Comment 21 for bug 1954854

Hi,

With Bryce's initial analysis in mind, I started digging to see what upstream has done to fix this problem. I could not find upstream bug reports similar to this one, but I did notice that they're being more careful when accessing some variables in the code mentioned above (things under lib/isc/netmgr/). For example, the following commit:

commit 634bdfb16d8f91ba411f43d0e871ff45cebe125e
Author: Ondřej Surý <email address hidden>
AuthorDate: Thu Nov 12 10:32:18 2020 +0100
Commit: Ondřej Surý <email address hidden>
CommitDate: Tue Dec 1 16:47:07 2020 +0100

    Refactor netmgr and add more unit tests

did a huge refactor in the code, including tightening the guards when accessing the "isc_nmsocket_t" structure:

 void
 isc__nm_tcp_send(isc_nmhandle_t *handle, isc_region_t *region, isc_nm_cb_t cb,
                 void *cbarg) {
+ REQUIRE(VALID_NMHANDLE(handle));
+ REQUIRE(VALID_NMSOCK(handle->sock));

Unfortunately, the aforementioned commit is too large to be safely backported to the Focal bind9 package (and even if it could be cleanly backported, I'd still be very reticent about SRU'ing it).

I decided to take a simpler approach and see how things go. I grepped for places that are accessing the "isc_nmsocket_t" structure and added guards to verify that it's valid. You can see the patch here: https://paste.ubuntu.com/p/xBW3J33SXZ/. I then prepared a bind9 package with this diff and uploaded it to a PPA:

https://launchpad.net/~sergiodj/+archive/ubuntu/bind9-1954854-segfault/+packages

@Michael, could you please give this a try and see if the bug still manifests? This would be a good first step before we can decide whether it makes sense to SRU this or not.

Thanks.