Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rec: Copy the negative cache entry before validating it #9251

Merged
merged 2 commits into from
Jun 18, 2020
Merged

rec: Copy the negative cache entry before validating it #9251

merged 2 commits into from
Jun 18, 2020

Conversation

rgacogne
Copy link
Member

Short description

Otherwise, in the unlikely case that:

  • we need to go to the network in order to validate, for example to get a DNSKEY ;
  • the negative cache cleaning is run at that exact moment ;
  • and the entry we have a pointer to gets wiped during that cleanup

we might trigger a heap-based use-after-free (read), possibly leading to a crash if the memory has been reused already.

This PR is composed of a first commit doing exactly that, and only that. IMHO this is what we will want to backport to 4.3.x and 4.2.x to keep the change small.
The second commit basically reverts the change introduced in 4.2 (28364e4) to prevent a copy when retrieving entries from the negative cache. That seemed like a good idea at the time, but the resulting interface is too brittle. It requires not keeping the pointer around if there is any chance that we could yield by going to the network, which is hard to keep track of in the recursor.

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)

@rgacogne
rec: Copy the negative cache entry before validating it
f7d3511 
Otherwise, in the unlikely case that:
- we need to go to the network in order to validate, for example to
  get or a DNSKEY ;
- the negative cache cleaning is run at that exact moment ;
- and the entry we have a pointer to gets wiped during that cleanup

we might trigger a heap-based use-after-free (read), possibly leading
to a crash if the memory has been reused already.
@rgacogne
rec: Copy entries retrieved from the negative cache right away
33433a8 
The optimization of not copying the entry until we actually decide
to use it seemed nice, but the resulting interface is too brittle.
It requires not keeping the pointer around if there is any chance
that we could yield by going to the network, which is hard to keep
track of in the recursor.
@rgacogne rgacogne added this to the rec-4.4.0 milestone Jun 17, 2020
@rgacogne rgacogne requested a review from omoerbeek June 17, 2020 13:10
@rgacogne rgacogne merged commit bbde14c into PowerDNS:master Jun 18, 2020
@rgacogne rgacogne deleted the rec-copy-negcache-entry branch June 18, 2020 09:17
This was referenced Jun 19, 2020
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@omoerbeek omoerbeek omoerbeek approved these changes

Assignees
No one assigned
Labels
defect rec
Projects
None yet
Milestone
rec-4.4.0
Development

Successfully merging this pull request may close these issues.
2 participants
@rgacogne @omoerbeek