resolve: also compare port and SNI in dns_server_find()

2020-07-13 09:05:15 +09:00 · 2020-07-13 09:05:15 +09:00 · 1b86009298
parent da9de7385a
commit 1b86009298
5 changed files with 13 additions and 6 deletions
--- a/src/resolve/resolved-conf.c
+++ b/src/resolve/resolved-conf.c
@ -41,6 +41,9 @@ static int manager_add_dns_server_by_string(Manager *m, DnsServerType type, cons
        if (r < 0)
                return r;

+        if (IN_SET(port, 53, 853))
+                port = 0;
+
        /* Silently filter out 0.0.0.0 and 127.0.0.53 (our own stub DNS listener) */
        if (!dns_server_address_valid(family, &address))
                return 0;
@ -51,7 +54,7 @@ static int manager_add_dns_server_by_string(Manager *m, DnsServerType type, cons
                port = 0;

        /* Filter out duplicates */
-        s = dns_server_find(manager_get_first_dns_server(m, type), family, &address, ifindex);
+        s = dns_server_find(manager_get_first_dns_server(m, type), family, &address, port, ifindex, server_name);
        if (s) {
                /*
                 * Drop the marker. This is used to find the servers
--- a/src/resolve/resolved-dns-server.c
+++ b/src/resolve/resolved-dns-server.c
@ -666,11 +666,15 @@ void dns_server_mark_all(DnsServer *first) {
        dns_server_mark_all(first->servers_next);
 }

-DnsServer *dns_server_find(DnsServer *first, int family, const union in_addr_union *in_addr, int ifindex) {
+DnsServer *dns_server_find(DnsServer *first, int family, const union in_addr_union *in_addr, uint16_t port, int ifindex, const char *name) {
        DnsServer *s;

        LIST_FOREACH(servers, s, first)
-                if (s->family == family && in_addr_equal(family, &s->address, in_addr) > 0 && s->ifindex == ifindex)
+                if (s->family == family &&
+                    in_addr_equal(family, &s->address, in_addr) > 0 &&
+                    s->port == port &&
+                    s->ifindex == ifindex &&
+                    streq_ptr(s->server_name, name))
                        return s;

        return NULL;
--- a/src/resolve/resolved-dns-server.h
+++ b/src/resolve/resolved-dns-server.h
@ -131,7 +131,7 @@ bool dns_server_dnssec_supported(DnsServer *server);

 void dns_server_warn_downgrade(DnsServer *server);

-DnsServer *dns_server_find(DnsServer *first, int family, const union in_addr_union *in_addr, int ifindex);
+DnsServer *dns_server_find(DnsServer *first, int family, const union in_addr_union *in_addr, uint16_t port, int ifindex, const char *name);

 void dns_server_unlink_all(DnsServer *first);
 void dns_server_unlink_marked(DnsServer *first);
--- a/src/resolve/resolved-link-bus.c
+++ b/src/resolve/resolved-link-bus.c
@ -281,7 +281,7 @@ int bus_link_method_set_dns_servers(sd_bus_message *message, void *userdata, sd_
        for (i = 0; i < n; i++) {
                DnsServer *s;

-                s = dns_server_find(l->dns_servers, dns[i].family, &dns[i].address, 0);
+                s = dns_server_find(l->dns_servers, dns[i].family, &dns[i].address, 0, 0, NULL);
                if (s)
                        dns_server_move_back_and_unmark(s);
                else {
--- a/src/resolve/resolved-link.c
+++ b/src/resolve/resolved-link.c
@ -263,7 +263,7 @@ static int link_update_dns_server_one(Link *l, const char *name) {
        if (r < 0)
                return r;

-        s = dns_server_find(l->dns_servers, family, &a, 0);
+        s = dns_server_find(l->dns_servers, family, &a, 0, 0, NULL);
        if (s) {
                dns_server_move_back_and_unmark(s);
                return 0;