From: Aram Sargsyan Date: Wed, 27 Sep 2023 11:22:43 +0000 (+0000) Subject: Don't use an uninitialized link on an error path X-Git-Tag: v9.19.18~58^2~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fb7bbbd1be20632db28a928f49c4082373358b64;p=thirdparty%2Fbind9.git Don't use an uninitialized link on an error path Move the block on the error path, where the link is checked, to a place where it makes sense, to avoid accessing an unitialized link when jumping to the 'cleanup_query' label from 4 different places. The link is initialized only after those jumps happen. In addition, initilize the link when creating the object, to avoid similar errors. --- diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c index aa19fd5b091..bd467d52690 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -1991,9 +1991,12 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, INSIST(ISC_LIST_EMPTY(fctx->validators)); query = isc_mem_get(fctx->mctx, sizeof(*query)); - *query = (resquery_t){ .options = options, - .addrinfo = addrinfo, - .dispatchmgr = res->view->dispatchmgr }; + *query = (resquery_t){ + .options = options, + .addrinfo = addrinfo, + .dispatchmgr = res->view->dispatchmgr, + .link = ISC_LINK_INITIALIZER, + }; #if DNS_RESOLVER_TRACE fprintf(stderr, "rctx_init:%s:%s:%d:%p->references = 1\n", __func__, @@ -2141,7 +2144,6 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, LOCK(&fctx->lock); INSIST(!SHUTTINGDOWN(fctx)); fetchctx_attach(fctx, &query->fctx); - ISC_LINK_INIT(query, link); query->magic = QUERY_MAGIC; if ((query->options & DNS_FETCHOPT_TCP) == 0) { @@ -2186,6 +2188,13 @@ cleanup_udpfetch: } } + LOCK(&fctx->lock); + if (ISC_LINK_LINKED(query, link)) { + atomic_fetch_sub_release(&fctx->nqueries, 1); + ISC_LIST_UNLINK(fctx->queries, query, link); + } + UNLOCK(&fctx->lock); + cleanup_dispatch: fetchctx_detach(&query->fctx); @@ -2194,13 +2203,6 @@ cleanup_dispatch: } cleanup_query: - LOCK(&fctx->lock); - if (ISC_LINK_LINKED(query, link)) { - atomic_fetch_sub_release(&fctx->nqueries, 1); - ISC_LIST_UNLINK(fctx->queries, query, link); - } - UNLOCK(&fctx->lock); - query->magic = 0; dns_message_detach(&query->rmessage); isc_mem_put(fctx->mctx, query, sizeof(*query));