Merge branch '4331-resolver.c-assert-uninitialized-link-9.18' into 'bind-9.18'

[9.18] Don't use an uninitialized link on an error path

See merge request isc-projects/bind9!8346

CHANGES

@@ -1,3 +1,7 @@
+6261.	[bug]		Fix a possible assertion failure on an error path in
+			resolver.c:fctx_query(), when using an uninitialized
+			link. [GL #4331]
+
 6254.	[cleanup]	Add semantic patch to do an explicit cast from char
 			to unsigned char in ctype.h class of functions.
 			[GL #4327]

lib/dns/resolver.c

@@ -2139,10 +2139,13 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo,
 	INSIST(ISC_LIST_EMPTY(fctx->validators));
 
 	query = isc_mem_get(fctx->mctx, sizeof(*query));
-	*query = (resquery_t){ .mctx = fctx->mctx,
-			       .options = options,
-			       .addrinfo = addrinfo,
-			       .dispatchmgr = res->dispatchmgr };
+	*query = (resquery_t){
+		.mctx = fctx->mctx,
+		.options = options,
+		.addrinfo = addrinfo,
+		.dispatchmgr = res->dispatchmgr,
+		.link = ISC_LINK_INITIALIZER,
+	};
 
 	isc_refcount_init(&query->references, 1);
 
@@ -2247,7 +2250,6 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo,
 	}
 
 	fctx_attach(fctx, &query->fctx);
-	ISC_LINK_INIT(query, link);
 	query->magic = QUERY_MAGIC;
 
 	if ((query->options & DNS_FETCHOPT_TCP) == 0) {
@@ -2291,6 +2293,13 @@ cleanup_udpfetch:
 		}
 	}
 
+	LOCK(&res->buckets[fctx->bucketnum].lock);
+	if (ISC_LINK_LINKED(query, link)) {
+		atomic_fetch_sub_release(&fctx->nqueries, 1);
+		ISC_LIST_UNLINK(fctx->queries, query, link);
+	}
+	UNLOCK(&res->buckets[fctx->bucketnum].lock);
+
 cleanup_dispatch:
 	fctx_detach(&query->fctx);
 
@@ -2299,13 +2308,6 @@ cleanup_dispatch:
 	}
 
 cleanup_query:
-	LOCK(&res->buckets[fctx->bucketnum].lock);
-	if (ISC_LINK_LINKED(query, link)) {
-		atomic_fetch_sub_release(&fctx->nqueries, 1);
-		ISC_LIST_UNLINK(fctx->queries, query, link);
-	}
-	UNLOCK(&res->buckets[fctx->bucketnum].lock);
-
 	query->magic = 0;
 	dns_message_detach(&query->rmessage);
 	isc_mem_put(fctx->mctx, query, sizeof(*query));