ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

fix a use-after-free in resolver

Browse Source 
when processing a mismatched response, we call dns_dispatch_getnext().
If that fails, for example because of a timeout, fctx_done() is called,
which cancels all queries. This triggers a crash afterward when
fctx_cancelquery() is called, and is unnecessary since fctx_done()
would have been called later anyway.
This commit is contained in:
Evan Hunt
2021-11-18 19:29:07 -08:00
committed by Ondřej Surý
parent 949c3919a8
commit 326a4fc13b
1 changed files with 0 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/dns/resolver.c
View File

@@ -9344,10 +9344,6 @@ rctx_next(respctx_t *rctx) {
INSIST(rctx->query->dispentry != NULL);
dns_message_reset(rctx->query->rmessage, DNS_MESSAGE_INTENTPARSE);
result = dns_dispatch_getnext(rctx->query->dispentry);
if (result != ISC_R_SUCCESS) {
fctx_done(rctx->fctx, result, __LINE__);
}
return (result);
}