ntpd: DNS lookup broken in obscure cases
It's in ensure_workresp_empty_slot in libntp/work_thread.c Appending to an array used as a fifo to make more room doesn't work if the finger is pointing into the middle of the array.
There is similar code when passing names to the worker thread. I think that one doesn't get triggered because the finger isn't pointing into the middle when it fills up.
I think the right solution is to replace the array with a linked list. It needs a lock and such.
A hack good-enough solution would be to make the array bigger.
Chris has been thinking about a major cleanup/simplification of that whole area. That seems right to me. (If he doesn't do it, I will.)
The trigger case is a DNS name that does a lookup using packets followed by 5 names that use the local /etc/hosts. It didn't fail every time, but wasn't hard to tickle.