From 5832b84200340344dc0a3e3a360375b3718aa8cd Mon Sep 17 00:00:00 2001
From: Miciah Masters <miciah.masters@gmail.com>
Date: Tue, 12 Apr 2022 13:52:22 -0400
Subject: [PATCH] kubelet: parseResolvConf: Handle "search ."

When parsing a resolv.conf file that has "search .", parseResolvConf should
accept the "." entry verbatim.  Before this commit, parseResolvConf
unconditionally trimmed the "." suffix, which in the case of "." resulted
in a "" entry (that is, the empty string).  This empty entry could lead
parseResolvConf to produce a resolv.conf file with "search ".  Resolvers
could fail to parse such a resolv.conf file from parseResolvConf, thus
breaking DNS resolution in pods.  After this commit, parseResolvConf
accepts a resolv.conf file with "search ." and passes the "." entry through
verbatim to produce a valid resolv.conf file.  The "." suffix is still
trimmed for any entry that does not solely comprise ".".

Follow-up to commit a215a88d919047360a84d62aae27eb184752bba2.

* pkg/kubelet/network/dns/dns.go (parseResolvConf): Handle a "." entry in
the search path by copying it verbatim.
* pkg/kubelet/network/dns/dns_test.go (TestParseResolvConf): Add a test
case for "search .".
---
 pkg/kubelet/network/dns/dns.go      | 5 ++++-
 pkg/kubelet/network/dns/dns_test.go | 1 +
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/pkg/kubelet/network/dns/dns.go b/pkg/kubelet/network/dns/dns.go
index cff577bf936..308eb102ea6 100644
--- a/pkg/kubelet/network/dns/dns.go
+++ b/pkg/kubelet/network/dns/dns.go
@@ -267,7 +267,10 @@ func parseResolvConf(reader io.Reader) (nameservers []string, searches []string,
 			// Normalise search fields so the same domain with and without trailing dot will only count once, to avoid hitting search validation limits.
 			searches = []string{}
 			for _, s := range fields[1:] {
-				searches = append(searches, strings.TrimSuffix(s, "."))
+				if s != "." {
+					s = strings.TrimSuffix(s, ".")
+				}
+				searches = append(searches, s)
 			}
 		}
 		if fields[0] == "options" {
diff --git a/pkg/kubelet/network/dns/dns_test.go b/pkg/kubelet/network/dns/dns_test.go
index bd634b02af1..261de55c9b4 100644
--- a/pkg/kubelet/network/dns/dns_test.go
+++ b/pkg/kubelet/network/dns/dns_test.go
@@ -78,6 +78,7 @@ func TestParseResolvConf(t *testing.T) {
 		{"nameserver 1.2.3.4\nnameserver 5.6.7.8", []string{"1.2.3.4", "5.6.7.8"}, []string{}, []string{}, false},
 		{"nameserver 1.2.3.4 #comment", []string{"1.2.3.4"}, []string{}, []string{}, false},
 		{"search ", []string{}, []string{}, []string{}, false}, // search empty
+		{"search .", []string{}, []string{"."}, []string{}, false},
 		{"search foo", []string{}, []string{"foo"}, []string{}, false},
 		{"search foo bar", []string{}, []string{"foo", "bar"}, []string{}, false},
 		{"search foo. bar", []string{}, []string{"foo", "bar"}, []string{}, false},