From: Willy Tarreau Date: Thu, 14 May 2026 20:56:52 +0000 (+0000) Subject: BUG/MINOR: dns: fix dangling dgram pointer on dns_dgram_init() failure path X-Git-Tag: v3.4-dev13~67 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=569f1e2f3719c2e45b3496332fe4f8467574b16f;p=thirdparty%2Fhaproxy.git BUG/MINOR: dns: fix dangling dgram pointer on dns_dgram_init() failure path In dns_dgram_init(), the newly created dgram is assigned to the name server before the ring is attached. In case of errors, e.g. due to too many watchers, the dgram is released but not removed from ns->dgram. Let's only assign the pointer on success to avoid this, as it's not needed before. The problem was introduced in 2.4 with commit c943799c86 ("MEDIUM: resolvers/dns: split dns.c into dns.c and resolvers.c"), and was possibly there before. The fix may be backported to all stable versions. --- diff --git a/src/dns.c b/src/dns.c index 8c52310c7..95d40b147 100644 --- a/src/dns.c +++ b/src/dns.c @@ -475,7 +475,6 @@ int dns_dgram_init(struct dns_nameserver *ns, struct sockaddr_storage *sk) dgram->conn.t.sock.fd = -1; dgram->conn.addr.to = *sk; HA_SPIN_INIT(&dgram->conn.lock); - ns->dgram = dgram; dgram->ofs_req = ~0; /* init ring offset */ dgram->ring_req = dns_ring_new(2*DNS_TCP_MSG_RING_MAX_SIZE); @@ -490,6 +489,7 @@ int dns_dgram_init(struct dns_nameserver *ns, struct sockaddr_storage *sk) ha_alert("nameserver sets too many watchers > 255 on ring. This is a bug and should not happen.\n"); goto out; } + ns->dgram = dgram; return 0; out: dns_ring_free(dgram->ring_req);