Don't use an uninitialized link on an error path

Move the block on the error path, where the link is checked, to a place
where it makes sense, to avoid accessing an unitialized link when
jumping to the 'cleanup_query' label from 4 different places. The link
is initialized only after those jumps happen.

In addition, initilize the link when creating the object, to avoid
similar errors.

(cherry picked from commit fb7bbbd1be20632db28a928f49c4082373358b64)

diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 66bb1ac78d073209c6db8223778f297a9905678b..4b3d1c0b40a284ad99929c4125550b9567e2db89 100644 (file)
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -2139,10 +2139,13 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo,
        INSIST(ISC_LIST_EMPTY(fctx->validators));
 
        query = isc_mem_get(fctx->mctx, sizeof(*query));
-       *query = (resquery_t){ .mctx = fctx->mctx,
-                              .options = options,
-                              .addrinfo = addrinfo,
-                              .dispatchmgr = res->dispatchmgr };
+       *query = (resquery_t){
+               .mctx = fctx->mctx,
+               .options = options,
+               .addrinfo = addrinfo,
+               .dispatchmgr = res->dispatchmgr,
+               .link = ISC_LINK_INITIALIZER,
+       };
 
        isc_refcount_init(&query->references, 1);
 
@@ -2247,7 +2250,6 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo,
        }
 
        fctx_attach(fctx, &query->fctx);
-       ISC_LINK_INIT(query, link);
        query->magic = QUERY_MAGIC;
 
        if ((query->options & DNS_FETCHOPT_TCP) == 0) {
@@ -2291,6 +2293,13 @@ cleanup_udpfetch:
                }
        }
 
+       LOCK(&res->buckets[fctx->bucketnum].lock);
+       if (ISC_LINK_LINKED(query, link)) {
+               atomic_fetch_sub_release(&fctx->nqueries, 1);
+               ISC_LIST_UNLINK(fctx->queries, query, link);
+       }
+       UNLOCK(&res->buckets[fctx->bucketnum].lock);
+
 cleanup_dispatch:
        fctx_detach(&query->fctx);
 
@@ -2299,13 +2308,6 @@ cleanup_dispatch:
        }
 
 cleanup_query:
-       LOCK(&res->buckets[fctx->bucketnum].lock);
-       if (ISC_LINK_LINKED(query, link)) {
-               atomic_fetch_sub_release(&fctx->nqueries, 1);
-               ISC_LIST_UNLINK(fctx->queries, query, link);
-       }
-       UNLOCK(&res->buckets[fctx->bucketnum].lock);
-
        query->magic = 0;
        dns_message_detach(&query->rmessage);
        isc_mem_put(fctx->mctx, query, sizeof(*query));