upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: usr: Fix a possible deadlock in RPZ processing

Browse source 
The :iscman:`named` process could hang when processing a
maliciously crafted update for a response policy zone (RPZ).
This has been fixed.

Closes #5775

Merge branch '5775-rpz-del_name-deadlock-fix' into 'main'

See merge request isc-projects/bind9!11659
This commit is contained in:
Ondřej Surý 2026-03-14 13:43:13 +01:00
commit 5c8d64499e
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/dns/rpz.c
View file

@ -2272,7 +2272,8 @@ del_name(dns_rpz_zone_t *rpz, dns_rpz_type_t rpz_type,
result = dns_qp_getname(qp, trig_name, DNS_DBNAMESPACE_NORMAL,
(void **)&data, NULL);
if (result != ISC_R_SUCCESS) {
return;
INSIST(data == NULL);
goto done;
}
INSIST(data != NULL);
@ -2315,6 +2316,7 @@ del_name(dns_rpz_zone_t *rpz, dns_rpz_type_t rpz_type,
RWUNLOCK(&rpz->rpzs->search_lock, isc_rwlocktype_write);
}
done:
dns_qp_compact(qp, DNS_QPGC_MAYBE);
dns_qpmulti_commit(rpzs->table, &qp);
}