From 289c1d33ee553cb75dc03318d46d45d33ccd9d24 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Thu, 13 Jan 2022 11:18:27 -0800 Subject: [PATCH] rndc: sync ISC_R_CANCELED handling in callbacks rndc_recvdone() is not treating the ISC_R_CANCELED result code as a request to stop data processing, which may cause a crash when trying to dereference ccmsg->buffer. Fix by ensuring ISC_R_CANCELED results in an early exit from rndc_recvdone(). Make sure the logic for handling ISC_R_CANCELED in rndc_recvnonce() matches the one present in rndc_recvdone() to ensure consistent behavior between these two sibling functions. --- bin/rndc/rndc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c index d31316be83..c6e3212f68 100644 --- a/bin/rndc/rndc.c +++ b/bin/rndc/rndc.c @@ -316,7 +316,7 @@ static void rndc_recvdone(isc_nmhandle_t *handle, isc_result_t result, void *arg) { isccc_ccmsg_t *ccmsg = (isccc_ccmsg_t *)arg; isccc_sexpr_t *response = NULL; - isccc_sexpr_t *data; + isccc_sexpr_t *data = NULL; isccc_region_t source; char *errormsg = NULL; char *textmsg = NULL; @@ -339,7 +339,7 @@ rndc_recvdone(isc_nmhandle_t *handle, isc_result_t result, void *arg) { "* the clocks are not synchronized,\n" "* the key signing algorithm is incorrect,\n" "* or the key is invalid."); - } else if (result != ISC_R_SUCCESS && result != ISC_R_CANCELED) { + } else if (result != ISC_R_SUCCESS) { fatal("recv failed: %s", isc_result_totext(result)); } @@ -414,7 +414,7 @@ rndc_recvnonce(isc_nmhandle_t *handle, isc_result_t result, void *arg) { REQUIRE(ccmsg != NULL); - if (shuttingdown && result == ISC_R_EOF) { + if (shuttingdown && (result == ISC_R_EOF || result == ISC_R_CANCELED)) { atomic_fetch_sub_release(&recvs, 1); if (handle != NULL) { REQUIRE(recvnonce_handle == handle);