diff --git a/CHANGES b/CHANGES index 85b06f6d43..6b652228a3 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +5972. [bug] Gracefully handle when the statschannel HTTP connection + gets cancelled during sending data back to the client. + [GL #3542] + 5971. [func] Add libsystemd sd_notify() support. [GL #1176] 5970. [func] Log the reason why a query was refused. [GL !6669] diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index 60000ebb26..a9d48ae573 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -5876,9 +5876,21 @@ If no port is specified, port 80 is used for HTTP channels. The asterisk Attempts to open a statistics channel are restricted by the optional ``allow`` clause. Connections to the statistics channel are permitted based on the :term:`address_match_list`. If no ``allow`` clause is -present, :iscman:`named` accepts connection attempts from any address; since -the statistics may contain sensitive internal information, it is highly -recommended to restrict the source of connection requests appropriately. +present, :iscman:`named` accepts connection attempts from any address. Since +the statistics may contain sensitive internal information, the source of +connection requests must be restricted appropriately so that only +trusted parties can access the statistics channel. + +Gathering data exposed by the statistics channel locks various subsystems in +:iscman:`named`, which could slow down query processing if statistics data is +requested too often. + +An issue in the statistics channel would be considered a security issue +only if it could be exploited by unprivileged users circumventing the access +control list. In other words, any issue in the statistics channel that could be +used to access information unavailable otherwise, or to crash :iscman:`named`, is +not considered a security issue if it can be avoided through the +use of a secure configuration. If no :any:`statistics-channels` statement is present, :iscman:`named` does not open any communication channels. diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index 8d10c30d8e..1bdaa66242 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -60,4 +60,5 @@ Feature Changes Bug Fixes ~~~~~~~~~ -- None. +- An assertion failure was fixed in ``named`` that was caused by aborting the statistics + channel connection while sending statistics data to the client. :gl:`#3542` diff --git a/lib/isc/httpd.c b/lib/isc/httpd.c index e4c7d71699..ac31b9a23c 100644 --- a/lib/isc/httpd.c +++ b/lib/isc/httpd.c @@ -907,13 +907,14 @@ httpd_request(isc_nmhandle_t *handle, isc_result_t eresult, httpd = isc_nmhandle_getdata(handle); - REQUIRE(httpd->state == RECV); REQUIRE(httpd->handle == handle); if (eresult != ISC_R_SUCCESS) { goto cleanup_readhandle; } + REQUIRE(httpd->state == RECV); + result = process_request( httpd, region == NULL ? &(isc_region_t){ NULL, 0 } : region, &buflen); @@ -1200,7 +1201,6 @@ httpd_senddone(isc_nmhandle_t *handle, isc_result_t result, void *arg) { isc_httpd_t *httpd = (isc_httpd_t *)arg; REQUIRE(VALID_HTTPD(httpd)); - REQUIRE(httpd->state == SEND); REQUIRE(httpd->handle == handle); isc_buffer_free(&httpd->sendbuffer); @@ -1227,6 +1227,8 @@ httpd_senddone(isc_nmhandle_t *handle, isc_result_t result, void *arg) { goto cleanup_readhandle; } + REQUIRE(httpd->state == SEND); + httpd->state = RECV; httpd->sendhandle = NULL;