upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-13 19:30:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

3425. [bug] "acacheentry" reference counting was broken resulting

Browse source 
in use after free. [RT #31908]
This commit is contained in:
Mark Andrews 2012-11-27 16:03:36 +11:00
parent a9cf59c7cb
commit cecbe5bc42
2 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
CHANGES
View file

@ -1,3 +1,6 @@
3425. [bug] "acacheentry" reference counting was broken resulting
in use after free. [RT #31908]
3421. [bug] Named loops when re-signing if all keys are offline.
[RT #31916]

4
lib/dns/rbtdb.c
View file

@ -8380,11 +8380,10 @@ acache_callback(dns_acacheentry_t *entry, void **arg) {
INSIST(acarray[count].cbarg == cbarg);
isc_mem_put(rbtdb->common.mctx, cbarg, sizeof(acache_cbarg_t));
acarray[count].cbarg = NULL;
dns_acache_detachentry(&entry);
} else
isc_mem_put(rbtdb->common.mctx, cbarg, sizeof(acache_cbarg_t));
dns_acache_detachentry(&entry);
NODE_UNLOCK(nodelock, isc_rwlocktype_write);
dns_db_detachnode((dns_db_t *)rbtdb, (dns_dbnode_t **)(void*)&rbtnode);
@ -8460,6 +8459,7 @@ rdataset_setadditional(dns_rdataset_t *rdataset, dns_rdatasetadditional_t type,
acache_callback, newcbarg, &newentry);
if (result != ISC_R_SUCCESS)
goto fail;
/* Set cache data in the new entry. */
result = dns_acache_setentry(acache, newentry, zone, db,
version, node, fname);