]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9f84037) | patch
Fix use-after-free in concurrent dns_tsigkey_delete()
authorOndřej Surý <ondrej@isc.org>
Sun, 17 May 2026 15:01:54 +0000 (17:01 +0200)
committerOndřej Surý <ondrej@isc.org>
Sun, 17 May 2026 15:14:08 +0000 (17:14 +0200)
commit5c8dcd4419693320817e44ad144002cd7c648acc
tree1f7ef3a348ec46cf96b70aae74d7e6b18e3bc086tree | snapshot
parent9f840378140f1d6c8237a95021bd78e5419b518fcommit | diff
Fix use-after-free in concurrent dns_tsigkey_delete()

Two TSIG-authenticated TKEY DELETE queries for the same dynamic key,
arriving on different worker loops, could each enter
dns_tsigkey_delete() and cause over-decrementing the key refcount.

This has been fixed by making dns_tsigkey_delete() idempotent.
lib/dns/include/dns/tsig.h diff | blob | blame | history
lib/dns/tkey.c diff | blob | blame | history
lib/dns/tsig.c diff | blob | blame | history
tests/dns/tsig_test.c diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git