aboutsummaryrefslogtreecommitdiff
path: root/external/unbound/daemon
diff options
context:
space:
mode:
Diffstat (limited to 'external/unbound/daemon')
-rw-r--r--external/unbound/daemon/remote.c30
-rw-r--r--external/unbound/daemon/unbound.c5
-rw-r--r--external/unbound/daemon/worker.c9
3 files changed, 28 insertions, 16 deletions
diff --git a/external/unbound/daemon/remote.c b/external/unbound/daemon/remote.c
index 300948b32..d533e0867 100644
--- a/external/unbound/daemon/remote.c
+++ b/external/unbound/daemon/remote.c
@@ -208,12 +208,14 @@ daemon_remote_create(struct config_file* cfg)
return NULL;
}
/* no SSLv2, SSLv3 because has defects */
- if(!(SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){
+ if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)
+ != SSL_OP_NO_SSLv2){
log_crypto_err("could not set SSL_OP_NO_SSLv2");
daemon_remote_delete(rc);
return NULL;
}
- if(!(SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)){
+ if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)
+ != SSL_OP_NO_SSLv3){
log_crypto_err("could not set SSL_OP_NO_SSLv3");
daemon_remote_delete(rc);
return NULL;
@@ -1259,8 +1261,6 @@ struct del_info {
size_t len;
/** labels */
int labs;
- /** now */
- time_t now;
/** time to invalidate to */
time_t expired;
/** number of rrsets removed */
@@ -1289,7 +1289,7 @@ infra_del_host(struct lruhash_entry* e, void* arg)
d->timeout_AAAA = 0;
d->timeout_other = 0;
rtt_init(&d->rtt);
- if(d->ttl >= inf->now) {
+ if(d->ttl > inf->expired) {
d->ttl = inf->expired;
inf->num_keys++;
}
@@ -1318,7 +1318,6 @@ do_flush_infra(SSL* ssl, struct worker* worker, char* arg)
inf.name = 0;
inf.len = 0;
inf.labs = 0;
- inf.now = *worker->env.now;
inf.expired = *worker->env.now;
inf.expired -= 3; /* handle 3 seconds skew between threads */
inf.num_rrsets = 0;
@@ -1349,7 +1348,7 @@ zone_del_rrset(struct lruhash_entry* e, void* arg)
if(dname_subdomain_c(k->rk.dname, inf->name)) {
struct packed_rrset_data* d =
(struct packed_rrset_data*)e->data;
- if(d->ttl >= inf->now) {
+ if(d->ttl > inf->expired) {
d->ttl = inf->expired;
inf->num_rrsets++;
}
@@ -1365,7 +1364,7 @@ zone_del_msg(struct lruhash_entry* e, void* arg)
struct msgreply_entry* k = (struct msgreply_entry*)e->key;
if(dname_subdomain_c(k->key.qname, inf->name)) {
struct reply_info* d = (struct reply_info*)e->data;
- if(d->ttl >= inf->now) {
+ if(d->ttl > inf->expired) {
d->ttl = inf->expired;
inf->num_msgs++;
}
@@ -1381,7 +1380,7 @@ zone_del_kcache(struct lruhash_entry* e, void* arg)
struct key_entry_key* k = (struct key_entry_key*)e->key;
if(dname_subdomain_c(k->name, inf->name)) {
struct key_entry_data* d = (struct key_entry_data*)e->data;
- if(d->ttl >= inf->now) {
+ if(d->ttl > inf->expired) {
d->ttl = inf->expired;
inf->num_keys++;
}
@@ -1404,7 +1403,6 @@ do_flush_zone(SSL* ssl, struct worker* worker, char* arg)
inf.name = nm;
inf.len = nmlen;
inf.labs = nmlabs;
- inf.now = *worker->env.now;
inf.expired = *worker->env.now;
inf.expired -= 3; /* handle 3 seconds skew between threads */
inf.num_rrsets = 0;
@@ -1474,7 +1472,6 @@ do_flush_bogus(SSL* ssl, struct worker* worker)
struct del_info inf;
/* what we do is to set them all expired */
inf.worker = worker;
- inf.now = *worker->env.now;
inf.expired = *worker->env.now;
inf.expired -= 3; /* handle 3 seconds skew between threads */
inf.num_rrsets = 0;
@@ -1550,7 +1547,6 @@ do_flush_negative(SSL* ssl, struct worker* worker)
struct del_info inf;
/* what we do is to set them all expired */
inf.worker = worker;
- inf.now = *worker->env.now;
inf.expired = *worker->env.now;
inf.expired -= 3; /* handle 3 seconds skew between threads */
inf.num_rrsets = 0;
@@ -2283,11 +2279,17 @@ do_list_local_data(SSL* ssl, struct worker* worker)
for(i=0; i<d->count + d->rrsig_count; i++) {
if(!packed_rr_to_string(p->rrset, i,
0, s, slen)) {
- if(!ssl_printf(ssl, "BADRR\n"))
+ if(!ssl_printf(ssl, "BADRR\n")) {
+ lock_rw_unlock(&z->lock);
+ lock_rw_unlock(&zones->lock);
return;
+ }
}
- if(!ssl_printf(ssl, "%s\n", s))
+ if(!ssl_printf(ssl, "%s\n", s)) {
+ lock_rw_unlock(&z->lock);
+ lock_rw_unlock(&zones->lock);
return;
+ }
}
}
}
diff --git a/external/unbound/daemon/unbound.c b/external/unbound/daemon/unbound.c
index 8e07c3895..0ceee538c 100644
--- a/external/unbound/daemon/unbound.c
+++ b/external/unbound/daemon/unbound.c
@@ -180,6 +180,8 @@ static void usage()
SSLeay_version(SSLEAY_VERSION)
#elif defined(HAVE_NSS)
NSS_GetVersion()
+#elif defined(HAVE_NETTLE)
+ "nettle"
#endif
);
printf("linked modules:");
@@ -450,6 +452,9 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
/* endpwent below, in case we need pwd for setusercontext */
}
#endif
+#ifdef UB_ON_WINDOWS
+ w_config_adjust_directory(cfg);
+#endif
/* init syslog (as root) if needed, before daemonize, otherwise
* a fork error could not be printed since daemonize closed stderr.*/
diff --git a/external/unbound/daemon/worker.c b/external/unbound/daemon/worker.c
index 79aec4d3a..c90a65998 100644
--- a/external/unbound/daemon/worker.c
+++ b/external/unbound/daemon/worker.c
@@ -866,11 +866,16 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
goto send_reply;
}
if((ret=parse_edns_from_pkt(c->buffer, &edns)) != 0) {
+ struct edns_data reply_edns;
verbose(VERB_ALGO, "worker parse edns: formerror.");
log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen);
- sldns_buffer_rewind(c->buffer);
- LDNS_QR_SET(sldns_buffer_begin(c->buffer));
+ memset(&reply_edns, 0, sizeof(reply_edns));
+ reply_edns.edns_present = 1;
+ reply_edns.udp_size = EDNS_ADVERTISED_SIZE;
LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), ret);
+ error_encode(c->buffer, ret, &qinfo,
+ *(uint16_t*)(void *)sldns_buffer_begin(c->buffer),
+ sldns_buffer_read_u16_at(c->buffer, 2), &reply_edns);
server_stats_insrcode(&worker->stats, c->buffer);
goto send_reply;
}