From f5074c0c8ec72feb598ca122cb1f7df3f26eb056 Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Tue, 4 Jan 2022 11:48:25 -0800
Subject: [PATCH] Ensure that cache pointer is set to NULL by
 isc_tlsctx_cache_detach()

If the reference count was higher than 1, detaching a tlsctx cache
didn't clear the pointer, which could trigger an assertion later.
---
 lib/isc/tls.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/lib/isc/tls.c b/lib/isc/tls.c
index cf781a23020..2cc237997b6 100644
--- a/lib/isc/tls.c
+++ b/lib/isc/tls.c
@@ -963,17 +963,23 @@ tlsctx_cache_entry_destroy(isc_mem_t *mctx, isc_tlsctx_cache_entry_t *entry) {
 
 void
 isc_tlsctx_cache_detach(isc_tlsctx_cache_t **pcache) {
-	isc_tlsctx_cache_t *cache;
+	isc_tlsctx_cache_t *cache = NULL;
 	isc_ht_iter_t *it = NULL;
 	isc_result_t result;
+
 	REQUIRE(pcache != NULL);
+
 	cache = *pcache;
+	*pcache = NULL;
+
 	REQUIRE(VALID_TLSCTX_CACHE(cache));
 
 	if (isc_refcount_decrement(&cache->references) > 1) {
 		return;
 	}
 
+	cache->magic = 0;
+
 	RUNTIME_CHECK(isc_ht_iter_create(cache->data, &it) == ISC_R_SUCCESS);
 	for (result = isc_ht_iter_first(it); result == ISC_R_SUCCESS;
 	     result = isc_ht_iter_delcurrent_next(it))
@@ -982,13 +988,12 @@ isc_tlsctx_cache_detach(isc_tlsctx_cache_t **pcache) {
 		isc_ht_iter_current(it, (void **)&entry);
 		tlsctx_cache_entry_destroy(cache->mctx, entry);
 	}
+
 	isc_ht_iter_destroy(&it);
 	isc_ht_destroy(&cache->data);
 
 	isc_rwlock_destroy(&cache->rwlock);
-	cache->magic = 0;
 	isc_mem_putanddetach(&cache->mctx, cache, sizeof(*cache));
-	*pcache = NULL;
 }
 
 isc_result_t
-- 
2.47.3