Merge branch '3542-gracefuly-handle-cancelled-http-read-during-sending' into 'main'

Handle canceled read during sending data over stats channel

Closes #3542

See merge request isc-projects/bind9!6773

CHANGES

@@ -1,3 +1,7 @@
+5972.	[bug]		Gracefully handle when the statschannel HTTP connection
+			gets cancelled during sending data back to the client.
+			[GL #3542]
+
 5971.	[func]		Add libsystemd sd_notify() support. [GL #1176]
 
 5970.	[func]		Log the reason why a query was refused. [GL !6669]

doc/arm/reference.rst

@@ -5876,9 +5876,21 @@ If no port is specified, port 80 is used for HTTP channels. The asterisk
 Attempts to open a statistics channel are restricted by the
 optional ``allow`` clause. Connections to the statistics channel are
 permitted based on the :term:`address_match_list`. If no ``allow`` clause is
-present, :iscman:`named` accepts connection attempts from any address; since
-the statistics may contain sensitive internal information, it is highly
-recommended to restrict the source of connection requests appropriately.
+present, :iscman:`named` accepts connection attempts from any address. Since
+the statistics may contain sensitive internal information, the source of
+connection requests must be restricted appropriately so that only
+trusted parties can access the statistics channel.
+
+Gathering data exposed by the statistics channel locks various subsystems in
+:iscman:`named`, which could slow down query processing if statistics data is
+requested too often.
+
+An issue in the statistics channel would be considered a security issue
+only if it could be exploited by unprivileged users circumventing the access
+control list. In other words, any issue in the statistics channel that could be
+used to access information unavailable otherwise, or to crash :iscman:`named`, is
+not considered a security issue if it can be avoided through the
+use of a secure configuration.
 
 If no :any:`statistics-channels` statement is present, :iscman:`named` does not
 open any communication channels.

doc/notes/notes-current.rst

@@ -60,4 +60,5 @@ Feature Changes
 Bug Fixes
 ~~~~~~~~~
 
-- None.
+- An assertion failure was fixed in ``named`` that was caused by aborting the statistics
+  channel connection while sending statistics data to the client.  :gl:`#3542`

lib/isc/httpd.c

@@ -907,13 +907,14 @@ httpd_request(isc_nmhandle_t *handle, isc_result_t eresult,
 
 	httpd = isc_nmhandle_getdata(handle);
 
-	REQUIRE(httpd->state == RECV);
 	REQUIRE(httpd->handle == handle);
 
 	if (eresult != ISC_R_SUCCESS) {
 		goto cleanup_readhandle;
 	}
 
+	REQUIRE(httpd->state == RECV);
+
 	result = process_request(
 		httpd, region == NULL ? &(isc_region_t){ NULL, 0 } : region,
 		&buflen);
@@ -1200,7 +1201,6 @@ httpd_senddone(isc_nmhandle_t *handle, isc_result_t result, void *arg) {
 	isc_httpd_t *httpd = (isc_httpd_t *)arg;
 
 	REQUIRE(VALID_HTTPD(httpd));
-	REQUIRE(httpd->state == SEND);
 	REQUIRE(httpd->handle == handle);
 
 	isc_buffer_free(&httpd->sendbuffer);
@@ -1227,6 +1227,8 @@ httpd_senddone(isc_nmhandle_t *handle, isc_result_t result, void *arg) {
 		goto cleanup_readhandle;
 	}
 
+	REQUIRE(httpd->state == SEND);
+
 	httpd->state = RECV;
 	httpd->sendhandle = NULL;