Fix a bug where tlsctx_cache could be destroyed while still in use

When named is being reconfigured, it detaches from the old
'isc_tlsctx_cache_t' TLS context cache object and creates a
new one. This can cause an assertion failure within the
resolver when the object is destroyed while still in use,
because the resolver is using the object without getting
attached to it.

Add an attach/detach so that the 'isc_tlsctx_cache_t' doesn't
get destroyed while still being in use.

(cherry picked from commit ed7b08c0c478aa6a9a8b2061071b92333b93abaa)

diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index ad48b24d02974d7727c41070b3aec61ba42189db..fbe31c6b002814bdfcec27d54eb1682f36774e33 100644 (file)
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -10083,6 +10083,8 @@ dns_resolver__destroy(dns_resolver_t *res) {
        isc_hashmap_destroy(&res->counters);
        isc_rwlock_destroy(&res->counters_lock);
 
+       isc_tlsctx_cache_detach(&res->tlsctx_cache);
+
        if (res->dispatches4 != NULL) {
                dns_dispatchset_destroy(&res->dispatches4);
        }
@@ -10160,7 +10162,6 @@ dns_resolver_create(dns_view_t *view, isc_loopmgr_t *loopmgr, isc_nm_t *nm,
                .rdclass = view->rdclass,
                .nm = nm,
                .options = options,
-               .tlsctx_cache = tlsctx_cache,
                .spillatmin = 10,
                .spillat = 10,
                .spillatmax = 100,
@@ -10205,6 +10206,8 @@ dns_resolver_create(dns_view_t *view, isc_loopmgr_t *loopmgr, isc_nm_t *nm,
                                       res->nloops);
        }
 
+       isc_tlsctx_cache_attach(tlsctx_cache, &res->tlsctx_cache);
+
        isc_mutex_init(&res->lock);
        isc_mutex_init(&res->primelock);