Refactor poll() loop.

Handling events on file descriptors can result in new file
descriptors being created or old ones being deleted. As such
the results of the last call to poll() become invalid in subtle
ways.

After handling each file descriptor in  check_dns_listeners()
return, to go around the poll() loop again and get valid data
for the new situation.

Thanks to Dominik Derigs for his indefatigable sleuthing of this one.

src/config.h

@@ -18,7 +18,7 @@
 #define MAX_PROCS 20 /* default max no children for TCP requests */
 #define CHILD_LIFETIME 150 /* secs 'till terminated (RFC1035 suggests > 120s) */
 #define TCP_MAX_QUERIES 100 /* Maximum number of queries per incoming TCP connection */
-#define TCP_TIMEOUT 1 /* timeout waiting to connect to an upstream server - double this for answer */
+#define TCP_TIMEOUT 5 /* timeout waiting to connect to an upstream server - double this for answer */
 #define TCP_BACKLOG 32  /* kernel backlog limit for TCP connections */
 #define EDNS_PKTSZ 1232 /* default max EDNS.0 UDP packet from from  /dnsflagday.net/2020 */
 #define KEYBLOCK_LEN 40 /* choose to minimise fragmentation when storing DNSSEC keys */

src/dnsmasq.c

@@ -32,6 +32,7 @@ static volatile int pipewrite;
 static void set_dns_listeners(void);
 static void set_tftp_listeners(void);
 static void check_dns_listeners(time_t now);
+static void do_tcp_connection(struct listener *listener, time_t now);
 static void sig_handler(int sig);
 static void async_event(int pipe, time_t now);
 static void fatal_event(struct event_desc *ev, char *msg);
@@ -1834,20 +1835,16 @@ static void check_dns_listeners(time_t now)
   int i;
   int pipefd[2];
 
-  for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
-    if (poll_check(serverfdp->fd, POLLIN))
-      reply_query(serverfdp->fd, now);
-  
-  for (i = 0; i < daemon->numrrand; i++)
-    if (daemon->randomsocks[i].refcount != 0 && 
-	poll_check(daemon->randomsocks[i].fd, POLLIN))
-      reply_query(daemon->randomsocks[i].fd, now);
-
-  /* Check overflow random sockets too. */
-  for (rfl = daemon->rfl_poll; rfl; rfl = rfl->next)
-    if (poll_check(rfl->rfd->fd, POLLIN))
-      reply_query(rfl->rfd->fd, now);
+  /* Note that handling events here can create or destroy fds and
+     render the result of the last poll() call invalid. Once
+     we find an fd that needs service, do it, then return to go around the
+     poll() loop again. This avoid really, really, wierd bugs. */
 
+  if (!option_bool(OPT_DEBUG))
+    for (i = 0; i < daemon->max_procs; i++)
+      if (daemon->tcp_pipes[i] != -1 &&
+	  poll_check(daemon->tcp_pipes[i], POLLIN | POLLHUP))
+	{
 	   /* Races. The child process can die before we read all of the data from the
 	      pipe, or vice versa. Therefore send tcp_pids to zero when we wait() the 
 	      process, and tcp_pipes to -1 and close the FD when we read the last
@@ -1855,11 +1852,7 @@ static void check_dns_listeners(time_t now)
 	      The order of these events is indeterminate, and both are needed
 	      to free the process slot. Once the child process has gone, poll()
 	      returns POLLHUP, not POLLIN, so have to check for both here. */
-  if (!option_bool(OPT_DEBUG))
-    for (i = 0; i < daemon->max_procs; i++)
-      if (daemon->tcp_pipes[i] != -1 &&
-	  poll_check(daemon->tcp_pipes[i], POLLIN | POLLHUP) &&
-	  !cache_recv_insert(now, daemon->tcp_pipes[i]))
+	  if (!cache_recv_insert(now, daemon->tcp_pipes[i]))
 	    {
 	      close(daemon->tcp_pipes[i]);
 	      daemon->tcp_pipes[i] = -1;	
@@ -1867,11 +1860,38 @@ static void check_dns_listeners(time_t now)
 	      if (daemon->tcp_pids[i] == 0)
 		daemon->metrics[METRIC_TCP_CONNECTIONS]--;
 	    }
+	  return;
+	}
+
+  for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
+    if (poll_check(serverfdp->fd, POLLIN))
+      {
+	reply_query(serverfdp->fd, now);
+	return;
+      }
+  
+  for (i = 0; i < daemon->numrrand; i++)
+    if (daemon->randomsocks[i].refcount != 0 && 
+	poll_check(daemon->randomsocks[i].fd, POLLIN))
+      {
+	reply_query(daemon->randomsocks[i].fd, now);
+	return;
+      }
+  
+  /* Check overflow random sockets too. */
+  for (rfl = daemon->rfl_poll; rfl; rfl = rfl->next)
+    if (poll_check(rfl->rfd->fd, POLLIN))
+      {
+	reply_query(rfl->rfd->fd, now);
+	return;
+      }
   
   for (listener = daemon->listeners; listener; listener = listener->next)
-    {
     if (listener->fd != -1 && poll_check(listener->fd, POLLIN))
+      {
 	receive_query(listener, now); 
+	return;
+      }
   
   /* check to see if we have a free tcp process slot.
      Note that we can't assume that because we had
@@ -1882,23 +1902,39 @@ static void check_dns_listeners(time_t now)
     if (daemon->tcp_pids[i] == 0 && daemon->tcp_pipes[i] == -1)
       break;
 
-      if (listener->tcpfd != -1 && i >= 0 && poll_check(listener->tcpfd, POLLIN))
+  if (i >= 0)
+    for (listener = daemon->listeners; listener; listener = listener->next)
+      if (listener->tcpfd != -1 && poll_check(listener->tcpfd, POLLIN))
+	{
+	  do_tcp_connection(listener, now);
+	  return;
+	}
+}
+
+static void do_tcp_connection(struct listener *listener, time_t now)
 {
   int confd, client_ok = 1;
   struct irec *iface = NULL;
   pid_t p;
   union mysockaddr tcp_addr;
   socklen_t tcp_len = sizeof(union mysockaddr);
+  unsigned char *buff;
+  struct server *s; 
+  int flags, auth_dns, i;
+  struct in_addr netmask;
+  int pipefd[2];
 
   while ((confd = accept(listener->tcpfd, NULL, NULL)) == -1 && errno == EINTR);
   
   if (confd == -1)
-	    continue;
+    return;
   
   if (getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) == -1)
     {
+    closeconandreturn:
+      shutdown(confd, SHUT_RDWR);
       close(confd);
-	      continue;
+      return;
     }
   
   /* Make sure that the interface list is up-to-date.
@@ -1961,17 +1997,26 @@ static void check_dns_listeners(time_t now)
     }
   
   if (!client_ok)
+    goto closeconandreturn;
+  
+  if (!option_bool(OPT_DEBUG))
     {
-	      shutdown(confd, SHUT_RDWR);
-	      close(confd);
-	    }
-	  else if (!option_bool(OPT_DEBUG) && pipe(pipefd) == 0 && (p = fork()) != 0)
+      if (pipe(pipefd) == -1)
+	goto closeconandreturn; /* pipe failed */
+            
+      if ((p = fork()) == -1)
 	{
-	      close(pipefd[1]); /* parent needs read pipe end. */
-	      if (p == -1)
+	  /* fork failed */
 	  close(pipefd[0]);
-	      else
+	  close(pipefd[1]);
+	  goto closeconandreturn;
+	}
+
+      if (p != 0)
 	{
+	  /* fork() done: parent side */
+	  close(pipefd[1]); /* parent needs read pipe end. */
+      
 #ifdef HAVE_LINUX_NETWORK
 	  /* The child process inherits the netlink socket, 
 	     which it never uses, but when the parent (us) 
@@ -1987,8 +2032,7 @@ static void check_dns_listeners(time_t now)
 	     is sent by the child after it has closed the
 	     netlink socket. */
 	  
-		  unsigned char a;
-		  read_write(pipefd[0], &a, 1, RW_READ);
+	  read_write(pipefd[0], buff, 1, RW_READ);
 #endif
 	  
 	  /* i holds index of free slot */
@@ -1997,7 +2041,7 @@ static void check_dns_listeners(time_t now)
 	  daemon->metrics[METRIC_TCP_CONNECTIONS]++;
 	  if (daemon->metrics[METRIC_TCP_CONNECTIONS] > daemon->max_procs_used)
 	    daemon->max_procs_used = daemon->metrics[METRIC_TCP_CONNECTIONS];
-		}
+	
 	  close(confd);
 	  
 	  /* The child can use up to TCP_MAX_QUERIES ids, so skip that many. */
@@ -2007,14 +2051,10 @@ static void check_dns_listeners(time_t now)
 	  if (option_bool(OPT_DNSSEC_VALID))
 	    daemon->log_id += daemon->limit[LIMIT_WORK];
 #endif
+	  
+	  return;
+	}
     }
-	  else
-	    {
-	      unsigned char *buff;
-	      struct server *s; 
-	      int flags;
-	      struct in_addr netmask;
-	      int auth_dns;
          
   if (iface)
     {
@@ -2069,9 +2109,7 @@ static void check_dns_listeners(time_t now)
       _exit(0);
     }
 }
-	}
-    }
-}
+
 
 #ifdef HAVE_DNSSEC
 /* If a DNSSEC query over UDP returns a truncated answer,