kdig crashes with SIGABRT when querying DNS over TLS if TLS handshake times out

When using kdig to query DNS over TLS, if the TLS handshake times out, kdig crashes with a SIGABRT:

Simulate an unresponsive DNS-over-TLS server:
$ nc -nlv 127.0.0.1 8853 >/dev/null
Listening on 127.0.0.1 8853

Query the server:
$ kdig +tls @127.0.0.1 -p 8853 A example.com
;; WARNING: TLS, peer took too long to respond
double free or corruption (!prev)
Aborted

The crash is due to a double-free caused by calling gnutls_deinit() twice in src/utils/common/tls.c, once in tls_ctx_connect() then later in tls_ctx_deinit().

tls_ctx_deinit() does try to check whether gnutls_deinit() has already been called by testing whether ctx->session == NULL, but that doesn't work because a deinitialised session needn't be NULL.

I suggest setting ctx->session = NULL immediately after every call of gnutls_deinit(ctx->session) in tls.c.

(This issue is very similar to issue #763 (closed).)

Admin message

Admin message

kdig crashes with SIGABRT when querying DNS over TLS if TLS handshake times out