]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1547447) | patch
Fix use-after-free in concurrent dns_tsigkey_delete() 12042/head
authorOndřej Surý <ondrej@isc.org>
Sun, 17 May 2026 15:01:54 +0000 (17:01 +0200)
committerOndřej Surý <ondrej@isc.org>
Thu, 28 May 2026 09:05:34 +0000 (11:05 +0200)
commit5fe9e7f6ed39895b4e5ce035ba8a5e4669a8fa5c
treefad89573bd69cef84f8914addd7cb265692bb8f7tree | snapshot
parent15474474915e40e8f73169ba817c5127be4d1fc9commit | diff
Fix use-after-free in concurrent dns_tsigkey_delete()

Two TSIG-authenticated TKEY DELETE queries for the same dynamic key,
arriving on different worker loops, could each enter
dns_tsigkey_delete() and cause over-decrementing the key refcount.

This has been fixed by making dns_tsigkey_delete() idempotent.

(cherry picked from commit 5c8dcd4419693320817e44ad144002cd7c648acc)
lib/dns/include/dns/tsig.h diff | blob | blame | history
lib/dns/tkey.c diff | blob | blame | history
lib/dns/tsig.c diff | blob | blame | history
tests/dns/tsig_test.c diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git