Commit Diff
Diff:
518aa971b285deb7dc15454a7270a832a041ca7f
0876915152e50ed41aa39bd49466b8cf7c333f96
Commit:
0876915152e50ed41aa39bd49466b8cf7c333f96
Tree:
e39fdc1984bace6526681ba5660f808181d5aa5e
Author:
pbug <pbug@delphinusdns.org>
Committer:
pbug <pbug@delphinusdns.org>
Date:
Sun Oct 3 14:41:34 2010 UTC
Message:
* fix a double free problem tested on openbsd
blob - e962f68c47f8c57bd5d92c219fdd59208d38cb80
blob + 0f83f8d72dbdf6669aec5009011e3751d139b015
--- recurse.c
+++ recurse.c
@@ -85,7 +85,7 @@ struct recurseentry {
} *rn1, *rn2, *rnp;
-static const char rcsid[] = "$Id: recurse.c,v 1.26 2010/09/30 09:12:32 pbug Exp $";
+static const char rcsid[] = "$Id: recurse.c,v 1.27 2010/10/03 14:41:34 pbug Exp $";
/*
* INIT_RECURSE - initialize the recurse singly linked list
@@ -267,16 +267,24 @@ recurseloop(int sp, int *raw, DB *db)
* that have timed out (> 10 seconds)
*/
if (difftime(time(NULL), sr1->received) >= 30) {
- syslog(LOG_DEBUG, "removing recurses struct");
- SLIST_REMOVE(&recurseshead, sr1, recurses, entries);
- if (sr1->so != -1) {
- if (close(sr1->so) < 0)
- syslog(LOG_ERR, "close: %m");
- sr1->so = -1;
- }
+ /* only remove if we don't have any callbacks
+ * outstanding...
+ */
+ if (! sr1->hascallback) {
+ syslog(LOG_DEBUG, "removing recurses struct");
+ SLIST_REMOVE(&recurseshead, sr1, recurses, entries);
+ if (sr1->so != -1) {
+ if (close(sr1->so) < 0)
+ syslog(LOG_ERR, "close: %m");
+ sr1->so = -1;
+ }
+
+ if (sr1->callback)
+ sr1->callback->hascallback--;
- free_question(sr1->question);
- free(sr1);
+ free_question(sr1->question);
+ free(sr1);
+ }
}
}
FD_ZERO(&rset);
@@ -1205,8 +1213,7 @@ again:
inet_ntop(AF_INET, p, abuf, sizeof(abuf));
syslog(LOG_DEBUG, "updateing zone %s with address %s ttl= %u, lookrecord = %s", converted_name[i], abuf, sdomain.ttl, sr->lookrecord);
}
- } else
- free(sdomain.zone);
+ }
p += sizeof(in_addr_t);
if (pointer > 2) {
@@ -1275,8 +1282,7 @@ again:
inet_ntop(AF_INET6, p, abuf, sizeof(abuf));
syslog(LOG_DEBUG, "updateing zone %s with address %s ttl= %u\n", converted_name[i], abuf, sdomain.ttl);
}
- } else
- free(sdomain.zone);
+ }
if (pointer > 2) {
syslog(LOG_ERR, "there is more records than indicated in the header!!!");
@@ -1355,7 +1361,6 @@ again:
ns.nslen = cn_len[i];
fakerecurse(db, sr, &ns, DNS_TYPE_A);
- free(sdomain.zone);
rrcount[pointer]--;
if (rrcount[pointer] == 0)
pointer++;
repomaster@centroid.eu