vendor/unbound/1.9.6

5 files changed, 80 insertions, 63 deletions

diff --git a/daemon/daemon.c b/daemon/daemon.c
index 7461a26e2104..0b1200a2e00a 100644
--- a/daemon/daemon.c
+++ b/daemon/daemon.c
@@ -221,7 +221,9 @@ daemon_init(void)
 	(void)sldns_key_EVP_load_gost_id();
 #  endif
 #  if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO)
+#    ifndef S_SPLINT_S
 	OpenSSL_add_all_algorithms();
+#    endif
 #  else
 	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
 		| OPENSSL_INIT_ADD_ALL_DIGESTS
@@ -248,8 +250,6 @@ daemon_init(void)
 	/* init timezone info while we are not chrooted yet */
 	tzset();
 #endif
-	/* open /dev/random if needed */
-	ub_systemseed((unsigned)time(NULL)^(unsigned)getpid()^0xe67);
 	daemon->need_to_exit = 0;
 	modstack_init(&daemon->mods);
 	if(!(daemon->env = (struct module_env*)calloc(1, 
@@ -427,9 +427,7 @@ daemon_create_workers(struct daemon* daemon)
 	int* shufport;
 	log_assert(daemon && daemon->cfg);
 	if(!daemon->rand) {
-		unsigned int seed = (unsigned int)time(NULL) ^ 
-			(unsigned int)getpid() ^ 0x438;
-		daemon->rand = ub_initstate(seed, NULL);
+		daemon->rand = ub_initstate(NULL);
 		if(!daemon->rand)
 			fatal_exit("could not init random generator");
 		hash_set_raninit((uint32_t)ub_random(daemon->rand));
@@ -575,6 +573,9 @@ void
 daemon_fork(struct daemon* daemon)
 {
 	int have_view_respip_cfg = 0;
+#ifdef HAVE_SYSTEMD
+	int ret;
+#endif
 
 	log_assert(daemon);
 	if(!(daemon->views = views_create()))
@@ -660,7 +661,12 @@ daemon_fork(struct daemon* daemon)
 
 	/* Start resolver service on main thread. */
 #ifdef HAVE_SYSTEMD
-	sd_notify(0, "READY=1");
+	ret = sd_notify(0, "READY=1");
+	if(ret <= 0 && getenv("NOTIFY_SOCKET"))
+		fatal_exit("sd_notify failed %s: %s. Make sure that unbound has "
+				"access/permission to use the socket presented by systemd.",
+				getenv("NOTIFY_SOCKET"),
+				(ret==0?"no $NOTIFY_SOCKET": strerror(-ret)));
 #endif
 	log_info("start of service (%s).", PACKAGE_STRING);
 	worker_work(daemon->workers[0]);
diff --git a/daemon/remote.c b/daemon/remote.c
index 1689154f5721..25547f5705d9 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -499,7 +499,7 @@ int remote_accept_callback(struct comm_point* c, void* arg, int err,
 			goto close_exit;
 		}
 		SSL_set_accept_state(n->ssl);
-		(void)SSL_set_mode(n->ssl, SSL_MODE_AUTO_RETRY);
+		(void)SSL_set_mode(n->ssl, (long)SSL_MODE_AUTO_RETRY);
 		if(!SSL_set_fd(n->ssl, newfd)) {
 			log_crypto_err("could not SSL_set_fd");
 			SSL_free(n->ssl);
@@ -674,19 +674,19 @@ static void send_ok(RES* ssl)
 
 /** do the stop command */
 static void
-do_stop(RES* ssl, struct daemon_remote* rc)
+do_stop(RES* ssl, struct worker* worker)
 {
-	rc->worker->need_to_exit = 1;
-	comm_base_exit(rc->worker->base);
+	worker->need_to_exit = 1;
+	comm_base_exit(worker->base);
 	send_ok(ssl);
 }
 
 /** do the reload command */
 static void
-do_reload(RES* ssl, struct daemon_remote* rc)
+do_reload(RES* ssl, struct worker* worker)
 {
-	rc->worker->need_to_exit = 0;
-	comm_base_exit(rc->worker->base);
+	worker->need_to_exit = 0;
+	comm_base_exit(worker->base);
 	send_ok(ssl);
 }
 
@@ -1070,9 +1070,9 @@ print_ext(RES* ssl, struct ub_stats_info* s)
 
 /** do the stats command */
 static void
-do_stats(RES* ssl, struct daemon_remote* rc, int reset)
+do_stats(RES* ssl, struct worker* worker, int reset)
 {
-	struct daemon* daemon = rc->worker->daemon;
+	struct daemon* daemon = worker->daemon;
 	struct ub_stats_info total;
 	struct ub_stats_info s;
 	int i;
@@ -1080,7 +1080,7 @@ do_stats(RES* ssl, struct daemon_remote* rc, int reset)
 	log_assert(daemon->num > 0);
 	/* gather all thread statistics in one place */
 	for(i=0; i<daemon->num; i++) {
-		server_stats_obtain(rc->worker, daemon->workers[i], &s, reset);
+		server_stats_obtain(worker, daemon->workers[i], &s, reset);
 		if(!print_thread_stats(ssl, i, &s))
 			return;
 		if(i == 0)
@@ -1091,10 +1091,10 @@ do_stats(RES* ssl, struct daemon_remote* rc, int reset)
 	total.mesh_time_median /= (double)daemon->num;
 	if(!print_stats(ssl, "total", &total)) 
 		return;
-	if(!print_uptime(ssl, rc->worker, reset))
+	if(!print_uptime(ssl, worker, reset))
 		return;
 	if(daemon->cfg->stat_extended) {
-		if(!print_mem(ssl, rc->worker, daemon, &total)) 
+		if(!print_mem(ssl, worker, daemon, &total))
 			return;
 		if(!print_hist(ssl, &total))
 			return;
@@ -2851,16 +2851,16 @@ execute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd,
 	char* p = skipwhite(cmd);
 	/* compare command */
 	if(cmdcmp(p, "stop", 4)) {
-		do_stop(ssl, rc);
+		do_stop(ssl, worker);
 		return;
 	} else if(cmdcmp(p, "reload", 6)) {
-		do_reload(ssl, rc);
+		do_reload(ssl, worker);
 		return;
 	} else if(cmdcmp(p, "stats_noreset", 13)) {
-		do_stats(ssl, rc, 0);
+		do_stats(ssl, worker, 0);
 		return;
 	} else if(cmdcmp(p, "stats", 5)) {
-		do_stats(ssl, rc, 1);
+		do_stats(ssl, worker, 1);
 		return;
 	} else if(cmdcmp(p, "status", 6)) {
 		do_status(ssl, worker);
@@ -3125,7 +3125,7 @@ remote_handshake_later(struct daemon_remote* rc, struct rc_state* s,
 	} else {
 		if(r == 0)
 			log_err("remote control connection closed prematurely");
-		log_addr(1, "failed connection from",
+		log_addr(VERB_OPS, "failed connection from",
 			&s->c->repinfo.addr, s->c->repinfo.addrlen);
 		log_crypto_err("remote control failed ssl");
 		clean_point(rc, s);
diff --git a/daemon/stats.c b/daemon/stats.c
index 504b0efccc4a..a01fb6d342ca 100644
--- a/daemon/stats.c
+++ b/daemon/stats.c
@@ -77,7 +77,7 @@ stats_timeval_add(long long* d_sec, long long* d_usec, long long add_sec, long l
 #ifndef S_SPLINT_S
 	(*d_sec) += add_sec;
 	(*d_usec) += add_usec;
-	if((*d_usec) > 1000000) {
+	if((*d_usec) >= 1000000) {
 		(*d_usec) -= 1000000;
 		(*d_sec)++;
 	}
diff --git a/daemon/unbound.c b/daemon/unbound.c
index 6cc8225f5d18..beffb57005fa 100644
--- a/daemon/unbound.c
+++ b/daemon/unbound.c
@@ -88,31 +88,20 @@
 #  include "nss.h"
 #endif
 
-/** print usage. */
-static void usage(void)
+/** print build options. */
+static void
+print_build_options(void)
 {
 	const char** m;
 	const char *evnm="event", *evsys="", *evmethod="";
 	time_t t;
 	struct timeval now;
 	struct ub_event_base* base;
-	printf("usage:  unbound [options]\n");
-	printf("	start unbound daemon DNS resolver.\n");
-	printf("-h	this help\n");
-	printf("-c file	config file to read instead of %s\n", CONFIGFILE);
-	printf("	file format is described in unbound.conf(5).\n");
-	printf("-d	do not fork into the background.\n");
-	printf("-p	do not create a pidfile.\n");
-	printf("-v	verbose (more times to increase verbosity)\n");
-#ifdef UB_ON_WINDOWS
-	printf("-w opt	windows option: \n");
-	printf("   	install, remove - manage the services entry\n");
-	printf("   	service - used to start from services control panel\n");
-#endif
-	printf("Version %s\n", PACKAGE_VERSION);
+	printf("Version %s\n\n", PACKAGE_VERSION);
+	printf("Configure line: %s\n", CONFCMDLINE);
 	base = ub_default_event_base(0,&t,&now);
 	ub_get_event_sys(base, &evnm, &evsys, &evmethod);
-	printf("linked libs: %s %s (it uses %s), %s\n", 
+	printf("Linked libs: %s %s (it uses %s), %s\n",
 		evnm, evsys, evmethod,
 #ifdef HAVE_SSL
 #  ifdef SSLEAY_VERSION
@@ -126,16 +115,42 @@ static void usage(void)
 		"nettle"
 #endif
 		);
-	printf("linked modules:");
+	printf("Linked modules:");
 	for(m = module_list_avail(); *m; m++)
 		printf(" %s", *m);
 	printf("\n");
 #ifdef USE_DNSCRYPT
 	printf("DNSCrypt feature available\n");
 #endif
+#ifdef USE_TCP_FASTOPEN
+	printf("TCP Fastopen feature available\n");
+#endif
+	ub_event_base_free(base);
+	printf("\nBSD licensed, see LICENSE in source package for details.\n");
+	printf("Report bugs to %s\n", PACKAGE_BUGREPORT);
+}
+
+/** print usage. */
+static void
+usage(void)
+{
+	printf("usage:  unbound [options]\n");
+	printf("	start unbound daemon DNS resolver.\n");
+	printf("-h	this help.\n");
+	printf("-c file	config file to read instead of %s\n", CONFIGFILE);
+	printf("	file format is described in unbound.conf(5).\n");
+	printf("-d	do not fork into the background.\n");
+	printf("-p	do not create a pidfile.\n");
+	printf("-v	verbose (more times to increase verbosity).\n");
+	printf("-V	show version number and build options.\n");
+#ifdef UB_ON_WINDOWS
+	printf("-w opt	windows option: \n");
+	printf("   	install, remove - manage the services entry\n");
+	printf("   	service - used to start from services control panel\n");
+#endif
+	printf("\nVersion %s\n", PACKAGE_VERSION);
 	printf("BSD licensed, see LICENSE in source package for details.\n");
 	printf("Report bugs to %s\n", PACKAGE_BUGREPORT);
-	ub_event_base_free(base);
 }
 
 #ifndef unbound_testbound
@@ -720,7 +735,7 @@ main(int argc, char* argv[])
 	log_ident_default = strrchr(argv[0],'/')?strrchr(argv[0],'/')+1:argv[0];
 	log_ident_set(log_ident_default);
 	/* parse the options */
-	while( (c=getopt(argc, argv, "c:dhpvw:")) != -1) {
+	while( (c=getopt(argc, argv, "c:dhpvw:V")) != -1) {
 		switch(c) {
 		case 'c':
 			cfgfile = optarg;
@@ -741,6 +756,9 @@ main(int argc, char* argv[])
 		case 'w':
 			winopt = optarg;
 			break;
+		case 'V':
+			print_build_options();
+			return 0;
 		case '?':
 		case 'h':
 		default:
@@ -769,7 +787,7 @@ main(int argc, char* argv[])
 	log_init(NULL, 0, NULL); /* close logfile */
 #ifndef unbound_testbound
 	if(log_get_lock()) {
-		lock_quick_destroy((lock_quick_type*)log_get_lock());
+		lock_basic_destroy((lock_basic_type*)log_get_lock());
 	}
 #endif
 	return 0;
diff --git a/daemon/worker.c b/daemon/worker.c
index 661f6967d41d..e2ce0e87009b 100644
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@ -721,8 +721,6 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo,
 	if(encode_rep != rep)
 		secure = 0; /* if rewritten, it can't be considered "secure" */
 	if(!encode_rep || *alias_rrset) {
-		sldns_buffer_clear(repinfo->c->buffer);
-		sldns_buffer_flip(repinfo->c->buffer);
 		if(!encode_rep)
 			*need_drop = 1;
 		else {
@@ -762,17 +760,14 @@ bail_out:
 	return 0;
 }
 
-/** Reply to client and perform prefetch to keep cache up to date.
- * If the buffer for the reply is empty, it indicates that only prefetch is
- * necessary and the reply should be suppressed (because it's dropped or
- * being deferred). */
+/** Reply to client and perform prefetch to keep cache up to date. */
 static void
 reply_and_prefetch(struct worker* worker, struct query_info* qinfo, 
-	uint16_t flags, struct comm_reply* repinfo, time_t leeway)
+	uint16_t flags, struct comm_reply* repinfo, time_t leeway, int noreply)
 {
 	/* first send answer to client to keep its latency 
 	 * as small as a cachereply */
-	if(sldns_buffer_limit(repinfo->c->buffer) != 0) {
+	if(!noreply) {
 		if(repinfo->c->tcp_req_info) {
 			sldns_buffer_copy(
 				repinfo->c->tcp_req_info->spool_buffer,
@@ -1100,7 +1095,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
 	struct respip_client_info* cinfo = NULL, cinfo_tmp;
 	memset(&qinfo, 0, sizeof(qinfo));
 
-	if(error != NETEVENT_NOERROR) {
+	if(error != NETEVENT_NOERROR || !repinfo) {
 		/* some bad tcp query DNS formats give these error calls */
 		verbose(VERB_ALGO, "handle request called with err=%d", error);
 		return 0;
@@ -1484,7 +1479,8 @@ lookup_cache:
 					lock_rw_unlock(&e->lock);
 					reply_and_prefetch(worker, lookup_qinfo,
 						sldns_buffer_read_u16_at(c->buffer, 2),
-						repinfo, leeway);
+						repinfo, leeway,
+						(partial_rep || need_drop));
 					if(!partial_rep) {
 						rc = 0;
 						regional_free_all(worker->scratchpad);
@@ -1566,16 +1562,17 @@ send_reply_rc:
 #endif
 	if(worker->env.cfg->log_replies)
 	{
-		struct timeval tv = {0, 0};
+		struct timeval tv;
+		memset(&tv, 0, sizeof(tv));
 		if(qinfo.local_alias && qinfo.local_alias->rrset &&
 			qinfo.local_alias->rrset->rk.dname) {
 			/* log original qname, before the local alias was
 			 * used to resolve that CNAME to something else */
 			qinfo.qname = qinfo.local_alias->rrset->rk.dname;
-			log_reply_info(0, &qinfo, &repinfo->addr, repinfo->addrlen,
+			log_reply_info(NO_VERBOSE, &qinfo, &repinfo->addr, repinfo->addrlen,
 				tv, 1, c->buffer);
 		} else {
-			log_reply_info(0, &qinfo, &repinfo->addr, repinfo->addrlen,
+			log_reply_info(NO_VERBOSE, &qinfo, &repinfo->addr, repinfo->addrlen,
 				tv, 1, c->buffer);
 		}
 	}
@@ -1684,11 +1681,7 @@ worker_create(struct daemon* daemon, int id, int* ports, int n)
 		return NULL;
 	}
 	/* create random state here to avoid locking trouble in RAND_bytes */
-	seed = (unsigned int)time(NULL) ^ (unsigned int)getpid() ^
-		(((unsigned int)worker->thread_num)<<17);
-		/* shift thread_num so it does not match out pid bits */
-	if(!(worker->rndstate = ub_initstate(seed, daemon->rand))) {
-		explicit_bzero(&seed, sizeof(seed));
+	if(!(worker->rndstate = ub_initstate(daemon->rand))) {
 		log_err("could not init random numbers.");
 		tube_delete(worker->cmd);
 		free(worker->ports);