From 4bf253ffe16a9efb6dcd7fb6e52a00a96583ffc1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Thu, 23 Mar 2023 10:48:39 +0100 Subject: [PATCH] Properly handle ISC_R_SHUTTINGDOWN in resquery_response() When resquery_response() was called with ISC_R_SHUTTINDOWN, the region argument would be NULL, but rctx_respinit() would try to pass region->base and region->len to the isc_buffer_init() leading to a NULL pointer dereference. Properly handle non-ISC_R_SUCCESS by ignoring the provided region. (cherry picked from commit 93259812ddcb8dbc38c2f494465c74715893cbb4) --- lib/dns/resolver.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c index 775ac72478..9545560bfa 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -7696,7 +7696,9 @@ resquery_response(isc_result_t eresult, isc_region_t *region, void *arg) { rctx_respinit(query, fctx, eresult, region, &rctx); - if (atomic_load_acquire(&fctx->res->exiting)) { + if (eresult == ISC_R_SHUTTINGDOWN || + atomic_load_acquire(&fctx->res->exiting)) + { result = ISC_R_SHUTTINGDOWN; FCTXTRACE("resolver shutting down"); rctx.finish = NULL; @@ -8080,8 +8082,13 @@ rctx_respinit(resquery_t *query, fetchctx_t *fctx, isc_result_t result, .fctx = fctx, .broken_type = badns_response, .retryopts = query->options }; - isc_buffer_init(&rctx->buffer, region->base, region->length); - isc_buffer_add(&rctx->buffer, region->length); + if (result == ISC_R_SUCCESS) { + REQUIRE(region != NULL); + isc_buffer_init(&rctx->buffer, region->base, region->length); + isc_buffer_add(&rctx->buffer, region->length); + } else { + isc_buffer_initnull(&rctx->buffer); + } TIME_NOW(&rctx->tnow); rctx->finish = &rctx->tnow; rctx->now = (isc_stdtime_t)isc_time_seconds(&rctx->tnow);