From 8ae661048d7baa3b1fb955cecc4101a2daa32a65 Mon Sep 17 00:00:00 2001 From: Artem Boldariev Date: Fri, 12 Jan 2024 17:50:12 +0200 Subject: [PATCH] Fix flawed logic when detecting same listener type The older version of the code was reporting that listeners are going to be of the same type after reconfiguration when switching from DoT to HTTPS listener, making BIND abort its executions. That was happening due to the flaw in logic due to which the code could consider a current listener and a configuration for the new one to be of the same type (DoT) even when the new listener entry is explicitly marked as HTTP. The checks for PROXY in between the configuration were masking that behaviour, but when porting it to 9.18 (when there is no PROXY support), the behaviour was exposed. Now the code mirrors the logic in 'interface_setup()' closely (as it was meant to). --- bin/tests/system/transport-change/tests.sh | 6 ++++++ lib/ns/interfacemgr.c | 17 +++++++---------- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/bin/tests/system/transport-change/tests.sh b/bin/tests/system/transport-change/tests.sh index 646f5af290..56a016766d 100644 --- a/bin/tests/system/transport-change/tests.sh +++ b/bin/tests/system/transport-change/tests.sh @@ -96,5 +96,11 @@ run_dig_multitest_expect_success "$testing: a query over plain HTTP/DoH" +http-p reconfig_server "reconfiguring the server to use plain HTTP/DoH over PROXYv2" named-http-plain-proxy.conf.in run_dig_multitest_expect_success "$testing: a query over plain HTTP/DoH over PROXYv2" +http-plain +proxy +reconfig_server "reconfiguring the server back to use TLS/DoT" named-tls.conf.in +run_dig_multitest_expect_success "$testing: a query over TLS/DoT" +tls + +reconfig_server "reconfiguring the server back to use HTTPS/DoH" named-https.conf.in +run_dig_multitest_expect_success "$testing: a query over HTTPS/DoH" +https + echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/lib/ns/interfacemgr.c b/lib/ns/interfacemgr.c index d3b6f47e8a..965399f63a 100644 --- a/lib/ns/interfacemgr.c +++ b/lib/ns/interfacemgr.c @@ -1023,16 +1023,13 @@ static bool same_listener_type(ns_interface_t *ifp, ns_listenelt_t *new_le) { bool same_transport_type = false; - if (new_le->is_http && new_le->sslctx != NULL && - ifp->http_secure_listensocket != NULL) - { - /* HTTPS/DoH */ - same_transport_type = true; - } else if (new_le->is_http && new_le->sslctx == NULL && - ifp->http_listensocket != NULL) - { - /* HTTP/plain DoH */ - same_transport_type = true; + /* See 'interface_setup()' above */ + if (new_le->is_http) { + /* HTTP/DoH */ + same_transport_type = (new_le->sslctx != NULL && + ifp->http_secure_listensocket != NULL) || + (new_le->sslctx == NULL && + ifp->http_listensocket != NULL); } else if (new_le->sslctx != NULL && ifp->tlslistensocket != NULL) { /* TLS/DoT */ same_transport_type = true;