From cff69c65b5e5710c62361e968eb7a36eea8c0fb9 Mon Sep 17 00:00:00 2001 From: Artem Boldariev Date: Fri, 12 Jan 2024 17:50:12 +0200 Subject: [PATCH] Fix flawed logic when detecting same listener type The older version of the code was reporting that listeners are going to be of the same type after reconfiguration when switching from DoT to HTTPS listener, making BIND abort its executions. That was happening due to the flaw in logic due to which the code could consider a current listener and a configuration for the new one to be of the same type (DoT) even when the new listener entry is explicitly marked as HTTP. The checks for PROXY in between the configuration were masking that behaviour, but when porting it to 9.18 (when there is no PROXY support), the behaviour was exposed. Now the code mirrors the logic in 'interface_setup()' closely (as it was meant to). (cherry picked from commit 8ae661048d7baa3b1fb955cecc4101a2daa32a65) --- lib/ns/interfacemgr.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/lib/ns/interfacemgr.c b/lib/ns/interfacemgr.c index d9f479046f..c7e057bf9e 100644 --- a/lib/ns/interfacemgr.c +++ b/lib/ns/interfacemgr.c @@ -1030,16 +1030,13 @@ static bool same_listener_type(ns_interface_t *ifp, ns_listenelt_t *new_le) { bool same_transport_type = false; - if (new_le->is_http && new_le->sslctx != NULL && - ifp->http_secure_listensocket != NULL) - { - /* HTTPS/DoH */ - same_transport_type = true; - } else if (new_le->is_http && new_le->sslctx == NULL && - ifp->http_listensocket != NULL) - { - /* HTTP/plain DoH */ - same_transport_type = true; + /* See 'interface_setup()' above */ + if (new_le->is_http) { + /* HTTP/DoH */ + same_transport_type = (new_le->sslctx != NULL && + ifp->http_secure_listensocket != NULL) || + (new_le->sslctx == NULL && + ifp->http_listensocket != NULL); } else if (new_le->sslctx != NULL && ifp->tlslistensocket != NULL) { /* TLS/DoT */ same_transport_type = true;