Double detach of client->reqhandle lib/ns/update.c

Reported to us via Support Ticket #21126

Reported against BIND 9.16.23

In respond(), there's a double detach of client->reqhandle which was already detached at the end of ns_update_start(). Though this is unlikely to execute to crash in ISC BIND, the modified appliance uses use refactored code that crashes.

The following is the ISC BIND part of patch hunks to fix it:

diff --git a/bind9.16/lib/ns/update.c b/bind9.16/lib/ns/update.c
index 640f001e734..6ed23073349 100644
--- a/bind9.16/lib/ns/update.c
+++ b/bind9.16/lib/ns/update.c
@@ -2062,7 +2062,14 @@ msg_failure:
 		      "could not create update response message: %s",
 		      isc_result_totext(msg_result));
 	ns_client_drop(client, msg_result);
+#ifdef ORIGINAL_ISC_CODE
 	isc_nmhandle_detach(&client->reqhandle);
+#else
+	/*
+	 * The statement in the original ISC code is a double detach
+	 * that can cause an assertion failure.
+	 */
+#endif
 }

Edited Sep 01, 2022 by Ondřej Surý

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information