When the TCP, TCPDNS or TLSDNS connection times out, the isc__nm_uvreq_t
would be pushed into sock->inactivereqs before the uv_tcp_connect()
callback finishes. Because the isc__nmsocket_t keeps the list of
inactive isc__nm_uvreq_t, this would cause use-after-free only when the
sock->inactivereqs is full (which could never happen because the failure
happens in connection timeout callback) or when the sock->inactivereqs
mechanism is completely removed (f.e. when running under Address or
Thread Sanitizer).
Delay isc__nm_uvreq_t deallocation to the connection callback and only
signal the connection callback should be called by shutting down the
libuv socket from the connection timeout callback.
(cherry picked from commit
326862791689ea7029f381b4afd05c37abbd1fe7)
atomic_bool connected;
bool accepting;
bool reading;
+ atomic_bool timedout;
isc_refcount_t references;
/*%
atomic_init(&sock->connecting, false);
atomic_init(&sock->keepalive, false);
atomic_init(&sock->connected, false);
+ atomic_init(&sock->timedout, false);
atomic_init(&sock->active_child_connections, 0);
isc__nmsocket_timer_stop(sock);
- /* Call the connect callback directly */
-
- req->cb.connect(req->handle, ISC_R_TIMEDOUT, req->cbarg);
+ /*
+ * Mark the connection as timed out and shutdown the socket.
+ */
- /* Timer is not running, cleanup and shutdown everything */
- if (!isc__nmsocket_timer_running(sock)) {
- INSIST(atomic_compare_exchange_strong(&sock->connecting,
- &(bool){ true }, false));
- isc__nm_uvreq_put(&req, sock);
- isc__nmsocket_clearcb(sock);
- isc__nmsocket_shutdown(sock);
- }
+ INSIST(atomic_compare_exchange_strong(&sock->timedout, &(bool){ false },
+ true));
+ isc__nmsocket_clearcb(sock);
+ isc__nmsocket_shutdown(sock);
}
void
isc__nmsocket_timer_stop(sock);
uv_handle_set_data((uv_handle_t *)&sock->read_timer, sock);
- if (!atomic_load(&sock->connecting)) {
- return;
- }
-
req = uv_handle_get_data((uv_handle_t *)uvreq);
REQUIRE(VALID_UVREQ(req));
REQUIRE(VALID_NMHANDLE(req->handle));
+ if (atomic_load(&sock->timedout)) {
+ result = ISC_R_TIMEDOUT;
+ goto error;
+ }
+
if (!atomic_load(&sock->connecting)) {
/*
* The connect was cancelled from timeout; just clean up
isc__nmsocket_timer_stop(sock);
uv_handle_set_data((uv_handle_t *)&sock->read_timer, sock);
- if (!atomic_load(&sock->connecting)) {
- return;
- }
-
req = uv_handle_get_data((uv_handle_t *)uvreq);
REQUIRE(VALID_UVREQ(req));
REQUIRE(VALID_NMHANDLE(req->handle));
+ if (atomic_load(&sock->timedout)) {
+ result = ISC_R_TIMEDOUT;
+ goto error;
+ }
+
if (isc__nmsocket_closing(sock)) {
/* Socket was closed midflight by isc__nm_tcpdns_shutdown() */
result = ISC_R_CANCELED;
goto error;
} else if (status == UV_ETIMEDOUT) {
/* Timeout status code here indicates hard error */
- result = ISC_R_CANCELED;
+ result = ISC_R_TIMEDOUT;
goto error;
} else if (status != 0) {
result = isc__nm_uverr2result(status);
projects / thirdparty / bind9.git / commitdiff
