]> git.ipfire.org Git - thirdparty/pdns.git/commit
projects / thirdparty / pdns.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 85a727f) | patch
dnsdist: Use ref counting for the DoT TLS context 8761/head
authorRemi Gacogne <remi.gacogne@powerdns.com>
Wed, 29 Jan 2020 10:33:01 +0000 (11:33 +0100)
committerRemi Gacogne <remi.gacogne@powerdns.com>
Wed, 29 Jan 2020 10:33:01 +0000 (11:33 +0100)
commit33a55a382e9cbd2899bef73bae85c80d52405350
tree7b97e5ff9e5d112ff013d7e5a252e49c8a2c87a8tree
parent85a727f3392d95db37658c8551adf9f4f0671d91commit | diff
dnsdist: Use ref counting for the DoT TLS context

Otherwise we can end up with a DNS over TLS connection using a
TLS Session Ticket Encryption Key, OCSP response or even `SSL_CTX`
object after it was released following a reload of the TLS context
(via `reloadAllCertificates()`, for example), triggering a
use-after-free, possibly leading to a crash.
pdns/dnsdistdist/tcpiohandler.cc diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.