upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge branch '3542-gracefuly-handle-cancelled-http-read-during-sending-v9_18' into 'v9_18'

Browse source 
Handle canceled read during sending data over stats channel

See merge request isc-projects/bind9!6779
This commit is contained in:
Ondřej Surý 2022-09-15 09:49:10 +00:00
commit 47a40b48dc
4 changed files with 25 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CHANGES
View file

@ -1,3 +1,7 @@
5972. [bug] Gracefully handle when the statschannel HTTP connection
gets cancelled during sending data back to the client.
[GL #3542]
5970. [func] Log the reason why a query was refused. [GL !6669]
5967. [cleanup] Flagged the "random-device" option (which was

18
doc/arm/reference.rst
View file

@ -5842,9 +5842,21 @@ If no port is specified, port 80 is used for HTTP channels. The asterisk
Attempts to open a statistics channel are restricted by the
optional ``allow`` clause. Connections to the statistics channel are
permitted based on the :term:`address_match_list`. If no ``allow`` clause is
present, :iscman:`named` accepts connection attempts from any address; since
the statistics may contain sensitive internal information, it is highly
recommended to restrict the source of connection requests appropriately.
present, :iscman:`named` accepts connection attempts from any address. Since
the statistics may contain sensitive internal information, the source of
connection requests must be restricted appropriately so that only
trusted parties can access the statistics channel.
Gathering data exposed by the statistics channel locks various subsystems in
:iscman:`named`, which could slow down query processing if statistics data is
requested too often.
An issue in the statistics channel would be considered a security issue
only if it could be exploited by unprivileged users circumventing the access
control list. In other words, any issue in the statistics channel that could be
used to access information unavailable otherwise, or to crash :iscman:`named`, is
not considered a security issue if it can be avoided through the
use of a secure configuration.
If no :any:`statistics-channels` statement is present, :iscman:`named` does not
open any communication channels.

3
doc/notes/notes-current.rst
View file

@ -40,4 +40,5 @@ Feature Changes
Bug Fixes
~~~~~~~~~
- None.
- An assertion failure was fixed in ``named`` that was caused by aborting the statistics
channel connection while sending statistics data to the client. :gl:`#3542`

6
lib/isc/httpd.c
View file

@ -904,13 +904,14 @@ httpd_request(isc_nmhandle_t *handle, isc_result_t eresult,
httpd = isc_nmhandle_getdata(handle);
REQUIRE(httpd->state == RECV);
REQUIRE(httpd->handle == handle);
if (eresult != ISC_R_SUCCESS) {
goto cleanup_readhandle;
}
REQUIRE(httpd->state == RECV);
result = process_request(
httpd, region == NULL ? &(isc_region_t){ NULL, 0 } : region,
&buflen);
@ -1195,7 +1196,6 @@ httpd_senddone(isc_nmhandle_t *handle, isc_result_t result, void *arg) {
isc_httpd_t *httpd = (isc_httpd_t *)arg;
REQUIRE(VALID_HTTPD(httpd));
REQUIRE(httpd->state == SEND);
REQUIRE(httpd->handle == handle);
isc_buffer_free(&httpd->sendbuffer);
@ -1222,6 +1222,8 @@ httpd_senddone(isc_nmhandle_t *handle, isc_result_t result, void *arg) {
goto cleanup_readhandle;
}
REQUIRE(httpd->state == SEND);
httpd->state = RECV;
httpd->sendhandle = NULL;