Fix a race between resolver query timeout and validation (!6419) · Merge requests · ISC Open Source Projects / BIND

Arаm Sаrgsyаn requested to merge 3398-race-resolver-query-timeout-and-validation-v9_16 into v9_16 Jun 10, 2022

The resolver.c:validated() function unlinks the current validator from the fetch's validators list, which can leave it empty, then unlocks the bucket lock. If, by a chance, the fetch was timed out just before the validated() call, the final timeout callback running in parallel with validated() can find the fetch context with no active fetches and with an empty validators list and destroy it, which is unexpected for the validated() function and can lead to a crash.

Increase the fetch context's reference count in the beginning of validated() and decrease it when it finishes its work to avoid the unexpected destruction of the fetch context.

Closes #3398 (closed)

Edited Jul 01, 2022 by Arаm Sаrgsyаn

Fix a race between resolver query timeout and validation

Merge request reports