upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-03-14 22:53:34 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Properly handle ISC_R_SHUTTINGDOWN in resquery_response()

Browse source 
When resquery_response() was called with ISC_R_SHUTTINDOWN, the region
argument would be NULL, but rctx_respinit() would try to pass
region->base and region->len to the isc_buffer_init() leading to
a NULL pointer dereference.  Properly handle non-ISC_R_SUCCESS by
ignoring the provided region.

(cherry picked from commit 93259812dd)
This commit is contained in:
Ondřej Surý 2023-03-23 10:48:39 +01:00
parent 616920d4b2
commit 4bf253ffe1
No known key found for this signature in database
GPG key ID: 2820F37E873DEA41
1 changed files with 10 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
lib/dns/resolver.c
View file

@ -7696,7 +7696,9 @@ resquery_response(isc_result_t eresult, isc_region_t *region, void *arg) {
rctx_respinit(query, fctx, eresult, region, &rctx);
if (atomic_load_acquire(&fctx->res->exiting)) {
if (eresult == ISC_R_SHUTTINGDOWN ||
atomic_load_acquire(&fctx->res->exiting))
{
result = ISC_R_SHUTTINGDOWN;
FCTXTRACE("resolver shutting down");
rctx.finish = NULL;
@ -8080,8 +8082,13 @@ rctx_respinit(resquery_t *query, fetchctx_t *fctx, isc_result_t result,
.fctx = fctx,
.broken_type = badns_response,
.retryopts = query->options };
isc_buffer_init(&rctx->buffer, region->base, region->length);
isc_buffer_add(&rctx->buffer, region->length);
if (result == ISC_R_SUCCESS) {
REQUIRE(region != NULL);
isc_buffer_init(&rctx->buffer, region->base, region->length);
isc_buffer_add(&rctx->buffer, region->length);
} else {
isc_buffer_initnull(&rctx->buffer);
}
TIME_NOW(&rctx->tnow);
rctx->finish = &rctx->tnow;
rctx->now = (isc_stdtime_t)isc_time_seconds(&rctx->tnow);