Do not destroy IXFR journal in xfrin_end() (!8602) · Merge requests · ISC Open Source Projects / BIND

Michał Kępień requested to merge 4496-do-not-destroy-ixfr-journal-in-xfrin_end into main Dec 20, 2023

The xfrin_end() function is run when a zone transfer is finished or canceled. One of the actions it takes for incremental transfers (IXFR) is calling dns_journal_destroy() on the zone journal structure that is stored in the relevant zone transfer context (xfr->ixfr.journal). That immediately invalidates that structure as it is not reference-counted. However, since the changes present in the IXFR stream are applied to the journal asynchronously (via isc_work_enqueue()), it is possible that some zone changes may still be in the process of being written to the journal by the time xfrin_end() destroys the relevant structure. Such a scenario leads to crashes.

Fix by not destroying the zone journal structure until the entire zone transfer context is destroyed. xfrin_destroy() already conditionally calls dns_journal_destroy() and when the former is called, all asynchronous work for a given zone transfer process is guaranteed to be complete.

Closes #4496 (closed)

Do not destroy IXFR journal in xfrin_end()

Merge request reports