Remove potential use after free (fctx) in rctx_resend.

author Mark Andrews <marka@isc.org>

Wed, 28 Aug 2019 01:34:22 +0000 (11:34 +1000)

committer Mark Andrews <marka@isc.org>

Fri, 13 Sep 2019 02:44:12 +0000 (12:44 +1000)
author Mark Andrews <marka@isc.org>
Wed, 28 Aug 2019 01:34:22 +0000 (11:34 +1000)
committer Mark Andrews <marka@isc.org>
Fri, 13 Sep 2019 02:44:12 +0000 (12:44 +1000)
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c

index 06787c0d64e394c4821c62245a1f402748f76f23..bb33c987b72755146d5304148adb61654568b989 100644 (file)
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -9345,6 +9345,8 @@ rctx_resend(respctx_t *rctx, dns_adbaddrinfo_t *addrinfo) {
         isc_result_t result;
         fetchctx_t *fctx = rctx->fctx;
         bool bucket_empty;
+       dns_resolver_t *res = fctx->res;
+       unsigned int bucketnum;
  
         FCTXTRACE("resend");
         inc_stats(fctx->res, dns_resstatscounter_retry);
@@ -9354,12 +9356,13 @@ rctx_resend(respctx_t *rctx, dns_adbaddrinfo_t *addrinfo) {
                 return;
         }
  
+       bucketnum = fctx->bucketnum;
         fctx_done(fctx, result, __LINE__);
-       LOCK(&fctx->res->buckets[fctx->bucketnum].lock);
+       LOCK(&res->buckets[bucketnum].lock);
         bucket_empty = fctx_decreference(fctx);
-       UNLOCK(&fctx->res->buckets[fctx->bucketnum].lock);
+       UNLOCK(&res->buckets[bucketnum].lock);
         if (bucket_empty) {
-               empty_bucket(fctx->res);
+               empty_bucket(res);
         }
  }
author	Mark Andrews <marka@isc.org>
	Wed, 28 Aug 2019 01:34:22 +0000 (11:34 +1000)
committer	Mark Andrews <marka@isc.org>
	Fri, 13 Sep 2019 02:44:12 +0000 (12:44 +1000)