conf options overriding

[Stefan Sedich]

[-- Attachment #1: Type: text/plain, Size: 1809 bytes --]

On Tue, Apr 25, 2017 at 1:50 PM Alexander Monakov <amonakov@ispras.ru>
wrote:

> I see a couple of pre-existing issues in options parsing
> (not your problem, just questions for Rich):
>
> On Tue, 25 Apr 2017, Stefan Sedich wrote:
> > +void __parse_resolv_opts(struct resolvconf *conf, char *opts)
> > +{
> > +     char *p, *z;
> > +
> > +     p = strstr(opts, "ndots:");
>
> This accepts xndots, _ndots, etc.  I think this is undesirable, prefixing a
> character could be seen by some users as a way to "comment-out" an option
> without deleting it, and such loose matching lays a trap for them. It also
> breaks if a valid option ending in 'ndots' appears in the future.
>
> > +     p = strstr(opts, "timeout:");
> > +     if (p && (isdigit(p[8]) || p[8]=='.')) {
> > +             p += 8;
> > +             unsigned long x = strtoul(p, &z, 10);
>
> Either stroul should be strtod, or accepting p[8]=='.' is pointless.
> This was introduced in commit d6cb08bcaca4ff1f921375510ca72bccea969c75
> that moved this chunk of code from res_msend.c to resolvconf.c and
> introduced p[8]=='.' check en passant.
>
> > @@ -89,5 +96,11 @@ no_resolv_conf:
> >
> >       conf->nns = nns;
> >
> > +     char *res_opts_env = NULL;
> > +     if (!libc.secure) res_opts_env = getenv("RES_OPTIONS");
> > +     if (res_opts_env) {
> > +             __parse_resolv_opts(conf, res_opts_env);
> > +     }
>
> This might look slightly cleaner if written as
>
>         if (!libc.secure) {
>                 const char *opts = getenv("RES_OPTIONS");
>                 if (opts) __parse_resolve_opts(conf, opts);
>         }
>
> Alexander
>

Alexander,

I agree on the cleaner version :), I will await Rich to comment on the rest
before opening another patch as perhaps I can address some of these as part
of this commit if desired?

[-- Attachment #2: Type: text/html, Size: 2463 bytes --]