upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 01:50:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fix flawed logic when detecting same listener type

Browse source 
The older version of the code was reporting that listeners are going
to be of the same type after reconfiguration when switching from DoT
to HTTPS listener, making BIND abort its executions.

That was happening due to the flaw in logic due to which the code
could consider a current listener and a configuration for the new one
to be of the same type (DoT) even when the new listener entry is
explicitly marked as HTTP.

The checks for PROXY in between the configuration were masking that
behaviour, but when porting it to 9.18 (when there is no PROXY
support), the behaviour was exposed.

Now the code mirrors the logic in 'interface_setup()' closely (as it
was meant to).
This commit is contained in:
Artem Boldariev 2024-01-12 17:50:12 +02:00
parent 1f9f8fc568
commit 8ae661048d
2 changed files with 13 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
bin/tests/system/transport-change/tests.sh
View file

@ -96,5 +96,11 @@ run_dig_multitest_expect_success "$testing: a query over plain HTTP/DoH" +http-p
reconfig_server "reconfiguring the server to use plain HTTP/DoH over PROXYv2" named-http-plain-proxy.conf.in
run_dig_multitest_expect_success "$testing: a query over plain HTTP/DoH over PROXYv2" +http-plain +proxy
reconfig_server "reconfiguring the server back to use TLS/DoT" named-tls.conf.in
run_dig_multitest_expect_success "$testing: a query over TLS/DoT" +tls
reconfig_server "reconfiguring the server back to use HTTPS/DoH" named-https.conf.in
run_dig_multitest_expect_success "$testing: a query over HTTPS/DoH" +https
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

17
lib/ns/interfacemgr.c
View file

@ -1023,16 +1023,13 @@ static bool
same_listener_type(ns_interface_t *ifp, ns_listenelt_t *new_le) {
bool same_transport_type = false;
if (new_le->is_http && new_le->sslctx != NULL &&
ifp->http_secure_listensocket != NULL)
{
/* HTTPS/DoH */
same_transport_type = true;
} else if (new_le->is_http && new_le->sslctx == NULL &&
ifp->http_listensocket != NULL)
{
/* HTTP/plain DoH */
same_transport_type = true;
/* See 'interface_setup()' above */
if (new_le->is_http) {
/* HTTP/DoH */
same_transport_type = (new_le->sslctx != NULL &&
ifp->http_secure_listensocket != NULL) ||
(new_le->sslctx == NULL &&
ifp->http_listensocket != NULL);
} else if (new_le->sslctx != NULL && ifp->tlslistensocket != NULL) {
/* TLS/DoT */
same_transport_type = true;