From df3dbdff81b4ae2432e3602b593cffdda02ca8a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Witold=20Kr=C4=99cicki?= <wpk@isc.org>
Date: Tue, 3 Mar 2020 10:09:17 +0100
Subject: [PATCH] Destroy query in killoldestquery under a lock.

Fixes a race between ns_client_killoldestquery and ns_client_endrequest -
killoldestquery takes a client from `recursing` list while endrequest
destroys client object, then killoldestquery works on a destroyed client
object. Prevent it by holding reclist lock while cancelling query.
---
 lib/ns/client.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/lib/ns/client.c b/lib/ns/client.c
index 5a0a913efd..9900866c35 100644
--- a/lib/ns/client.c
+++ b/lib/ns/client.c
@@ -170,13 +170,11 @@ ns_client_killoldestquery(ns_client_t *client) {
 	oldest = ISC_LIST_HEAD(client->manager->recursing);
 	if (oldest != NULL) {
 		ISC_LIST_UNLINK(client->manager->recursing, oldest, rlink);
-		UNLOCK(&client->manager->reclock);
 		ns_query_cancel(oldest);
 		ns_stats_increment(client->sctx->nsstats,
 				   ns_statscounter_reclimitdropped);
-	} else {
-		UNLOCK(&client->manager->reclock);
 	}
+	UNLOCK(&client->manager->reclock);
 }
 
 void