[Swan-dev] error handling in lib/libswan/unbound.c
W.C.A. Wijngaards
wouter at nlnetlabs.nl
Mon Oct 30 12:54:39 UTC 2017
Hi Paul, Hugh,
On 26/10/17 19:13, Paul Wouters wrote:
> On Thu, 26 Oct 2017, D. Hugh Redelmeier wrote:
>
>> I'm just glancing at unbound_ctx_config() because Paul made a minor
>> change to it to silence coverity. A failed stat is now logged (good)
>> but behaviour is not otherwise changed. I've changed it to not use
>> the pathame if stat fails on it.
>
> Thanks, I should have done that.
>
>> In several cases (unaffectd by Paul's change), when an error is
>> detected, the code seems to log that error and then continue as if the
>> error had not happened. I would expect this pattern to be a bug, at
>> least in most cases.
>
> We try to read whatever files specified via glob and wildcards as we
> can, and ignore the rest. That seems better then complete failure on
> startup. So if you remove a trust anchor file from your DNS setup,
> things still work as best they can without the file.
>
>> libunbound(3) documents nothing about errno and yet unbound_ctx_config()
>> displays strerror(errno) in a couple of cases after a call to libunbound
>> fails.
>>
>> Is errno meaningful after a failed call to libunbound? If so, the
>> libunbound manpage should be updated.
>
> I've CC:ed Wouter :)
Yes it is. Specifically for the error-to-read-file case. Not other
cases (eg. socket errors happen too far away in the code).
A manpage update may be meaningful here, yes.
Best regards, Wouter
>
>> If not, this is an error in our code.
>>
>> At a minimum, I think errno should be initialized to 0 before these
>> calls. I've done that.
>
> Yes, thanks!
>
> Paul
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20171030/f61867d3/attachment-0001.sig>
More information about the Swan-dev
mailing list