Commit 3f755529 authored by Evan Hunt's avatar Evan Hunt
Browse files

address memory leak with bad tsig secret

3359.	[bug]		An improperly-formed TSIG secret could cause a
                        memory leak. [RT #30607]
parent 6bbefe53
3359. [bug] An improperly-formed TSIG secret could cause a
memory leak. [RT #30607]
3358. [placeholder]
3357. [port] Add support for libxml2-2.8.x [RT #30440]
......
/*
* Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
/* Bad secret */
key "badtsig" {
algorithm hmac-md5;
secret "jEdD+BPKg==";
};
......@@ -37,7 +37,13 @@ status=`expr $status + $ret`
echo "I: checking that named-checkconf handles a known bad config"
ret=0
$CHECKCONF bad.conf > /dev/null 2>&1 && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
if [ $? != 1 ]; then echo "I:failed"; ret=1; fi
status=`expr $status + $ret`
echo "I: checking that named-checkconf handles a known bad tsig secret"
ret=0
$CHECKCONF badtsig.conf > /dev/null 2>&1
if [ $? != 1 ]; then echo "I:failed"; ret=1; fi
status=`expr $status + $ret`
echo "I: checking named-checkconf dnssec warnings"
......
......@@ -2250,15 +2250,15 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
tresult = isc_symtab_create(mctx, 1000, freekey, mctx,
ISC_FALSE, &symtab);
if (tresult != ISC_R_SUCCESS)
return (ISC_R_NOMEMORY);
goto cleanup;
(void)cfg_map_get(config, "key", &keys);
tresult = check_keylist(keys, symtab, mctx, logctx);
if (tresult == ISC_R_EXISTS)
result = ISC_R_FAILURE;
else if (tresult != ISC_R_SUCCESS) {
isc_symtab_destroy(&symtab);
return (tresult);
result = tresult;
goto cleanup;
}
if (voptions != NULL) {
......@@ -2268,8 +2268,8 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
if (tresult == ISC_R_EXISTS)
result = ISC_R_FAILURE;
else if (tresult != ISC_R_SUCCESS) {
isc_symtab_destroy(&symtab);
return (tresult);
result = tresult;
goto cleanup;
}
}
......@@ -2390,7 +2390,11 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
if (tresult != ISC_R_SUCCESS)
result = tresult;
cfg_aclconfctx_detach(&actx);
cleanup:
if (symtab != NULL)
isc_symtab_destroy(&symtab);
if (actx != NULL)
cfg_aclconfctx_detach(&actx);
return (result);
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment