mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 06:25:31 +00:00
Code Issues Releases Wiki Activity

Fix UAF in ccmsg.c when reading stopped before sending

Browse Source 
When shutting down the whole server, the reading could stop and detach
from controlconnection before sending is done.  If send callback then
detaches from the last controlconnection handle, the ccmsg would be
invalidated after the send callback and thus we must not access ccmsg
after calling the send_cb().
This commit is contained in:
Ondřej Surý
2024-02-08 12:31:09 +01:00
parent 88a14985db
commit 315aa3135a
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/isccc/ccmsg.c
View File

@@ -150,11 +150,13 @@ ccmsg_senddone(isc_nmhandle_t *handle, isc_result_t eresult, void *arg) {
isccc_ccmsg_t *ccmsg = arg;
REQUIRE(VALID_CCMSG(ccmsg));
REQUIRE(ccmsg->send_cb != NULL);
INSIST(ccmsg->send_cb != NULL);
ccmsg->send_cb(handle, eresult, ccmsg->send_cbarg);
isc_nm_cb_t send_cb = ccmsg->send_cb;
ccmsg->send_cb = NULL;
send_cb(handle, eresult, ccmsg->send_cbarg);
isc_nmhandle_detach(&handle);
}