upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix a bug where tlsctx_cache could be destroyed while still in use

Browse source 
When named is being reconfigured, it detaches from the old
'isc_tlsctx_cache_t' TLS context cache object and creates a
new one. This can cause an assertion failure within the
resolver when the object is destroyed while still in use,
because the resolver is using the object without getting
attached to it.

Add an attach/detach so that the 'isc_tlsctx_cache_t' doesn't
get destroyed while still being in use.
This commit is contained in:
Aram Sargsyan 2025-11-27 15:00:26 +00:00 committed by Arаm Sаrgsyаn
parent 908b7c1f34
commit ed7b08c0c4
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
lib/dns/resolver.c
View file

@ -9737,6 +9737,8 @@ dns_resolver__destroy(dns_resolver_t *res) {
isc_hashmap_destroy(&res->counters);
isc_rwlock_destroy(&res->counters_lock);
isc_tlsctx_cache_detach(&res->tlsctx_cache);
if (res->dispatches4 != NULL) {
dns_dispatchset_destroy(&res->dispatches4);
}
@ -9812,7 +9814,6 @@ dns_resolver_create(dns_view_t *view, unsigned int options,
*res = (dns_resolver_t){
.rdclass = view->rdclass,
.options = options,
.tlsctx_cache = tlsctx_cache,
.spillatmin = 10,
.spillat = 10,
.spillatmax = 100,
@ -9859,6 +9860,8 @@ dns_resolver_create(dns_view_t *view, unsigned int options,
res->nloops);
}
isc_tlsctx_cache_attach(tlsctx_cache, &res->tlsctx_cache);
isc_mutex_init(&res->lock);
isc_mutex_init(&res->primelock);