Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
BIND
Commits
b292230a
Commit
b292230a
authored
Apr 29, 2015
by
Mark Andrews
Browse files
4110. [bug] Address memory leaks / null pointer dereferences
on out of memory. [RT #39310]
parent
e668599e
Changes
12
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
b292230a
4110. [bug] Address memory leaks / null pointer dereferences
on out of memory. [RT #39310]
4109. [port] linux: support reading the local port range from
net.ipv4.ip_local_port_range. [RT # 39379]
...
...
bin/dig/dighost.c
View file @
b292230a
...
...
@@ -933,6 +933,8 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) {
if
(
lookold
->
ecs_addr
!=
NULL
)
{
size_t
len
=
sizeof
(
isc_sockaddr_t
);
looknew
->
ecs_addr
=
isc_mem_allocate
(
mctx
,
len
);
if
(
looknew
->
ecs_addr
==
NULL
)
fatal
(
"out of memory"
);
memmove
(
looknew
->
ecs_addr
,
lookold
->
ecs_addr
,
len
);
}
...
...
@@ -1086,6 +1088,8 @@ parse_netprefix(isc_sockaddr_t **sap, const char *value) {
}
sa
=
isc_mem_allocate
(
mctx
,
sizeof
(
*
sa
));
if
(
sa
==
NULL
)
fatal
(
"out of memory"
);
if
(
inet_pton
(
AF_INET6
,
value
,
&
in6
)
==
1
)
{
isc_sockaddr_fromin6
(
sa
,
&
in6
,
0
);
parsed
=
ISC_TRUE
;
...
...
bin/named/config.c
View file @
b292230a
...
...
@@ -465,10 +465,6 @@ ns_config_getiplist(const cfg_obj_t *config, const cfg_obj_t *list,
}
if
(
dscpsp
!=
NULL
)
{
dscps
=
isc_mem_get
(
mctx
,
count
*
sizeof
(
isc_dscp_t
));
if
(
dscps
==
NULL
)
return
(
ISC_R_NOMEMORY
);
dscpobj
=
cfg_tuple_get
(
list
,
"dscp"
);
if
(
dscpobj
!=
NULL
&&
cfg_obj_isuint32
(
dscpobj
))
{
if
(
cfg_obj_asuint32
(
dscpobj
)
>
63
)
{
...
...
@@ -479,11 +475,18 @@ ns_config_getiplist(const cfg_obj_t *config, const cfg_obj_t *list,
}
dscp
=
(
isc_dscp_t
)
cfg_obj_asuint32
(
dscpobj
);
}
dscps
=
isc_mem_get
(
mctx
,
count
*
sizeof
(
isc_dscp_t
));
if
(
dscps
==
NULL
)
return
(
ISC_R_NOMEMORY
);
}
addrs
=
isc_mem_get
(
mctx
,
count
*
sizeof
(
isc_sockaddr_t
));
if
(
addrs
==
NULL
)
if
(
addrs
==
NULL
)
{
if
(
dscps
!=
NULL
)
isc_mem_put
(
mctx
,
dscps
,
count
*
sizeof
(
isc_dscp_t
));
return
(
ISC_R_NOMEMORY
);
}
for
(
element
=
cfg_list_first
(
addrlist
);
element
!=
NULL
;
...
...
@@ -622,7 +625,8 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
cfg_obj_log
(
dscpobj
,
ns_g_lctx
,
ISC_LOG_ERROR
,
"dscp value '%u' is out of range"
,
cfg_obj_asuint32
(
dscpobj
));
return
(
ISC_R_RANGE
);
result
=
ISC_R_RANGE
;
goto
cleanup
;
}
dscp
=
(
isc_dscp_t
)
cfg_obj_asuint32
(
dscpobj
);
}
...
...
bin/tests/db_test.c
View file @
b292230a
...
...
@@ -266,8 +266,10 @@ load(const char *filename, const char *origintext, isc_boolean_t cache) {
dns_fixedname_init
(
&
forigin
);
origin
=
dns_fixedname_name
(
&
forigin
);
result
=
dns_name_fromtext
(
origin
,
&
source
,
dns_rootname
,
0
,
NULL
);
if
(
result
!=
ISC_R_SUCCESS
)
if
(
result
!=
ISC_R_SUCCESS
)
{
isc_mem_put
(
mctx
,
dbi
,
sizeof
(
*
dbi
));
return
(
result
);
}
result
=
dns_db_create
(
mctx
,
dbtype
,
origin
,
cache
?
dns_dbtype_cache
:
dns_dbtype_zone
,
...
...
bin/tests/sock_test.c
View file @
b292230a
...
...
@@ -61,7 +61,8 @@ my_send(isc_task_t *task, isc_event_t *event) {
isc_task_shutdown
(
task
);
}
isc_mem_put
(
mctx
,
dev
->
region
.
base
,
dev
->
region
.
length
);
if
(
dev
->
region
.
base
!=
NULL
)
isc_mem_put
(
mctx
,
dev
->
region
.
base
,
dev
->
region
.
length
);
isc_event_free
(
&
event
);
}
...
...
@@ -96,8 +97,8 @@ my_recv(isc_task_t *task, isc_event_t *event) {
if
(
dev
->
result
!=
ISC_R_SUCCESS
)
{
isc_socket_detach
(
&
sock
);
i
sc_mem_put
(
mctx
,
dev
->
region
.
base
,
dev
->
region
.
length
);
i
f
(
dev
->
region
.
base
!=
NULL
)
isc_mem_put
(
mctx
,
dev
->
region
.
base
,
dev
->
region
.
length
);
isc_event_free
(
&
event
);
isc_task_shutdown
(
task
);
...
...
@@ -112,8 +113,11 @@ my_recv(isc_task_t *task, isc_event_t *event) {
sprintf
(
buf
,
"
\r\n
Received: %.*s
\r\n\r\n
"
,
(
int
)
dev
->
n
,
(
char
*
)
region
.
base
);
region
.
base
=
isc_mem_get
(
mctx
,
strlen
(
buf
)
+
1
);
region
.
length
=
strlen
(
buf
)
+
1
;
strcpy
((
char
*
)
region
.
base
,
buf
);
/* strcpy is safe */
if
(
region
.
base
!=
NULL
)
{
region
.
length
=
strlen
(
buf
)
+
1
;
strcpy
((
char
*
)
region
.
base
,
buf
);
/* strcpy is safe */
}
else
region
.
length
=
0
;
isc_socket_send
(
sock
,
&
region
,
task
,
my_send
,
event
->
ev_arg
);
}
else
{
region
=
dev
->
region
;
...
...
@@ -143,6 +147,8 @@ my_http_get(isc_task_t *task, isc_event_t *event) {
if
(
dev
->
result
!=
ISC_R_SUCCESS
)
{
isc_socket_detach
(
&
sock
);
isc_task_shutdown
(
task
);
if
(
dev
->
region
.
base
!=
NULL
)
isc_mem_put
(
mctx
,
dev
->
region
.
base
,
dev
->
region
.
length
);
isc_event_free
(
&
event
);
return
;
}
...
...
@@ -179,8 +185,11 @@ my_connect(isc_task_t *task, isc_event_t *event) {
strcpy
(
buf
,
"GET / HTTP/1.1
\r\n
Host: www.flame.org
\r\n
"
"Connection: Close
\r\n\r\n
"
);
region
.
base
=
isc_mem_get
(
mctx
,
strlen
(
buf
)
+
1
);
region
.
length
=
strlen
(
buf
)
+
1
;
strcpy
((
char
*
)
region
.
base
,
buf
);
/* This strcpy is safe. */
if
(
region
.
base
!=
NULL
)
{
region
.
length
=
strlen
(
buf
)
+
1
;
strcpy
((
char
*
)
region
.
base
,
buf
);
/* This strcpy is safe. */
}
else
region
.
length
=
0
;
isc_socket_send
(
sock
,
&
region
,
task
,
my_http_get
,
event
->
ev_arg
);
...
...
bin/tools/mdig.c
View file @
b292230a
...
...
@@ -908,6 +908,8 @@ parse_netprefix(isc_sockaddr_t **sap, const char *value) {
}
sa
=
isc_mem_allocate
(
mctx
,
sizeof
(
*
sa
));
if
(
sa
==
NULL
)
fatal
(
"out of memory"
);
if
(
inet_pton
(
AF_INET6
,
value
,
&
in6
)
==
1
)
{
isc_sockaddr_fromin6
(
sa
,
&
in6
,
0
);
parsed
=
ISC_TRUE
;
...
...
lib/dns/include/dns/name.h
View file @
b292230a
...
...
@@ -1167,6 +1167,7 @@ dns_name_tostring(dns_name_t *source, char **target, isc_mem_t *mctx);
* Returns:
*
*\li ISC_R_SUCCESS
*\li ISC_R_NOMEMORY
*
*\li Any error that dns_name_totext() can return.
*/
...
...
lib/dns/name.c
View file @
b292230a
...
...
@@ -2428,6 +2428,8 @@ dns_name_tostring(dns_name_t *name, char **target, isc_mem_t *mctx) {
isc_buffer_usedregion
(
&
buf
,
&
reg
);
p
=
isc_mem_allocate
(
mctx
,
reg
.
length
+
1
);
if
(
p
==
NULL
)
return
(
ISC_R_NOMEMORY
);
memmove
(
p
,
(
char
*
)
reg
.
base
,
(
int
)
reg
.
length
);
p
[
reg
.
length
]
=
'\0'
;
...
...
lib/dns/tests/rbt_test.c
View file @
b292230a
...
...
@@ -166,6 +166,7 @@ test_context_setup(void) {
size_t
i
;
ctx
=
isc_mem_get
(
mctx
,
sizeof
(
*
ctx
));
ATF_REQUIRE
(
ctx
!=
NULL
);
ctx
->
rbt
=
NULL
;
result
=
dns_rbt_create
(
mctx
,
delete_data
,
NULL
,
&
ctx
->
rbt
);
...
...
@@ -1134,6 +1135,8 @@ insert_nodes(dns_rbt_t *mytree, char **names,
char
namebuf
[
34
];
n
=
isc_mem_get
(
mctx
,
sizeof
(
size_t
));
ATF_REQUIRE
(
n
!=
NULL
);
*
n
=
i
;
/* Unused value */
while
(
1
)
{
...
...
lib/isc/include/isc/mem.h
View file @
b292230a
...
...
@@ -49,7 +49,14 @@ typedef void (*isc_memfree_t)(void *, void *);
/*%
* Define ISC_MEM_CHECKOVERRUN=1 to turn on checks for using memory outside
* the requested space. This will increase the size of each allocation.
*
* If we are performing a Coverity static analysis then ISC_MEM_CHECKOVERRUN
* can hide bugs that would otherwise discovered so force to zero.
*/
#ifdef __COVERITY__
#undef ISC_MEM_CHECKOVERRUN
#define ISC_MEM_CHECKOVERRUN 0
#endif
#ifndef ISC_MEM_CHECKOVERRUN
#define ISC_MEM_CHECKOVERRUN 1
#endif
...
...
@@ -59,7 +66,14 @@ typedef void (*isc_memfree_t)(void *, void *);
* with the byte string '0xbe'. This helps track down uninitialized pointers
* and the like. On freeing memory, the space is filled with '0xde' for
* the same reasons.
*
* If we are performing a Coverity static analysis then ISC_MEM_FILL
* can hide bugs that would otherwise discovered so force to zero.
*/
#ifdef __COVERITY__
#undef ISC_MEM_FILL
#define ISC_MEM_FILL 0
#endif
#ifndef ISC_MEM_FILL
#define ISC_MEM_FILL 1
#endif
...
...
lib/isc/tests/random_test.c
View file @
b292230a
...
...
@@ -371,7 +371,7 @@ monobit(isc_mem_t *mctx, isc_uint16_t *values, size_t length) {
/* Debug message, not displayed when running via atf-run */
printf
(
"numbits=%u, scount=%d
\n
"
,
numbits
,
scount
);
s_obs
=
f
abs
(
scount
)
/
sqrt
(
numbits
);
s_obs
=
abs
(
scount
)
/
sqrt
(
numbits
);
p_value
=
erfc
(
s_obs
/
sqrt
(
2
.
0
));
return
(
p_value
);
...
...
@@ -484,6 +484,7 @@ blockfrequency(isc_mem_t *mctx, isc_uint16_t *values, size_t length) {
ATF_REQUIRE
(
numbits
>=
(
mbits
*
numblocks
));
pi
=
isc_mem_get
(
mctx
,
numblocks
*
sizeof
(
double
));
ATF_REQUIRE
(
pi
!=
NULL
);
cur_word
=
0
;
for
(
i
=
0
;
i
<
numblocks
;
i
++
)
{
...
...
lib/isccfg/parser.c
View file @
b292230a
...
...
@@ -1476,10 +1476,11 @@ parse_any_named_map(cfg_parser_t *pctx, cfg_type_t *nametype, const cfg_type_t *
CHECK
(
cfg_parse_obj
(
pctx
,
nametype
,
&
idobj
));
CHECK
(
cfg_parse_map
(
pctx
,
type
,
&
mapobj
));
mapobj
->
value
.
map
.
id
=
idobj
;
idobj
=
NULL
;
*
ret
=
mapobj
;
return
(
result
);
cleanup:
CLEANUP_OBJ
(
idobj
);
CLEANUP_OBJ
(
mapobj
);
return
(
result
);
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
