mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 05:28:00 +00:00
Code Issues Releases Wiki Activity

DiG: fix lookup reference counting bug

Browse Source 
When DiG finishes its work with a lookup (due to success or error), it
calls the clear_current_lookup() function, which decreases the lookup's
reference count. That decrease action is the counterpart of the initial
creation of the reference counter, so this function was designed in such
a way that it should decrease the reference count only once, when there
are no more active queries in the lookup.

The way it checks whether there are any active queries is by looking
at the queries list of the lookup object - if it's NULL then there are
no active queries. But that is not always true - the cancel_lookup()
function, when canceling the queries one by one, also removes them
from the lookup's list, but in NSSEARCH mode, when the queries are
working in parallel, some of those queries can be still active. And
when their recv_done() callback gets called, it sees that the lookup
has been canceled, calls clear_current_lookup(), which decreases the
reference count every time for each query that was still active
(because ISC_LIST_HEAD(lookup->q) is NULL) and results in a reference
counting error.

Fix the issue by introducing a new "cleared" property for the lookup,
which will ensure that the clear_current_lookup() function does its
job only once per lookup.
This commit is contained in:
Aram Sargsyan 2022-08-03 22:21:46 +00:00
parent cd4a536a69
commit d7e5c23a81
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
bin/dig/dighost.c
View File

@ -1824,11 +1824,19 @@ clear_current_lookup(void) {
return;
}
if (lookup->cleared) {
debug("current_lookup is already cleared");
return;
}
if (ISC_LIST_HEAD(lookup->q) != NULL) {
debug("still have a worker");
return;
}
lookup->cleared = true;
debug("lookup cleared");
lookup_detach(&lookup);
}

2
bin/dig/dighost.h
View File

@ -105,7 +105,7 @@ typedef struct dig_searchlist dig_searchlist_t;
struct dig_lookup {
unsigned int magic;
isc_refcount_t references;
bool aaonly, adflag, badcookie, besteffort, cdflag, comments,
bool aaonly, adflag, badcookie, besteffort, cdflag, cleared, comments,
dns64prefix, dnssec, doing_xfr, done_as_is, ednsneg, expandaaaa,
expire, header_only, identify, /*%< Append an "on server <foo>"
message */