upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-04-23 23:28:18 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

[master] use after free in resquery_destroy()

Browse source 
4102.	[bug]		Fix a use after free bug introduced in change
			#4094.  [RT #39281]
This commit is contained in:
Evan Hunt 2015-04-15 15:38:14 -07:00
parent fc3ed1dbda
commit c03fe78ef5
2 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
CHANGES
View file

@ -1,3 +1,6 @@
4102. [bug] Fix a use after free bug introduced in change
#4094. [RT #39281]
4101. [bug] dig: the +split and +rrcomments options didn't
work with +short. [RT #39291]

6
lib/dns/resolver.c
View file

@ -823,6 +823,7 @@ resquery_destroy(resquery_t **queryp) {
isc_boolean_t empty;
resquery_t *query;
fetchctx_t *fctx;
unsigned int bucket;
REQUIRE(queryp != NULL);
query = *queryp;
@ -832,12 +833,13 @@ resquery_destroy(resquery_t **queryp) {
fctx = query->fctx;
res = fctx->res;
bucket = fctx->bucketnum;
fctx->nqueries--;
LOCK(&res->buckets[fctx->bucketnum].lock);
LOCK(&res->buckets[bucket].lock);
empty = fctx_decreference(query->fctx);
UNLOCK(&res->buckets[fctx->bucketnum].lock);
UNLOCK(&res->buckets[bucket].lock);
query->magic = 0;
isc_mem_put(query->mctx, query, sizeof(*query));