mirror of
https://github.com/isc-projects/bind9.git
synced 2026-05-28 04:34:54 -04:00
fix: dev: Fix use-after-free in xfrin_recv_done
Move the LIBDNS_XFRIN_RECV_DONE probe execution before dns_xfrin_detach in xfrin_recv_done. Previously, dns_xfrin_detach was called before the trace probe, which could free the xfr object. Because the accessed member xfr->info is an embedded array, the expression evaluates via pointer arithmetic rather than a direct memory dereference. Although this prevents a reliable crash in practice, it technically remains a use-after-free issue. Reorder the statements to ensure the transfer context is fully valid when the probe executes. Closes #5786 Merge branch '5786-fix-dtrace-after-free' into 'main' See merge request isc-projects/bind9!11632
This commit is contained in:
Ondřej Surý
commit
3df0f7fb9c
1 changed files with 1 additions and 1 deletions
|
|
@ -2065,8 +2065,8 @@ cleanup:
|
|||
if (msg != NULL) {
|
||||
dns_message_detach(&msg);
|
||||
}
|
||||
dns_xfrin_detach(&xfr);
|
||||
LIBDNS_XFRIN_RECV_DONE(xfr, xfr->info, result);
|
||||
dns_xfrin_detach(&xfr);
|
||||
}
|
||||
|
||||
static void
|
||||
|
|
|
|||
Loading…
Reference in a new issue