From: Evan Hunt <each@isc.org>
Date: Tue, 4 Jan 2022 19:48:25 +0000 (-0800)
Subject: Ensure that cache pointer is set to NULL by isc_tlsctx_cache_detach()
X-Git-Tag: v9.17.22~15^2~1
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=f5074c0c8ec72feb598ca122cb1f7df3f26eb056;p=thirdparty%2Fbind9.git

Ensure that cache pointer is set to NULL by isc_tlsctx_cache_detach()

If the reference count was higher than 1, detaching a tlsctx cache
didn't clear the pointer, which could trigger an assertion later.
---

diff --git a/lib/isc/tls.c b/lib/isc/tls.c
index cf781a23020..2cc237997b6 100644
--- a/lib/isc/tls.c
+++ b/lib/isc/tls.c
@@ -963,17 +963,23 @@ tlsctx_cache_entry_destroy(isc_mem_t *mctx, isc_tlsctx_cache_entry_t *entry) {
 
 void
 isc_tlsctx_cache_detach(isc_tlsctx_cache_t **pcache) {
-	isc_tlsctx_cache_t *cache;
+	isc_tlsctx_cache_t *cache = NULL;
 	isc_ht_iter_t *it = NULL;
 	isc_result_t result;
+
 	REQUIRE(pcache != NULL);
+
 	cache = *pcache;
+	*pcache = NULL;
+
 	REQUIRE(VALID_TLSCTX_CACHE(cache));
 
 	if (isc_refcount_decrement(&cache->references) > 1) {
 		return;
 	}
 
+	cache->magic = 0;
+
 	RUNTIME_CHECK(isc_ht_iter_create(cache->data, &it) == ISC_R_SUCCESS);
 	for (result = isc_ht_iter_first(it); result == ISC_R_SUCCESS;
 	     result = isc_ht_iter_delcurrent_next(it))
@@ -982,13 +988,12 @@ isc_tlsctx_cache_detach(isc_tlsctx_cache_t **pcache) {
 		isc_ht_iter_current(it, (void **)&entry);
 		tlsctx_cache_entry_destroy(cache->mctx, entry);
 	}
+
 	isc_ht_iter_destroy(&it);
 	isc_ht_destroy(&cache->data);
 
 	isc_rwlock_destroy(&cache->rwlock);
-	cache->magic = 0;
 	isc_mem_putanddetach(&cache->mctx, cache, sizeof(*cache));
-	*pcache = NULL;
 }
 
 isc_result_t