From e1c75d00b795315bdc904f1d97db7f75216236ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Witold=20Kr=C4=99cicki?= Date: Tue, 27 Oct 2020 10:09:30 +0100 Subject: [PATCH 1/2] Properly handle outer TCP connection closed in TCPDNS. If the connection is closed while we're processing the request we might access TCPDNS outerhandle which is already reset. Check for this condition and call the callback with ISC_R_CANCELED result. (cherry picked from commit c41ce8e0c94ba9cc6bf18d4bbbcc977af93afbf2) --- lib/isc/netmgr/tcpdns.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/lib/isc/netmgr/tcpdns.c b/lib/isc/netmgr/tcpdns.c index 6a20ea4c7c..63391273cb 100644 --- a/lib/isc/netmgr/tcpdns.c +++ b/lib/isc/netmgr/tcpdns.c @@ -596,9 +596,16 @@ isc__nm_tcpdns_send(isc_nmhandle_t *handle, isc_region_t *region, r.base = (unsigned char *)uvreq->uvbuf.base; r.length = uvreq->uvbuf.len; - - isc_nmhandle_attach(sock->outerhandle, &sendhandle); - isc_nm_send(sock->outerhandle, &r, tcpdnssend_cb, uvreq); + if (sock->outerhandle != NULL) { + isc_nmhandle_attach(sock->outerhandle, &sendhandle); + isc_nm_send(sock->outerhandle, &r, tcpdnssend_cb, + uvreq); + } else { + cb(handle, ISC_R_CANCELED, cbarg); + isc_mem_put(sock->mgr->mctx, uvreq->uvbuf.base, + uvreq->uvbuf.len); + isc__nm_uvreq_put(&uvreq, sock); + } } else { isc__netievent_tcpdnssend_t *ievent = NULL; From 0f1810efb26a2336661f875b06e7332a7d39e795 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Witold=20Kr=C4=99cicki?= Date: Tue, 27 Oct 2020 10:09:30 +0100 Subject: [PATCH 2/2] Add CHANGES and release note for GL #2227 (cherry picked from commit cd3117b747f10f3495da24d55074a94c3f2fe953) --- CHANGES | 2 ++ doc/notes/notes-current.rst | 3 +++ 2 files changed, 5 insertions(+) diff --git a/CHANGES b/CHANGES index bf15b5b567..39aee677a0 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,5 @@ +5522. [bug] Fix a race/NULL dereference in TCPDNS. [GL #2227] + 5520. [bug] Fixed a number of shutdown races, reference counting errors, and spurious log messages that could occur in the network manager. [GL #2221] diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index 6c6020625c..cd79407d20 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -41,3 +41,6 @@ Bug Fixes - Handle `UV_EOF` differently such that it is not treated as a `TCP4RecvErr` or `TCP6RecvErr`. [GL #2208] + +- ``named`` could crash with an assertion failure if a TCP connection is closed + while the request is still processing. [GL #2227]