upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

TLSDNS: try pass incoming data to OpenSSL if there are any

Browse source 
Otherwise the code path will lead to a call to SSL_get_error()
returning SSL_ERROR_SSL, which in turn might lead to closing
connection to early in an unexpected way, as it is clearly not what is
intended.

The issue was found when working on loppmgr branch and appears to
be timing related as well. Might be responsible for some unexpected
transmission failures e.g. on zone transfers.

(cherry picked from commit 8585b92f98)
This commit is contained in:
Artem Boldariev 2022-06-28 21:05:23 +03:00
parent ba7fabde01
commit c85949fbe1
1 changed files with 34 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

60
lib/isc/netmgr/tlsdns.c
View file

@ -1061,38 +1061,46 @@ tls_cycle_input(isc_nmsocket_t *sock) {
pending = (int)ISC_NETMGR_TCP_RECVBUF_SIZE;
}
if ((sock->buf_len + pending) > sock->buf_size) {
isc__nm_alloc_dnsbuf(sock,
sock->buf_len + pending);
}
len = 0;
rv = SSL_read_ex(sock->tls.tls,
sock->buf + sock->buf_len,
sock->buf_size - sock->buf_len, &len);
if (rv != 1) {
/*
* Process what's in the buffer so far
*/
result = isc__nm_process_sock_buffer(sock);
if (result != ISC_R_SUCCESS) {
goto failure;
if (pending != 0) {
if ((sock->buf_len + pending) > sock->buf_size)
{
isc__nm_alloc_dnsbuf(
sock, sock->buf_len + pending);
}
/*
* FIXME: Should we call
* isc__nm_failed_read_cb()?
*/
break;
len = 0;
rv = SSL_read_ex(sock->tls.tls,
sock->buf + sock->buf_len,
sock->buf_size - sock->buf_len,
&len);
if (rv != 1) {
/*
* Process what's in the buffer so far
*/
result = isc__nm_process_sock_buffer(
sock);
if (result != ISC_R_SUCCESS) {
goto failure;
}
/*
* FIXME: Should we call
* isc__nm_failed_read_cb()?
*/
break;
}
INSIST((size_t)pending == len);
sock->buf_len += len;
}
INSIST((size_t)pending == len);
sock->buf_len += len;
result = isc__nm_process_sock_buffer(sock);
if (result != ISC_R_SUCCESS) {
goto failure;
}
if (pending == 0) {
break;
}
}
} else if (!SSL_is_init_finished(sock->tls.tls)) {
if (SSL_is_server(sock->tls.tls)) {