dndist: apply Remi's comments, thanks

author Charles-Henri Bruyand <charles-henri.bruyand@open-xchange.com>

Tue, 2 Jul 2024 13:41:18 +0000 (15:41 +0200)

committer Charles-Henri Bruyand <charles-henri.bruyand@open-xchange.com>

Wed, 3 Jul 2024 07:10:53 +0000 (09:10 +0200)
author Charles-Henri Bruyand <charles-henri.bruyand@open-xchange.com>
Tue, 2 Jul 2024 13:41:18 +0000 (15:41 +0200)
committer Charles-Henri Bruyand <charles-henri.bruyand@open-xchange.com>
Wed, 3 Jul 2024 07:10:53 +0000 (09:10 +0200)
diff --git a/pdns/dnsdistdist/dnsdist-lua-hooks.cc b/pdns/dnsdistdist/dnsdist-lua-hooks.cc

index a5e984e3056e1648dcf1b549d24bc39f24dad1a8..2904cd37926a07351de3cdef8468c9f308916660 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-lua-hooks.cc
+++ b/pdns/dnsdistdist/dnsdist-lua-hooks.cc
@@ -6,6 +6,9 @@
  
  namespace dnsdist::lua::hooks
  {
+using MaintenanceCallback = std::function<void()>;
+using TicketsKeyAddedHook = std::function<void(const char*, size_t)>;
+
  static LockGuarded<std::vector<MaintenanceCallback>> s_maintenanceHooks;
  
  void runMaintenanceHooks(const LuaContext& context)
@@ -16,7 +19,7 @@ void runMaintenanceHooks(const LuaContext& context)
    }
  }
  
-void addMaintenanceCallback(const LuaContext& context, MaintenanceCallback callback)
+static void addMaintenanceCallback(const LuaContext& context, MaintenanceCallback callback)
  {
    (void)context;
    s_maintenanceHooks.lock()->push_back(std::move(callback));
@@ -27,7 +30,7 @@ void clearMaintenanceHooks()
    s_maintenanceHooks.lock()->clear();
  }
  
-void setTicketsKeyAddedHook(const LuaContext& context, const TicketsKeyAddedHook& hook)
+static void setTicketsKeyAddedHook(const LuaContext& context, const TicketsKeyAddedHook& hook)
  {
    TLSCtx::setTicketsKeyAddedHook([hook](const std::string& key) {
      try {
@@ -35,7 +38,7 @@ void setTicketsKeyAddedHook(const LuaContext& context, const TicketsKeyAddedHook
        hook(key.c_str(), key.size());
      }
      catch (const std::exception& exp) {
-      warnlog("Error calling the Lua hook after new tickets key has been added", exp.what());
+      warnlog("Error calling the Lua hook after new tickets key has been added: %s", exp.what());
      }
    });
  }
diff --git a/pdns/dnsdistdist/dnsdist-lua-hooks.hh b/pdns/dnsdistdist/dnsdist-lua-hooks.hh

index 8cbb7c903ae9130945b5f1c8d7b592a4cb352e37..e35c0f10ac5f9b03a32500ef02fd90399d2ced61 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-lua-hooks.hh
+++ b/pdns/dnsdistdist/dnsdist-lua-hooks.hh
@@ -27,12 +27,7 @@ class LuaContext;
  
  namespace dnsdist::lua::hooks
  {
-using MaintenanceCallback = std::function<void()>;
-using TicketsKeyAddedHook = std::function<void(const char*, size_t)>;
-
  void runMaintenanceHooks(const LuaContext& context);
-void addMaintenanceCallback(const LuaContext& context, MaintenanceCallback callback);
-void setTicketsKeyAddedHook(const LuaContext& context, const TicketsKeyAddedHook& hook);
  void clearMaintenanceHooks();
  void setupLuaHooks(LuaContext& luaCtx);
  }
diff --git a/pdns/dnsdistdist/docs/reference/config.rst b/pdns/dnsdistdist/docs/reference/config.rst

index 80ad8ab46546d0123f712c2af5012089b033455f..7e8165968ab1c0dc238fad3cb319282df11cf30b 100644 (file)
--- a/pdns/dnsdistdist/docs/reference/config.rst
+++ b/pdns/dnsdistdist/docs/reference/config.rst
@@ -2175,7 +2175,7 @@ Other functions
  
  .. function:: setTicketsKeyAddedHook(callback)
  
-  .. versionadded:: 1.9.0
+  .. versionadded:: 1.9.6
  
    Set a Lua function that will be called everytime a new tickets key is added. The function receives:
  
diff --git a/pdns/libssl.cc b/pdns/libssl.cc

index 4a2299a37a16806f682a9f166fce5599609a7f13..3f1a86b0ceb40bc9fa3ab0b5deb977f47dc710bc 100644 (file)
--- a/pdns/libssl.cc
+++ b/pdns/libssl.cc
@@ -636,6 +636,8 @@ void OpenSSLTLSTicketKeysRing::addKey(std::shared_ptr<OpenSSLTLSTicketKey>&& new
      auto key = d_ticketKeys.read_lock()->front();
      auto keyContent = key->content();
      TLSCtx::getTicketsKeyAddedHook()(keyContent);
+    // fills mem with 0's
+    OPENSSL_cleanse(keyContent.data(), keyContent.size());
    }
  }
  
diff --git a/pdns/tcpiohandler.cc b/pdns/tcpiohandler.cc

index 094a3e8baa9555e6bd39265b6ebc58fb6aa98130..931da271bd2c4fcae769eef42e1f78c1bb0f270e 100644 (file)
--- a/pdns/tcpiohandler.cc
+++ b/pdns/tcpiohandler.cc
@@ -994,6 +994,7 @@ public:
      if (d_key.data != nullptr && d_key.size > 0) {
        // NOLINTNEXTLINE(cppcoreguidelines-pro-type-reinterpret-cast)
        result.append(reinterpret_cast<const char*>(d_key.data), d_key.size);
+      safe_memory_lock(result.data(), result.size());
      }
      return result;
    }
@@ -1758,6 +1759,7 @@ public:
        auto ticketsKey = *(d_ticketsKey.read_lock());
        auto content = ticketsKey->content();
        TLSCtx::getTicketsKeyAddedHook()(content);
+      safe_memory_release(content.data(), content.size());
      }
    }
    void rotateTicketsKey(time_t now) override
author	Charles-Henri Bruyand <charles-henri.bruyand@open-xchange.com>
	Tue, 2 Jul 2024 13:41:18 +0000 (15:41 +0200)
committer	Charles-Henri Bruyand <charles-henri.bruyand@open-xchange.com>
	Wed, 3 Jul 2024 07:10:53 +0000 (09:10 +0200)
pdns/dnsdistdist/dnsdist-lua-hooks.cc		patch \| blob \| blame \| history
pdns/dnsdistdist/dnsdist-lua-hooks.hh		patch \| blob \| blame \| history
pdns/dnsdistdist/docs/reference/config.rst		patch \| blob \| blame \| history
pdns/libssl.cc		patch \| blob \| blame \| history
pdns/tcpiohandler.cc		patch \| blob \| blame \| history