From: Artem Boldariev Date: Tue, 24 May 2022 08:25:30 +0000 (+0300) Subject: CID 352849: refactor get_create_tls_context() within dighost.c X-Git-Tag: v9.19.2~16^2~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=095b608412b94ae1437458714e9e2461ff998a48;p=thirdparty%2Fbind9.git CID 352849: refactor get_create_tls_context() within dighost.c This commit removes dead code from cleanup handling part of the get_create_tls_context(). In particular, currently: * there is no way 'found_ctx' might equal 'ctx'; * there is no way 'session_cache' might equal a non-NULL value while cleaning up after a TLS initialisation error. --- diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c index e29f9514651..2e3f2df5d8c 100644 --- a/bin/dig/dighost.c +++ b/bin/dig/dighost.c @@ -2871,15 +2871,19 @@ get_create_tls_context(dig_query_t *query, const bool is_https, INSIST(!query->lookup->tls_ca_set || found_store != NULL); return (found_ctx); failure: - if (ctx != NULL && found_ctx != ctx) { + if (ctx != NULL) { isc_tlsctx_free(&ctx); } + /* + * The 'found_store' is being managed by the TLS context + * cache. Thus, we should keep it as it is, as it will get + * destroyed alongside the cache. As there is one store per + * multiple TLS contexts, we need to handle store deletion in a + * special way. + */ if (store != NULL && store != found_store) { isc_tls_cert_store_free(&store); } - if (sess_cache != NULL && sess_cache != found_sess_cache) { - isc_tlsctx_client_session_cache_detach(&sess_cache); - } return (NULL); }