]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
projects / thirdparty / bind9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 949c391)
fix a use-after-free in resolver
authorEvan Hunt <each@isc.org>
Fri, 19 Nov 2021 03:29:07 +0000 (19:29 -0800)
committerOndřej Surý <ondrej@sury.org>
Mon, 22 Nov 2021 10:35:34 +0000 (11:35 +0100)
when processing a mismatched response, we call dns_dispatch_getnext().
If that fails, for example because of a timeout, fctx_done() is called,
which cancels all queries. This triggers a crash afterward when
fctx_cancelquery() is called, and is unnecessary since fctx_done()
would have been called later anyway.

lib/dns/resolver.c patch | blob | blame | history

diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index edbe344146eaa3dcfa8a41582ab06af4b5c86eaa..b559c2397b51c3b5dafcaf90fe7dc75c9ee4a7dc 100644 (file)
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -9344,10 +9344,6 @@ rctx_next(respctx_t *rctx) {
        INSIST(rctx->query->dispentry != NULL);
        dns_message_reset(rctx->query->rmessage, DNS_MESSAGE_INTENTPARSE);
        result = dns_dispatch_getnext(rctx->query->dispentry);
-       if (result != ISC_R_SUCCESS) {
-               fctx_done(rctx->fctx, result, __LINE__);
-       }
-
        return (result);
 }
 
Mirror of https://gitlab.isc.org/isc-projects/bind9.git