git.ipfire.org Git - thirdparty/bind9.git/commit

]> git.ipfire.org Git - thirdparty/bind9.git/commit

projects / thirdparty / bind9.git / commit

author	Alessio Podda <alessio@isc.org>
	Thu, 16 Apr 2026 11:20:50 +0000 (13:20 +0200)
committer	Alessio Podda <alessio@isc.org>
	Mon, 27 Apr 2026 16:09:47 +0000 (18:09 +0200)
commit	0fe1d091f7c2124268796b9ae3e0a9ab3199bf04
tree	b9609dcc168f69f1f27c9d6ac46485cb08042651	tree \| snapshot
parent	6eaf4490ab120735baffdfb60da3b4e257d694c5	commit \| diff

Fix race condition in getsigningtime()

Compute qpzone_get_lock(elem->node) into a local variable while the
heap lock is still held, rather than dereferencing the stale elem
pointer after releasing the lock. A concurrent thread running
setsigningtime() (e.g. via IXFR apply on a worker thread) could free
the top-of-heap element between the heap lock release and the
dereference, causing a use-after-free.

lib/dns/qpzone.c

diff | blob | blame | history

Mirror of https://gitlab.isc.org/isc-projects/bind9.git

RSS Atom