upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-07 07:19:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

- Fix to use assertions for consistency checks in #1309 reclaimed

Browse source
This commit is contained in:
W.C.A. Wijngaards 2025-08-05 16:20:01 +02:00
parent da6b735ed9
commit 3d7e847a5e
2 changed files with 14 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
doc/Changelog
View file

@ -1,6 +1,8 @@
5 August 2025: Wouter
- Fix #1309: incorrectly reclaimed tcp handler can cause data
corruption and segfault.
- Fix to use assertions for consistency checks in #1309 reclaimed
tcp handlers.
1 August 2025: Wouter
- Fix testbound test program to accurately output packets from hex.

28
util/netevent.c
View file

@ -3218,10 +3218,9 @@ comm_point_tcp_accept_callback(int fd, short event, void* arg)
}
/* accept incoming connection. */
c_hdl = c->tcp_free;
if(!c_hdl->is_in_tcp_free) {
/* Should not happen */
fatal_exit("inconsistent tcp_free state in accept_callback");
}
/* Should not happen: inconsistent tcp_free state in
* accept_callback. */
log_assert(c_hdl->is_in_tcp_free);
/* clear leftover flags from previous use, and then set the
* correct event base for the event structure for libevent */
ub_event_free(c_hdl->ev->ev);
@ -3297,10 +3296,9 @@ comm_point_tcp_accept_callback(int fd, short event, void* arg)
}
/* Paranoia: Check that the state has not changed from above: */
if(c_hdl != c->tcp_free || !c_hdl->is_in_tcp_free) {
/* Should not happen */
fatal_exit("tcp_free state changed within accept_callback!");
}
/* Should not happen: tcp_free state changed within accept_callback. */
log_assert(c_hdl == c->tcp_free);
log_assert(c_hdl->is_in_tcp_free);
/* grab the tcp handler buffers */
c->cur_tcp_count++;
c->tcp_free = c_hdl->tcp_free;
@ -3327,10 +3325,9 @@ reclaim_tcp_handler(struct comm_point* c)
}
comm_point_close(c);
if(c->tcp_parent && !c->is_in_tcp_free) {
if(c->tcp_free || c->tcp_parent->cur_tcp_count <= 0) {
/* Should not happen */
fatal_exit("bad tcp_free state in reclaim_tcp");
}
/* Should not happen: bad tcp_free state in reclaim_tcp. */
log_assert(c->tcp_free == NULL);
log_assert(c->tcp_parent->cur_tcp_count > 0);
c->tcp_parent->cur_tcp_count--;
c->tcp_free = c->tcp_parent->tcp_free;
c->tcp_parent->tcp_free = c;
@ -4721,10 +4718,9 @@ reclaim_http_handler(struct comm_point* c)
}
comm_point_close(c);
if(c->tcp_parent && !c->is_in_tcp_free) {
if(c->tcp_free || c->tcp_parent->cur_tcp_count <= 0) {
/* Should not happen */
fatal_exit("bad tcp_free state in reclaim_http");
}
/* Should not happen: bad tcp_free state in reclaim_http. */
log_assert(c->tcp_free == NULL);
log_assert(c->tcp_parent->cur_tcp_count > 0);
c->tcp_parent->cur_tcp_count--;
c->tcp_free = c->tcp_parent->tcp_free;
c->tcp_parent->tcp_free = c;