git.ipfire.org Git - thirdparty/bind9.git/commit

author	Ondřej Surý <ondrej@isc.org>
	Tue, 22 Feb 2022 17:12:18 +0000 (18:12 +0100)
committer	Ondřej Surý <ondrej@isc.org>
	Wed, 23 Feb 2022 22:36:09 +0000 (23:36 +0100)
commit	7b8e265a407db4adc14939acc6a3bbacda86bed1
tree	3a29bed746097218ac4c0bfe6fc268189bcdc9f3	tree \| snapshot
parent	bfecb1b6f7a8ae073b48ee60efece595d4d61c3b	commit \| diff

Delay isc__nm_uvreq_t deallocation to connection callback

When the TCP, TCPDNS or TLSDNS connection times out, the isc__nm_uvreq_t
would be pushed into sock->inactivereqs before the uv_tcp_connect()
callback finishes. Because the isc__nmsocket_t keeps the list of
inactive isc__nm_uvreq_t, this would cause use-after-free only when the
sock->inactivereqs is full (which could never happen because the failure
happens in connection timeout callback) or when the sock->inactivereqs
mechanism is completely removed (f.e. when running under Address or
Thread Sanitizer).

Delay isc__nm_uvreq_t deallocation to the connection callback and only
signal the connection callback should be called by shutting down the
libuv socket from the connection timeout callback.

(cherry picked from commit 326862791689ea7029f381b4afd05c37abbd1fe7)

lib/isc/netmgr/netmgr-int.h		diff \| blob \| blame \| history
lib/isc/netmgr/netmgr.c		diff \| blob \| blame \| history
lib/isc/netmgr/tcp.c		diff \| blob \| blame \| history
lib/isc/netmgr/tcpdns.c		diff \| blob \| blame \| history