From: W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Date: Wed, 20 Nov 2019 10:01:56 +0000 (+0100)
Subject: - Fix Race Condition in autr_tp_create(),
X-Git-Tag: release-1.9.6rc1~55
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1fa40654d2ddb4dfa45f58e3c6244348ae654d1e;p=thirdparty%2Funbound.git

- Fix Race Condition in autr_tp_create(),
  reported by X41 D-Sec.
---

diff --git a/doc/Changelog b/doc/Changelog
index d02d74122..fb44011f0 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,6 +1,8 @@
 20 November 2019: Wouter
 	- Fix Out of Bounds Read in rrinternal_get_owner(),
 	  reported by X41 D-Sec.
+	- Fix Race Condition in autr_tp_create(),
+	  reported by X41 D-Sec.
 
 19 November 2019: Wouter
 	- Fix CVE-2019-18934, shell execution in ipsecmod.
diff --git a/validator/autotrust.c b/validator/autotrust.c
index be7830fb8..da7078a19 100644
--- a/validator/autotrust.c
+++ b/validator/autotrust.c
@@ -370,10 +370,10 @@ autr_tp_create(struct val_anchors* anchors, uint8_t* own, size_t own_len,
 		free(tp);
 		return NULL;
 	}
-	lock_basic_unlock(&anchors->lock);
 	lock_basic_init(&tp->lock);
 	lock_protect(&tp->lock, tp, sizeof(*tp));
 	lock_protect(&tp->lock, tp->autr, sizeof(*tp->autr));
+	lock_basic_unlock(&anchors->lock);
 	return tp;
 }