From 96a22451d766e1c4d3ec4882d55e598417e4e796 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@isc.org>
Date: Tue, 10 Mar 2026 10:19:42 +0100
Subject: [PATCH 1/3] Fix rwlock type mismatch in delete_ds() error path

The lock is acquired for reading but the error path from
dns_rdata_fromstruct() incorrectly unlocks it as a write lock.
---
 lib/dns/keytable.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/dns/keytable.c b/lib/dns/keytable.c
index 662570c749..c6f39302f9 100644
--- a/lib/dns/keytable.c
+++ b/lib/dns/keytable.c
@@ -240,7 +240,7 @@ delete_ds(dns_qp_t *qp, dns_keytable_t *keytable, dns_keynode_t *knode,
 	result = dns_rdata_fromstruct(&dsrdata, dns_rdataclass_in,
 				      dns_rdatatype_ds, ds, &b);
 	if (result != ISC_R_SUCCESS) {
-		RWUNLOCK(&knode->rwlock, isc_rwlocktype_write);
+		RWUNLOCK(&knode->rwlock, isc_rwlocktype_read);
 		return result;
 	}
 

From 5b1750f15fe9e5b7914419dab23bef1e7e72d13e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@isc.org>
Date: Tue, 10 Mar 2026 11:30:54 +0100
Subject: [PATCH 2/3] Fix missing mutex destroy and ede invalidate on
 fctx_create() error paths

The error cleanup in fctx_create() was missing isc_mutex_destroy() and
dns_ede_invalidate() calls. When error paths (cleanup_nameservers,
cleanup_fcount, cleanup_qmessage, cleanup_adb) were taken after the
mutex and edectx were initialized, the fctx memory was freed without
properly destroying these resources first.
---
 lib/dns/resolver.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 20763e612c..a708bd0f0b 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -5121,6 +5121,8 @@ cleanup_nameservers:
 		fetchctx_detach(&fctx->parent);
 	}
 
+	dns_ede_invalidate(&fctx->edectx);
+	isc_mutex_destroy(&fctx->lock);
 	dns_resolver_detach(&fctx->res);
 	isc_mem_putanddetach(&fctx->mctx, fctx, sizeof(*fctx));
 

From 5dc19a7d9254ea845a5572cb7e6d3c7cf1f02955 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@isc.org>
Date: Tue, 10 Mar 2026 10:21:04 +0100
Subject: [PATCH 3/3] Add missing isc_rwlock_destroy() for keylist_lock in
 dnssec-signzone

The keylist_lock rwlock is initialized at startup but never destroyed
on exit, unlike the sibling namelock mutex which is properly cleaned up.
---
 bin/dnssec/dnssec-signzone.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
index 27c0845c77..22b5e3edd6 100644
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@@ -3973,6 +3973,7 @@ main(int argc, char *argv[]) {
 			    &sign_finish);
 	}
 	isc_mutex_destroy(&namelock);
+	isc_rwlock_destroy(&keylist_lock);
 
 	return vresult == ISC_R_SUCCESS ? 0 : 1;
 }