Merge ~paelzer/ubuntu/+source/bind9:bug-1797926-race-on-shutdown-bionic into ubuntu/+source/bind9:ubuntu/bionic-devel

Proposed by Christian Ehrhardt  on 2019-08-07
Status: Merged
Approved by: Christian Ehrhardt  on 2019-08-09
Approved revision: 6f105789e5c4461652e4bc6b0e8ae0b59a0d7c56
Merge reported by: Christian Ehrhardt 
Merged at revision: 6f105789e5c4461652e4bc6b0e8ae0b59a0d7c56
Proposed branch: ~paelzer/ubuntu/+source/bind9:bug-1797926-race-on-shutdown-bionic
Merge into: ubuntu/+source/bind9:ubuntu/bionic-devel
Diff against target: 71 lines (+49/-0)
3 files modified
debian/changelog (+7/-0)
debian/patches/fix-shutdown-race.diff (+41/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
Andreas Hasenack 2019-08-07 Approve on 2019-08-08
Canonical Server Team 2019-08-07 Pending
Ubuntu Server Dev import team 2019-08-07 Pending
Review via email: mp+371043@code.launchpad.net
To post a comment you must log in.
Christian Ehrhardt  (paelzer) wrote :

Continuation on https://code.launchpad.net/~paelzer/ubuntu/+source/bind9/+git/bind9/+merge/370942
which identified this extra fix for Xenial (other MP) and Bionic (this MP).

Part of the same PPA https://launchpad.net/~paelzer/+archive/ubuntu/bug-1833400-bind-crash

Christian Ehrhardt  (paelzer) wrote :

Added the SRU template for 1797926

Christian Ehrhardt  (paelzer) wrote :

Arr - forgot to set to "need's review".
Not it should be correctly visible ...

Andreas Hasenack (ahasenack) wrote :

The bug number in the 6f105789e5c4461652e4bc6b0e8ae0b59a0d7c56 commit message is wrong, but the contents of the commit are right.

+1

review: Approve
Christian Ehrhardt  (paelzer) wrote :

Fixed the commit message to avoid later confusion - thanks.

Christian Ehrhardt  (paelzer) wrote :

tagged and uploaded

Christian Ehrhardt  (paelzer) wrote :

This migrated, closing forgotten MP

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 53a969f..868b5cf 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,10 @@
6+bind9 (1:9.11.3+dfsg-1ubuntu1.9) bionic; urgency=medium
7+
8+ * d/p/fix-shutdown-race.diff: dig/host/nslookup could crash when interrupted
9+ close to a query timeout (LP: #1797926)
10+
11+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 07 Aug 2019 16:43:40 +0200
12+
13 bind9 (1:9.11.3+dfsg-1ubuntu1.8) bionic-security; urgency=medium
14
15 * SECURITY UPDATE: DoS via malformed packets
16diff --git a/debian/patches/fix-shutdown-race.diff b/debian/patches/fix-shutdown-race.diff
17new file mode 100644
18index 0000000..f10f51f
19--- /dev/null
20+++ b/debian/patches/fix-shutdown-race.diff
21@@ -0,0 +1,41 @@
22+From f2ca287330110993609fa0443d3bdb17629bd979 Mon Sep 17 00:00:00 2001
23+From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org>
24+Date: Tue, 13 Nov 2018 13:50:47 +0100
25+Subject: [PATCH 1/2] Fix a shutdown race in bin/dig/dighost.c
26+
27+If a tool using the routines defined in bin/dig/dighost.c is sent an
28+interruption signal around the time a connection timeout is scheduled to
29+fire, connect_timeout() may be executed after destroy_libs() detaches
30+from the global task (setting 'global_task' to NULL), which results in a
31+crash upon a UDP retry due to bringup_timer() attempting to create a
32+timer with 'task' set to NULL. Fix by preventing connect_timeout() from
33+attempting a retry when shutdown is in progress.
34+
35+(cherry picked from commit 462175659674a10c0d39c7c328f1a5324ce2e38b)
36+
37+Origin: https://gitlab.isc.org/isc-projects/bind9/merge_requests/1040/diffs
38+Bug: https://gitlab.isc.org/isc-projects/bind9/issues/599
39+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1797926
40+Last-Update: 2018-12-06
41+
42+---
43+ bin/dig/dighost.c | 5 +++++
44+ 1 file changed, 5 insertions(+)
45+diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
46+index 39abb9d0fd..17e0328228 100644
47+--- a/bin/dig/dighost.c
48++++ b/bin/dig/dighost.c
49+@@ -3240,6 +3240,11 @@ connect_timeout(isc_task_t *task, isc_event_t *event) {
50+
51+ INSIST(!free_now);
52+
53++ if (cancel_now) {
54++ UNLOCK_LOOKUP;
55++ return;
56++ }
57++
58+ if ((query != NULL) && (query->lookup->current_query != NULL) &&
59+ ISC_LINK_LINKED(query->lookup->current_query, link) &&
60+ (ISC_LIST_NEXT(query->lookup->current_query, link) != NULL)) {
61+--
62+2.18.1
63diff --git a/debian/patches/series b/debian/patches/series
64index 3230d61..bbf12e7 100644
65--- a/debian/patches/series
66+++ b/debian/patches/series
67@@ -22,3 +22,4 @@ CVE-2019-6465.patch
68 CVE-2018-5743.patch
69 CVE-2018-5743-atomic-fix.patch
70 CVE-2019-6471.patch
71+fix-shutdown-race.diff

Subscribers

People subscribed via source and target branches