Merge branch '3767-dot-no-alpn-transfer-shutdown-crash-v9-18' into 'v9_18'

[9.18](backport )XoT: properly handle the case when checking for ALPN failed See merge request isc-projects/bind9!7387
2026-05-28 04:34:54 -04:00 · 2023-01-17 19:53:54 +00:00 · 2023-01-17 19:53:54 +00:00 · 5d41338e9c
commit 5d41338e9c
parent ed23fd4b1f 26c0dd96eb
2 changed files with 6 additions and 0 deletions
--- a/4
+++ b/4
@ -1,3 +1,7 @@
+6068.	[bug]		Downloading a zone via TLS from a server which does
+			not negotiate "dot" ALPN token could crash BIND
+			on shutdown. That has been fixed. [GL #3767]
+
 6063.	[bug]		Revert a change that limited to honour single
 			read for TLSDNS as it broke XoT. [GL #3772]

--- a/lib/dns/xfrin.c
+++ b/lib/dns/xfrin.c
@ -1234,6 +1234,8 @@ xfrin_connect_done(isc_nmhandle_t *handle, isc_result_t result, void *cbarg) {
 	CHECK(result);

 	if (!isc_nm_xfr_allowed(handle)) {
+		/* set the error code so that XFER will fail */
+		result = ISC_R_NOPERM;
 		goto failure;
 	}