diff options
| author |  Jarred Sumner <709451+Jarred-Sumner@users.noreply.github.com>
| 2023-01-09 08:21:05 -0800 |
|---|---|---|
| committer | Jarred Sumner <709451+Jarred-Sumner@users.noreply.github.com>
| 2023-01-09 08:21:05 -0800 |
| commit | 5d60aae3b3ba39fc1d48469d46161f53cfcb37e4 (patch) | |
| tree | fadb26f7e21a3b08ca51543b7ea1d0d27681fe1e /src/bun.js | |
| parent | 2392e48e9da65dbecdfa9b16446c739c7618e5a1 (diff) | |
| download | bun-5d60aae3b3ba39fc1d48469d46161f53cfcb37e4.tar.gz bun-5d60aae3b3ba39fc1d48469d46161f53cfcb37e4.tar.zst bun-5d60aae3b3ba39fc1d48469d46161f53cfcb37e4.zip | |
[dns] Fix UAF
Diffstat (limited to 'src/bun.js')
| -rw-r--r-- | src/bun.js/api/bun/dns_resolver.zig | 42 |
1 files changed, 27 insertions, 15 deletions
diff --git a/src/bun.js/api/bun/dns_resolver.zig b/src/bun.js/api/bun/dns_resolver.zig index f376151ad..9cd7f6118 100644 --- a/src/bun.js/api/bun/dns_resolver.zig +++ b/src/bun.js/api/bun/dns_resolver.zig @@ -749,7 +749,7 @@ pub const GetAddrInfoRequest = struct { this.* = .{ .err = @enumToInt(err) }; return; } - + // do not free addrinfo when err != 0 // https://github.com/ziglang/zig/pull/14242 defer std.c.freeaddrinfo(addrinfo); @@ -1004,10 +1004,13 @@ pub const DNSResolver = struct { array = addr.toJSArray(this.vm.allocator, new_global); prev_global = new_global; } - array.ensureStillAlive(); - value.onCompleteWithArray(array); - array.ensureStillAlive(); pending = value.next; + + { + array.ensureStillAlive(); + value.onCompleteWithArray(array); + array.ensureStillAlive(); + } } } @@ -1035,22 +1038,29 @@ pub const DNSResolver = struct { }; var pending: ?*DNSLookup = key.lookup.head.next; var prev_global = key.lookup.head.globalThis; - array.ensureStillAlive(); - key.lookup.head.onCompleteWithArray(array); - bun.default_allocator.destroy(key.lookup); - array.ensureStillAlive(); + + { + array.ensureStillAlive(); + key.lookup.head.onCompleteWithArray(array); + bun.default_allocator.destroy(key.lookup); + array.ensureStillAlive(); + } + // std.c.addrinfo while (pending) |value| { var new_global = value.globalThis; + pending = value.next; if (prev_global != new_global) { array = result.toJS(new_global).?; prev_global = new_global; } - array.ensureStillAlive(); - value.onCompleteWithArray(array); - array.ensureStillAlive(); - pending = value.next; + + { + array.ensureStillAlive(); + value.onCompleteWithArray(array); + array.ensureStillAlive(); + } } } @@ -1066,9 +1076,11 @@ pub const DNSResolver = struct { comptime field: std.meta.FieldEnum(DNSResolver), ) CacheHit { var cache: *PendingCache = &@field(this, @tagName(field)); - var inflight_iter = cache.available.iterator(.{ - .kind = .unset, - }); + var inflight_iter = cache.available.iterator( + .{ + .kind = .unset, + }, + ); while (inflight_iter.next()) |index| { var entry: *GetAddrInfoRequest.PendingCacheKey = &cache.buffer[index]; |