Ensure that cache pointer is set to NULL by isc_tlsctx_cache_detach()

If the reference count was higher than 1, detaching a tlsctx cache
didn't clear the pointer, which could trigger an assertion later.

diff --git a/lib/isc/tls.c b/lib/isc/tls.c
index cf781a23020e860df6494f012f9cd7d98f3292e6..2cc237997b6b0da8b8ceb4605d805a786889e16f 100644 (file)
--- a/lib/isc/tls.c
+++ b/lib/isc/tls.c
@@ -963,17 +963,23 @@ tlsctx_cache_entry_destroy(isc_mem_t *mctx, isc_tlsctx_cache_entry_t *entry) {
 
 void
 isc_tlsctx_cache_detach(isc_tlsctx_cache_t **pcache) {
-       isc_tlsctx_cache_t *cache;
+       isc_tlsctx_cache_t *cache = NULL;
        isc_ht_iter_t *it = NULL;
        isc_result_t result;
+
        REQUIRE(pcache != NULL);
+
        cache = *pcache;
+       *pcache = NULL;
+
        REQUIRE(VALID_TLSCTX_CACHE(cache));
 
        if (isc_refcount_decrement(&cache->references) > 1) {
                return;
        }
 
+       cache->magic = 0;
+
        RUNTIME_CHECK(isc_ht_iter_create(cache->data, &it) == ISC_R_SUCCESS);
        for (result = isc_ht_iter_first(it); result == ISC_R_SUCCESS;
             result = isc_ht_iter_delcurrent_next(it))
@@ -982,13 +988,12 @@ isc_tlsctx_cache_detach(isc_tlsctx_cache_t **pcache) {
                isc_ht_iter_current(it, (void **)&entry);
                tlsctx_cache_entry_destroy(cache->mctx, entry);
        }
+
        isc_ht_iter_destroy(&it);
        isc_ht_destroy(&cache->data);
 
        isc_rwlock_destroy(&cache->rwlock);
-       cache->magic = 0;
        isc_mem_putanddetach(&cache->mctx, cache, sizeof(*cache));
-       *pcache = NULL;
 }
 
 isc_result_t