From: Wouter Wijngaards Date: Thu, 4 Oct 2007 15:10:11 +0000 (+0000) Subject: security audit changes. X-Git-Tag: release-0.6~87 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=41e847df18c9bee46df2b6f4917972106d0e5424;p=thirdparty%2Funbound.git security audit changes. git-svn-id: file:///svn/unbound/trunk@657 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/Makefile.in b/Makefile.in index 4943e4e89..49e30e7da 100644 --- a/Makefile.in +++ b/Makefile.in @@ -58,24 +58,25 @@ COMMON_SRC=$(wildcard services/*.c services/cache/*.c util/*.c \ COMMON_OBJ=$(addprefix $(BUILD),$(COMMON_SRC:.c=.o)) COMPAT_OBJ=$(addprefix $(BUILD)compat/,$(LIBOBJS)) UNITTEST_SRC=$(wildcard testcode/unit*.c) testcode/readhex.c \ - testcode/ldns-testpkts.c $(COMMON_SRC) + testcode/ldns-testpkts.c checkconf/worker_cb.c $(COMMON_SRC) UNITTEST_OBJ=$(addprefix $(BUILD),$(UNITTEST_SRC:.c=.o)) $(COMPAT_OBJ) DAEMON_SRC=$(wildcard daemon/*.c) $(COMMON_SRC) DAEMON_OBJ=$(addprefix $(BUILD),$(DAEMON_SRC:.c=.o)) $(COMPAT_OBJ) -CHECKCONF_SRC=checkconf/unbound-checkconf.c $(COMMON_SRC) +CHECKCONF_SRC=checkconf/unbound-checkconf.c checkconf/worker_cb.c $(COMMON_SRC) CHECKCONF_OBJ=$(addprefix $(BUILD),$(CHECKCONF_SRC:.c=.o)) $(COMPAT_OBJ) TESTBOUND_SRC=testcode/testbound.c testcode/ldns-testpkts.c \ daemon/worker.c daemon/daemon.c daemon/stats.c testcode/replay.c \ testcode/fake_event.c $(filter-out util/netevent.c \ services/listen_dnsport.c services/outside_network.c, $(COMMON_SRC)) TESTBOUND_OBJ=$(addprefix $(BUILD),$(TESTBOUND_SRC:.c=.o)) $(COMPAT_OBJ) -LOCKVERIFY_SRC=testcode/lock_verify.c $(COMMON_SRC) +LOCKVERIFY_SRC=testcode/lock_verify.c checkconf/worker_cb.c $(COMMON_SRC) LOCKVERIFY_OBJ=$(addprefix $(BUILD),$(LOCKVERIFY_SRC:.c=.o)) $(COMPAT_OBJ) -PKTVIEW_SRC=testcode/pktview.c testcode/readhex.c $(COMMON_SRC) +PKTVIEW_SRC=testcode/pktview.c testcode/readhex.c checkconf/worker_cb.c \ + $(COMMON_SRC) PKTVIEW_OBJ=$(addprefix $(BUILD),$(PKTVIEW_SRC:.c=.o)) $(COMPAT_OBJ) -SIGNIT_SRC=testcode/signit.c $(COMMON_SRC) +SIGNIT_SRC=testcode/signit.c checkconf/worker_cb.c $(COMMON_SRC) SIGNIT_OBJ=$(addprefix $(BUILD),$(SIGNIT_SRC:.c=.o)) $(COMPAT_OBJ) -MEMSTATS_SRC=testcode/memstats.c $(COMMON_SRC) +MEMSTATS_SRC=testcode/memstats.c checkconf/worker_cb.c $(COMMON_SRC) MEMSTATS_OBJ=$(addprefix $(BUILD),$(MEMSTATS_SRC:.c=.o)) $(COMPAT_OBJ) ALL_SRC=$(COMMON_SRC) $(UNITTEST_SRC) $(DAEMON_SRC) \ $(TESTBOUND_SRC) $(LOCKVERIFY_SRC) $(PKTVIEW_SRC) $(SIGNIT_SRC) \ diff --git a/checkconf/worker_cb.c b/checkconf/worker_cb.c new file mode 100644 index 000000000..84f95d313 --- /dev/null +++ b/checkconf/worker_cb.c @@ -0,0 +1,67 @@ +/* + * checkconf/worker_cb.c - fake callback routines to make fptr_wlist work + * + * Copyright (c) 2007, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains fake callback functions, so that the symbols exist + * and the fptr_wlist continues to work even if the daemon/worker is not + * linked into the resulting program. + */ +#include "config.h" +#include "util/log.h" +struct comm_reply; +struct comm_point; + +int worker_handle_control_cmd(struct comm_point* ATTR_UNUSED(c), + void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), + struct comm_reply* ATTR_UNUSED(reply_info)) +{ + log_assert(0); + return 0; +} + +int worker_handle_request(struct comm_point* ATTR_UNUSED(c), + void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), + struct comm_reply* ATTR_UNUSED(repinfo)) +{ + log_assert(0); + return 0; +} + +void worker_sighandler(int ATTR_UNUSED(sig), void* ATTR_UNUSED(arg)) +{ + log_assert(0); +} diff --git a/daemon/unbound.c b/daemon/unbound.c index e696fffbd..cde19e5fa 100644 --- a/daemon/unbound.c +++ b/daemon/unbound.c @@ -111,7 +111,8 @@ checkrlimits(struct config_file* cfg) /** to changedir, logfile */ static void -apply_dir(struct daemon* daemon, struct config_file* cfg, int cmdline_verbose) +apply_dir(struct daemon* daemon, struct config_file* cfg, int cmdline_verbose, + int debug_mode) { /* apply if they have changed */ daemon->cfg = cfg; @@ -127,6 +128,9 @@ apply_dir(struct daemon* daemon, struct config_file* cfg, int cmdline_verbose) log_err("cwd: malloc failed"); } } + if(!debug_mode) { + log_init(cfg->logfile, cfg->use_syslog); + } if(!daemon->env->msg_cache || cfg->msg_cache_size != slabhash_get_size(daemon->env->msg_cache) || cfg->msg_cache_slabs != daemon->env->msg_cache->size) { @@ -321,7 +325,7 @@ run_daemon(const char* cfgfile, int cmdline_verbose, int debug_mode) fatal_exit("Could not alloc config defaults"); if(!config_read(cfg, cfgfile)) fatal_exit("Could not read config file: %s", cfgfile); - apply_dir(daemon, cfg, cmdline_verbose); + apply_dir(daemon, cfg, cmdline_verbose, debug_mode); /* prepare */ if(!daemon_open_shared_ports(daemon)) diff --git a/daemon/worker.c b/daemon/worker.c index 560b7d4ff..1d69aac4d 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -286,13 +286,7 @@ worker_check_request(ldns_buffer* pkt, struct worker* worker) return 0; } -/** process control messages from the main thread. - * @param c: comm point to read from. - * @param arg: worker. - * @param error: error status of comm point. - * @param reply_info: not used. - */ -static int +int worker_handle_control_cmd(struct comm_point* c, void* arg, int error, struct comm_reply* ATTR_UNUSED(reply_info)) { @@ -655,8 +649,7 @@ answer_chaos(struct worker* w, struct query_info* qinfo, return 0; } -/** handles callbacks from listening event interface */ -static int +int worker_handle_request(struct comm_point* c, void* arg, int error, struct comm_reply* repinfo) { @@ -793,7 +786,6 @@ worker_handle_request(struct comm_point* c, void* arg, int error, return 0; } -/** worker signal callback */ void worker_sighandler(int sig, void* arg) { @@ -901,10 +893,12 @@ worker_init(struct worker* worker, struct config_file *cfg, (((unsigned int)worker->thread_num)<<17); /* shift thread_num so it does not match out pid bits */ if(!ub_initstate(seed, worker->rndstate, RND_STATE_SIZE)) { + seed = 0; log_err("could not init random numbers."); worker_delete(worker); return 0; } + seed = 0; worker->front = listen_create(worker->base, ports, cfg->msg_buffer_size, (int)cfg->incoming_num_tcp, worker_handle_request, worker); diff --git a/daemon/worker.h b/daemon/worker.h index 371a01195..fa92bedb9 100644 --- a/daemon/worker.h +++ b/daemon/worker.h @@ -192,4 +192,18 @@ struct outbound_entry* worker_send_query(uint8_t* qname, size_t qnamelen, struct sockaddr_storage* addr, socklen_t addrlen, struct module_qstate* q); +/** + * process control messages from the main thread. + * @param c: comm point to read from. + * @param arg: worker. + * @param error: error status of comm point. + * @param reply_info: not used. + */ +int worker_handle_control_cmd(struct comm_point* c, void* arg, int error, + struct comm_reply* reply_info); + +/** handles callbacks from listening event interface */ +int worker_handle_request(struct comm_point* c, void* arg, int error, + struct comm_reply* repinfo); + #endif /* DAEMON_WORKER_H */ diff --git a/doc/Changelog b/doc/Changelog index 739b61202..8883edfc4 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,9 @@ +4 October 2007: Wouter + - overwrite sensitive random seed value after use. + - switch to logfile very soon if not -d (console attached). + - error messages do not reveal the trustanchor contents. + - start work on function pointer whitelists. + 3 October 2007: Wouter - fix for multiple empty nonterminals, after multiple DSes in the chain of trust. diff --git a/doc/unbound.8 b/doc/unbound.8 index 603eab0e1..c89378874 100644 --- a/doc/unbound.8 +++ b/doc/unbound.8 @@ -32,7 +32,8 @@ described in .Xr unbound.conf 5 . .It Fl d Debug flag, do not fork into the background, but stay attached to the -console. +console. This flag will also delay writing to the logfile until the +thread-spawn time. So that most config and setup errors appear on stderr. .It Fl v Increase verbosity. If given multiple times, more information is logged. This is in addition to the verbosity (if any) from the config file. diff --git a/doc/unbound.conf.5 b/doc/unbound.conf.5 index e6cdf1fc5..6be04f4be 100644 --- a/doc/unbound.conf.5 +++ b/doc/unbound.conf.5 @@ -149,6 +149,8 @@ If "" is given, logging goes to stderr, or nowhere once daemonized. The logfile is appended to, in the following format: [seconds since 1970] unbound[pid:tid]: type: message. If this option is given, the use-syslog is option is set to "no". +The logfile is reopened (for append) when the config file is reread, on +SIGHUP. .It \fBuse-syslog:\fR Sets unbound to send log messages to the syslogd, using .Xr syslog 3 . diff --git a/services/outside_network.c b/services/outside_network.c index b392310c2..b05b9e482 100644 --- a/services/outside_network.c +++ b/services/outside_network.c @@ -219,8 +219,7 @@ outnet_tcp_cb(struct comm_point* c, void* arg, int error, return 0; } -/** callback for incoming udp answers from the network */ -static int +int outnet_udp_cb(struct comm_point* c, void* arg, int error, struct comm_reply *reply_info) { @@ -381,8 +380,7 @@ calc_num46(char** ifs, int num_ifs, int do_ip4, int do_ip6, } -/** callback for udp timeout */ -static void +void pending_udp_timer_cb(void *arg) { struct pending* p = (struct pending*)arg; @@ -709,8 +707,7 @@ pending_udp_query(struct outside_network* outnet, ldns_buffer* packet, return pend; } -/** callback for outgoing TCP timer event */ -static void +void outnet_tcptimer(void* arg) { struct waiting_tcp* w = (struct waiting_tcp*)arg; diff --git a/services/outside_network.h b/services/outside_network.h index 283453fee..5350bf411 100644 --- a/services/outside_network.h +++ b/services/outside_network.h @@ -369,4 +369,14 @@ size_t outnet_get_mem(struct outside_network* outnet); */ size_t serviced_get_mem(struct serviced_query* sq); +/** callback for incoming udp answers from the network */ +int outnet_udp_cb(struct comm_point* c, void* arg, int error, + struct comm_reply *reply_info); + +/** callback for udp timeout */ +void pending_udp_timer_cb(void *arg); + +/** callback for outgoing TCP timer event */ +void outnet_tcptimer(void* arg); + #endif /* OUTSIDE_NETWORK_H */ diff --git a/testcode/fake_event.c b/testcode/fake_event.c index b1f86d285..4d3c3aaf9 100644 --- a/testcode/fake_event.c +++ b/testcode/fake_event.c @@ -959,4 +959,23 @@ size_t serviced_get_mem(struct serviced_query* ATTR_UNUSED(c)) return 0; } +/* fake for fptr wlist */ +int outnet_udp_cb(struct comm_point* ATTR_UNUSED(c), + void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), + struct comm_reply *ATTR_UNUSED(reply_info)) +{ + log_assert(0); + return 0; +} + +void pending_udp_timer_cb(void *ATTR_UNUSED(arg)) +{ + log_assert(0); +} + +void outnet_tcptimer(void* ATTR_UNUSED(arg)) +{ + log_assert(0); +} + /*********** End of Dummy routines ***********/ diff --git a/util/fptr_wlist.c b/util/fptr_wlist.c new file mode 100644 index 000000000..4309912fd --- /dev/null +++ b/util/fptr_wlist.c @@ -0,0 +1,79 @@ +/* + * util/fptr_wlist.c - function pointer whitelists. + * + * Copyright (c) 2007, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains functions that check function pointers. + * The functions contain a whitelist of known good callback values. + * Any other values lead to an error. + * + * Due to the listing nature, this file violates all the modularization + * boundaries in the program. + */ +#include "config.h" +#include "util/fptr_wlist.h" +#include "daemon/worker.h" +#include "services/outside_network.h" + +int +fptr_whitelist_comm_point(comm_point_callback_t *fptr) +{ + if(fptr == &worker_handle_control_cmd) return 1; + else if(fptr == &worker_handle_request) return 1; + else if(fptr == &outnet_udp_cb) return 1; + return 0; +} + +int +fptr_whitelist_comm_timer(void (*fptr)(void*)) +{ + if(fptr == &pending_udp_timer_cb) return 1; + else if(fptr == &outnet_tcptimer) return 1; + return 0; +} + +int +fptr_whitelist_comm_signal(void (*fptr)(int, void*)) +{ + if(fptr == &worker_sighandler) return 1; + return 0; +} + +int +fptr_whitelist_event(void (*fptr)(int, short, void *)) +{ + return 0; +} diff --git a/util/fptr_wlist.h b/util/fptr_wlist.h new file mode 100644 index 000000000..5e0577787 --- /dev/null +++ b/util/fptr_wlist.h @@ -0,0 +1,90 @@ +/* + * util/fptr_wlist.h - function pointer whitelists. + * + * Copyright (c) 2007, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains functions that check function pointers. + * The functions contain a whitelist of known good callback values. + * Any other values lead to an error. + * + * This prevent heap overflow based exploits, where the callback pointer + * is overwritten by a buffer overflow (apart from this defense, buffer + * overflows should be fixed of course). + * + * Function pointers are used in + * o network code callbacks. + * o rbtree, lruhash, region data manipulation + * o module operations. + */ + +#ifndef UTIL_FPTR_WLIST_H +#define UTIL_FPTR_WLIST_H +#include "util/netevent.h" + +/** + * Check function pointer whitelist for comm_point callback values. + * + * @param fptr: function pointer to check. + * @return false if not in whitelist. + */ +int fptr_whitelist_comm_point(comm_point_callback_t *fptr); + +/** + * Check function pointer whitelist for comm_timer callback values. + * + * @param fptr: function pointer to check. + * @return false if not in whitelist. + */ +int fptr_whitelist_comm_timer(void (*fptr)(void*)); + +/** + * Check function pointer whitelist for comm_signal callback values. + * + * @param fptr: function pointer to check. + * @return false if not in whitelist. + */ +int fptr_whitelist_comm_signal(void (*fptr)(int, void*)); + +/** + * Check function pointer whitelist for event structure callback values. + * This is not called by libevent itself, but checked by netevent. + * + * @param fptr: function pointer to check. + * @return false if not in whitelist. + */ +int fptr_whitelist_event(void (*fptr)(int, short, void *)); + +#endif /* UTIL_FPTR_WLIST_H */ diff --git a/util/netevent.c b/util/netevent.c index 363a50144..b3eb8d312 100644 --- a/util/netevent.c +++ b/util/netevent.c @@ -41,6 +41,7 @@ #include "util/netevent.h" #include "util/log.h" +#include "util/fptr_wlist.h" /* -------- Start of local definitions -------- */ /** The TCP reading or writing query timeout in seconds */ @@ -247,6 +248,7 @@ comm_point_udp_callback(int fd, short event, void* arg) } ldns_buffer_skip(rep.c->buffer, recv); ldns_buffer_flip(rep.c->buffer); + log_assert(fptr_whitelist_comm_point(rep.c->callback)); if((*rep.c->callback)(rep.c, rep.c->cb_arg, NETEVENT_NOERROR, &rep)) { /* send back immediate reply */ (void)comm_point_send_udp_msg(rep.c, rep.c->buffer, @@ -356,6 +358,7 @@ tcp_callback_reader(struct comm_point* c) comm_point_stop_listening(c); rep.c = c; rep.addrlen = 0; + log_assert(fptr_whitelist_comm_point(c->callback)); if( (*c->callback)(c, c->cb_arg, NETEVENT_NOERROR, &rep) ) { comm_point_start_listening(c, -1, TCP_QUERY_TIMEOUT); } @@ -502,27 +505,35 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg) if(event&EV_READ) { if(!comm_point_tcp_handle_read(fd, c, 0)) { reclaim_tcp_handler(c); - if(!c->tcp_do_close) + if(!c->tcp_do_close) { + log_assert(fptr_whitelist_comm_point( + c->callback)); (void)(*c->callback)(c, c->cb_arg, NETEVENT_CLOSED, NULL); + } } return; } if(event&EV_WRITE) { if(!comm_point_tcp_handle_write(fd, c)) { reclaim_tcp_handler(c); - if(!c->tcp_do_close) + if(!c->tcp_do_close) { + log_assert(fptr_whitelist_comm_point( + c->callback)); (void)(*c->callback)(c, c->cb_arg, NETEVENT_CLOSED, NULL); + } } return; } if(event&EV_TIMEOUT) { verbose(VERB_DETAIL, "tcp took too long, dropped"); reclaim_tcp_handler(c); - if(!c->tcp_do_close) + if(!c->tcp_do_close) { + log_assert(fptr_whitelist_comm_point(c->callback)); (void)(*c->callback)(c, c->cb_arg, NETEVENT_TIMEOUT, NULL); + } return; } log_err("Ignored event %d for tcphdl.", event); @@ -535,6 +546,7 @@ static void comm_point_local_handle_callback(int fd, short event, void* arg) if(event&EV_READ) { if(!comm_point_tcp_handle_read(fd, c, 1)) { + log_assert(fptr_whitelist_comm_point(c->callback)); (void)(*c->callback)(c, c->cb_arg, NETEVENT_CLOSED, NULL); } @@ -1064,6 +1076,7 @@ comm_timer_callback(int ATTR_UNUSED(fd), short event, void* arg) if(!(event&EV_TIMEOUT)) return; tm->ev_timer->enabled = 0; + log_assert(fptr_whitelist_comm_timer(tm->callback)); (*tm->callback)(tm->cb_arg); } @@ -1102,6 +1115,7 @@ comm_signal_callback(int sig, short event, void* arg) struct comm_signal* comsig = (struct comm_signal*)arg; if(!(event & EV_SIGNAL)) return; + log_assert(fptr_whitelist_comm_signal(comsig->callback)); (*comsig->callback)(sig, comsig->cb_arg); } diff --git a/validator/val_anchor.c b/validator/val_anchor.c index 1224e7f41..cd625c12e 100644 --- a/validator/val_anchor.c +++ b/validator/val_anchor.c @@ -496,8 +496,8 @@ skip_to_special(FILE* in, ldns_buffer* buf, int* line, int spec) } if(rdlen != 1 || *ldns_buffer_begin(buf) != (uint8_t)spec) { ldns_buffer_write_u8(buf, 0); - log_err("trusted-keys, line %d, expected %c got %s", - *line, spec, ldns_buffer_begin(buf)); + log_err("trusted-keys, line %d, expected %c", + *line, spec); return 0; } return 1; @@ -544,8 +544,7 @@ process_bind_contents(struct val_anchors* anchors, ldns_buffer* buf, ldns_buffer_skip(buf, -1); if(contnum > 0 && quoted) { if(ldns_buffer_remaining(buf) < 8+1) { - log_err("line %d, too long, %s", - *line, ldns_buffer_begin(buf)); + log_err("line %d, too long", *line); return 0; } ldns_buffer_write(buf, " DNSKEY ", 8); @@ -558,8 +557,7 @@ process_bind_contents(struct val_anchors* anchors, ldns_buffer* buf, if(contnum < 5) { ldns_buffer_write_u8(buf, 0); - log_err("line %d, bad key, %s", - *line, ldns_buffer_begin(buf)); + log_err("line %d, bad key", *line); return 0; } ldns_buffer_skip(buf, -1); @@ -570,7 +568,7 @@ process_bind_contents(struct val_anchors* anchors, ldns_buffer* buf, return 0; } if(!anchor_store_str(anchors, buf, str)) { - log_err("line %d, bad key, %s", *line, str); + log_err("line %d, bad key", *line); free(str); return 0; } @@ -583,8 +581,7 @@ process_bind_contents(struct val_anchors* anchors, ldns_buffer* buf, } else if(rdlen == 1 && ldns_buffer_current(buf)[-1] == '}') { if(contnum > 0) { ldns_buffer_write_u8(buf, 0); - log_err("line %d, bad key before }, %s", - *line, ldns_buffer_begin(buf)); + log_err("line %d, bad key before }", *line); return 0; } return 1; @@ -596,8 +593,7 @@ process_bind_contents(struct val_anchors* anchors, ldns_buffer* buf, contnum ++; if(contnum == 1 && !quoted) { if(ldns_buffer_remaining(buf) < 8+1) { - log_err("line %d, too long, %s", - *line, ldns_buffer_begin(buf)); + log_err("line %d, too long", *line); return 0; } ldns_buffer_write(buf, " DNSKEY ", 8);