Potential for NULL pointer de-reference (CWE-476) in file 'client.c'
Summary
In BIND 9.14.5, in directory 'lib/ns', file 'client.c' in function 'tcpconn_ini' at approximately line 358, a call to function 'isc_mem_allocate()' is made without checking for a return value of NULL, which could lead to a NULL pointer dereference. The patch file in the body of this report and attached to it corrects this issue.
BIND version used
9.14.5
Steps to reproduce
Bug is in software source code
What is the current bug behavior?
If bug occurs, BIND could abort with a 'segmentation fault (core dumped)'
What is the expected correct behavior?
All memory allocations should be checked to see if memory requested is actually provided (the attached patch file does this)...
Relevant configuration files
N/A
Relevant logs and/or screenshots
N/A
Possible fixes
The following code provides the check needed, and returns ISC_R_NOMEMORY in the event the call to isc_mem_allocate() fails...
--- client.c.orig 2019-09-03 19:15:56.535972000 -0700
+++ client.c 2019-09-03 19:17:21.886573100 -0700
@@ -356,6 +356,8 @@
* is only executed for TCP connections.
*/
tconn = isc_mem_allocate(client->sctx->mctx, sizeof(*tconn));
+ if (tconn == NULL) /* memory was not allocated, go home */
+ return (ISC_R_NOMEMORY);
isc_refcount_init(&tconn->refs, 1);
tconn->tcpquota = quota;