From c41ce8e0c94ba9cc6bf18d4bbbcc977af93afbf2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Witold=20Kr=C4=99cicki?= Date: Tue, 27 Oct 2020 10:09:30 +0100 Subject: [PATCH 1/2] Properly handle outer TCP connection closed in TCPDNS. If the connection is closed while we're processing the request we might access TCPDNS outerhandle which is already reset. Check for this condition and call the callback with ISC_R_CANCELED result. --- lib/isc/netmgr/tcpdns.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/lib/isc/netmgr/tcpdns.c b/lib/isc/netmgr/tcpdns.c index 6a20ea4c7c..63391273cb 100644 --- a/lib/isc/netmgr/tcpdns.c +++ b/lib/isc/netmgr/tcpdns.c @@ -596,9 +596,16 @@ isc__nm_tcpdns_send(isc_nmhandle_t *handle, isc_region_t *region, r.base = (unsigned char *)uvreq->uvbuf.base; r.length = uvreq->uvbuf.len; - - isc_nmhandle_attach(sock->outerhandle, &sendhandle); - isc_nm_send(sock->outerhandle, &r, tcpdnssend_cb, uvreq); + if (sock->outerhandle != NULL) { + isc_nmhandle_attach(sock->outerhandle, &sendhandle); + isc_nm_send(sock->outerhandle, &r, tcpdnssend_cb, + uvreq); + } else { + cb(handle, ISC_R_CANCELED, cbarg); + isc_mem_put(sock->mgr->mctx, uvreq->uvbuf.base, + uvreq->uvbuf.len); + isc__nm_uvreq_put(&uvreq, sock); + } } else { isc__netievent_tcpdnssend_t *ievent = NULL; From cd3117b747f10f3495da24d55074a94c3f2fe953 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Witold=20Kr=C4=99cicki?= Date: Tue, 27 Oct 2020 10:09:30 +0100 Subject: [PATCH 2/2] Add CHANGES and release note for GL #2227 --- CHANGES | 2 ++ doc/notes/notes-current.rst | 3 +++ 2 files changed, 5 insertions(+) diff --git a/CHANGES b/CHANGES index d27d31f4c0..0d8505efe0 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,5 @@ +5522. [bug] Fix a race/NULL dereference in TCPDNS. [GL #2227] + 5521. [func] All use of libltdl was dropped. libuv's shared library handling interface is now used instead. [GL !4278] diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index 330d7c8a31..23f9d8da2c 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -41,3 +41,6 @@ Bug Fixes - Handle `UV_EOF` differently such that it is not treated as a `TCP4RecvErr` or `TCP6RecvErr`. [GL #2208] + +- ``named`` could crash with an assertion failure if a TCP connection is closed + while the request is still processing. [GL #2227]