git.ipfire.org Git - thirdparty/bind9.git/commit

author	Evan Hunt <each@isc.org>
	Wed, 22 May 2019 08:58:41 +0000 (10:58 +0200)
committer	Evan Hunt <each@isc.org>
	Fri, 25 Sep 2020 20:32:34 +0000 (13:32 -0700)
commit	86eddebc836e82a993db2e5a1b13dccaa5b51614
tree	1cd35200dfc952cf72055dfcc82d901c1a8c54c7	tree \| snapshot
parent	b2408003d4b90d81864c95f7da0c3f7bb75f3fd5	commit \| diff

Purge memory pool upon plugin destruction

The typical sequence of events for AAAA queries which trigger recursion
for an A RRset at the same name is as follows:

1. Original query context is created.
2. An AAAA RRset is found in cache.
3. Client-specific data is allocated from the filter-aaaa memory pool.
4. Recursion is triggered for an A RRset.
5. Original query context is torn down.

6. Recursion for an A RRset completes.
7. A second query context is created.
8. Client-specific data is retrieved from the filter-aaaa memory pool.
9. The response to be sent is processed according to configuration.
10. The response is sent.
11. Client-specific data is returned to the filter-aaaa memory pool.
12. The second query context is torn down.

However, steps 6-12 are not executed if recursion for an A RRset is
canceled. Thus, if named is in the process of recursing for A RRsets
when a shutdown is requested, the filter-aaaa memory pool will have
outstanding allocations which will never get released. This in turn
leads to a crash since every memory pool must not have any outstanding
allocations by the time isc_mempool_destroy() is called.

Fix by creating a stub query context whenever fetch_callback() is called,
including cancellation events. When the qctx is destroyed, it will ensure
the client is detached and the plugin memory is freed.

lib/ns/query.c		diff \| blob \| blame \| history
lib/ns/tests/nstest.c		diff \| blob \| blame \| history