From: Oto Šťáva <oto.stava@nic.cz>
Date: Tue, 14 May 2024 10:05:01 +0000 (+0200)
Subject: Merge 'origin/master' into 6.0 - last merge before rename
X-Git-Tag: v6.0.8~20
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fenvironments%2Fdocs-develop-cove-uiak3c%2Fdeployments%2F4076;p=thirdparty%2Fknot-resolver.git

Merge 'origin/master' into 6.0 - last merge before rename

This is the last commit in `6.0` before it is shifted into `master`,
with 5.x support being moved to `master-5`.
---

2905edac512ebe123fc445e8f20e3bc82ce6c9df
diff --cc daemon/bindings/net.c
index d278ed175,0075d0f2d..aaeef2387
--- a/daemon/bindings/net.c
+++ b/daemon/bindings/net.c
@@@ -1031,12 -1042,18 +1031,16 @@@ static int net_tls_sticket_secret_file(
  				STR(net_tls_sticket_MIN_SECRET_LEN) " bytes",
  			file_name);
  	}
- 	fclose(fp);
+ 	if (fclose(fp) == EOF) {
+ 		lua_error_p(L,
+ 			"net.tls_sticket_secret_file - reading of file '%s' failed",
+ 			file_name);
+ 	}
  
 -	struct network *net = &the_worker->engine->net;
 -
 -	tls_session_ticket_ctx_destroy(net->tls_session_ticket_ctx);
 -	net->tls_session_ticket_ctx =
 -		tls_session_ticket_ctx_create(net->loop, secret_buf, secret_len);
 -	if (net->tls_session_ticket_ctx == NULL) {
 +	tls_session_ticket_ctx_destroy(the_network->tls_session_ticket_ctx);
 +	the_network->tls_session_ticket_ctx =
 +		tls_session_ticket_ctx_create(the_network->loop, secret_buf, secret_len);
 +	if (the_network->tls_session_ticket_ctx == NULL) {
  		lua_error_p(L,
  			"net.tls_sticket_secret_file - can't create session ticket context");
  	}
diff --cc daemon/engine.c
index 275718eee,8c00a5bef..509915df3
--- a/daemon/engine.c
+++ b/daemon/engine.c
@@@ -29,8 -29,28 +29,6 @@@
  #include "lib/dnssec/ta.h"
  #include "lib/log.h"
  
- /* Cleanup engine state every 5 minutes */
- const size_t CLEANUP_TIMER = 5*60*1000;
 -/* Magic defaults for the engine. */
 -#ifndef LRU_RTT_SIZE
 -#define LRU_RTT_SIZE 65536 /**< NS RTT cache size */
 -#endif
 -#ifndef LRU_REP_SIZE
 -#define LRU_REP_SIZE (LRU_RTT_SIZE / 4) /**< NS reputation cache size */
 -#endif
 -#ifndef LRU_COOKIES_SIZE
 -	#if ENABLE_COOKIES
 -	#define LRU_COOKIES_SIZE LRU_RTT_SIZE /**< DNS cookies cache size. */
 -	#else
 -	#define LRU_COOKIES_SIZE LRU_ASSOC /* simpler than guards everywhere */
 -	#endif
 -#endif
 -
 -/**@internal Maximum number of incomplete TCP connections in queue.
 -* Default is from empirical testing - in our case, more isn't necessarily better.
 -* See https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/968
 -* */
 -#ifndef TCP_BACKLOG_DEFAULT
 -#define TCP_BACKLOG_DEFAULT 128
 -#endif
  
  /* Execute byte code */
  #define l_dobytecode(L, arr, len, name) \
diff --cc daemon/io.c
index ea98a7f0e,9299ff2ad..a32f5a3fe
--- a/daemon/io.c
+++ b/daemon/io.c
@@@ -790,19 -834,25 +790,28 @@@ void io_tty_process_input(uv_stream_t *
  				len_s = 0;
  			}
  			uint32_t len_n = htonl(len_s);
- 			fwrite(&len_n, sizeof(len_n), 1, out);
- 			if (len_s > 0)
- 				fwrite(message, len_s, 1, out);
+ 			if (fwrite(&len_n, sizeof(len_n), 1, out) != 1)
+ 				goto finish;
+ 			if (len_s > 0) {
+ 				if (fwrite(message, len_s, 1, out) != 1)
+ 					goto finish;
+ 			}
 -		} else {
 +			break;
 +		case IO_MODE_TEXT:
 +			/* Human-readable and console-printable mode */
- 			if (message)
- 				fprintf(out, "%s", message);
- 			if (message || !args->quiet)
- 				fprintf(out, "\n");
- 			if (!args->quiet)
- 				fprintf(out, "> ");
+ 			if (message) {
+ 				if (fprintf(out, "%s", message) < 0)
+ 					goto finish;
+ 			}
+ 			if (message || !args->quiet) {
+ 				if (fprintf(out, "\n") < 0)
+ 					goto finish;
+ 			}
+ 			if (!args->quiet) {
+ 				if (fprintf(out, "> ") < 0)
+ 					goto finish;
+ 			}
 +			break;
  		}
  
  		/* Duplicate command and output to logs */
@@@ -824,12 -874,8 +833,12 @@@
  finish:
  	/* Close if redirected */
  	if (stream_fd != STDIN_FILENO) {
- 		fclose(out);
+ 		(void)fclose(out);
  	}
 +	/* If a LMDB transaction got open, we can't leave it hanging.
 +	 * We accept the changes, if any. */
 +	kr_cache_commit(&the_resolver->cache);
 +	kr_rules_commit(true);
  }
  
  void io_tty_alloc(uv_handle_t *handle, size_t suggested, uv_buf_t *buf)
diff --cc daemon/tls.c
index e8dff76c5,0ab396827..09c995084
--- a/daemon/tls.c
+++ b/daemon/tls.c
@@@ -22,12 -21,10 +22,12 @@@
  #include "contrib/base64.h"
  #include "daemon/tls.h"
  #include "daemon/worker.h"
 -#include "daemon/session.h"
 +#include "daemon/session2.h"
  
- #define EPHEMERAL_CERT_EXPIRATION_SECONDS_RENEW_BEFORE (60*60*24*7)
+ #define EPHEMERAL_CERT_EXPIRATION_SECONDS_RENEW_BEFORE ((time_t)60*60*24*7)
  #define GNUTLS_PIN_MIN_VERSION  0x030400
 +#define UNWRAP_BUF_SIZE 131072
 +#define TLS_CHUNK_SIZE (16 * 1024)
  
  #define VERBOSE_MSG(cl_side, ...)\
  	if (cl_side) \
@@@ -514,14 -731,14 +514,14 @@@ int tls_certificate_set(const char *tls
  		return kr_error(EINVAL);
  	}
  	/* record the expiration date: */
- 	tls_credentials->valid_until = _get_end_entity_expiration(tls_credentials->credentials);
+ 	tls_credentials->valid_until = get_end_entity_expiration(tls_credentials->credentials);
  
  	/* Exchange the x509 credentials */
 -	struct tls_credentials *old_credentials = net->tls_credentials;
 +	struct tls_credentials *old_credentials = the_network->tls_credentials;
  
  	/* Start using the new x509_credentials */
 -	net->tls_credentials = tls_credentials;
 -	tls_credentials_log_pins(net->tls_credentials);
 +	the_network->tls_credentials = tls_credentials;
 +	tls_credentials_log_pins(the_network->tls_credentials);
  
  	if (old_credentials) {
  		err = tls_credentials_release(old_credentials);
diff --cc daemon/tls.h
index b8cf7af6f,c30444bea..9fd45fb6f
--- a/daemon/tls.h
+++ b/daemon/tls.h
@@@ -30,10 -30,10 +30,10 @@@
   * So it takes 2 RTT.
   * As we use session tickets, there are additional messages, add one RTT mode.
   */
- #define TLS_MAX_HANDSHAKE_TIME (KR_CONN_RTT_MAX * 3)
 - #define TLS_MAX_HANDSHAKE_TIME (KR_CONN_RTT_MAX * (uint64_t)3)
++#define TLS_MAX_HANDSHAKE_TIME (KR_CONN_RTT_MAX * (uint64_t)3)
  
  /** Transport session (opaque). */
 -struct session;
 +struct session2;
  
  struct tls_ctx;
  struct tls_client_ctx;
diff --cc daemon/worker.c
index 2d293ba9f,12c08f160..2e9f45236
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@@ -194,10 -195,10 +194,10 @@@ static inline struct mempool *pool_borr
  {
  	/* The implementation used to have extra caching layer,
  	 * but it didn't work well.  Now it's very simple. */
- 	return mp_new(16 * 1024);
+ 	return mp_new((size_t)16 * 1024);
  }
  /** Return a mempool. */
 -static inline void pool_release(struct worker_ctx *worker, struct mempool *mp)
 +static inline void pool_release(struct mempool *mp)
  {
  	mp_delete(mp);
  }
diff --cc modules/stats/stats.c
index a8a29de2c,129023f83..d0386738b
--- a/modules/stats/stats.c
+++ b/modules/stats/stats.c
@@@ -366,32 -356,9 +366,32 @@@ static int list_entry(const char *key, 
  	struct list_entry_context *ctx = baton;
  	if (!key_matches_prefix(key, key_len, ctx->key_prefix, ctx->key_prefix_len))
  		return 0;
- 	size_t number = (size_t) *val;
+ 	size_t number = (size_t)*val;
 -	auto_free char *key_nt = strndup(key, key_len);
 -	json_append_member(ctx->root, key_nt, json_mknumber((double)number));
 +
 +	uint32_t dot_index = 0;
 +	for (uint32_t i = 0; i < key_len; i++) {
 +		if (!key[i])
 +			break;
 +		if (key[i] == '.') {
 +			dot_index = i;
 +		}
 +	}
 +
 +	if (dot_index) {
 +		auto_free char *sup_key_nt = strndup(key, dot_index);
 +		auto_free char *sub_key_nt = strndup(key + dot_index + 1, key_len - dot_index - 1);
 +		JsonNode *sup = json_find_member(ctx->root, sup_key_nt);
 +		if (!sup) {
 +			sup = json_mkobject();
 +			json_append_member(ctx->root, sup_key_nt, sup);
 +		}
 +		if (kr_fails_assert(sup))
 +			return 0;
- 		json_append_member(sup, sub_key_nt, json_mknumber(number));
++		json_append_member(sup, sub_key_nt, json_mknumber((double)number));
 +	} else {
 +		auto_free char *key_nt = strndup(key, key_len);
- 		json_append_member(ctx->root, key_nt, json_mknumber(number));
++		json_append_member(ctx->root, key_nt, json_mknumber((double)number));
 +	}
  	return 0;
  }
  
@@@ -407,15 -374,8 +407,15 @@@ static char* stats_list(void *env, stru
  	size_t args_len = args ? strlen(args) : 0;
  	for (unsigned i = 0; i < metric_const_end; ++i) {
  		struct const_metric_elm *elm = &const_metrics[i];
 -		if (!args || strncmp(elm->key, args, args_len) == 0) {
 -			json_append_member(root, elm->key, json_mknumber((double)elm->val));
 +		if (!args || strcmp(elm->sup_key, args) == 0) {
 +			JsonNode *sup = json_find_member(root, elm->sup_key);
 +			if (!sup) {
 +				sup = json_mkobject();
 +				json_append_member(root, elm->sup_key, sup);
 +			}
 +			if (kr_fails_assert(sup))
 +				break;
- 			json_append_member(sup, elm->sub_key, json_mknumber(elm->val));
++			json_append_member(sup, elm->sub_key, json_mknumber((double)elm->val));
  		}
  	}
  	struct list_entry_context ctx = {