When connecting to a remote party the TLS DNS code could process more
than one message at a time despite the fact that it is expected that
we should stop after every DNS message.
Every DNS message is handled and consumed from the input buffer by
isc__nm_process_sock_buffer(). However, as opposed to TCP DNS code, it
can be called more than once when processing incoming data from a
server (see tls_cycle_input()). That, in turn means that we can
process more than one message at a time. Some higher level code might
not expect that, as it breaks the contract.
In particular, in the original report that happened during
isc__nm_async_tlsdnsshutdown() call: when shutting down multiple calls
to tls_cycle() are possible (each possibly leading to a
isc__nm_process_sock_buffer()). If there are any non processed
messages left, for any of the messages left the read callback will be
called even when it is not expected as there were no preceding
isc_nm_read().
To keep TCP DNS and TLS DNS code in sync, we make a similar change to
it as well, although it should not matter.
return (ISC_R_CANCELED);
}
+ if (sock->client && !sock->recv_read) {
+ /*
+ * We are not reading data - stop here.
+ */
+ return (ISC_R_CANCELED);
+ }
+
req = isc__nm_get_read_req(sock, NULL);
REQUIRE(VALID_UVREQ(req));
return (ISC_R_CANCELED);
}
+ if (sock->client && !sock->recv_read) {
+ /*
+ * We are not reading data - stop here.
+ */
+ return (ISC_R_CANCELED);
+ }
+
req = isc__nm_get_read_req(sock, NULL);
REQUIRE(VALID_UVREQ(req));
projects / thirdparty / bind9.git / commitdiff
