From ca528766d6685a3cd42a708fa6d996380f00664f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org>
Date: Tue, 23 Jul 2019 11:43:46 +0200
Subject: [PATCH] Restore locking in resume_dslookup()

Commit 9da902a201b6d0e1bdbac0af067a59bb0a489c9c removed locking around
the fctx_decreference() call inside resume_dslookup().  This allows
fctx_unlink() to be called without the bucket lock being held, which
must never happen.  Ensure the bucket lock is held by resume_dslookup()
before it calls fctx_decreference().
---
 lib/dns/resolver.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index c46abb5db3..939df18ea3 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -7186,7 +7186,9 @@ resume_dslookup(isc_task_t *task, isc_event_t *event) {
 	if (dns_rdataset_isassociated(&nameservers)) {
 		dns_rdataset_disassociate(&nameservers);
 	}
+	LOCK(&res->buckets[fctx->bucketnum].lock);
 	bucket_empty = fctx_decreference(fctx);
+	UNLOCK(&res->buckets[fctx->bucketnum].lock);
 	if (bucket_empty) {
 		empty_bucket(res);
 	}