From 391fac1fc8d2e470287b5cc4344b3adb90c6f54a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Fri, 27 Apr 2018 09:13:26 +0200 Subject: [PATCH] Prevent check_stale_header() from leaking rdataset headers check_stale_header() fails to update the pointer to the previous header while processing rdataset headers eligible for serve-stale, thus enabling rdataset headers to be leaked (i.e. disassociated from a node and left on the relevant TTL heap) while iterating through a node. This can lead to several different assertion failures. Add the missing pointer update. --- lib/dns/rbtdb.c | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c index 64bd7a93bf..b64350c62d 100644 --- a/lib/dns/rbtdb.c +++ b/lib/dns/rbtdb.c @@ -4494,6 +4494,7 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header, */ if (KEEPSTALE(search->rbtdb) && stale > search->now) { header->attributes |= RDATASET_ATTR_STALE; + *header_prev = header; return ((search->options & DNS_DBFIND_STALEOK) == 0); }