From 6c26ede8edcb700caca12c501c6c129801989526 Mon Sep 17 00:00:00 2001

From: Mark Andrews <marka@isc.org>

Date: Fri, 23 Feb 2024 10:12:47 +1100

Subject: [PATCH] Do not use header_prev in expire_lru_headers

dns__cacherbt_expireheader can unlink / free header_prev underneath

it.  Use ISC_LIST_TAIL after calling dns__cacherbt_expireheader

instead to get the next pointer to be processed.

(cherry picked from commit 7ce2e86024f022decb2678963538515ca39ab4ab)

(cherry picked from commit f88f21b7d890eb80097f4bd434fedb29c2f9ff63)

---

 lib/dns/rbtdb.c | 8 ++++----

 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c

index e61cb21..4171039 100644

--- a/lib/dns/rbtdb.c

+++ b/lib/dns/rbtdb.c

@@ -10358,19 +10358,19 @@ update_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header,

 static size_t

 expire_lru_headers(dns_rbtdb_t *rbtdb, unsigned int locknum, size_t purgesize,

 		   isc_boolean_t tree_locked) {

-	rdatasetheader_t *header, *header_prev;

+	rdatasetheader_t *header;

 	size_t purged = 0;

 	for (header = ISC_LIST_TAIL(rbtdb->rdatasets[locknum]);

-	     header != NULL && purged <= purgesize; header = header_prev)

+	     header != NULL && purged <= purgesize;

+	     header = ISC_LIST_TAIL(rbtdb->rdatasets[locknum]))

 	{

-		header_prev = ISC_LIST_PREV(header, link);

 		/*

 		 * Unlink the entry at this point to avoid checking it

 		 * again even if it's currently used someone else and

 		 * cannot be purged at this moment.  This entry won't be

 		 * referenced any more (so unlinking is safe) since the

-		 * TTL was reset to 0.

+		 * TTL will be reset to 0.

 		 */

 		ISC_LIST_UNLINK(rbtdb->rdatasets[locknum], header, link);

 		size_t header_size = rdataset_size(header);

-- 

2.44.0