From c5e9423340dff77b2d3b79fcd4908708770a49c3 Mon Sep 17 00:00:00 2001 From: Mukund Sivaraman Date: Wed, 3 Dec 2014 16:04:28 +0530 Subject: [PATCH] Fix a dig segfault due to bad linked list usage [RT #37591] The crash (#37591) seems to happen because the query is taken out of lookup->q(query->link), and put on lookup->connecting(query->clink). The code checks query->link where it is detached (-1 in next pointer). However, there's no need to call send_tcp_connect() there as the queries are already connecting at that point. --- CHANGES | 3 +++ bin/dig/dighost.c | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index f2016cf782..d9d7872468 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +4016. [bug] Fix a dig segfault due to bad linked list usage. + [RT #37591] + 4015. [bug] Nameservers that are skipped due to them being CNAMEs were not being logged. They are now logged to category 'cname' as per BIND 8. [RT #37935] diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c index 568e798518..fc93802831 100644 --- a/bin/dig/dighost.c +++ b/bin/dig/dighost.c @@ -3242,7 +3242,8 @@ connect_done(isc_task_t *task, isc_event_t *event) { query->waiting_connect = ISC_FALSE; isc_event_free(&event); l = query->lookup; - if (l->current_query != NULL) + if ((l->current_query != NULL) && + (ISC_LINK_LINKED(l->current_query, link))) next = ISC_LIST_NEXT(l->current_query, link); else next = NULL;