From 3c229a9afb670025a3c1792bf5ac233b5a566ec5 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 6 Dec 2020 22:41:35 +0900
Subject: [PATCH] nss-resolve: varlink_call() set error_id only when r >= 0

Fixes #17870.
---
 src/nss-resolve/nss-resolve.c | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/src/nss-resolve/nss-resolve.c b/src/nss-resolve/nss-resolve.c
index 566b319484..3fee4f5813 100644
--- a/src/nss-resolve/nss-resolve.c
+++ b/src/nss-resolve/nss-resolve.c
@@ -200,16 +200,17 @@ enum nss_status _nss_resolve_gethostbyname4_r(
         if (r < 0)
                 goto fail;
 
+        /* Return NSS_STATUS_UNAVAIL when communication with systemd-resolved fails, allowing falling
+         * back to other nss modules. Treat all other error conditions as NOTFOUND. This includes
+         * DNSSEC errors and suchlike. (We don't use UNAVAIL in this case so that the nsswitch.conf
+         * configuration can distinguish such executed but negative replies from complete failure to
+         * talk to resolved). */
         r = varlink_call(link, "io.systemd.Resolve.ResolveHostname", cparams, &rparams, &error_id, NULL);
-        if (r < 0) {
+        if (r < 0)
+                goto fail;
+        if (!isempty(error_id)) {
                 if (!error_shall_fallback(error_id))
                         goto not_found;
-
-                /* Return NSS_STATUS_UNAVAIL when communication with systemd-resolved fails, allowing falling
-                   back to other nss modules. Treat all other error conditions as NOTFOUND. This includes
-                   DNSSEC errors and suchlike. (We don't use UNAVAIL in this case so that the nsswitch.conf
-                   configuration can distinguish such executed but negative replies from complete failure to
-                   talk to resolved). */
                 goto fail;
         }
 
@@ -352,10 +353,11 @@ enum nss_status _nss_resolve_gethostbyname3_r(
                 goto fail;
 
         r = varlink_call(link, "io.systemd.Resolve.ResolveHostname", cparams, &rparams, &error_id, NULL);
-        if (r < 0) {
+        if (r < 0)
+                goto fail;
+        if (!isempty(error_id)) {
                 if (!error_shall_fallback(error_id))
                         goto not_found;
-
                 goto fail;
         }
 
@@ -555,10 +557,11 @@ enum nss_status _nss_resolve_gethostbyaddr2_r(
                 goto fail;
 
         r = varlink_call(link, "io.systemd.Resolve.ResolveAddress", cparams, &rparams, &error_id, NULL);
-        if (r < 0) {
+        if (r < 0)
+                goto fail;
+        if (!isempty(error_id)) {
                 if (!error_shall_fallback(error_id))
                         goto not_found;
-
                 goto fail;
         }