fix(plugin): normalize panics on invalid origins (#7563)

Previously OriginsFromArgsOrServerBlock accessed the output of NormalizeExact() by index 0, which could panic when normalization returned an empty slice on error. This happens with malformed input surfaced by fuzzing, for example "unix://<non‑UTF8>". This change hardens normalization in the server block path. If normalization yields no entries, the original value is preserved. The function still returns a newly copied slice. This preserves legacy semantics for valid inputs while eliminating the crash on malformed ones. Added tests to validate. Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
2025-10-27 16:24:19 -04:00 · 2025-09-19 05:15:40 +03:00
parent 0440e54bcf
commit 051d8d6f05
2 changed files with 67 additions and 1 deletions
--- a/plugin/normalize.go
+++ b/plugin/normalize.go
@@ -179,7 +179,11 @@ func OriginsFromArgsOrServerBlock(args, serverblock []string) []string {
 		s := make([]string, len(serverblock))
 		copy(s, serverblock)
 		for i := range s {
-			s[i] = Host(s[i]).NormalizeExact()[0] // expansion of these already happened in dnsserver/register.go
+			sx := Host(s[i]).NormalizeExact() // expansion of these already happened in dnsserver/register.go
+			if len(sx) == 0 {
+				continue
+			}
+			s[i] = sx[0]
 		}
 		return s
 	}