dndist: apply Remi's comments, thanks

chbruyand · Jul 3, 2024 · 0ace845 · 0ace845
1 parent 3b66414
commit 0ace845
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 9 deletions.
diff --git a/pdns/dnsdistdist/dnsdist-lua-hooks.cc b/pdns/dnsdistdist/dnsdist-lua-hooks.cc
@@ -6,6 +6,9 @@
 
 namespace dnsdist::lua::hooks
 {
+using MaintenanceCallback = std::function<void()>;
+using TicketsKeyAddedHook = std::function<void(const char*, size_t)>;
+
 static LockGuarded<std::vector<MaintenanceCallback>> s_maintenanceHooks;
 
 void runMaintenanceHooks(const LuaContext& context)
@@ -16,7 +19,7 @@ void runMaintenanceHooks(const LuaContext& context)
   }
 }
 
-void addMaintenanceCallback(const LuaContext& context, MaintenanceCallback callback)
+static void addMaintenanceCallback(const LuaContext& context, MaintenanceCallback callback)
 {
   (void)context;
   s_maintenanceHooks.lock()->push_back(std::move(callback));
@@ -27,15 +30,15 @@ void clearMaintenanceHooks()
   s_maintenanceHooks.lock()->clear();
 }
 
-void setTicketsKeyAddedHook(const LuaContext& context, const TicketsKeyAddedHook& hook)
+static void setTicketsKeyAddedHook(const LuaContext& context, const TicketsKeyAddedHook& hook)
 {
   TLSCtx::setTicketsKeyAddedHook([hook](const std::string& key) {
     try {
       auto lua = g_lua.lock();
       hook(key.c_str(), key.size());
     }
     catch (const std::exception& exp) {
-      warnlog("Error calling the Lua hook after new tickets key has been added", exp.what());
+      warnlog("Error calling the Lua hook after new tickets key has been added: %s", exp.what());
     }
   });
 }

diff --git a/pdns/dnsdistdist/dnsdist-lua-hooks.hh b/pdns/dnsdistdist/dnsdist-lua-hooks.hh
@@ -27,12 +27,7 @@ class LuaContext;
 
 namespace dnsdist::lua::hooks
 {
-using MaintenanceCallback = std::function<void()>;
-using TicketsKeyAddedHook = std::function<void(const char*, size_t)>;
-
 void runMaintenanceHooks(const LuaContext& context);
-void addMaintenanceCallback(const LuaContext& context, MaintenanceCallback callback);
-void setTicketsKeyAddedHook(const LuaContext& context, const TicketsKeyAddedHook& hook);
 void clearMaintenanceHooks();
 void setupLuaHooks(LuaContext& luaCtx);
 }
diff --git a/pdns/dnsdistdist/docs/reference/config.rst b/pdns/dnsdistdist/docs/reference/config.rst
@@ -2175,7 +2175,7 @@ Other functions
 
 .. function:: setTicketsKeyAddedHook(callback)
 
-  .. versionadded:: 1.9.0
+  .. versionadded:: 1.9.6
 
   Set a Lua function that will be called everytime a new tickets key is added. The function receives:
 

diff --git a/pdns/libssl.cc b/pdns/libssl.cc
@@ -636,6 +636,8 @@ void OpenSSLTLSTicketKeysRing::addKey(std::shared_ptr<OpenSSLTLSTicketKey>&& new
     auto key = d_ticketKeys.read_lock()->front();
     auto keyContent = key->content();
     TLSCtx::getTicketsKeyAddedHook()(keyContent);
+    // fills mem with 0's
+    OPENSSL_cleanse(keyContent.data(), keyContent.size());
   }
 }
 

diff --git a/pdns/tcpiohandler.cc b/pdns/tcpiohandler.cc
@@ -994,6 +994,7 @@ class GnuTLSTicketsKey
     if (d_key.data != nullptr && d_key.size > 0) {
       // NOLINTNEXTLINE(cppcoreguidelines-pro-type-reinterpret-cast)
       result.append(reinterpret_cast<const char*>(d_key.data), d_key.size);
+      safe_memory_lock(result.data(), result.size());
     }
     return result;
   }
@@ -1758,6 +1759,7 @@ class GnuTLSIOCtx: public TLSCtx
       auto ticketsKey = *(d_ticketsKey.read_lock());
       auto content = ticketsKey->content();
       TLSCtx::getTicketsKeyAddedHook()(content);
+      safe_memory_release(content.data(), content.size());
     }
   }
   void rotateTicketsKey(time_t now) override