From: Michał Kępień <michal@isc.org>
Date: Fri, 27 Apr 2018 07:13:26 +0000 (+0200)
Subject: Prevent check_stale_header() from leaking rdataset headers
X-Git-Tag: v9.13.0~7^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=391fac1fc8d2e470287b5cc4344b3adb90c6f54a;p=thirdparty%2Fbind9.git

Prevent check_stale_header() from leaking rdataset headers

check_stale_header() fails to update the pointer to the previous header
while processing rdataset headers eligible for serve-stale, thus
enabling rdataset headers to be leaked (i.e. disassociated from a node
and left on the relevant TTL heap) while iterating through a node.  This
can lead to several different assertion failures.  Add the missing
pointer update.
---

diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index 64bd7a93bfb..b64350c62df 100644
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -4494,6 +4494,7 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header,
 		 */
 		if (KEEPSTALE(search->rbtdb) && stale > search->now) {
 			header->attributes |= RDATASET_ATTR_STALE;
+			*header_prev = header;
 			return ((search->options & DNS_DBFIND_STALEOK) == 0);
 		}