dnsfilter: prevent panics, improve docs

AdguardTeam · Dec 18, 2020 · f776a0c · f776a0c
1 parent e14073b
commit f776a0c
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 10 deletions.
diff --git a/internal/dnsfilter/dnsfilter.go b/internal/dnsfilter/dnsfilter.go
@@ -392,9 +392,6 @@ func (d *DNSFilter) CheckHost(host string, qtype uint16, setts *RequestFiltering
 		}
 	}
 
-	// Then check the filter lists.
-	// if request is blocked -- it should be blocked.
-	// if it is allowlisted -- we should do nothing with it anymore.
 	if setts.FilteringEnabled {
 		result, err = d.matchHost(host, qtype, *setts)
 		if err != nil {
@@ -646,20 +643,24 @@ func (d *DNSFilter) initFiltering(allowFilters, blockFilters []Filter) error {
 
 // matchHostProcessAllowList processes the allowlist logic of host
 // matching.
-func (d *DNSFilter) matchHostProcessAllowList(host string, dnsres urlfilter.DNSResult) (res Result) {
+func (d *DNSFilter) matchHostProcessAllowList(host string, dnsres urlfilter.DNSResult) (res Result, err error) {
 	var rule rules.Rule
 	if dnsres.NetworkRule != nil {
 		rule = dnsres.NetworkRule
-	} else if dnsres.HostRulesV4 != nil {
+	} else if len(dnsres.HostRulesV4) > 0 {
 		rule = dnsres.HostRulesV4[0]
-	} else if dnsres.HostRulesV6 != nil {
+	} else if len(dnsres.HostRulesV6) > 0 {
 		rule = dnsres.HostRulesV6[0]
 	}
 
+	if rule == nil {
+		return Result{}, fmt.Errorf("invalid dns result: rules are empty")
+	}
+
 	log.Debug("Filtering: found allowlist rule for host %q: %q  list_id: %d",
 		host, rule.Text(), rule.GetFilterListID())
 
-	return makeResult(rule, NotFilteredAllowList)
+	return makeResult(rule, NotFilteredAllowList), nil
 }
 
 // matchHost is a low-level way to check only if hostname is filtered by rules,
@@ -681,7 +682,7 @@ func (d *DNSFilter) matchHost(host string, qtype uint16, setts RequestFilteringS
 	if d.filteringEngineAllow != nil {
 		dnsres, ok := d.filteringEngineAllow.MatchRequest(ureq)
 		if ok {
-			return d.matchHostProcessAllowList(host, dnsres), nil
+			return d.matchHostProcessAllowList(host, dnsres)
 		}
 	}
 

diff --git a/internal/dnsfilter/dnsrewrite.go b/internal/dnsfilter/dnsrewrite.go
@@ -15,8 +15,9 @@ type DNSRewriteResult struct {
 // the server returns.
 type DNSRewriteResultResponse map[rules.RRType][]rules.RRValue
 
-// processDNSRewrites processes DNS rewrite rules in dnsr and returns
-// the result.
+// processDNSRewrites processes DNS rewrite rules in dnsr.  It returns
+// an empty result if dnsr is empty.  Otherwise, the result with have
+// either CanonName or DNSRewriteResult set.
 func (d *DNSFilter) processDNSRewrites(dnsr []*rules.NetworkRule) (res Result) {
 	if len(dnsr) == 0 {
 		return Result{}
@@ -36,6 +37,7 @@ func (d *DNSFilter) processDNSRewrites(dnsr []*rules.NetworkRule) (res Result) {
 				FilterListID: int64(nr.GetFilterListID()),
 				Text:         nr.RuleText,
 			}}
+
 			return Result{
 				Reason:    DNSRewriteRule,
 				Rules:     rules,