|
|
900526 |
From 7f5bdf7f4063c2fefb18900468d2c851f8de7816 Mon Sep 17 00:00:00 2001
|
|
|
900526 |
From: Evan Hunt <each@isc.org>
|
|
|
900526 |
Date: Tue, 18 Feb 2014 23:32:02 -0800
|
|
|
900526 |
Subject: [PATCH] [master] fix dns_resolver_destroyfetch race
|
|
|
900526 |
|
|
|
900526 |
3747. [bug] A race condition could lead to a core dump when
|
|
|
900526 |
destroying a resolver fetch object. [RT #35385]
|
|
|
900526 |
---
|
|
|
900526 |
lib/dns/resolver.c | 7 +++++--
|
|
|
900526 |
1 file changed, 5 insertions(+), 2 deletions(-)
|
|
|
900526 |
|
|
|
900526 |
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
|
|
|
900526 |
index fa188c1..66ab41f 100644
|
|
|
900526 |
--- a/lib/dns/resolver.c
|
|
|
900526 |
+++ b/lib/dns/resolver.c
|
|
|
900526 |
@@ -357,6 +357,7 @@ typedef struct {
|
|
|
900526 |
|
|
|
900526 |
struct dns_fetch {
|
|
|
900526 |
unsigned int magic;
|
|
|
900526 |
+ isc_mem_t * mctx;
|
|
|
900526 |
fetchctx_t * private;
|
|
|
900526 |
};
|
|
|
900526 |
|
|
|
900526 |
@@ -8561,6 +8562,8 @@ dns_resolver_createfetch2(dns_resolver_t *res, dns_name_t *name,
|
|
|
900526 |
fetch = isc_mem_get(res->mctx, sizeof(*fetch));
|
|
|
900526 |
if (fetch == NULL)
|
|
|
900526 |
return (ISC_R_NOMEMORY);
|
|
|
900526 |
+ fetch->mctx = NULL;
|
|
|
900526 |
+ isc_mem_attach(res->mctx, &fetch->mctx);
|
|
|
900526 |
|
|
|
900526 |
bucketnum = dns_name_fullhash(name, ISC_FALSE) % res->nbuckets;
|
|
|
900526 |
|
|
|
900526 |
@@ -8651,7 +8654,7 @@ dns_resolver_createfetch2(dns_resolver_t *res, dns_name_t *name,
|
|
|
900526 |
FTRACE("created");
|
|
|
900526 |
*fetchp = fetch;
|
|
|
900526 |
} else
|
|
|
900526 |
- isc_mem_put(res->mctx, fetch, sizeof(*fetch));
|
|
|
900526 |
+ isc_mem_putanddetach(&fetch->mctx, fetch, sizeof(*fetch));
|
|
|
900526 |
|
|
|
900526 |
return (result);
|
|
|
900526 |
}
|
|
|
900526 |
@@ -8742,7 +8745,7 @@ dns_resolver_destroyfetch(dns_fetch_t **fetchp) {
|
|
|
900526 |
|
|
|
900526 |
UNLOCK(&res->buckets[bucketnum].lock);
|
|
|
900526 |
|
|
|
900526 |
- isc_mem_put(res->mctx, fetch, sizeof(*fetch));
|
|
|
900526 |
+ isc_mem_putanddetach(&fetch->mctx, fetch, sizeof(*fetch));
|
|
|
900526 |
*fetchp = NULL;
|
|
|
900526 |
|
|
|
900526 |
if (bucket_empty)
|
|
|
900526 |
--
|
|
|
900526 |
1.9.0
|
|
|
900526 |
|