From d8a207bd00bee66bb8e6cec56048f3b501267e0d Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Thu, 13 Apr 2023 14:42:29 +0000 Subject: [PATCH 1/2] Fix a use-after-free bug in dns_xfrin_create() 'xfr' is used after detaching the only reference, which would have destroyed the object. Call dns_xfrin_detach() only after the final use of 'xfr'. --- lib/dns/xfrin.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c index 99190cc385..063423b665 100644 --- a/lib/dns/xfrin.c +++ b/lib/dns/xfrin.c @@ -723,6 +723,7 @@ dns_xfrin_create(dns_zone_t *zone, dns_rdatatype_t xfrtype, if (result != ISC_R_SUCCESS) { atomic_store(&xfr->shuttingdown, true); xfr->shutdown_result = result; + xfrin_log(xfr, ISC_LOG_ERROR, "zone transfer setup failed"); dns_xfrin_detach(xfrp); } @@ -730,10 +731,6 @@ dns_xfrin_create(dns_zone_t *zone, dns_rdatatype_t xfrtype, dns_db_detach(&db); } - if (result != ISC_R_SUCCESS) { - xfrin_log(xfr, ISC_LOG_ERROR, "zone transfer setup failed"); - } - return (result); } From bf8e93aee5263d404a5f6d117443e4ecea3408c9 Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Thu, 13 Apr 2023 14:46:32 +0000 Subject: [PATCH 2/2] Add a CHANGES note for [GL !7832] --- CHANGES | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGES b/CHANGES index f42ea42dac..d33339ec2d 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +6148. [bug] Fix a use-after-free bug in dns_xfrin_create(). + [GL !7832] + 6147. [performance] Fix the TCP server parent quota use. [GL #3985] 6146. [performance] Replace the zone table red-black tree and associated