globalsystemfailure: Do not tangle our lists

If a globalsystemfailure happens, we must remove each query from its
corresponding list, since adns__query_fail will try to remove it and
then put it on some other list.

Previously, any globalsystemfailure was likely to lead to an assertion
failure.  This doesn't seem to me to be a security problem.

Found by AFL.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

diff --git a/src/event.c b/src/event.c
index b36288ddfab610e305a4205d659f963bdaabb4d4..8cfaef5353b54af288e674a7d2d0c816e6dfbc0b 100644 (file)
--- a/src/event.c
+++ b/src/event.c
@@ -625,8 +625,19 @@ xit:
 void adns_globalsystemfailure(adns_state ads) {
   adns__consistency(ads,0,cc_entex);
 
-  while (ads->udpw.head) adns__query_fail(ads->udpw.head, adns_s_systemfail);
-  while (ads->tcpw.head) adns__query_fail(ads->tcpw.head, adns_s_systemfail);
+  for (;;) {
+    adns_query qu;
+#define GSF_QQ(QQ)                             \
+    if ((qu= ads->QQ.head)) {                  \
+      LIST_UNLINK(ads->QQ,qu);                 \
+      adns__query_fail(qu, adns_s_systemfail); \
+      continue;                                        \
+    }
+    GSF_QQ(udpw);
+    GSF_QQ(tcpw);
+#undef GSF_QQ
+    break;
+  }
   
   switch (ads->tcpstate) {
   case server_connecting: