From 48359c723206254d3a22f08eb537a6acc2f04e01 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Fri, 15 Oct 2021 10:49:33 +0900
Subject: [PATCH] dns: Make reading resolv.conf more robust.

* dirmngr/dns.c (dns_resconf_loadfile): Skip "search" which
begins with '.'.

--

GnuPG-bug-id: 5657
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 dirmngr/dns.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/dirmngr/dns.c b/dirmngr/dns.c
index 3ac6a2d02..0296d6296 100644
--- a/dirmngr/dns.c
+++ b/dirmngr/dns.c
@@ -5657,7 +5657,12 @@ skip:
 			memset(resconf->search, '\0', sizeof resconf->search);
 
 			for (i = 1, j = 0; i < wc && j < lengthof(resconf->search); i++, j++)
-				dns_d_anchor(resconf->search[j], sizeof resconf->search[j], words[i], strlen(words[i]));
+				if (words[i][0] == '.') {
+					/* Ignore invalid search spec.  */
+					j--;
+				} else {
+					dns_d_anchor(resconf->search[j], sizeof resconf->search[j], words[i], strlen(words[i]));
+				}
 
 			break;
 		case DNS_RESCONF_LOOKUP: