Call isccc_ccmsg_invalidate() when shutting down the connection

Previously, the isccc_ccmsg_invalidate() was called from conn_free() and this could lead to netmgr calling control_recvmessage() after we detached the reading controlconnection_t reference, but it wouldn't be the last reference because controlconnection_t is also attached/detached when sending response or running command asynchronously. Instead, move the isccc_ccmsg_invalidate() call to control_recvmessage() error handling path to make sure that control_recvmessage() won't be ever called again from the netmgr.
2025-08-30 05:57:52 +00:00 · 2023-10-27 10:16:13 +02:00 · 2023-10-27 10:16:13 +02:00 · 2d2c249958
commit 2d2c249958
parent 07f569e2f6
1 changed files with 4 additions and 5 deletions
--- a/bin/named/controlconf.c
+++ b/bin/named/controlconf.c
@ -407,9 +407,7 @@ control_recvmessage(isc_nmhandle_t *handle ISC_ATTR_UNUSED, isc_result_t result,
 	isccc_time_t exp;
 	uint32_t nonce;

-	if (conn->shuttingdown) {
-		return;
-	}
+	INSIST(!conn->shuttingdown);

 	/* Is the server shutting down? */
 	if (listener->controls->shuttingdown) {
@ -539,6 +537,9 @@ control_recvmessage(isc_nmhandle_t *handle ISC_ATTR_UNUSED, isc_result_t result,
 	return;

 cleanup:
+	/* Make sure no read callbacks are called again */
+	isccc_ccmsg_invalidate(&conn->ccmsg);
+
 	conn->shuttingdown = true;

 	REQUIRE(isc_tid() == 0);
@ -564,8 +565,6 @@ conn_free(controlconnection_t *conn) {
 	}
 #endif /* ifdef ENABLE_AFL */

-	isccc_ccmsg_invalidate(&conn->ccmsg);
-
 	isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
 		      NAMED_LOGMODULE_CONTROL, ISC_LOG_DEBUG(3),
 		      "freeing control connection");