double connection_free() in dns_resolve()

If dns_resolve()'s call to dns_resolve_impl() returns -1, it ends up running

      dns_cancel_pending_resolve(exitconn->_base.address);

      if (!exitconn->_base.marked_for_close) {
        connection_free(TO_CONN(exitconn));

But dns_cancel_pending_resolve() runs

  while (resolve->pending_connections) {
...
    if (!pendconn->_base.marked_for_close)
      connection_free(TO_CONN(pendconn));

So we would end up calling connection_free() on it twice. But we don't in practice, since the first connection_free() scribbles 0xCC on it, which sets marked_for_close to true, so we don't free it the second time! Cue Nick's circus music.

Our friendly irc person says "fix not so easy btw, connection_free() still need to call if no it was attached to pending resolve list."