From 19feb28fa150048aca15d7cd3fe1a8ec023f276b Mon Sep 17 00:00:00 2001 From: Iwan Timmer Date: Mon, 13 Aug 2018 08:20:25 +0200 Subject: [PATCH] resolved: do not keep dns_server to dns_stream ref if tls connection failed (#9855) The references to the dns_server are now setup after the tls connection is setup. This ensures that the stream got fully stopped when the initial tls setup failed instead of having the unref being blocked by the reference to the stream by the server. Therefore on_stream_io would no longer be called with a half setup encrypted connection. Fixes the issue reported in #9838. --- src/resolve/resolved-dns-transaction.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c index db30997d04..fbc4735855 100644 --- a/src/resolve/resolved-dns-transaction.c +++ b/src/resolve/resolved-dns-transaction.c @@ -628,12 +628,6 @@ static int dns_transaction_emit_tcp(DnsTransaction *t) { fd = -1; - if (t->server) { - dns_stream_unref(t->server->stream); - t->server->stream = dns_stream_ref(s); - s->server = dns_server_ref(t->server); - } - #if ENABLE_DNS_OVER_TLS if (DNS_SERVER_FEATURE_LEVEL_IS_TLS(t->current_feature_level)) { assert(t->server); @@ -643,6 +637,12 @@ static int dns_transaction_emit_tcp(DnsTransaction *t) { } #endif + if (t->server) { + dns_stream_unref(t->server->stream); + t->server->stream = dns_stream_ref(s); + s->server = dns_server_ref(t->server); + } + s->complete = on_stream_complete; s->on_packet = dns_stream_on_packet;