From: Remi Gacogne Date: Fri, 17 Oct 2025 12:06:17 +0000 (+0200) Subject: rec: Prevent a potential race condition in cache cleaning X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F16288%2Fhead;p=thirdparty%2Fpdns.git rec: Prevent a potential race condition in cache cleaning Signed-off-by: Remi Gacogne --- diff --git a/pdns/recursordist/rec-main.cc b/pdns/recursordist/rec-main.cc index 365a1d13f3..ebce9cec59 100644 --- a/pdns/recursordist/rec-main.cc +++ b/pdns/recursordist/rec-main.cc @@ -3320,20 +3320,26 @@ string doTraceRegex(FDWrapper file, vector::const_iterator begin, vector return broadcastAccFunction([=] { return pleaseUseNewTraceRegex(begin != end ? *begin : "", fileno); }); } -struct WipeCacheResult wipeCaches(const DNSName& canon, bool subtree, uint16_t qtype) +WipeCacheResult wipeCaches(const DNSName& canon, bool subtree, uint16_t qtype) { - struct WipeCacheResult res; + WipeCacheResult res; try { res.record_count = static_cast(g_recCache->doWipeCache(canon, subtree, qtype)); - // scanbuild complains here about an allocated function object that is being leaked. Needs investigation - if (g_packetCache) { - res.packet_count = static_cast(g_packetCache->doWipePacketCache(canon, qtype, subtree)); - } res.negative_record_count = static_cast(g_negCache->wipe(canon, subtree)); if (g_aggressiveNSECCache) { g_aggressiveNSECCache->removeZoneInfo(canon, subtree); } + /* we need to do the packet cache last otherwise we could re-cache something that was just cleared: + - remove entry from the packet cache + - query comes in for the removed entry + - existing entry found in positive, negative or aggressive NSEC cache + - resulting packet inserted into the packet cache + - entry removed from the positive, negative or aggressive NSEC3 cache + */ + if (g_packetCache) { + res.packet_count = static_cast(g_packetCache->doWipePacketCache(canon, qtype, subtree)); + } } catch (const std::exception& e) { auto log = g_slog->withName("runtime");