Skip to content

Commit 6f34df8

Browse files
committed
Disable cookies if secret parsing fails
1 parent 4b9fe35 commit 6f34df8

1 file changed

Lines changed: 12 additions & 2 deletions

File tree

DnsServerCore/Dns/DnsServer.cs

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -273,7 +273,7 @@ enum ServiceState
273273
readonly string _dnsCookiesSecretFile = "dns.cookies.state";
274274
readonly int _dnsCookiesRotationPeriodHours = 1;
275275

276-
Security.DnsCookieSecretManager _cookieSecrets;
276+
Security.DnsCookieSecretManager _cookieSecrets = null;
277277
Security.DnsCookieValidator _cookieValidator;
278278
Timer _cookieRotationTimer;
279279

@@ -1562,7 +1562,16 @@ private void InitDnsCookies()
15621562
? _dnsCookiesSecretFile
15631563
: Path.Combine(_configFolder, _dnsCookiesSecretFile);
15641564

1565-
_cookieSecrets = new Security.DnsCookieSecretManager(secretPath);
1565+
try
1566+
{
1567+
_cookieSecrets = new Security.DnsCookieSecretManager(secretPath);
1568+
}
1569+
catch (Exception ex)
1570+
{
1571+
_log.Write("DNS Server encountered an error while loading DNS Cookies secrets: " + secretPath + "\r\n" + ex.ToString());
1572+
_log.Write("DNS Cookies will be disabled.");
1573+
return;
1574+
}
15661575
_cookieValidator = new Security.DnsCookieValidator(_cookieSecrets);
15671576

15681577
_cookieRotationTimer?.Dispose();
@@ -2565,6 +2574,7 @@ private async Task<DnsDatagram> ProcessRequestAsync(DnsDatagram request, IPEndPo
25652574

25662575
// DNS Cookies (RFC 7873)
25672576
if (protocol == DnsTransportProtocol.Udp &&
2577+
_cookieSecrets != null &&
25682578
request.EDNS != null &&
25692579
_cookieValidator != null)
25702580
{

0 commit comments

Comments
 (0)