From 485b7390741ccd30c1586f48bc244bbc74fe4e87 Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Fri, 17 Oct 2025 14:06:17 +0200 Subject: [PATCH] rec: Prevent a potential race condition in cache cleaning Signed-off-by: Remi Gacogne --- pdns/recursordist/rec-main.cc | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/pdns/recursordist/rec-main.cc b/pdns/recursordist/rec-main.cc index 365a1d13f3..ebce9cec59 100644 --- a/pdns/recursordist/rec-main.cc +++ b/pdns/recursordist/rec-main.cc @@ -3320,20 +3320,26 @@ string doTraceRegex(FDWrapper file, vector::const_iterator begin, vector return broadcastAccFunction([=] { return pleaseUseNewTraceRegex(begin != end ? *begin : "", fileno); }); } -struct WipeCacheResult wipeCaches(const DNSName& canon, bool subtree, uint16_t qtype) +WipeCacheResult wipeCaches(const DNSName& canon, bool subtree, uint16_t qtype) { - struct WipeCacheResult res; + WipeCacheResult res; try { res.record_count = static_cast(g_recCache->doWipeCache(canon, subtree, qtype)); - // scanbuild complains here about an allocated function object that is being leaked. Needs investigation - if (g_packetCache) { - res.packet_count = static_cast(g_packetCache->doWipePacketCache(canon, qtype, subtree)); - } res.negative_record_count = static_cast(g_negCache->wipe(canon, subtree)); if (g_aggressiveNSECCache) { g_aggressiveNSECCache->removeZoneInfo(canon, subtree); } + /* we need to do the packet cache last otherwise we could re-cache something that was just cleared: + - remove entry from the packet cache + - query comes in for the removed entry + - existing entry found in positive, negative or aggressive NSEC cache + - resulting packet inserted into the packet cache + - entry removed from the positive, negative or aggressive NSEC3 cache + */ + if (g_packetCache) { + res.packet_count = static_cast(g_packetCache->doWipePacketCache(canon, qtype, subtree)); + } } catch (const std::exception& e) { auto log = g_slog->withName("runtime"); -- 2.47.3