ifcfg: don't limit parsing DNS elements to 10 entries

It's not the task of the ifcfg reader to pre-normalize profiles to truncate the DNS server list. It's only nm_connection_verify()'s task to indicate what is valid and what not. Increase the number to something excessive. Note that the parsing scales with O(n^2). So don't have it totally unbounded and have an overall limit (of 10000 entries).
2026-05-06 05:38:15 +02:00 · 2021-08-16 23:15:18 +02:00 · 2021-08-16 23:15:18 +02:00 · 00f63074d6
commit 00f63074d6
parent 1abf512831
1 changed files with 18 additions and 19 deletions
--- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
+++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
@ -1974,26 +1974,27 @@ make_ip4_setting(shvarFile *ifcfg,
        /* DNS servers
         * Pick up just IPv4 addresses (IPv6 addresses are taken by make_ip6_setting())
         */
-        for (i = 1; i <= 10; i++) {
+        for (i = 1; i < 10000; i++) {
            char tag[256];

            numbered_tag(tag, "DNS", i);
            nm_clear_g_free(&value);
            v = svGetValueStr(ifcfg, tag, &value);
-            if (v) {
-                if (nm_utils_ipaddr_is_valid(AF_INET, v)) {
-                    if (!nm_setting_ip_config_add_dns(s_ip4, v))
-                        PARSE_WARNING("duplicate DNS server %s", tag);
-                } else if (nm_utils_ipaddr_is_valid(AF_INET6, v)) {
-                    /* Ignore IPv6 addresses */
-                } else {
-                    g_set_error(error,
-                                NM_SETTINGS_ERROR,
-                                NM_SETTINGS_ERROR_INVALID_CONNECTION,
-                                "Invalid DNS server address '%s'",
-                                v);
-                    return NULL;
-                }
+            if (!v)
+                break;
+
+            if (nm_utils_ipaddr_is_valid(AF_INET, v)) {
+                if (!nm_setting_ip_config_add_dns(s_ip4, v))
+                    PARSE_WARNING("duplicate DNS server %s", tag);
+            } else if (nm_utils_ipaddr_is_valid(AF_INET6, v)) {
+                /* Ignore IPv6 addresses */
+            } else {
+                g_set_error(error,
+                            NM_SETTINGS_ERROR,
+                            NM_SETTINGS_ERROR_INVALID_CONNECTION,
+                            "Invalid DNS server address '%s'",
+                            v);
+                return NULL;
            }
        }

@ -2497,16 +2498,14 @@ make_ip6_setting(shvarFile *ifcfg, shvarFile *network_ifcfg, gboolean routes_rea
    /* DNS servers
     * Pick up just IPv6 addresses (IPv4 addresses are taken by make_ip4_setting())
     */
-    for (i = 1; i <= 10; i++) {
+    for (i = 1; i < 10000; i++) {
        char tag[256];

        numbered_tag(tag, "DNS", i);
        nm_clear_g_free(&value);
        v = svGetValueStr(ifcfg, tag, &value);
-        if (!v) {
-            /* all done */
+        if (!v)
            break;
-        }

        if (nm_utils_ipaddr_is_valid(AF_INET6, v)) {
            if (!nm_setting_ip_config_add_dns(s_ip6, v))