From 08b67dba98b5dbc0184c38b3c1963dd2f00d2bd9 Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Thu, 22 Aug 2024 09:26:59 +0200
Subject: [PATCH] ntp: fix finalization for async resolver

If an attempt to resolve addresses of an NTP server is made right before
starting the termination sequence, the asynchronous resolver thread
could read the server name when it was already freed.

Leave unresolved sources allocated in NSR_Finalise() if the async
resolver did not finish yet, at least for now. Waiting for the resolving
result or cancelling the thread would complicate the code. The scheduler
is not expected to be running at this point.
---
 ntp_sources.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/ntp_sources.c b/ntp_sources.c
index 29c99ac..d2cd113 100644
--- a/ntp_sources.c
+++ b/ntp_sources.c
@@ -219,8 +219,14 @@ NSR_Finalise(void)
   ARR_DestroyInstance(pools);
 
   SCH_RemoveTimeout(resolving_id);
-  while (unresolved_sources)
-    remove_unresolved_source(unresolved_sources);
+
+  /* Leave the unresolved sources allocated if the async resolver is running
+     to avoid reading the name from freed memory.  The handler will not be
+     called as the scheduler should no longer be running at this point. */
+  if (!resolving_source) {
+    while (unresolved_sources)
+      remove_unresolved_source(unresolved_sources);
+  }
 
   initialised = 0;
 }