packages/bind
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
bind/backport-Fix-memory-leak-in-dns_message_checksig-SIG-0-sigs.patch
chengyechun 976d86a951 fix CVE and sync some patches from upstream 
(cherry picked from commit 024c1c3a13843410cfc171309152f326fed846cf)
2024-03-15 17:30:31 +08:00

30 lines
1.1 KiB
Diff
Raw Blame History

From 3e77d6bf87f4a8c8793c9dd2a506432a24a4366c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= <pspacek@isc.org>
Date: Mon, 19 Sep 2022 09:07:51 +0200
Subject: [PATCH] Fix memory leak in dns_message_checksig() - SIG(0) sigs
Impact should be visible only in tests or tools because named never
uses view == NULL, which is a necessary condition to trigger this leak.
Conflict: NA
Reference: https://gitlab.isc.org/isc-projects/bind9/-/commit/3e77d6bf87f4a8c8793c9dd2a506432a24a4366c
(cherry picked from commit 69256b3553d3b8b73b6fa4de9b030b39f1b96d34)
---
lib/dns/message.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/dns/message.c b/lib/dns/message.c
index 0b5d9355e5..7b3d72abd9 100644
--- a/lib/dns/message.c
+++ b/lib/dns/message.c
@@ -3227,7 +3227,8 @@ dns_message_checksig(dns_message_t *msg, dns_view_t *view) {
dns_rdataset_init(&keyset);
if (view == NULL) {
- return (DNS_R_KEYUNAUTHORIZED);
+ result = DNS_R_KEYUNAUTHORIZED;
+ goto freesig;
}
result = dns_view_simplefind(view, &sig.signer,
dns_rdatatype_key /* SIG(0) */, 0,
--
2.23.0
Reference in New Issue View Git Blame Copy Permalink