- Fix that fast_reload does not terminate the server if

author W.C.A. Wijngaards <wouter@nlnetlabs.nl>

Wed, 17 Jun 2026 14:15:15 +0000 (16:15 +0200)

committer W.C.A. Wijngaards <wouter@nlnetlabs.nl>

Wed, 17 Jun 2026 14:15:15 +0000 (16:15 +0200)
author W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Wed, 17 Jun 2026 14:15:15 +0000 (16:15 +0200)
committer W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Wed, 17 Jun 2026 14:15:15 +0000 (16:15 +0200)
diff --git a/doc/Changelog b/doc/Changelog

index 16b0e0f7964e7a9e1d87ccb274469c06299ff877..d2b37df10dc33174de81340a853163f64e72210c 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -58,6 +58,11 @@
         - Fix that fast_reload does not terminate the server
           on config read failure after malloc failure. Thanks to
           Qifan Zhang, Palo Alto Networks, for the report.
+       - Fix that fast_reload does not terminate the server if
+         random init for DNS cookies fails. The data is only random
+         generated if cookies are enabled, and the random data
+         is necessary. Thanks to Qifan Zhang, Palo Alto Networks,
+         for the report.
  
  16 June 2026: Wouter
         - Fix to disallow $INCLUDE for secondary zones. Start up
diff --git a/util/config_file.c b/util/config_file.c

index 428633b6c59412c2151f8d5a79b76ab134490beb..ab209a818e315e414d53d8a045c682fb15810d8c 100644 (file)
--- a/util/config_file.c
+++ b/util/config_file.c
@@ -94,7 +94,7 @@ struct config_parser_state* cfg_parser = 0;
  static void init_outgoing_availports(int* array, int num);
  
  /** init cookie with random data */
-static void init_cookie_secret(uint8_t* cookie_secret, size_t cookie_secret_len);
+static int init_cookie_secret(struct config_file* cfg);
  
  struct config_file*
  config_create(void)
@@ -390,8 +390,7 @@ config_create(void)
  #endif
         cfg->do_answer_cookie = 0;
         memset(cfg->cookie_secret, 0, sizeof(cfg->cookie_secret));
-       cfg->cookie_secret_len = 16;
-       init_cookie_secret(cfg->cookie_secret, cfg->cookie_secret_len);
+       cfg->cookie_secret_len = 0; /* not set yet */
         cfg->cookie_secret_file = NULL;
  #ifdef USE_CACHEDB
         if(!(cfg->cachedb_backend = strdup("testframe"))) goto error_exit;
@@ -1577,6 +1576,8 @@ config_read(struct config_file* cfg, const char* filename, const char* chroot)
                 }
                 globfree(&g);
                 config_auto_slab_values(cfg);
+               if(!init_cookie_secret(cfg))
+                       return 0;
                 return 1;
         }
  #endif /* HAVE_GLOB */
@@ -1601,6 +1602,8 @@ config_read(struct config_file* cfg, const char* filename, const char* chroot)
         }
  
         config_auto_slab_values(cfg);
+       if(!init_cookie_secret(cfg))
+               return 0;
         return 1;
  }
  
@@ -1875,18 +1878,33 @@ config_delete(struct config_file* cfg)
         free(cfg);
  }
  
-static void
-init_cookie_secret(uint8_t* cookie_secret, size_t cookie_secret_len)
+static int
+init_cookie_secret(struct config_file* cfg)
  {
-       struct ub_randstate *rand = ub_initstate(NULL);
+       struct ub_randstate* rand;
+       size_t cookie_secret_len;
+       uint8_t* cookie_secret;
+       if(!cfg->do_answer_cookie)
+               return 1;
+       if(cfg->cookie_secret_file && cfg->cookie_secret_file[0])
+               return 1;
+       if(cfg->cookie_secret_len != 0)
+               return 1;
  
-       if (!rand)
-               fatal_exit("could not init random generator");
+       rand = ub_initstate(NULL);
+       if(!rand) {
+               log_err("init_cookie_secret: could not init random generator");
+               return 0;
+       }
+       cfg->cookie_secret_len = 16;
+       cookie_secret_len = cfg->cookie_secret_len;
+       cookie_secret = cfg->cookie_secret;
         while (cookie_secret_len) {
                 *cookie_secret++ = (uint8_t)ub_random(rand);
                 cookie_secret_len--;
         }
         ub_randfree(rand);
+       return 1;
  }
  
  static void
author	W.C.A. Wijngaards <wouter@nlnetlabs.nl>
	Wed, 17 Jun 2026 14:15:15 +0000 (16:15 +0200)
committer	W.C.A. Wijngaards <wouter@nlnetlabs.nl>
	Wed, 17 Jun 2026 14:15:15 +0000 (16:15 +0200)
doc/Changelog		patch \| blob \| blame \| history
util/config_file.c		patch \| blob \| blame \| history