From: Witold Kręcicki <wpk@isc.org>
Date: Tue, 3 Mar 2020 09:09:17 +0000 (+0100)
Subject: Destroy query in killoldestquery under a lock.
X-Git-Tag: v9.17.1~78^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=df3dbdff81b4ae2432e3602b593cffdda02ca8a6;p=thirdparty%2Fbind9.git

Destroy query in killoldestquery under a lock.

Fixes a race between ns_client_killoldestquery and ns_client_endrequest -
killoldestquery takes a client from `recursing` list while endrequest
destroys client object, then killoldestquery works on a destroyed client
object. Prevent it by holding reclist lock while cancelling query.
---

diff --git a/lib/ns/client.c b/lib/ns/client.c
index 5a0a913efd7..9900866c356 100644
--- a/lib/ns/client.c
+++ b/lib/ns/client.c
@@ -170,13 +170,11 @@ ns_client_killoldestquery(ns_client_t *client) {
 	oldest = ISC_LIST_HEAD(client->manager->recursing);
 	if (oldest != NULL) {
 		ISC_LIST_UNLINK(client->manager->recursing, oldest, rlink);
-		UNLOCK(&client->manager->reclock);
 		ns_query_cancel(oldest);
 		ns_stats_increment(client->sctx->nsstats,
 				   ns_statscounter_reclimitdropped);
-	} else {
-		UNLOCK(&client->manager->reclock);
 	}
+	UNLOCK(&client->manager->reclock);
 }
 
 void