Race condition in Onlinesign during key rollover
In onlinesign module, during key rollover, the code goes to the point where keyset shall be reloaded:
free_zone_keys(mod->keyset); free(mod->keyset); ret = knotd_mod_dnssec_load_keyset(mod, true);
If at the same time, another thread is answering from the same zone and it gets to signing phase, it attempts read from freed memory.
The solution is:
- load keyset to temporary pointer and exchange the pointers atomically
- RCU on the allocated keysets