on second thought, the irpd timer problem can't be in eventlib

Thu Oct 7 08:14:48 UTC 1999

that code path gets used in a lot of other places, and works just fine.
i've backed out the change to ev_timers.c (posted here earlier).

it turns out that the caller has to zero out the timer handle if it's
using the timer handle as an indication of whether the timer needs to be
cleared.  once the timer fires, it's dead and can't be cleared, and
clearing it a second time will lead to a double-free condition.

(bind9's event handling library literally cannot have problems like this.)

untested:

Index: ctl_clnt.c
===================================================================
RCS file: /proj/cvs/isc/bind/src/lib/isc/ctl_clnt.c,v
retrieving revision 8.10
diff -u -r8.10 ctl_clnt.c

--- ctl_clnt.c	1999/08/19 02:48:59	8.10
+++ ctl_clnt.c	1999/10/07 08:07:42
@@ -289,11 +289,12 @@
 	tran = HEAD(ctx->wtran);
 	UNLINK(ctx->wtran, tran, wlink);
 	/* Since there are some trans, make sure timer is successfully "on". */
-	if (ctx->tiID.opaque == NULL) {
+	if (ctx->tiID.opaque != NULL)
+		touch_timer(ctx);
+	else
 		start_timer(ctx);
-		if (ctx->state == destroyed)
-			return;
-	}
+	if (ctx->state == destroyed)
+		return;
 	/* Marshall a newline-terminated message and clock it out. */
 	*iovp++ = evConsIovec(tran->outbuf.text, tran->outbuf.used);
 	*iovp++ = evConsIovec("\r\n", 2);
@@ -419,6 +420,7 @@
 	struct ctl_cctx *ctx = tran->ctx;
 
 	ctx->wrID.opaque = NULL;
+	touch_timer(ctx);
 	ctl_bufput(&tran->outbuf);
 	start_write(ctx);
 	if (bytes < 0)
@@ -479,6 +481,7 @@
 		error(ctx);
 		return;
 	}
+	touch_timer(ctx);
 	ctx->inbuf.used += n;
 	(*ctx->logger)(ctl_debug, "%s: read %d, used %d", me,
 		       n, ctx->inbuf.used);
@@ -572,6 +575,7 @@
 	static const char me[] = "isc/ctl_clnt::timer";
 	struct ctl_cctx *ctx = uap;
 
+	ctx->tiID.opaque = NULL;
 	(*ctx->logger)(ctl_error, "%s: timeout after %u seconds while %s", me,
 		       ctx->timeout.tv_sec, state_names[ctx->state]);
 	error(ctx);
Index: ctl_srvr.c
===================================================================
RCS file: /proj/cvs/isc/bind/src/lib/isc/ctl_srvr.c,v
retrieving revision 8.17
diff -u -r8.17 ctl_srvr.c
--- ctl_srvr.c	1999/09/04 22:04:41	8.17
+++ ctl_srvr.c	1999/10/07 08:09:52
@@ -597,6 +597,7 @@
 	char tmp[MAX_NTOP];
 
 	REQUIRE(sess->state == writing);
+	sess->wrtiID.opaque = NULL;
 	(*ctx->logger)(ctl_warning, "%s: %s: write timeout, closing",
 		       me, address_expr);
 	if (sess->wrID.opaque != NULL) {
@@ -619,6 +620,7 @@
 	char tmp[MAX_NTOP];
 
 	REQUIRE(sess->state == reading);
+	sess->rdtiID.opaque = NULL;
 	(*ctx->logger)(ctl_warning, "%s: %s: timeout, closing",
 		       me, address_expr);
 	if (sess->state == reading || sess->state == reading_data)
