fix bad-cache assert

3346.	[security]	Bad-cache data could be used before it was
			initialized, causing an assert. [RT #30025]

diff --git a/CHANGES b/CHANGES
index 10d1eb8f906dee4f866fd6df420f849e8bfb79b3..8cad6aa7e357e67a0cd39299c815751d27f916fc 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+3346.  [security]      Bad-cache data could be used before it was
+                       initialized, causing an assert. [RT #30025]
+
 3345.  [bug]           Addressed race condition when removing the last item
                        or inserting the first item in an ISC_QUEUE.
                        [RT #29539]

diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index fb50360df177d61abde6758c5c62491c1e0e9e5e..20b8de4752a0d13c90ffebe9911ab8b85dee415d 100644 (file)
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -8448,6 +8448,7 @@ dns_resolver_addbadcache(dns_resolver_t *resolver, dns_name_t *name,
                        goto cleanup;
                bad->type = type;
                bad->hashval = hashval;
+               bad->expire = *expire;
                isc_buffer_init(&buffer, bad + 1, name->length);
                dns_name_init(&bad->name, NULL);
                dns_name_copy(name, &bad->name, &buffer);
@@ -8459,8 +8460,8 @@ dns_resolver_addbadcache(dns_resolver_t *resolver, dns_name_t *name,
                if (resolver->badcount < resolver->badhash * 2 &&
                    resolver->badhash > DNS_BADCACHE_SIZE)
                        resizehash(resolver, &now, ISC_FALSE);
-       }
-       bad->expire = *expire;
+       } else
+               bad->expire = *expire;
  cleanup:
        UNLOCK(&resolver->lock);
 }