Call isccc_ccmsg_invalidate() when shutting down the connection

Previously, the isccc_ccmsg_invalidate() was called from conn_free() and
this could lead to netmgr calling control_recvmessage() after we
detached the reading controlconnection_t reference, but it wouldn't be
the last reference because controlconnection_t is also attached/detached
when sending response or running command asynchronously.

Instead, move the isccc_ccmsg_invalidate() call to control_recvmessage()
error handling path to make sure that control_recvmessage() won't be
ever called again from the netmgr.

diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c
index 5dbc97106f30928d37be1a8f92e56c94fd78e94c..3b8b3f5f2b43654497e27bfe412644d189a3269d 100644 (file)
--- a/bin/named/controlconf.c
+++ b/bin/named/controlconf.c
@@ -407,9 +407,7 @@ control_recvmessage(isc_nmhandle_t *handle ISC_ATTR_UNUSED, isc_result_t result,
        isccc_time_t exp;
        uint32_t nonce;
 
-       if (conn->shuttingdown) {
-               return;
-       }
+       INSIST(!conn->shuttingdown);
 
        /* Is the server shutting down? */
        if (listener->controls->shuttingdown) {
@@ -539,6 +537,9 @@ control_recvmessage(isc_nmhandle_t *handle ISC_ATTR_UNUSED, isc_result_t result,
        return;
 
 cleanup:
+       /* Make sure no read callbacks are called again */
+       isccc_ccmsg_invalidate(&conn->ccmsg);
+
        conn->shuttingdown = true;
 
        REQUIRE(isc_tid() == 0);
@@ -564,8 +565,6 @@ conn_free(controlconnection_t *conn) {
        }
 #endif /* ifdef ENABLE_AFL */
 
-       isccc_ccmsg_invalidate(&conn->ccmsg);
-
        isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
                      NAMED_LOGMODULE_CONTROL, ISC_LOG_DEBUG(3),
                      "freeing control connection");