From: W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Date: Fri, 16 Jul 2021 11:45:41 +0000 (+0200)
Subject: - With hide-version unbound also omits the version from http headers.
X-Git-Tag: release-1.13.2rc1~30
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9d4644b12583911be2a0c4be9a3bc47dfd95a039;p=thirdparty%2Funbound.git

- With hide-version unbound also omits the version from http headers.
---

diff --git a/daemon/worker.c b/daemon/worker.c
index e9e163a04..3fdacef9e 100644
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@ -1796,7 +1796,7 @@ worker_init(struct worker* worker, struct config_file *cfg,
 		worker->daemon->connect_sslctx, cfg->delay_close,
 		cfg->tls_use_sni, dtenv, cfg->udp_connect,
 		cfg->max_reuse_tcp_queries, cfg->tcp_reuse_timeout,
-		cfg->tcp_auth_query_timeout);
+		cfg->tcp_auth_query_timeout, cfg->hide_version);
 	if(!worker->back) {
 		log_err("could not create outgoing sockets");
 		worker_delete(worker);
diff --git a/doc/Changelog b/doc/Changelog
index 0d77c5452..472762a59 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -7,6 +7,7 @@
 	- Fix unbound-control local_data and local_datas to print detailed
 	  syntax errors.
 	- review fix to remove duplicate error printout.
+	- With hide-version unbound also omits the version from http headers.
 
 6 July 2021: Wouter
 	- iana portlist update.
diff --git a/libunbound/libworker.c b/libunbound/libworker.c
index 8a9ca9419..9c4485cb1 100644
--- a/libunbound/libworker.c
+++ b/libunbound/libworker.c
@@ -243,7 +243,7 @@ libworker_setup(struct ub_ctx* ctx, int is_bg, struct ub_event_base* eb)
 		cfg->do_udp || cfg->udp_upstream_without_downstream, w->sslctx,
 		cfg->delay_close, cfg->tls_use_sni, NULL, cfg->udp_connect,
 		cfg->max_reuse_tcp_queries, cfg->tcp_reuse_timeout,
-		cfg->tcp_auth_query_timeout);
+		cfg->tcp_auth_query_timeout, cfg->hide_version);
 	w->env->outnet = w->back;
 	if(!w->is_bg || w->is_bg_thread) {
 		lock_basic_unlock(&ctx->cfglock);
diff --git a/services/outside_network.c b/services/outside_network.c
index af14f8622..60dde2bcf 100644
--- a/services/outside_network.c
+++ b/services/outside_network.c
@@ -1437,7 +1437,7 @@ outside_network_create(struct comm_base *base, size_t bufsize,
 	void (*unwanted_action)(void*), void* unwanted_param, int do_udp,
 	void* sslctx, int delayclose, int tls_use_sni, struct dt_env* dtenv,
 	int udp_connect, int max_reuse_tcp_queries, int tcp_reuse_timeout,
-	int tcp_auth_query_timeout)
+	int tcp_auth_query_timeout, int hide_version)
 {
 	struct outside_network* outnet = (struct outside_network*)
 		calloc(1, sizeof(struct outside_network));
@@ -1471,6 +1471,7 @@ outside_network_create(struct comm_base *base, size_t bufsize,
 	outnet->do_udp = do_udp;
 	outnet->tcp_mss = tcp_mss;
 	outnet->ip_dscp = dscp;
+	outnet->hide_version = hide_version;
 #ifndef S_SPLINT_S
 	if(delayclose) {
 		outnet->delayclose = 1;
@@ -3436,13 +3437,14 @@ outnet_comm_point_for_tcp(struct outside_network* outnet,
 
 /** setup http request headers in buffer for sending query to destination */
 static int
-setup_http_request(sldns_buffer* buf, char* host, char* path)
+setup_http_request(sldns_buffer* buf, char* host, char* path, int hide_version)
 {
 	sldns_buffer_clear(buf);
 	sldns_buffer_printf(buf, "GET /%s HTTP/1.1\r\n", path);
 	sldns_buffer_printf(buf, "Host: %s\r\n", host);
-	sldns_buffer_printf(buf, "User-Agent: unbound/%s\r\n",
-		PACKAGE_VERSION);
+	if(!hide_version)
+		sldns_buffer_printf(buf, "User-Agent: unbound/%s\r\n",
+			PACKAGE_VERSION);
 	/* We do not really do multiple queries per connection,
 	 * but this header setting is also not needed.
 	 * sldns_buffer_printf(buf, "Connection: close\r\n") */
@@ -3494,7 +3496,7 @@ outnet_comm_point_for_http(struct outside_network* outnet,
 	comm_point_start_listening(cp, fd, timeout);
 
 	/* setup http request in cp->buffer */
-	if(!setup_http_request(cp->buffer, host, path)) {
+	if(!setup_http_request(cp->buffer, host, path, outnet->hide_version)) {
 		log_err("error setting up http request");
 		comm_point_delete(cp);
 		return NULL;
diff --git a/services/outside_network.h b/services/outside_network.h
index 071f37dde..97ed048af 100644
--- a/services/outside_network.h
+++ b/services/outside_network.h
@@ -146,6 +146,8 @@ struct outside_network {
 	int tcp_mss;
 	/** IP_TOS socket option requested on the sockets */
 	int ip_dscp;
+	/** hide version option */
+	int hide_version;
 
 	/**
 	 * Array of tcp pending used for outgoing TCP connections.
@@ -544,6 +546,7 @@ struct serviced_query {
  * @param max_reuse_tcp_queries: max number of queries on a reuse connection.
  * @param tcp_reuse_timeout: timeout for REUSE entries in milliseconds.
  * @param tcp_auth_query_timeout: timeout in milliseconds for TCP queries to auth servers.
+ * @param hide_version: if the version is hidden.
  * @return: the new structure (with no pending answers) or NULL on error.
  */
 struct outside_network* outside_network_create(struct comm_base* base,
@@ -554,7 +557,7 @@ struct outside_network* outside_network_create(struct comm_base* base,
 	void (*unwanted_action)(void*), void* unwanted_param, int do_udp,
 	void* sslctx, int delayclose, int tls_use_sni, struct dt_env *dtenv,
 	int udp_connect, int max_reuse_tcp_queries, int tcp_reuse_timeout,
-	int tcp_auth_query_timeout);
+	int tcp_auth_query_timeout, int hide_version);
 
 /**
  * Delete outside_network structure.
diff --git a/testcode/fake_event.c b/testcode/fake_event.c
index a19a1ec0d..feb581d08 100644
--- a/testcode/fake_event.c
+++ b/testcode/fake_event.c
@@ -1052,7 +1052,7 @@ outside_network_create(struct comm_base* base, size_t bufsize,
 	int ATTR_UNUSED(delayclose), int ATTR_UNUSED(tls_use_sni),
 	struct dt_env* ATTR_UNUSED(dtenv), int ATTR_UNUSED(udp_connect),
 	int ATTR_UNUSED(max_reuse_tcp_queries), int ATTR_UNUSED(tcp_reuse_timeout),
-	int ATTR_UNUSED(tcp_auth_query_timeout))
+	int ATTR_UNUSED(tcp_auth_query_timeout), int ATTR_UNUSED(hide_version))
 {
 	struct replay_runtime* runtime = (struct replay_runtime*)base;
 	struct outside_network* outnet =  calloc(1,