powerel7
/
web
2
0
Fork 0
Code Issues Pull Requests Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
277 Commits
1 Branch
0 Tags
2.3 MiB
 
 
 
 
 
 
Tree: c276815695
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c276815695'
${ noResults }
web/SOURCES/bind99-CVE-2017-3145.patch

124 lines
3.7 KiB
Raw Blame History

From 4d73fed57703f561aefd545eda0f3f2c5e69a547 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Tue, 16 Jan 2018 09:50:45 +0100
Subject: [PATCH] 4858. [security] Addresses could be referenced after
being freed in resolver.c, causing an assertion failure.
(CVE-2017-3145) [RT #46839]
---
lib/dns/resolver.c | 37 +++++++++++++++++++++++--------------
1 file changed, 23 insertions(+), 14 deletions(-)
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 860a792..619646f 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -751,7 +751,7 @@ fctx_stoptimer(fetchctx_t *fctx) {
* cannot fail in that case.
*/
result = isc_timer_reset(fctx->timer, isc_timertype_inactive,
- NULL, NULL, ISC_TRUE);
+ NULL, NULL, ISC_TRUE);
if (result != ISC_R_SUCCESS) {
UNEXPECTED_ERROR(__FILE__, __LINE__,
"isc_timer_reset(): %s",
@@ -759,7 +759,6 @@ fctx_stoptimer(fetchctx_t *fctx) {
}
}
-
static inline isc_result_t
fctx_startidletimer(fetchctx_t *fctx, isc_interval_t *interval) {
/*
@@ -992,7 +991,8 @@ fctx_cleanupfinds(fetchctx_t *fctx) {
for (find = ISC_LIST_HEAD(fctx->finds);
find != NULL;
- find = next_find) {
+ find = next_find)
+ {
next_find = ISC_LIST_NEXT(find, publink);
ISC_LIST_UNLINK(fctx->finds, find, publink);
dns_adb_destroyfind(&find);
@@ -1008,7 +1008,8 @@ fctx_cleanupaltfinds(fetchctx_t *fctx) {
for (find = ISC_LIST_HEAD(fctx->altfinds);
find != NULL;
- find = next_find) {
+ find = next_find)
+ {
next_find = ISC_LIST_NEXT(find, publink);
ISC_LIST_UNLINK(fctx->altfinds, find, publink);
dns_adb_destroyfind(&find);
@@ -1024,7 +1025,8 @@ fctx_cleanupforwaddrs(fetchctx_t *fctx) {
for (addr = ISC_LIST_HEAD(fctx->forwaddrs);
addr != NULL;
- addr = next_addr) {
+ addr = next_addr)
+ {
next_addr = ISC_LIST_NEXT(addr, publink);
ISC_LIST_UNLINK(fctx->forwaddrs, addr, publink);
dns_adb_freeaddrinfo(fctx->adb, &addr);
@@ -1039,7 +1041,8 @@ fctx_cleanupaltaddrs(fetchctx_t *fctx) {
for (addr = ISC_LIST_HEAD(fctx->altaddrs);
addr != NULL;
- addr = next_addr) {
+ addr = next_addr)
+ {
next_addr = ISC_LIST_NEXT(addr, publink);
ISC_LIST_UNLINK(fctx->altaddrs, addr, publink);
dns_adb_freeaddrinfo(fctx->adb, &addr);
@@ -1047,14 +1050,18 @@ fctx_cleanupaltaddrs(fetchctx_t *fctx) {
}
static inline void
-fctx_stopeverything(fetchctx_t *fctx, isc_boolean_t no_response) {
- FCTXTRACE("stopeverything");
+fctx_stopqueries(fetchctx_t *fctx, isc_boolean_t no_response) {
+ FCTXTRACE("stopqueries");
fctx_cancelqueries(fctx, no_response);
+ fctx_stoptimer(fctx);
+}
+
+static inline void
+fctx_cleanupall(fetchctx_t *fctx) {
fctx_cleanupfinds(fctx);
fctx_cleanupaltfinds(fctx);
fctx_cleanupforwaddrs(fctx);
fctx_cleanupaltaddrs(fctx);
- fctx_stoptimer(fctx);
}
static inline void
@@ -1184,7 +1191,8 @@ fctx_done(fetchctx_t *fctx, isc_result_t result, int line) {
no_response = ISC_FALSE;
fctx->reason = NULL;
- fctx_stopeverything(fctx, no_response);
+
+ fctx_stopqueries(fctx, no_response);
LOCK(&res->buckets[fctx->bucketnum].lock);
@@ -3336,11 +3344,12 @@ fctx_doshutdown(isc_task_t *task, isc_event_t *event) {
dns_resolver_cancelfetch(fctx->nsfetch);
/*
- * Shut down anything that is still running on behalf of this
- * fetch. To avoid deadlock with the ADB, we must do this
- * before we lock the bucket lock.
+ * Shut down anything still running on behalf of this
+ * fetch, and clean up finds and addresses. To avoid deadlock
+ * with the ADB, we must do this before we lock the bucket lock.
*/
- fctx_stopeverything(fctx, ISC_FALSE);
+ fctx_stopqueries(fctx, ISC_FALSE);
+ fctx_cleanupall(fctx);
LOCK(&res->buckets[bucketnum].lock);
--
2.14.3