From: Wouter Wijngaards Date: Mon, 21 Jan 2019 13:41:13 +0000 (+0000) Subject: - Fix that multiple dns fragments can be carried in one TLS frame. X-Git-Tag: release-1.9.0rc1~41 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=be4583ac84c5bcd5a3fa4cabdd6d19cd4fd0b384;p=thirdparty%2Funbound.git - Fix that multiple dns fragments can be carried in one TLS frame. git-svn-id: file:///svn/unbound/trunk@5043 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/Changelog b/doc/Changelog index 24510fe5b..692e3c57b 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -2,6 +2,7 @@ - Fix tcp idle timeout test, for difference in the tcp reply code. - Unit test for tcp request reorder and timeouts. - Unit tests for ssl out of order processing. + - Fix that multiple dns fragments can be carried in one TLS frame. 17 January 2018: Wouter - For caps-for-id fallback, use the whitelist to avoid timeout diff --git a/services/listen_dnsport.c b/services/listen_dnsport.c index 711319e16..4c67c46a6 100644 --- a/services/listen_dnsport.c +++ b/services/listen_dnsport.c @@ -1620,6 +1620,10 @@ tcp_req_info_setup_listen(struct tcp_req_info* req) req->cp->tcp_is_reading = 1; comm_point_start_listening(req->cp, -1, req->cp->tcp_timeout_msec); + /* and also read it (from SSL stack buffers), so + * no event read event is expected since the remainder of + * the TLS frame is sitting in the buffers. */ + req->read_again = 1; } else { comm_point_start_listening(req->cp, -1, req->cp->tcp_timeout_msec); diff --git a/services/listen_dnsport.h b/services/listen_dnsport.h index 07cb64d17..ff695495c 100644 --- a/services/listen_dnsport.h +++ b/services/listen_dnsport.h @@ -258,6 +258,8 @@ struct tcp_req_info { int is_reply; /** read channel has closed, just write pending results */ int read_is_closed; + /** read again */ + int read_again; /** number of outstanding requests */ int num_open_req; /** list of outstanding requests */ diff --git a/util/netevent.c b/util/netevent.c index 58c65220a..52c65eb40 100644 --- a/util/netevent.c +++ b/util/netevent.c @@ -1353,6 +1353,17 @@ ssl_handle_write(struct comm_point* c) static int ssl_handle_it(struct comm_point* c) { + if(c->tcp_req_info) { + do { + int r; + c->tcp_req_info->read_again = 0; + if(c->tcp_is_reading) + r = ssl_handle_read(c); + else r = ssl_handle_write(c); + if(!r) return r; + } while (c->tcp_req_info->read_again); + return 1; + } if(c->tcp_is_reading) return ssl_handle_read(c); return ssl_handle_write(c);