2396. [bug] Don't set SO_REUSEADDR for randomized ports.

                        [RT #18336]

diff --git a/CHANGES b/CHANGES
index 43d2bd7af22de02b0e20de12967c6c147c297dab..b49b05c9cdee0c11f03dc077b166aacf8e18e4b8 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2396.  [bug]           Don't set SO_REUSEADDR for randomized ports.
+                       [RT #18336]
+
        --- 9.4.2-P1 released ---
 
 2375.   [security]      Fully randomize UDP query ports to improve

diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index 6e7c16be108a71df7b9d62f8654dc65281793896..ac166e9633fa73dbe3da371c4ad32ca1c28bdbfc 100644 (file)
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dighost.c,v 1.259.18.43 2007/08/28 07:19:55 tbox Exp $ */
+/* $Id: dighost.c,v 1.259.18.43.10.1 2008/07/22 04:26:22 marka Exp $ */
 
 /*! \file
  *  \note
@@ -2217,14 +2217,14 @@ send_tcp_connect(dig_query_t *query) {
        sockcount++;
        debug("sockcount=%d", sockcount);
        if (specified_source)
-               result = isc_socket_bind(query->sock, &bind_address);
+               result = isc_socket_bind(query->sock, &bind_address, 1);
        else {
                if ((isc_sockaddr_pf(&query->sockaddr) == AF_INET) &&
                    have_ipv4)
                        isc_sockaddr_any(&bind_any);
                else
                        isc_sockaddr_any6(&bind_any);
-               result = isc_socket_bind(query->sock, &bind_any);
+               result = isc_socket_bind(query->sock, &bind_any, 0);
        }
        check_result(result, "isc_socket_bind");
        bringup_timer(query, TCP_TIMEOUT);
@@ -2271,11 +2271,12 @@ send_udp(dig_query_t *query) {
                sockcount++;
                debug("sockcount=%d", sockcount);
                if (specified_source) {
-                       result = isc_socket_bind(query->sock, &bind_address);
+                       result = isc_socket_bind(query->sock,
+                                                &bind_address, 1);
                } else {
                        isc_sockaddr_anyofpf(&bind_any,
                                        isc_sockaddr_pf(&query->sockaddr));
-                       result = isc_socket_bind(query->sock, &bind_any);
+                       result = isc_socket_bind(query->sock, &bind_any, 0);
                }
                check_result(result, "isc_socket_bind");
 

diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c
index 3e364469e6d3e794a1fe2889e86a7a817b11312e..0d58ee3973b308556a3d9221c1bb502c9c96ae67 100644 (file)
--- a/bin/named/controlconf.c
+++ b/bin/named/controlconf.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: controlconf.c,v 1.40.18.10 2006/12/07 04:53:02 marka Exp $ */
+/* $Id: controlconf.c,v 1.40.18.10.40.1 2008/07/22 04:26:22 marka Exp $ */
 
 /*! \file */
 
@@ -1152,7 +1152,7 @@ add_listener(ns_controls_t *cp, controllistener_t **listenerp,
 
        if (result == ISC_R_SUCCESS)
                result = isc_socket_bind(listener->sock,
-                                        &listener->address);
+                                        &listener->address, 1);
 
        if (result == ISC_R_SUCCESS && type == isc_sockettype_unix) {
                listener->perm = cfg_obj_asuint32(cfg_tuple_get(control,

diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
index db410310147c5280facb6001141eab72d8c861ee..6b7924214db81ced9c4dab6a1adc8e3206f03233 100644 (file)
--- a/bin/named/interfacemgr.c
+++ b/bin/named/interfacemgr.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: interfacemgr.c,v 1.76.18.8 2006/07/20 01:10:30 marka Exp $ */
+/* $Id: interfacemgr.c,v 1.76.18.8.44.1 2008/07/22 04:26:22 marka Exp $ */
 
 /*! \file */
 
@@ -307,7 +307,7 @@ ns_interface_accepttcp(ns_interface_t *ifp) {
 #ifndef ISC_ALLOW_MAPPED
        isc_socket_ipv6only(ifp->tcpsocket, ISC_TRUE);
 #endif
-       result = isc_socket_bind(ifp->tcpsocket, &ifp->addr);
+       result = isc_socket_bind(ifp->tcpsocket, &ifp->addr, 1);
        if (result != ISC_R_SUCCESS) {
                isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_ERROR,
                                 "binding TCP socket: %s",

diff --git a/bin/named/lwresd.c b/bin/named/lwresd.c
index a1073fa4bbf4d664d96c27ac2c871491b79deaaf..a8a07e5a455ed499b5f8a175cdb66ba9890ad6e8 100644 (file)
--- a/bin/named/lwresd.c
+++ b/bin/named/lwresd.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwresd.c,v 1.46.18.7 2006/03/02 00:37:21 marka Exp $ */
+/* $Id: lwresd.c,v 1.46.18.7.52.1 2008/07/22 04:26:22 marka Exp $ */
 
 /*! \file 
  * \brief
@@ -576,7 +576,7 @@ listener_bind(ns_lwreslistener_t *listener, isc_sockaddr_t *address) {
                return (result);
        }
 
-       result = isc_socket_bind(sock, &listener->address);
+       result = isc_socket_bind(sock, &listener->address, 1);
        if (result != ISC_R_SUCCESS) {
                char socktext[ISC_SOCKADDR_FORMATSIZE];
                isc_sockaddr_format(&listener->address, socktext,

diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c
index 8fd0d8e1e2c0baa9783cf59e24f3f4fb71f6c5c3..312c1bc5a761dd3354ad74b49aff702c1609d13c 100644 (file)
--- a/bin/rndc/rndc.c
+++ b/bin/rndc/rndc.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: rndc.c,v 1.96.18.17 2006/08/04 03:03:41 marka Exp $ */
+/* $Id: rndc.c,v 1.96.18.17.42.1 2008/07/22 04:26:22 marka Exp $ */
 
 /*! \file */
 
@@ -400,10 +400,10 @@ rndc_startconnect(isc_sockaddr_t *addr, isc_task_t *task) {
        DO("create socket", isc_socket_create(socketmgr, pf, type, &sock));
        switch (isc_sockaddr_pf(addr)) {
        case AF_INET:
-               DO("bind socket", isc_socket_bind(sock, &local4));
+               DO("bind socket", isc_socket_bind(sock, &local4, 1));
                break;
        case AF_INET6:
-               DO("bind socket", isc_socket_bind(sock, &local6));
+               DO("bind socket", isc_socket_bind(sock, &local6, 1));
                break;
        default:
                break;

diff --git a/bin/tests/sig0_test.c b/bin/tests/sig0_test.c
index 128ade490b4b16ee91bc65618aa4448b37699bee..a3d9a6a36857a5afbcc194f31d50df4d9a06ccf9 100644 (file)
--- a/bin/tests/sig0_test.c
+++ b/bin/tests/sig0_test.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: sig0_test.c,v 1.11.18.2 2005/03/17 03:57:08 marka Exp $ */
+/* $Id: sig0_test.c,v 1.11.18.2.52.1 2008/07/22 04:26:22 marka Exp $ */
 
 #include <config.h>
 
@@ -189,7 +189,7 @@ buildquery(void) {
 
        isc_buffer_usedregion(&qbuffer, &r);
        isc_sockaddr_any(&sa);
-       result = isc_socket_bind(s, &sa);
+       result = isc_socket_bind(s, &sa, 0);
        CHECK("isc_socket_bind", result);
        result = isc_socket_sendto(s, &r, task1, senddone, NULL, &address,
                                   NULL);

diff --git a/bin/tests/sock_test.c b/bin/tests/sock_test.c
index e879503fda13b0ff7644a6601cbd3d12e79bdb9e..ffb1c5d7ab4d0dae979acfa3f1b6940bd3df183b 100644 (file)
--- a/bin/tests/sock_test.c
+++ b/bin/tests/sock_test.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: sock_test.c,v 1.49.18.1 2004/08/28 06:17:30 marka Exp $ */
+/* $Id: sock_test.c,v 1.49.18.1.52.1 2008/07/22 04:26:22 marka Exp $ */
 
 #include <config.h>
 
@@ -321,7 +321,7 @@ main(int argc, char *argv[]) {
        }
        RUNTIME_CHECK(isc_socket_create(socketmgr, pf, isc_sockettype_tcp,
                                        &so1) == ISC_R_SUCCESS);
-       result = isc_socket_bind(so1, &sockaddr);
+       result = isc_socket_bind(so1, &sockaddr, 1);
        RUNTIME_CHECK(result == ISC_R_SUCCESS);
        RUNTIME_CHECK(isc_socket_listen(so1, 0) == ISC_R_SUCCESS);
 

diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c
index 4da89ca20b2ff6cdc2be202691d463e58b760503..7460b7ce961ae7db46c997a98b8f82719242ded0 100644 (file)
--- a/lib/dns/dispatch.c
+++ b/lib/dns/dispatch.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dispatch.c,v 1.116.18.19.12.1 2008/05/22 21:28:06 each Exp $ */
+/* $Id: dispatch.c,v 1.116.18.19.12.2 2008/07/22 04:26:22 marka Exp $ */
 
 /*! \file */
 
@@ -1172,7 +1172,7 @@ destroy_mgr(dns_dispatchmgr_t **mgrp) {
 
 static isc_result_t
 create_socket(isc_socketmgr_t *mgr, isc_sockaddr_t *local,
-             isc_socket_t **sockp)
+             int reuseaddr, isc_socket_t **sockp)
 {
        isc_socket_t *sock;
        isc_result_t result;
@@ -1186,7 +1186,7 @@ create_socket(isc_socketmgr_t *mgr, isc_sockaddr_t *local,
 #ifndef ISC_ALLOW_MAPPED
        isc_socket_ipv6only(sock, ISC_TRUE);
 #endif
-       result = isc_socket_bind(sock, local);
+       result = isc_socket_bind(sock, local, reuseaddr);
        if (result != ISC_R_SUCCESS) {
                isc_socket_detach(&sock);
                return (result);
@@ -1917,7 +1917,7 @@ dispatch_createudp(dns_dispatchmgr_t *mgr, isc_socketmgr_t *sockmgr,
                                attributes &= ~DNS_DISPATCHATTR_RANDOMPORT;
                        goto getsocket;
                }
-               result = create_socket(sockmgr, &localaddr_bound, &sock);
+               result = create_socket(sockmgr, &localaddr_bound, 0, &sock);
                if (result == ISC_R_ADDRINUSE) {
                        if (++k == 1024)
                                attributes &= ~DNS_DISPATCHATTR_RANDOMPORT;
@@ -1925,7 +1925,7 @@ dispatch_createudp(dns_dispatchmgr_t *mgr, isc_socketmgr_t *sockmgr,
                }
                localport = prt;
        } else
-               result = create_socket(sockmgr, localaddr, &sock);
+               result = create_socket(sockmgr, localaddr, 1, &sock);
        if (result != ISC_R_SUCCESS)
                goto deallocate_dispatch;
        if ((attributes & DNS_DISPATCHATTR_RANDOMPORT) == 0 &&

diff --git a/lib/dns/request.c b/lib/dns/request.c
index be8f93d6b843c23df6acbf86013eece1ee9b80dd..66b5c7a02fd4a4d0a5fe9e1afc3c6b0236f04da8 100644 (file)
--- a/lib/dns/request.c
+++ b/lib/dns/request.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: request.c,v 1.72.18.5 2006/08/21 00:40:53 marka Exp $ */
+/* $Id: request.c,v 1.72.18.5.42.1 2008/07/22 04:26:22 marka Exp $ */
 
 /*! \file */
 
@@ -518,11 +518,11 @@ create_tcp_dispatch(dns_requestmgr_t *requestmgr, isc_sockaddr_t *srcaddr,
        if (srcaddr == NULL) {
                isc_sockaddr_anyofpf(&bind_any,
                                     isc_sockaddr_pf(destaddr));
-               result = isc_socket_bind(socket, &bind_any);
+               result = isc_socket_bind(socket, &bind_any, 0);
        } else {
                src = *srcaddr;
                isc_sockaddr_setport(&src, 0);
-               result = isc_socket_bind(socket, &src);
+               result = isc_socket_bind(socket, &src, 0);
        }
        if (result != ISC_R_SUCCESS)
                goto cleanup;

diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 03f4a94c256830596866a5212b475a30705772b5..2d4568188610483eb673ec5f9dc43baa689d5dd2 100644 (file)
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resolver.c,v 1.284.18.66.8.1 2008/05/22 21:28:06 each Exp $ */
+/* $Id: resolver.c,v 1.284.18.66.8.2 2008/07/22 04:26:22 marka Exp $ */
 
 /*! \file */
 
@@ -1123,7 +1123,7 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo,
                        goto cleanup_query;
 
 #ifndef BROKEN_TCP_BIND_BEFORE_CONNECT
-               result = isc_socket_bind(query->tcpsocket, &addr);
+               result = isc_socket_bind(query->tcpsocket, &addr, 0);
                if (result != ISC_R_SUCCESS)
                        goto cleanup_socket;
 #endif

diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c
index dd7801d4f460472126316bf219619e1a06c4bf79..cdfc0ececfd08d815508b6833a8f90c74d539458 100644 (file)
--- a/lib/dns/xfrin.c
+++ b/lib/dns/xfrin.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: xfrin.c,v 1.135.18.16 2007/10/31 01:59:47 marka Exp $ */
+/* $Id: xfrin.c,v 1.135.18.16.10.1 2008/07/22 04:26:23 marka Exp $ */
 
 /*! \file */
 
@@ -862,7 +862,7 @@ xfrin_start(dns_xfrin_ctx_t *xfr) {
                                isc_sockettype_tcp,
                                &xfr->socket));
 #ifndef BROKEN_TCP_BIND_BEFORE_CONNECT
-       CHECK(isc_socket_bind(xfr->socket, &xfr->sourceaddr));
+       CHECK(isc_socket_bind(xfr->socket, &xfr->sourceaddr, 1));
 #endif
        CHECK(isc_socket_connect(xfr->socket, &xfr->masteraddr, xfr->task,
                                 xfrin_connect_done, xfr));

diff --git a/lib/isc/include/isc/socket.h b/lib/isc/include/isc/socket.h
index ccc49f53ca39584735ec057471144663929368cb..0bd0022babe9465dd3265f5cbdd27ea80489c667 100644 (file)
--- a/lib/isc/include/isc/socket.h
+++ b/lib/isc/include/isc/socket.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.h,v 1.57.18.6 2006/06/07 00:29:45 marka Exp $ */
+/* $Id: socket.h,v 1.57.18.6.46.1 2008/07/22 04:26:23 marka Exp $ */
 
 #ifndef ISC_SOCKET_H
 #define ISC_SOCKET_H 1
@@ -312,7 +312,7 @@ isc_socket_detach(isc_socket_t **socketp);
  */
 
 isc_result_t
-isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *addressp);
+isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *addressp, int reuseaddr);
 /*%<
  * Bind 'socket' to '*addressp'.
  *
@@ -322,6 +322,8 @@ isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *addressp);
  *
  * \li 'addressp' points to a valid isc_sockaddr.
  *
+ * \li 'reuseaddr' asks to set SO_REUSEADDR (if the port is not 0).
+
  * Returns:
  *
  * \li ISC_R_SUCCESS

diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c
index e0b902167e8fa58b224e77a3468be0cc086efcd3..ec06c045a0fab43cd9362a87b18b700b1ca4a2ad 100644 (file)
--- a/lib/isc/unix/socket.c
+++ b/lib/isc/unix/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.237.18.29 2007/08/28 07:20:06 tbox Exp $ */
+/* $Id: socket.c,v 1.237.18.29.10.1 2008/07/22 04:26:23 marka Exp $ */
 
 /*! \file */
 
@@ -3165,7 +3165,7 @@ isc_socket_permunix(isc_sockaddr_t *sockaddr, isc_uint32_t perm,
 }
 
 isc_result_t
-isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *sockaddr) {
+isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *sockaddr, int reuseaddr) {
        char strbuf[ISC_STRERRORSIZE];
        int on = 1;
 
@@ -3184,7 +3184,8 @@ isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *sockaddr) {
        if (sock->pf == AF_UNIX)
                goto bind_socket;
 #endif
-       if (isc_sockaddr_getport(sockaddr) != (in_port_t)0 &&
+       if (reuseaddr &&
+           isc_sockaddr_getport(sockaddr) != (in_port_t)0 &&
            setsockopt(sock->fd, SOL_SOCKET, SO_REUSEADDR, (void *)&on,
                       sizeof(on)) < 0) {
                UNEXPECTED_ERROR(__FILE__, __LINE__,

diff --git a/lib/isc/win32/socket.c b/lib/isc/win32/socket.c
index 73ac0acb4ec7b18dfad7fb1ac28949934c9c7e88..b68b1b004f8914dc82b4caeb3b9dc2e1710d1286 100644 (file)
--- a/lib/isc/win32/socket.c
+++ b/lib/isc/win32/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.30.18.20 2007/08/28 07:20:06 tbox Exp $ */
+/* $Id: socket.c,v 1.30.18.20.12.1 2008/07/22 04:26:23 marka Exp $ */
 
 /* This code has been rewritten to take advantage of Windows Sockets
  * I/O Completion Ports and Events. I/O Completion Ports is ONLY
@@ -3283,7 +3283,7 @@ isc_socket_sendto2(isc_socket_t *sock, isc_region_t *region,
 }
 
 isc_result_t
-isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *sockaddr) {
+isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *sockaddr, int reuseaddr) {
        int bind_errno;
        char strbuf[ISC_STRERRORSIZE];
        int on = 1;
@@ -3299,7 +3299,8 @@ isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *sockaddr) {
        /*
         * Only set SO_REUSEADDR when we want a specific port.
         */
-       if (isc_sockaddr_getport(sockaddr) != (in_port_t)0 &&
+       if (reuseaddr &&
+           isc_sockaddr_getport(sockaddr) != (in_port_t)0 &&
            setsockopt(sock->fd, SOL_SOCKET, SO_REUSEADDR, (void *)&on,
                       sizeof(on)) < 0) {
                UNEXPECTED_ERROR(__FILE__, __LINE__,