daemon/session2_transport_event(): relax a kr_require()

I fail to see why force a crash there, so let's at least
be defensive for now, as it does happen in practice.

diff --git a/NEWS b/NEWS
index 24e045a8541fbdd48ea32e7ced29f01d873e1da6..fab6cf9aec69211036f30fe3ed26fac20f347f62 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,11 @@
 Knot Resolver 6.0.13 (2025-05-dd)
 =================================
 
+Security
+--------
+- DoS: fix more rare crashes with `requirement` failing (#930, !1696)
+  [system] requirement "session2_is_empty(s)" failed in session2_transport_event
+
 Bugfixes
 --------
 - fix `dnssec: false` (!1687)

diff --git a/daemon/session2.c b/daemon/session2.c
index 60aee3ab81e4fd6d359774f615cf558a9d51251b..450796ded22de00e0fba81a00c6629620d61bafb 100644 (file)
--- a/daemon/session2.c
+++ b/daemon/session2.c
@@ -1735,7 +1735,10 @@ static int session2_transport_event(struct session2 *s,
        bool is_close_event = (event == PROTOLAYER_EVENT_CLOSE ||
                        event == PROTOLAYER_EVENT_FORCE_CLOSE);
        if (is_close_event) {
-               kr_require(session2_is_empty(s));
+               if (kr_fails_assert(session2_is_empty(s))) {
+                       session2_waitinglist_finalize(s, KR_STATE_FAIL);
+                       session2_tasklist_finalize(s, KR_STATE_FAIL);
+               }
                session2_timer_stop(s);
                s->closing = true;
        }