From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Thu, 22 Aug 2024 07:26:59 +0000 (+0200)
Subject: ntp: fix finalization for async resolver
X-Git-Tag: 4.6~9
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=08b67dba98b5dbc0184c38b3c1963dd2f00d2bd9;p=thirdparty%2Fchrony.git

ntp: fix finalization for async resolver

If an attempt to resolve addresses of an NTP server is made right before
starting the termination sequence, the asynchronous resolver thread
could read the server name when it was already freed.

Leave unresolved sources allocated in NSR_Finalise() if the async
resolver did not finish yet, at least for now. Waiting for the resolving
result or cancelling the thread would complicate the code. The scheduler
is not expected to be running at this point.
---

diff --git a/ntp_sources.c b/ntp_sources.c
index 29c99acf..d2cd1134 100644
--- a/ntp_sources.c
+++ b/ntp_sources.c
@@ -219,8 +219,14 @@ NSR_Finalise(void)
   ARR_DestroyInstance(pools);
 
   SCH_RemoveTimeout(resolving_id);
-  while (unresolved_sources)
-    remove_unresolved_source(unresolved_sources);
+
+  /* Leave the unresolved sources allocated if the async resolver is running
+     to avoid reading the name from freed memory.  The handler will not be
+     called as the scheduler should no longer be running at this point. */
+  if (!resolving_source) {
+    while (unresolved_sources)
+      remove_unresolved_source(unresolved_sources);
+  }
 
   initialised = 0;
 }