BUG/MINOR: dns: fix dangling dgram pointer on dns_dgram_init() failure path

In dns_dgram_init(), the newly created dgram is assigned to the name server
before the ring is attached. In case of errors, e.g. due to too many watchers,
the dgram is released but not removed from ns->dgram. Let's only assign the
pointer on success to avoid this, as it's not needed before. The problem
was introduced in 2.4 with commit c943799c86 ("MEDIUM: resolvers/dns: split
dns.c into dns.c and resolvers.c"), and was possibly there before. The fix
may be backported to all stable versions.

diff --git a/src/dns.c b/src/dns.c
index 8c52310c75bbab5c47406f6f1ff58a3501509047..95d40b147622b93472ebc4d0f8fff6b7e018f59d 100644 (file)
--- a/src/dns.c
+++ b/src/dns.c
@@ -475,7 +475,6 @@ int dns_dgram_init(struct dns_nameserver *ns, struct sockaddr_storage *sk)
        dgram->conn.t.sock.fd = -1;
        dgram->conn.addr.to = *sk;
        HA_SPIN_INIT(&dgram->conn.lock);
-       ns->dgram = dgram;
 
        dgram->ofs_req = ~0; /* init ring offset */
        dgram->ring_req = dns_ring_new(2*DNS_TCP_MSG_RING_MAX_SIZE);
@@ -490,6 +489,7 @@ int dns_dgram_init(struct dns_nameserver *ns, struct sockaddr_storage *sk)
                ha_alert("nameserver sets too many watchers > 255 on ring. This is a bug and should not happen.\n");
                goto out;
        }
+       ns->dgram = dgram;
        return 0;
 out:
        dns_ring_free(dgram->ring_req);