Fix minor robustness issues found during code review

- dns/router: add r.closing guard in registerRuleSetCallbacks to prevent callback leak when Close() races with Start() in daemon path - adapter/inbound: validate addr.IsValid() in DNSResponseAddresses before appending to guard against zero-RDATA DNS records - adapter/rule: add evaluate to non-final actions in IsFinalAction
2026-04-14 12:48:28 +10:00 · 2026-04-01 14:49:33 +08:00
parent 3036955776
commit 1362e5d4fc
3 changed files with 18 additions and 6 deletions
--- a/adapter/inbound.go
+++ b/adapter/inbound.go
@@ -130,19 +130,31 @@ func DNSResponseAddresses(response *dns.Msg) []netip.Addr {
 	for _, rawRecord := range response.Answer {
 		switch record := rawRecord.(type) {
 		case *dns.A:
-			addresses = append(addresses, M.AddrFromIP(record.A))
+			addr := M.AddrFromIP(record.A)
+			if addr.IsValid() {
+				addresses = append(addresses, addr)
+			}
 		case *dns.AAAA:
-			addresses = append(addresses, M.AddrFromIP(record.AAAA))
+			addr := M.AddrFromIP(record.AAAA)
+			if addr.IsValid() {
+				addresses = append(addresses, addr)
+			}
 		case *dns.HTTPS:
 			for _, value := range record.SVCB.Value {
 				switch hint := value.(type) {
 				case *dns.SVCBIPv4Hint:
 					for _, ip := range hint.Hint {
-						addresses = append(addresses, M.AddrFromIP(ip).Unmap())
+						addr := M.AddrFromIP(ip).Unmap()
+						if addr.IsValid() {
+							addresses = append(addresses, addr)
+						}
 					}
 				case *dns.SVCBIPv6Hint:
 					for _, ip := range hint.Hint {
-						addresses = append(addresses, M.AddrFromIP(ip))
+						addr := M.AddrFromIP(ip)
+						if addr.IsValid() {
+							addresses = append(addresses, addr)
+						}
 					}
 				}
 			}
--- a/adapter/rule.go
+++ b/adapter/rule.go
@@ -32,7 +32,7 @@ type RuleAction interface {

 func IsFinalAction(action RuleAction) bool {
 	switch action.Type() {
-	case C.RuleActionTypeSniff, C.RuleActionTypeResolve:
+	case C.RuleActionTypeSniff, C.RuleActionTypeResolve, C.RuleActionTypeEvaluate:
 		return false
 	default:
 		return true
--- a/dns/router.go
+++ b/dns/router.go
@@ -329,7 +329,7 @@ func (r *Router) registerRuleSetCallbacks() (bool, error) {
 		})
 	}
 	r.stateAccess.Lock()
-	if len(r.ruleSetCallbacks) == 0 {
+	if !r.closing && len(r.ruleSetCallbacks) == 0 {
 		r.ruleSetCallbacks = callbacks
 		callbacks = nil
 	}