Add NULL check in ns_lookup_list_search for DNS resolution

sumleo · sumleo · commit 688d97e9eda5 · 2026-02-25T23:02:38.000+08:00
When no DNS allowlist is configured via --allow-resolve,
wasi_ctx-&gt;ns_lookup_list is NULL. This NULL pointer gets passed
to ns_lookup_list_search which dereferences it unconditionally
at the while (*list) loop, causing a crash. A guest WASM module
can trigger this by calling sock_addr_resolve.
diff --git a/core/iwasm/libraries/libc-wasi/sandboxed-system-primitives/src/posix.c b/core/iwasm/libraries/libc-wasi/sandboxed-system-primitives/src/posix.c
@@ -74,6 +74,9 @@ ns_lookup_list_search(char **list, const char *host)
 {
     size_t host_len = strlen(host), suffix_len;
 
+    if (!list)
+        return false;
+
     while (*list) {
         if (*list[0] == '*') {
             suffix_len = strlen(*list) - 1;

Original file line number	Diff line number	Diff line change
`@@ -74,6 +74,9 @@ ns_lookup_list_search(char *list, const char host)`
`74`	`74`	`{`
`75`	`75`	`size_t host_len = strlen(host), suffix_len;`
`76`	`76`
	`77`	`+ if (!list)`
	`78`	`+ return false;`
	`79`	`+`
`77`	`80`	`while (*list) {`
`78`	`81`	`if (list[0] == '') {`
`79`	`82`	`suffix_len = strlen(*list) - 1;`