Skip to content

Reference counting error in RPZ when shutting down

A dns_rpz_unref_rpzs() call is missing when taking the goto unlock; path on shutdown (see the code below) to compensate for the earlier dns_rpz_ref_rpzs() call. Can be fixed by moving the dns_rpz_ref_rpzs() call after the shutdown check.

static void
dns__rpz_timer_cb(void *arg) {
	char domain[DNS_NAME_FORMATSIZE];
	isc_result_t result;
	dns_rpz_zone_t *rpz = (dns_rpz_zone_t *)arg;

	REQUIRE(DNS_RPZ_ZONE_VALID(rpz));
	REQUIRE(DNS_DB_VALID(rpz->db));
	REQUIRE(rpz->updb == NULL);
	REQUIRE(rpz->updbversion == NULL);

	dns_rpz_ref_rpzs(rpz->rpzs);

	LOCK(&rpz->rpzs->maint_lock);

	if (rpz->rpzs->shuttingdown) {
		goto unlock;
	}

	//... [skipped code]
	//... [skipped code]

unlock:
	UNLOCK(&rpz->rpzs->maint_lock);
}

Currently only v9.19 is affected, but v9.18 will also be affected once !7516 (merged) is merged, so I am setting both Affects v9.18 and Affects v9.19 labels.

Edited by Arаm Sаrgsyаn
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information