From: Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>
To: Stefan Liebler <stli@linux.ibm.com>, libc-alpha@sourceware.org
Subject: Re: [PATCH] resolv: Fix endless loop in __res_context_query
Date: Thu, 11 Jan 2024 10:27:36 -0300 [thread overview]
Message-ID: <8bf0d13c-7480-491b-8422-27617fb94d7e@linaro.org> (raw)
In-Reply-To: <20240111130118.1483134-1-stli@linux.ibm.com>
On 11/01/24 10:01, Stefan Liebler wrote:
> Starting with commit 40c0add7d48739f5d89ebba255c1df26629a76e2
> "resolve: Remove __res_context_query alloca usage"
> there is an endless loop in __res_context_query if
> __res_context_mkquery fails e.g. if type is invalid. Then the
> scratch buffer is resized to MAXPACKET size and it is retried again.
>
> Before the mentioned commit, it was retried only once and with the
> mentioned commit, there is no check and it retries in an endless loop.
>
> This is observable with xtest resolv/tst-resolv-qtypes which times out
> after 300s.
>
> This patch retries mkquery only once as before the mentioned commit.
> Furthermore, scratch_buffer_set_array_size is now only called with
> nelem=2 if type is T_QUERY_A_AND_AAAA (also see mentioned commit).
> The test tst-resolv-qtypes is also adjusted to verify that <func>
> is really returning with -1 in case of an invalid type.
Thanks for catching it.
LGTM, thanks.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
> ---
> resolv/res_query.c | 8 +++++---
> resolv/tst-resolv-qtypes.c | 4 ++--
> 2 files changed, 7 insertions(+), 5 deletions(-)
>
> diff --git a/resolv/res_query.c b/resolv/res_query.c
> index 1b148a2a05..4bfba24c73 100644
> --- a/resolv/res_query.c
> +++ b/resolv/res_query.c
> @@ -115,7 +115,7 @@ __res_context_query (struct resolv_context *ctx, const char *name,
> struct __res_state *statp = ctx->resp;
> UHEADER *hp = (UHEADER *) answer;
> UHEADER *hp2;
> - int n;
> + int n, retried = 0;
Maybe use a bool here?
>
> /* It requires 2 times QUERYSIZE for type == T_QUERY_A_AND_AAAA. */
> struct scratch_buffer buf;
> @@ -182,13 +182,15 @@ __res_context_query (struct resolv_context *ctx, const char *name,
> nquery1 = n;
> }
>
> - if (__glibc_unlikely (n <= 0)) {
> + if (__glibc_unlikely (n <= 0) && !retried) {
> /* Retry just in case res_nmkquery failed because of too
> short buffer. Shouldn't happen. */
> if (scratch_buffer_set_array_size (&buf,
> - T_QUERY_A_AND_AAAA ? 2 : 1,
> + (type == T_QUERY_A_AND_AAAA)
> + ? 2 : 1,
> MAXPACKET)) {
> query1 = buf.data;
> + retried = 1;
> goto again;
> }
> }
Ok
> diff --git a/resolv/tst-resolv-qtypes.c b/resolv/tst-resolv-qtypes.c
> index 3fa566c7ea..973c4e15d3 100644
> --- a/resolv/tst-resolv-qtypes.c
> +++ b/resolv/tst-resolv-qtypes.c
> @@ -154,8 +154,8 @@ test_function (const char *fname,
> }
> }
>
> - TEST_VERIFY (func (-1, buf, sizeof (buf) == -1));
> - TEST_VERIFY (func (65536, buf, sizeof (buf) == -1));
> + TEST_VERIFY (func (-1, buf, sizeof (buf)) == -1);
> + TEST_VERIFY (func (65536, buf, sizeof (buf)) == -1);
> }
>
> static int
Ok.
next prev parent reply other threads:[~2024-01-11 13:27 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-11 13:01 Stefan Liebler
2024-01-11 13:27 ` Adhemerval Zanella Netto [this message]
2024-01-11 15:40 ` Stefan Liebler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8bf0d13c-7480-491b-8422-27617fb94d7e@linaro.org \
--to=adhemerval.zanella@linaro.org \
--cc=libc-alpha@sourceware.org \
--cc=stli@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).