Fix an interfacemgr use-after-free error in zoneconf.c:isself() (!7962) · Merge requests · ISC Open Source Projects / BIND

Arаm Sаrgsyаn requested to merge 3765-interfacemgr-use-after-afree-on-shutdown into main May 24, 2023

The 'named_g_server->interfacemgr' pointer is saved in the zone structure using dns_zone_setisself(), as a void* argument to be passed to the isself() callback, so there is no attach/detach, and when shutting down, the interface manager can be destroyed by the shutdown_server(), running in exclusive mode, and causing isself() to crash when trying to use the pointer.

Instead of keeping the interface manager pointer in the zone structure, just check and use the 'named_g_server->interfacemgr' itself, as it was implemented originally in the 3aca8e5b commit. Later, in the 8eb88aaf commit, the code was changed to pass the interface manager pointer using the additional void* argument, but the commit message doesn't mention if there was any practical reason for that.

Additionally, don't pass the interfacemgr pointer to the ns_interfacemgr_getaclenv() function before it is checked against NULL.

Closes #3765 (closed)

Fix an interfacemgr use-after-free error in zoneconf.c:isself()

Merge request reports