]> git.ipfire.org Git - thirdparty/unbound.git/commitdiff
- Fix RPZ locking issues on error conditions 73/head
authorRalph Dolmans <ralph@nlnetlabs.nl>
Thu, 30 Jan 2020 13:46:39 +0000 (14:46 +0100)
committerRalph Dolmans <ralph@nlnetlabs.nl>
Thu, 30 Jan 2020 13:46:39 +0000 (14:46 +0100)
respip/respip.c
services/rpz.c

index 5f4ddf2ae5425a7ee38d086a8bdc8a0cebbb5a38..7147a051ca0254495af4d32e60565287c3fa634d 100644 (file)
@@ -957,6 +957,7 @@ respip_rewrite_reply(const struct query_info* qinfo,
                                        region, &rpz_used)) {
                                        log_err("out of memory");
                                        lock_rw_unlock(&raddr->lock);
+                                       lock_rw_unlock(&az->rpz_lock);
                                        return 0;
                                }
                                if(!rpz_used) {
@@ -1099,7 +1100,6 @@ respip_operate(struct module_qstate* qstate, enum module_ev event, int id,
                        if (actinfo.action == respip_always_deny ||
                                (new_rep == qstate->return_msg->rep &&
                                (actinfo.action == respip_deny ||
-                               actinfo.action == respip_deny ||
                                actinfo.action == respip_inform_deny))) {
                                /* for deny-variant actions (unless response-ip
                                 * data is applied), mark the query state so
index ca3f1bfe6e653ba1b14ebaac321ef94f2bcdeddf..1047852ada6867004a78c3a26e97e907adcf9c1d 100644 (file)
@@ -681,11 +681,17 @@ rpz_find_zone(struct rpz* r, uint8_t* qname, size_t qname_len, uint16_t qclass,
        ce = dname_get_shared_topdomain(z->name, qname);
        if(!ce /* should not happen */ || !*ce /* root */) {
                lock_rw_unlock(&z->lock);
+               if(zones_keep_lock) {
+                       lock_rw_unlock(&r->local_zones->lock);
+               }
                return NULL;
        }
        ce_labs = dname_count_size_labels(ce, &ce_len);
        if(ce_len+2 > sizeof(wc)) {
                lock_rw_unlock(&z->lock);
+               if(zones_keep_lock) {
+                       lock_rw_unlock(&r->local_zones->lock);
+               }
                return NULL;
        }
        wc[0] = 1; /* length of wildcard label */