Crash during reconfig in ns_interface_create()
Reported to us via Support Ticket #21126
Reported against BIND 9.16.23
In ns_interface_create(), there's insufficient cleanup upon failure.
The following is the patch committed to fix it:
diff --git a/bind9.16/lib/ns/interfacemgr.c b/bind9.16/lib/ns/interfacemgr.c
index 7006e7c478b..0e1cc71560d 100644
--- a/bind9.16/lib/ns/interfacemgr.c
+++ b/bind9.16/lib/ns/interfacemgr.c
@@ -448,6 +448,15 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
return (ISC_R_SUCCESS);
failure:
+#ifdef ORIGINAL_ISC_CODE
+#else
+ LOCK(&ifp->mgr->lock);
+ ISC_LIST_UNLINK(ifp->mgr->interfaces, ifp, link);
+ UNLOCK(&ifp->mgr->lock);
+ ns_interfacemgr_detach(&ifp->mgr);
+ isc_refcount_decrementz(&ifp->references);
+ isc_refcount_destroy(&ifp->references);
+#endif
isc_mutex_destroy(&ifp->lock);
ifp->magic = 0;Edited by Ondřej Surý