- setup speec_cache for need-ldns-testns in dotests.

- check number of queued replies on incoming queries to avoid overload
         on that account.
       - fptr whitelist checks are not disabled in optimize mode.



git-svn-id: file:///svn/unbound/trunk@971 be551aaa-1e26-0410-a405-d3ace91eadb9

daemon/worker.c

@@ -137,7 +137,7 @@ worker_mem_report(struct worker* ATTR_UNUSED(worker),
 	iter = 0;
 	val = 0;
 	for(i=0; i<worker->env.mesh->mods.num; i++) {
-		log_assert(fptr_whitelist_mod_get_mem(worker->env.mesh->
+		fptr_ok(fptr_whitelist_mod_get_mem(worker->env.mesh->
 			mods.mod[i]->get_mem));
 		if(strcmp(worker->env.mesh->mods.mod[i]->name, "validator")==0)
 			val += (*worker->env.mesh->mods.mod[i]->get_mem)
@@ -169,7 +169,7 @@ worker_mem_report(struct worker* ATTR_UNUSED(worker),
 	if(verbosity < VERB_QUERY)
 		return;
 	for(i=0; i<worker->env.mesh->mods.num; i++) {
-		log_assert(fptr_whitelist_mod_get_mem(worker->env.mesh->
+		fptr_ok(fptr_whitelist_mod_get_mem(worker->env.mesh->
 			mods.mod[i]->get_mem));
 		if(strcmp(worker->env.mesh->mods.mod[i]->name, "validator")==0)
 			val += (*worker->env.mesh->mods.mod[i]->get_mem)
@@ -817,6 +817,13 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
 		worker->stats.num_query_list_exceeded++;
 		comm_point_drop_reply(repinfo);
 		return 0;
+	} else if(worker->env.mesh->num_reply_addrs > 
+		worker->request_size*256) {
+		verbose(VERB_ALGO, "Too many requests queued. "
+			"dropping incoming query.");
+		worker->stats.num_query_list_exceeded++;
+		comm_point_drop_reply(repinfo);
+		return 0;
 	}
 	mesh_new_client(worker->env.mesh, &qinfo, 
 		ldns_buffer_read_u16_at(c->buffer, 2),

doc/Changelog

@@ -1,3 +1,9 @@
+20 February 2008: Wouter
+	- setup speec_cache for need-ldns-testns in dotests.
+	- check number of queued replies on incoming queries to avoid overload
+	  on that account.
+	- fptr whitelist checks are not disabled in optimize mode.
+
 19 February 2008: Wouter
 	- applied patch to unbound-host man page from Jan-Piet Mens.
 	- fix donotquery-localhost: yes default (it erroneously was switched

iterator/iter_utils.c

@@ -312,7 +312,7 @@ causes_cycle(struct module_qstate* qstate, uint8_t* name, size_t namelen,
 	qinf.qname_len = namelen;
 	qinf.qtype = t;
 	qinf.qclass = c;
-	log_assert(fptr_whitelist_modenv_detect_cycle(
+	fptr_ok(fptr_whitelist_modenv_detect_cycle(
 		qstate->env->detect_cycle));
 	return (*qstate->env->detect_cycle)(qstate, &qinf, 
 		(uint16_t)(BIT_RD|BIT_CD), qstate->is_priming);

iterator/iterator.c

@@ -456,7 +456,7 @@ generate_sub_request(uint8_t* qname, size_t qnamelen, uint16_t qtype,
 	qflags |= BIT_CD;
 
 	/* attach subquery, lookup existing or make a new one */
-	log_assert(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub));
+	fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub));
 	if(!(*qstate->env->attach_sub)(qstate, &qinf, qflags, prime, &subq)) {
 		return 0;
 	}
@@ -469,7 +469,7 @@ generate_sub_request(uint8_t* qname, size_t qnamelen, uint16_t qtype,
 			sizeof(struct iter_qstate));
 		if(!subq->minfo[id]) {
 			log_err("init subq: out of memory");
-			log_assert(fptr_whitelist_modenv_kill_sub(
+			fptr_ok(fptr_whitelist_modenv_kill_sub(
 				qstate->env->kill_sub));
 			(*qstate->env->kill_sub)(subq);
 			return 0;
@@ -587,7 +587,7 @@ prime_stub(struct module_qstate* qstate, struct iter_qstate* iq,
 		subiq->dp = delegpt_copy(stub_dp, subq->region);
 		if(!subiq->dp) {
 			log_err("out of memory priming stub, copydp");
-			log_assert(fptr_whitelist_modenv_kill_sub(
+			fptr_ok(fptr_whitelist_modenv_kill_sub(
 				qstate->env->kill_sub));
 			(*qstate->env->kill_sub)(subq);
 			(void)error_response(qstate, id, LDNS_RCODE_SERVFAIL);
@@ -1161,7 +1161,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
 	log_query_info(VERB_QUERY, "sending query:", &iq->qchase);
 	log_name_addr(VERB_QUERY, "sending to target:", iq->dp->name, 
 		&target->addr, target->addrlen);
-	log_assert(fptr_whitelist_modenv_send_query(qstate->env->send_query));
+	fptr_ok(fptr_whitelist_modenv_send_query(qstate->env->send_query));
 	outq = (*qstate->env->send_query)(
 		iq->qchase.qname, iq->qchase.qname_len, 
 		iq->qchase.qtype, iq->qchase.qclass, 
@@ -1240,7 +1240,7 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
 		/* close down outstanding requests to be discarded */
 		outbound_list_clear(&iq->outlist);
 		iq->num_current_queries = 0;
-		log_assert(fptr_whitelist_modenv_detach_subs(
+		fptr_ok(fptr_whitelist_modenv_detach_subs(
 			qstate->env->detach_subs));
 		(*qstate->env->detach_subs)(qstate);
 		iq->num_target_queries = 0;
@@ -1278,7 +1278,7 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
 		 */
 		outbound_list_clear(&iq->outlist);
 		iq->num_current_queries = 0;
-		log_assert(fptr_whitelist_modenv_detach_subs(
+		fptr_ok(fptr_whitelist_modenv_detach_subs(
 			qstate->env->detach_subs));
 		(*qstate->env->detach_subs)(qstate);
 		iq->num_target_queries = 0;
@@ -1320,7 +1320,7 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
 		 */
 		outbound_list_clear(&iq->outlist);
 		iq->num_current_queries = 0;
-		log_assert(fptr_whitelist_modenv_detach_subs(
+		fptr_ok(fptr_whitelist_modenv_detach_subs(
 			qstate->env->detach_subs));
 		(*qstate->env->detach_subs)(qstate);
 		iq->num_target_queries = 0;

services/mesh.c

@@ -298,7 +298,7 @@ mesh_state_cleanup(struct mesh_state* mstate)
 	/* de-init modules */
 	mesh = mstate->s.env->mesh;
 	for(i=0; i<mesh->mods.num; i++) {
-		log_assert(fptr_whitelist_mod_clear(mesh->mods.mod[i]->clear));
+		fptr_ok(fptr_whitelist_mod_clear(mesh->mods.mod[i]->clear));
 		(*mesh->mods.mod[i]->clear)(&mstate->s, i);
 		mstate->s.minfo[i] = NULL;
 		mstate->s.ext_state[i] = module_finished;
@@ -583,7 +583,7 @@ void mesh_walk_supers(struct mesh_area* mesh, struct mesh_state* mstate)
 		/* make super runnable */
 		(void)rbtree_insert(&mesh->run, &ref->s->run_node);
 		/* callback the function to inform super of result */
-		log_assert(fptr_whitelist_mod_inform_super(
+		fptr_ok(fptr_whitelist_mod_inform_super(
 			mesh->mods.mod[ref->s->s.curmod]->inform_super));
 		(*mesh->mods.mod[ref->s->s.curmod]->inform_super)(&mstate->s, 
 			ref->s->s.curmod, &ref->s->s);
@@ -709,7 +709,7 @@ void mesh_run(struct mesh_area* mesh, struct mesh_state* mstate,
 	verbose(VERB_ALGO, "mesh_run: start");
 	while(mstate) {
 		/* run the module */
-		log_assert(fptr_whitelist_mod_operate(
+		fptr_ok(fptr_whitelist_mod_operate(
 			mesh->mods.mod[mstate->s.curmod]->operate));
 		(*mesh->mods.mod[mstate->s.curmod]->operate)
 			(&mstate->s, ev, mstate->s.curmod, e);

services/modstack.c

@@ -143,7 +143,7 @@ modstack_setup(struct module_stack* stack, const char* module_conf,
         for(i=0; i<stack->num; i++) {
                 verbose(VERB_OPS, "init module %d: %s",
                         i, stack->mod[i]->name);
-                log_assert(fptr_whitelist_mod_init(stack->mod[i]->init));
+                fptr_ok(fptr_whitelist_mod_init(stack->mod[i]->init));
                 if(!(*stack->mod[i]->init)(env, i)) {
                         log_err("module init for module %s failed",
                                 stack->mod[i]->name);
@@ -158,7 +158,7 @@ modstack_desetup(struct module_stack* stack, struct module_env* env)
 {
         int i;
         for(i=0; i<stack->num; i++) {
-                log_assert(fptr_whitelist_mod_deinit(stack->mod[i]->deinit));
+                fptr_ok(fptr_whitelist_mod_deinit(stack->mod[i]->deinit));
                 (*stack->mod[i]->deinit)(env, i);
         }
         stack->num = 0;

services/outside_network.c

@@ -175,7 +175,7 @@ use_free_buffer(struct outside_network* outnet)
 			comm_point_callback_t* cb = w->cb;
 			void* cb_arg = w->cb_arg;
 			waiting_tcp_delete(w);
-			log_assert(fptr_whitelist_pending_tcp(cb));
+			fptr_ok(fptr_whitelist_pending_tcp(cb));
 			(void)(*cb)(NULL, cb_arg, NETEVENT_CLOSED, NULL);
 		}
 	}
@@ -214,7 +214,7 @@ outnet_tcp_cb(struct comm_point* c, void* arg, int error,
 			error = NETEVENT_CLOSED;
 		}
 	}
-	log_assert(fptr_whitelist_pending_tcp(pend->query->cb));
+	fptr_ok(fptr_whitelist_pending_tcp(pend->query->cb));
 	(void)(*pend->query->cb)(c, pend->query->cb_arg, error, reply_info);
 	decomission_pending_tcp(outnet, pend);
 	return 0;
@@ -267,7 +267,7 @@ outnet_udp_cb(struct comm_point* c, void* arg, int error,
 	verbose(VERB_ALGO, "outnet handle udp reply");
 	/* delete from tree first in case callback creates a retry */
 	(void)rbtree_delete(outnet->pending, p->node.key);
-	log_assert(fptr_whitelist_pending_udp(p->cb));
+	fptr_ok(fptr_whitelist_pending_udp(p->cb));
 	(void)(*p->cb)(p->c, p->cb_arg, NETEVENT_NOERROR, reply_info);
 	pending_delete(NULL, p);
 	return 0;
@@ -387,7 +387,7 @@ pending_udp_timer_cb(void *arg)
 	struct pending* p = (struct pending*)arg;
 	/* it timed out */
 	verbose(VERB_ALGO, "timeout udp");
-	log_assert(fptr_whitelist_pending_udp(p->cb));
+	fptr_ok(fptr_whitelist_pending_udp(p->cb));
 	(void)(*p->cb)(p->c, p->cb_arg, NETEVENT_TIMEOUT, NULL);
 	pending_delete(p->outnet, p);
 }
@@ -744,7 +744,7 @@ outnet_tcptimer(void* arg)
 	cb = w->cb;
 	cb_arg = w->cb_arg;
 	waiting_tcp_delete(w);
-	log_assert(fptr_whitelist_pending_tcp(cb));
+	fptr_ok(fptr_whitelist_pending_tcp(cb));
 	(void)(*cb)(NULL, cb_arg, NETEVENT_TIMEOUT, NULL);
 	use_free_buffer(outnet);
 }
@@ -1006,7 +1006,7 @@ serviced_callbacks(struct serviced_query* sq, int error, struct comm_point* c,
 			ldns_buffer_write(c->buffer, backup_p, backlen);
 			ldns_buffer_flip(c->buffer);
 		}
-		log_assert(fptr_whitelist_serviced_query(p->cb));
+		fptr_ok(fptr_whitelist_serviced_query(p->cb));
 		(void)(*p->cb)(c, p->cb_arg, error, rep);
 		p = n;
 	}

testcode/do-tests.sh

@@ -2,7 +2,7 @@
 
 NEED_SPLINT='00-lint.tpkg'
 NEED_DOXYGEN='01-doc.tpkg'
-NEED_LDNS_TESTNS='fwd_no_edns.tpkg fwd_tcp_tc.tpkg fwd_tcp.tpkg fwd_three_service.tpkg fwd_three.tpkg fwd_ttlexpire.tpkg fwd_udp.tpkg fwd_tcp_tc6.tpkg fwd_compress_c00c.tpkg fwd_ancil.tpkg stat_timer.tpkg 05-asynclook.tpkg stream_tcp.tpkg'
+NEED_LDNS_TESTNS='fwd_no_edns.tpkg fwd_tcp_tc.tpkg fwd_tcp.tpkg fwd_three_service.tpkg fwd_three.tpkg fwd_ttlexpire.tpkg fwd_udp.tpkg fwd_tcp_tc6.tpkg fwd_compress_c00c.tpkg fwd_ancil.tpkg stat_timer.tpkg 05-asynclook.tpkg stream_tcp.tpkg speed_cache.tpkg'
 NEED_XXD='fwd_compress_c00c.tpkg'
 NEED_NC='fwd_compress_c00c.tpkg'
 

util/fptr_wlist.h

@@ -58,6 +58,16 @@
 #include "util/storage/lruhash.h"
 #include "util/module.h"
 
+/**
+ * Macro to perform an assertion check for fptr wlist checks.
+ * Does not get disabled in optimize mode. Check adds security by layers.
+ */
+#define fptr_ok(x) \
+	do { if(!(x)) \
+		fatal_exit("%s:%d: %s: pointer whitelist %s failed", \
+		__FILE__, __LINE__, __func__, #x); \
+	} while(0);
+
 /**
  * Check function pointer whitelist for comm_point callback values.
  *

util/mini_event.c

@@ -161,7 +161,7 @@ static void handle_timeouts(struct event_base* base, struct timeval* now,
 		/* event times out, remove it */
 		(void)rbtree_delete(base->times, p);
 		p->ev_events &= ~EV_TIMEOUT;
-		log_assert(fptr_whitelist_event(p->ev_callback));
+		fptr_ok(fptr_whitelist_event(p->ev_callback));
 		(*p->ev_callback)(p->ev_fd, EV_TIMEOUT, p->ev_arg);
 	}
 }
@@ -206,7 +206,7 @@ static int handle_select(struct event_base* base, struct timeval* wait)
 		}
 		bits &= base->fds[i]->ev_events;
 		if(bits) {
-			log_assert(fptr_whitelist_event(
+			fptr_ok(fptr_whitelist_event(
 				base->fds[i]->ev_callback));
 			(*base->fds[i]->ev_callback)(base->fds[i]->ev_fd, 
 				bits, base->fds[i]->ev_arg);
@@ -269,7 +269,7 @@ void event_set(struct event* ev, int fd, short bits,
 	ev->ev_fd = fd;
 	ev->ev_events = bits;
 	ev->ev_callback = cb;
-	log_assert(fptr_whitelist_event(ev->ev_callback));
+	fptr_ok(fptr_whitelist_event(ev->ev_callback));
 	ev->ev_arg = arg;
 	ev->added = 0;
 }
@@ -341,7 +341,7 @@ static RETSIGTYPE sigh(int sig)
 	ev = signal_base->signals[sig];
 	if(!ev)
 		return;
-	log_assert(fptr_whitelist_event(ev->ev_callback));
+	fptr_ok(fptr_whitelist_event(ev->ev_callback));
 	(*ev->ev_callback)(sig, EV_SIGNAL, ev->ev_arg);
 }
 

util/netevent.c

@@ -432,7 +432,7 @@ comm_point_udp_ancil_callback(int fd, short event, void* arg)
 		if(verbosity >= VERB_ALGO)
 			p_ancil("receive_udp on interface", &rep);
 #endif /* S_SPLINT_S */
-		log_assert(fptr_whitelist_comm_point(rep.c->callback));
+		fptr_ok(fptr_whitelist_comm_point(rep.c->callback));
 		if((*rep.c->callback)(rep.c, rep.c->cb_arg, NETEVENT_NOERROR, &rep)) {
 			/* send back immediate reply */
 			(void)comm_point_send_udp_msg_if(rep.c, rep.c->buffer,
@@ -476,7 +476,7 @@ comm_point_udp_callback(int fd, short event, void* arg)
 		ldns_buffer_skip(rep.c->buffer, recv);
 		ldns_buffer_flip(rep.c->buffer);
 		rep.srctype = 0;
-		log_assert(fptr_whitelist_comm_point(rep.c->callback));
+		fptr_ok(fptr_whitelist_comm_point(rep.c->callback));
 		if((*rep.c->callback)(rep.c, rep.c->cb_arg, NETEVENT_NOERROR, &rep)) {
 			/* send back immediate reply */
 			(void)comm_point_send_udp_msg(rep.c, rep.c->buffer,
@@ -585,7 +585,7 @@ tcp_callback_reader(struct comm_point* c)
 	c->tcp_byte_count = 0;
 	if(c->type == comm_tcp)
 		comm_point_stop_listening(c);
-	log_assert(fptr_whitelist_comm_point(c->callback));
+	fptr_ok(fptr_whitelist_comm_point(c->callback));
 	if( (*c->callback)(c, c->cb_arg, NETEVENT_NOERROR, &c->repinfo) ) {
 		comm_point_start_listening(c, -1, TCP_QUERY_TIMEOUT);
 	}
@@ -760,7 +760,7 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg)
 		if(!comm_point_tcp_handle_read(fd, c, 0)) {
 			reclaim_tcp_handler(c);
 			if(!c->tcp_do_close) {
-				log_assert(fptr_whitelist_comm_point(
+				fptr_ok(fptr_whitelist_comm_point(
 					c->callback));
 				(void)(*c->callback)(c, c->cb_arg, 
 					NETEVENT_CLOSED, NULL);
@@ -772,7 +772,7 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg)
 		if(!comm_point_tcp_handle_write(fd, c)) {
 			reclaim_tcp_handler(c);
 			if(!c->tcp_do_close) {
-				log_assert(fptr_whitelist_comm_point(
+				fptr_ok(fptr_whitelist_comm_point(
 					c->callback));
 				(void)(*c->callback)(c, c->cb_arg, 
 					NETEVENT_CLOSED, NULL);
@@ -784,7 +784,7 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg)
 		verbose(VERB_QUERY, "tcp took too long, dropped");
 		reclaim_tcp_handler(c);
 		if(!c->tcp_do_close) {
-			log_assert(fptr_whitelist_comm_point(c->callback));
+			fptr_ok(fptr_whitelist_comm_point(c->callback));
 			(void)(*c->callback)(c, c->cb_arg,
 				NETEVENT_TIMEOUT, NULL);
 		}
@@ -801,7 +801,7 @@ void comm_point_local_handle_callback(int fd, short event, void* arg)
 
 	if(event&EV_READ) {
 		if(!comm_point_tcp_handle_read(fd, c, 1)) {
-			log_assert(fptr_whitelist_comm_point(c->callback));
+			fptr_ok(fptr_whitelist_comm_point(c->callback));
 			(void)(*c->callback)(c, c->cb_arg, NETEVENT_CLOSED, 
 				NULL);
 		}
@@ -1392,7 +1392,7 @@ comm_timer_callback(int ATTR_UNUSED(fd), short event, void* arg)
 		return;
 	comm_base_now(tm->ev_timer->base);
 	tm->ev_timer->enabled = 0;
-	log_assert(fptr_whitelist_comm_timer(tm->callback));
+	fptr_ok(fptr_whitelist_comm_timer(tm->callback));
 	(*tm->callback)(tm->cb_arg);
 }
 
@@ -1432,7 +1432,7 @@ comm_signal_callback(int sig, short event, void* arg)
 	if(!(event & EV_SIGNAL))
 		return;
 	comm_base_now(comsig->base);
-	log_assert(fptr_whitelist_comm_signal(comsig->callback));
+	fptr_ok(fptr_whitelist_comm_signal(comsig->callback));
 	(*comsig->callback)(sig, comsig->cb_arg);
 }
 

util/rbtree.c

@@ -233,7 +233,7 @@ rbtree_insert (rbtree_t *rbtree, rbnode_t *data)
 	rbnode_t	*node = rbtree->root;
 	rbnode_t	*parent = RBTREE_NULL;
 
-	log_assert(fptr_whitelist_rbtree_cmp(rbtree->cmp));
+	fptr_ok(fptr_whitelist_rbtree_cmp(rbtree->cmp));
 	/* Lets find the new parent... */
 	while (node != RBTREE_NULL) {
 		/* Compare two keys, do we have a duplicate? */
@@ -515,7 +515,7 @@ rbtree_find_less_equal(rbtree_t *rbtree, const void *key, rbnode_t **result)
 	node = rbtree->root;
 
 	*result = NULL;
-	log_assert(fptr_whitelist_rbtree_cmp(rbtree->cmp));
+	fptr_ok(fptr_whitelist_rbtree_cmp(rbtree->cmp));
 
 	/* While there are children... */
 	while (node != RBTREE_NULL) {

util/storage/lruhash.c

@@ -302,11 +302,11 @@ lruhash_insert(struct lruhash* table, hashvalue_t hash,
 	struct lruhash_bin* bin;
 	struct lruhash_entry* found, *reclaimlist=NULL;
 	size_t need_size;
-	log_assert(fptr_whitelist_hash_sizefunc(table->sizefunc));
-	log_assert(fptr_whitelist_hash_delkeyfunc(table->delkeyfunc));
-	log_assert(fptr_whitelist_hash_deldatafunc(table->deldatafunc));
-	log_assert(fptr_whitelist_hash_compfunc(table->compfunc));
-	log_assert(fptr_whitelist_hash_markdelfunc(table->markdelfunc));
+	fptr_ok(fptr_whitelist_hash_sizefunc(table->sizefunc));
+	fptr_ok(fptr_whitelist_hash_delkeyfunc(table->delkeyfunc));
+	fptr_ok(fptr_whitelist_hash_deldatafunc(table->deldatafunc));
+	fptr_ok(fptr_whitelist_hash_compfunc(table->compfunc));
+	fptr_ok(fptr_whitelist_hash_markdelfunc(table->markdelfunc));
 	need_size = table->sizefunc(entry->key, data);
 	if(cb_arg == NULL) cb_arg = table->cb_arg;
 
@@ -356,7 +356,7 @@ lruhash_lookup(struct lruhash* table, hashvalue_t hash, void* key, int wr)
 {
 	struct lruhash_entry* entry;
 	struct lruhash_bin* bin;
-	log_assert(fptr_whitelist_hash_compfunc(table->compfunc));
+	fptr_ok(fptr_whitelist_hash_compfunc(table->compfunc));
 
 	lock_quick_lock(&table->lock);
 	bin = &table->array[hash & table->size_mask];
@@ -379,11 +379,11 @@ lruhash_remove(struct lruhash* table, hashvalue_t hash, void* key)
 	struct lruhash_entry* entry;
 	struct lruhash_bin* bin;
 	void *d;
-	log_assert(fptr_whitelist_hash_sizefunc(table->sizefunc));
-	log_assert(fptr_whitelist_hash_delkeyfunc(table->delkeyfunc));
-	log_assert(fptr_whitelist_hash_deldatafunc(table->deldatafunc));
-	log_assert(fptr_whitelist_hash_compfunc(table->compfunc));
-	log_assert(fptr_whitelist_hash_markdelfunc(table->markdelfunc));
+	fptr_ok(fptr_whitelist_hash_sizefunc(table->sizefunc));
+	fptr_ok(fptr_whitelist_hash_delkeyfunc(table->delkeyfunc));
+	fptr_ok(fptr_whitelist_hash_deldatafunc(table->deldatafunc));
+	fptr_ok(fptr_whitelist_hash_compfunc(table->compfunc));
+	fptr_ok(fptr_whitelist_hash_markdelfunc(table->markdelfunc));
 
 	lock_quick_lock(&table->lock);
 	bin = &table->array[hash & table->size_mask];
@@ -439,9 +439,9 @@ lruhash_clear(struct lruhash* table)
 	size_t i;
 	if(!table)
 		return;
-	log_assert(fptr_whitelist_hash_delkeyfunc(table->delkeyfunc));
-	log_assert(fptr_whitelist_hash_deldatafunc(table->deldatafunc));
-	log_assert(fptr_whitelist_hash_markdelfunc(table->markdelfunc));
+	fptr_ok(fptr_whitelist_hash_delkeyfunc(table->delkeyfunc));
+	fptr_ok(fptr_whitelist_hash_deldatafunc(table->deldatafunc));
+	fptr_ok(fptr_whitelist_hash_markdelfunc(table->markdelfunc));
 
 	lock_quick_lock(&table->lock);
 	for(i=0; i<table->size; i++) {

validator/validator.c

@@ -300,7 +300,7 @@ generate_request(struct module_qstate* qstate, int id, uint8_t* name,
 	ask.qtype = qtype;
 	ask.qclass = qclass;
 	log_query_info(VERB_ALGO, "generate request", &ask);
-	log_assert(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub));
+	fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub));
 	if(!(*qstate->env->attach_sub)(qstate, &ask, 
 		(uint16_t)(BIT_RD|BIT_CD), 0, &newq)){
 		log_err("Could not generate request: out of memory");