upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Fix #1394: mix of serve-expired and response-ip could cause a crash.

Browse source 
git-svn-id: file:///svn/unbound/trunk@4289 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2017-08-03 07:13:12 +00:00
parent ff6a1cee12
commit 4f9236ae55
2 changed files with 19 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
daemon/worker.c
View file

@ -1355,6 +1355,10 @@ lookup_cache:
lock_rw_unlock(&e->lock); lock_rw_unlock(&e->lock);
regional_free_all(worker->scratchpad); regional_free_all(worker->scratchpad);
goto send_reply; goto send_reply;
} else {
/* Note that we've already released the
* lock if we're here after prefetch. */
lock_rw_unlock(&e->lock);
} }
/* We've found a partial reply ending with an /* We've found a partial reply ending with an
* alias. Replace the lookup qinfo for the * alias. Replace the lookup qinfo for the
@ -1362,7 +1366,6 @@ lookup_cache:
* (possibly) complete the reply. As we're * (possibly) complete the reply. As we're
* passing the "base" reply, there will be no * passing the "base" reply, there will be no
* more alias chasing. */ * more alias chasing. */
lock_rw_unlock(&e->lock);
memset(&qinfo_tmp, 0, sizeof(qinfo_tmp)); memset(&qinfo_tmp, 0, sizeof(qinfo_tmp));
get_cname_target(alias_rrset, &qinfo_tmp.qname, get_cname_target(alias_rrset, &qinfo_tmp.qname,
&qinfo_tmp.qname_len); &qinfo_tmp.qname_len);
@ -1669,7 +1672,17 @@ worker_init(struct worker* worker, struct config_file *cfg,
worker->env.send_query = &worker_send_query; worker->env.send_query = &worker_send_query;
worker->env.alloc = &worker->alloc; worker->env.alloc = &worker->alloc;
worker->env.rnd = worker->rndstate; worker->env.rnd = worker->rndstate;
worker->env.scratch = worker->scratchpad; /* If case prefetch is triggered, the corresponding mesh will clear
* the scratchpad for the module env in the middle of request handling.
* It would be prone to a use-after-free kind of bug, so we avoid
* sharing it with worker's own scratchpad at the cost of having
* one more pad per worker. */
worker->env.scratch = regional_create_custom(cfg->msg_buffer_size);
if(!worker->env.scratch) {
log_err("malloc failure");
worker_delete(worker);
return 0;
}
worker->env.mesh = mesh_create(&worker->daemon->mods, &worker->env); worker->env.mesh = mesh_create(&worker->daemon->mods, &worker->env);
worker->env.detach_subs = &mesh_detach_subs; worker->env.detach_subs = &mesh_detach_subs;
worker->env.attach_sub = &mesh_attach_sub; worker->env.attach_sub = &mesh_attach_sub;
@ -1758,6 +1771,7 @@ worker_delete(struct worker* worker)
comm_base_delete(worker->base); comm_base_delete(worker->base);
ub_randfree(worker->rndstate); ub_randfree(worker->rndstate);
alloc_clear(&worker->alloc); alloc_clear(&worker->alloc);
regional_destroy(worker->env.scratch);
regional_destroy(worker->scratchpad); regional_destroy(worker->scratchpad);
free(worker); free(worker);
} }

3
doc/Changelog
View file

@ -1,3 +1,6 @@
3 August 2017: Wouter
- Fix #1394: mix of serve-expired and response-ip could cause a crash.
24 July 2017: Wouter 24 July 2017: Wouter
- upgrade aclocal(pkg.m4 0.29.1), config.guess(2016-10-02), - upgrade aclocal(pkg.m4 0.29.1), config.guess(2016-10-02),
config.sub(2016-09-05). config.sub(2016-09-05).