From: W.C.A. Wijngaards Date: Mon, 15 Jun 2026 14:31:37 +0000 (+0200) Subject: - Fix that fast_reload does not terminate the server for X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fc09352df6192401afa37c9b936668a15991ab12;p=thirdparty%2Funbound.git - Fix that fast_reload does not terminate the server for errors in config, for key files. Thanks to Qifan Zhang, Palo Alto Networks, for the report. --- diff --git a/daemon/daemon.c b/daemon/daemon.c index 78556c3c4..ee6b0ab6c 100644 --- a/daemon/daemon.c +++ b/daemon/daemon.c @@ -216,7 +216,8 @@ setup_listen_sslctx(void** ctx, int is_dot, int is_doh, (cfg->tls_session_ticket_keys.first && cfg->tls_session_ticket_keys.first->str[0] != 0), is_dot, is_doh, cfg->tls_protocols))) { - fatal_exit("could not set up listen SSL_CTX"); + log_err("could not set up listen SSL_CTX"); + *ctx = NULL; } } #endif /* HAVE_SSL */ @@ -258,7 +259,8 @@ void* daemon_setup_listen_quic_sslctx(struct daemon* daemon, pem += strlen(chroot); if(!(ctx = quic_sslctx_create(key, pem, NULL))) { - fatal_exit("could not set up quic SSL_CTX"); + log_err("could not set up quic SSL_CTX"); + return NULL; } return ctx; } @@ -276,8 +278,10 @@ void* daemon_setup_connect_dot_sslctx(struct daemon* daemon, bundle += strlen(chroot); if(!(ctx = connect_sslctx_create(NULL, NULL, bundle, - cfg->tls_win_cert))) - fatal_exit("could not set up connect SSL_CTX"); + cfg->tls_win_cert))) { + log_err("could not set up connect SSL_CTX"); + return NULL; + } return ctx; } #endif /* HAVE_SSL */ @@ -307,16 +311,22 @@ daemon_setup_sslctxs(struct daemon* daemon, struct config_file* cfg) } daemon->listen_dot_sslctx = daemon_setup_listen_dot_sslctx( daemon, cfg); + if(!daemon->listen_dot_sslctx) + fatal_exit("Could not set up listen dot sslctx"); #ifdef HAVE_NGHTTP2_NGHTTP2_H if(cfg_has_https(cfg)) { daemon->listen_doh_sslctx = daemon_setup_listen_doh_sslctx(daemon, cfg); + if(!daemon->listen_doh_sslctx) + fatal_exit("Could not set up listen doh sslctx"); } #endif #ifdef HAVE_NGTCP2 if(cfg_has_quic(cfg)) { daemon->listen_quic_sslctx = daemon_setup_listen_quic_sslctx(daemon, cfg); + if(!daemon->listen_quic_sslctx) + fatal_exit("Could not set up listen quic sslctx"); } #endif /* HAVE_NGTCP2 */ @@ -349,6 +359,8 @@ daemon_setup_sslctxs(struct daemon* daemon, struct config_file* cfg) } daemon->connect_dot_sslctx = daemon_setup_connect_dot_sslctx( daemon, cfg); + if(!daemon->connect_dot_sslctx) + fatal_exit("could not setup connect dot sslctx"); #else /* HAVE_SSL */ (void)daemon;(void)cfg; #endif /* HAVE_SSL */ diff --git a/daemon/remote.c b/daemon/remote.c index bce73dc86..7dfee4b6d 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -5664,6 +5664,8 @@ ct_create_sslctxs(struct fast_reload_construct* ct, /* Leave listen ctxs and file str at NULL */ ct->connect_dot_sslctx = daemon_setup_connect_dot_sslctx( daemon, newcfg); + if(!ct->connect_dot_sslctx) + return 0; return 1; } @@ -5673,20 +5675,28 @@ ct_create_sslctxs(struct fast_reload_construct* ct, pem += strlen(chroot); ct->listen_dot_sslctx = daemon_setup_listen_dot_sslctx(daemon, newcfg); + if(!ct->listen_dot_sslctx) + return 0; #ifdef HAVE_NGHTTP2_NGHTTP2_H if(cfg_has_https(newcfg)) { ct->listen_doh_sslctx = daemon_setup_listen_doh_sslctx( daemon, newcfg); + if(!ct->listen_doh_sslctx) + return 0; } #endif #ifdef HAVE_NGTCP2 if(cfg_has_quic(newcfg)) { ct->listen_quic_sslctx = daemon_setup_listen_quic_sslctx( daemon, newcfg); + if(!ct->listen_quic_sslctx) + return 0; } #endif /* HAVE_NGTCP2 */ ct->connect_dot_sslctx = daemon_setup_connect_dot_sslctx(daemon, newcfg); + if(!ct->connect_dot_sslctx) + return 0; /* Store mtime and names */ ct->ssl_service_key = strdup(newcfg->ssl_service_key); diff --git a/doc/Changelog b/doc/Changelog index d4985dcb3..50a9f672c 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -34,6 +34,9 @@ - Fix integer overflow for very high values of `sock-queue-timeout`. Thanks to Qifan Zhang, Palo Alto Networks, for the report. + - Fix that fast_reload does not terminate the server for + errors in config, for key files. Thanks to Qifan Zhang, + Palo Alto Networks, for the report. 12 June 2026: Wouter - Fix that for auth-zone and rpz zones the allow-notify diff --git a/services/authzone.c b/services/authzone.c index c342e08b5..86f698031 100644 --- a/services/authzone.c +++ b/services/authzone.c @@ -2185,7 +2185,12 @@ auth_zones_cfg(struct auth_zones* az, struct config_auth* c) z->zonemd_reject_absence = c->zonemd_reject_absence; if(c->isrpz && !z->rpz){ if(!(z->rpz = rpz_create(c))){ - fatal_exit("Could not setup RPZ zones"); + log_err("Could not setup RPZ zones"); + if(x) { + lock_basic_unlock(&x->lock); + } + lock_rw_unlock(&z->lock); + lock_rw_unlock(&az->rpz_lock); return 0; } lock_protect(&z->lock, &z->rpz->local_zones, sizeof(*z->rpz)); diff --git a/services/localzone.c b/services/localzone.c index 52166ae2d..c503fd8aa 100644 --- a/services/localzone.c +++ b/services/localzone.c @@ -671,7 +671,9 @@ lz_enter_rr_str(struct local_zones* zones, const char* rr) z = local_zones_lookup(zones, rr_name, len, labs, rr_class, rr_type, 1); if(!z) { lock_rw_unlock(&zones->lock); - fatal_exit("internal error: no zone for rr %s", rr); + log_err("internal error: no zone for rr %s", rr); + free(rr_name); + return 0; } lock_rw_wrlock(&z->lock); lock_rw_unlock(&zones->lock); diff --git a/validator/val_anchor.c b/validator/val_anchor.c index daa04504e..af42d53c7 100644 --- a/validator/val_anchor.c +++ b/validator/val_anchor.c @@ -534,7 +534,10 @@ readkeyword_bindfile(FILE* in, sldns_buffer* buf, int* line, int comments) while((c = getc(in)) != EOF ) { if(comments && c == '#') { /* # blabla */ skip_to_eol(in, &c); - if(c == EOF) return 0; + if(c == EOF) { + log_err("trusted-keys, %d, got EOF", *line); + return 0; + } (*line)++; continue; } else if(comments && c=='/' && numdone>0 && /* /_/ bla*/ @@ -543,7 +546,10 @@ readkeyword_bindfile(FILE* in, sldns_buffer* buf, int* line, int comments) sldns_buffer_skip(buf, -1); numdone--; skip_to_eol(in, &c); - if(c == EOF) return 0; + if(c == EOF) { + log_err("trusted-keys, %d, got EOF", *line); + return 0; + } (*line)++; continue; } else if(comments && c=='*' && numdone>0 && /* /_* bla *_/ */ @@ -560,7 +566,10 @@ readkeyword_bindfile(FILE* in, sldns_buffer* buf, int* line, int comments) if(c == '\n') (*line)++; } - if(c == EOF) return 0; + if(c == EOF) { + log_err("trusted-keys, %d, got EOF", *line); + return 0; + } continue; } /* not a comment, complete the keyword */ @@ -581,7 +590,8 @@ readkeyword_bindfile(FILE* in, sldns_buffer* buf, int* line, int comments) } /* space for 1 char + 0 string terminator */ if(sldns_buffer_remaining(buf) < 2) { - fatal_exit("trusted-keys, %d, string too long", *line); + log_err("trusted-keys, %d, string too long", *line); + return 0; } sldns_buffer_write_u8(buf, (uint8_t)c); numdone++; @@ -595,7 +605,10 @@ readkeyword_bindfile(FILE* in, sldns_buffer* buf, int* line, int comments) break; } } - if(c == EOF) return 0; + if(c == EOF) { + log_err("trusted-keys, %d, got EOF", *line); + return 0; + } return numdone; } if(is_bind_special(c)) @@ -623,7 +636,7 @@ skip_to_special(FILE* in, sldns_buffer* buf, int* line, int spec) } return 1; } - log_err("trusted-keys, line %d, expected %c got EOF", *line, spec); + log_err("trusted-keys, line %d, expected %c, read failed", *line, spec); return 0; }