diff options
Diffstat (limited to 'external/unbound/daemon')
-rw-r--r-- | external/unbound/daemon/remote.c | 30 | ||||
-rw-r--r-- | external/unbound/daemon/unbound.c | 5 | ||||
-rw-r--r-- | external/unbound/daemon/worker.c | 9 |
3 files changed, 28 insertions, 16 deletions
diff --git a/external/unbound/daemon/remote.c b/external/unbound/daemon/remote.c index 300948b32..d533e0867 100644 --- a/external/unbound/daemon/remote.c +++ b/external/unbound/daemon/remote.c @@ -208,12 +208,14 @@ daemon_remote_create(struct config_file* cfg) return NULL; } /* no SSLv2, SSLv3 because has defects */ - if(!(SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){ + if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) + != SSL_OP_NO_SSLv2){ log_crypto_err("could not set SSL_OP_NO_SSLv2"); daemon_remote_delete(rc); return NULL; } - if(!(SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)){ + if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3) + != SSL_OP_NO_SSLv3){ log_crypto_err("could not set SSL_OP_NO_SSLv3"); daemon_remote_delete(rc); return NULL; @@ -1259,8 +1261,6 @@ struct del_info { size_t len; /** labels */ int labs; - /** now */ - time_t now; /** time to invalidate to */ time_t expired; /** number of rrsets removed */ @@ -1289,7 +1289,7 @@ infra_del_host(struct lruhash_entry* e, void* arg) d->timeout_AAAA = 0; d->timeout_other = 0; rtt_init(&d->rtt); - if(d->ttl >= inf->now) { + if(d->ttl > inf->expired) { d->ttl = inf->expired; inf->num_keys++; } @@ -1318,7 +1318,6 @@ do_flush_infra(SSL* ssl, struct worker* worker, char* arg) inf.name = 0; inf.len = 0; inf.labs = 0; - inf.now = *worker->env.now; inf.expired = *worker->env.now; inf.expired -= 3; /* handle 3 seconds skew between threads */ inf.num_rrsets = 0; @@ -1349,7 +1348,7 @@ zone_del_rrset(struct lruhash_entry* e, void* arg) if(dname_subdomain_c(k->rk.dname, inf->name)) { struct packed_rrset_data* d = (struct packed_rrset_data*)e->data; - if(d->ttl >= inf->now) { + if(d->ttl > inf->expired) { d->ttl = inf->expired; inf->num_rrsets++; } @@ -1365,7 +1364,7 @@ zone_del_msg(struct lruhash_entry* e, void* arg) struct msgreply_entry* k = (struct msgreply_entry*)e->key; if(dname_subdomain_c(k->key.qname, inf->name)) { struct reply_info* d = (struct reply_info*)e->data; - if(d->ttl >= inf->now) { + if(d->ttl > inf->expired) { d->ttl = inf->expired; inf->num_msgs++; } @@ -1381,7 +1380,7 @@ zone_del_kcache(struct lruhash_entry* e, void* arg) struct key_entry_key* k = (struct key_entry_key*)e->key; if(dname_subdomain_c(k->name, inf->name)) { struct key_entry_data* d = (struct key_entry_data*)e->data; - if(d->ttl >= inf->now) { + if(d->ttl > inf->expired) { d->ttl = inf->expired; inf->num_keys++; } @@ -1404,7 +1403,6 @@ do_flush_zone(SSL* ssl, struct worker* worker, char* arg) inf.name = nm; inf.len = nmlen; inf.labs = nmlabs; - inf.now = *worker->env.now; inf.expired = *worker->env.now; inf.expired -= 3; /* handle 3 seconds skew between threads */ inf.num_rrsets = 0; @@ -1474,7 +1472,6 @@ do_flush_bogus(SSL* ssl, struct worker* worker) struct del_info inf; /* what we do is to set them all expired */ inf.worker = worker; - inf.now = *worker->env.now; inf.expired = *worker->env.now; inf.expired -= 3; /* handle 3 seconds skew between threads */ inf.num_rrsets = 0; @@ -1550,7 +1547,6 @@ do_flush_negative(SSL* ssl, struct worker* worker) struct del_info inf; /* what we do is to set them all expired */ inf.worker = worker; - inf.now = *worker->env.now; inf.expired = *worker->env.now; inf.expired -= 3; /* handle 3 seconds skew between threads */ inf.num_rrsets = 0; @@ -2283,11 +2279,17 @@ do_list_local_data(SSL* ssl, struct worker* worker) for(i=0; i<d->count + d->rrsig_count; i++) { if(!packed_rr_to_string(p->rrset, i, 0, s, slen)) { - if(!ssl_printf(ssl, "BADRR\n")) + if(!ssl_printf(ssl, "BADRR\n")) { + lock_rw_unlock(&z->lock); + lock_rw_unlock(&zones->lock); return; + } } - if(!ssl_printf(ssl, "%s\n", s)) + if(!ssl_printf(ssl, "%s\n", s)) { + lock_rw_unlock(&z->lock); + lock_rw_unlock(&zones->lock); return; + } } } } diff --git a/external/unbound/daemon/unbound.c b/external/unbound/daemon/unbound.c index 8e07c3895..0ceee538c 100644 --- a/external/unbound/daemon/unbound.c +++ b/external/unbound/daemon/unbound.c @@ -180,6 +180,8 @@ static void usage() SSLeay_version(SSLEAY_VERSION) #elif defined(HAVE_NSS) NSS_GetVersion() +#elif defined(HAVE_NETTLE) + "nettle" #endif ); printf("linked modules:"); @@ -450,6 +452,9 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode, /* endpwent below, in case we need pwd for setusercontext */ } #endif +#ifdef UB_ON_WINDOWS + w_config_adjust_directory(cfg); +#endif /* init syslog (as root) if needed, before daemonize, otherwise * a fork error could not be printed since daemonize closed stderr.*/ diff --git a/external/unbound/daemon/worker.c b/external/unbound/daemon/worker.c index 79aec4d3a..c90a65998 100644 --- a/external/unbound/daemon/worker.c +++ b/external/unbound/daemon/worker.c @@ -866,11 +866,16 @@ worker_handle_request(struct comm_point* c, void* arg, int error, goto send_reply; } if((ret=parse_edns_from_pkt(c->buffer, &edns)) != 0) { + struct edns_data reply_edns; verbose(VERB_ALGO, "worker parse edns: formerror."); log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen); - sldns_buffer_rewind(c->buffer); - LDNS_QR_SET(sldns_buffer_begin(c->buffer)); + memset(&reply_edns, 0, sizeof(reply_edns)); + reply_edns.edns_present = 1; + reply_edns.udp_size = EDNS_ADVERTISED_SIZE; LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), ret); + error_encode(c->buffer, ret, &qinfo, + *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), + sldns_buffer_read_u16_at(c->buffer, 2), &reply_edns); server_stats_insrcode(&worker->stats, c->buffer); goto send_reply; } |