Fix a bug where tlsctx_cache could be destroyed while still in use

When named is being reconfigured, it detaches from the old
'isc_tlsctx_cache_t' TLS context cache object and creates a
new one. This can cause an assertion failure within the
resolver when the object is destroyed while still in use,
because the resolver is using the object without getting
attached to it.

Add an attach/detach so that the 'isc_tlsctx_cache_t' doesn't
get destroyed while still being in use.

diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 22dbce494c4d523ba41c02cb4ccc2fd731deba46..a465e81b0dcbf6ed99d850875775b0c971f562a4 100644 (file)
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -9737,6 +9737,8 @@ dns_resolver__destroy(dns_resolver_t *res) {
        isc_hashmap_destroy(&res->counters);
        isc_rwlock_destroy(&res->counters_lock);
 
+       isc_tlsctx_cache_detach(&res->tlsctx_cache);
+
        if (res->dispatches4 != NULL) {
                dns_dispatchset_destroy(&res->dispatches4);
        }
@@ -9812,7 +9814,6 @@ dns_resolver_create(dns_view_t *view, unsigned int options,
        *res = (dns_resolver_t){
                .rdclass = view->rdclass,
                .options = options,
-               .tlsctx_cache = tlsctx_cache,
                .spillatmin = 10,
                .spillat = 10,
                .spillatmax = 100,
@@ -9859,6 +9860,8 @@ dns_resolver_create(dns_view_t *view, unsigned int options,
                                       res->nloops);
        }
 
+       isc_tlsctx_cache_attach(tlsctx_cache, &res->tlsctx_cache);
+
        isc_mutex_init(&res->lock);
        isc_mutex_init(&res->primelock);