Fix a data access race in resolver. (!3575) · Merge requests · ISC Open Source Projects / BIND

Witold Krecicki requested to merge 1808-race-in-resolver-fetch into master May 21, 2020

We were passing client address to dns_resolver_createfetch as a pointer and it was saved as a pointer. The client (with its address) could be gone before the fetch is finished, and in a very odd scenario log_formerr would call isc_sockaddr_format() which first checks if the address family is valid (and at this point it still is), then the sockaddr is cleared, and then isc_netaddr_fromsockaddr is called which fails an assertion as the address family is now invalid.

Closes #1808 (closed), #1912 (closed)

Edited Jun 05, 2020 by Ondřej Surý

Fix a data access race in resolver.

Merge request reports