From 7265e335201cff82ce49ebfebf001deb6ba35bf4 Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Thu, 27 Nov 2025 15:00:26 +0000 Subject: [PATCH] Fix a bug where tlsctx_cache could be destroyed while still in use When named is being reconfigured, it detaches from the old 'isc_tlsctx_cache_t' TLS context cache object and creates a new one. This can cause an assertion failure within the resolver when the object is destroyed while still in use, because the resolver is using the object without getting attached to it. Add an attach/detach so that the 'isc_tlsctx_cache_t' doesn't get destroyed while still being in use. (cherry picked from commit ed7b08c0c478aa6a9a8b2061071b92333b93abaa) --- lib/dns/resolver.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c index ad48b24d02..fbe31c6b00 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -10083,6 +10083,8 @@ dns_resolver__destroy(dns_resolver_t *res) { isc_hashmap_destroy(&res->counters); isc_rwlock_destroy(&res->counters_lock); + isc_tlsctx_cache_detach(&res->tlsctx_cache); + if (res->dispatches4 != NULL) { dns_dispatchset_destroy(&res->dispatches4); } @@ -10160,7 +10162,6 @@ dns_resolver_create(dns_view_t *view, isc_loopmgr_t *loopmgr, isc_nm_t *nm, .rdclass = view->rdclass, .nm = nm, .options = options, - .tlsctx_cache = tlsctx_cache, .spillatmin = 10, .spillat = 10, .spillatmax = 100, @@ -10205,6 +10206,8 @@ dns_resolver_create(dns_view_t *view, isc_loopmgr_t *loopmgr, isc_nm_t *nm, res->nloops); } + isc_tlsctx_cache_attach(tlsctx_cache, &res->tlsctx_cache); + isc_mutex_init(&res->lock); isc_mutex_init(&res->primelock);