systemd/backport-resolve-fix-potential-memleak-and-use-after-free.patch

From 8baf04a6588bd392f606a3d55b0711cdd00b4b80 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sat, 5 Feb 2022 21:37:01 +0900
Subject: [PATCH] resolve: fix potential memleak and use-after-free

When stub stream is closed early, then queries associated to the stream
are freed. Previously, the timer event source for queries may not be
disabled, hence may be triggered with already freed query.
See also dns_stub_stream_complete().

Note that we usually not set NULL or zero when freeing simple objects.
But, here DnsQuery is large and complicated object, and the element may
be referenced in subsequent freeing process in the future. Hence, for
safety, let's set NULL to the pointer.

(cherry picked from commit 73bfd7be042cc63e7649242b377ad494bf74ea4b)
(cherry picked from commit d82bd80cf4e7659906a502735b20a45964b55a88)

Conflict:NA
Reference:https://github.com/systemd/systemd/commit/8baf04a6588bd392f606a3d55b0711cdd00b4b80
---
 src/resolve/resolved-dns-query.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c
index 7f341986d9..6d372395fe 100644
--- a/src/resolve/resolved-dns-query.c
+++ b/src/resolve/resolved-dns-query.c
@@ -381,6 +381,8 @@ DnsQuery *dns_query_free(DnsQuery *q) {
         if (!q)
                 return NULL;
 
+        q->timeout_event_source = sd_event_source_disable_unref(q->timeout_event_source);
+
         while (q->auxiliary_queries)
                 dns_query_free(q->auxiliary_queries);
 
-- 
2.33.0