Potential for NULL pointer de-reference (CWE-476) in file 'client.c'

Summary

In BIND 9.14.5, in directory 'lib/ns', file 'client.c' in function 'tcpconn_ini' at approximately line 358, a call to function 'isc_mem_allocate()' is made without checking for a return value of NULL, which could lead to a NULL pointer dereference. The patch file in the body of this report and attached to it corrects this issue.

BIND version used

9.14.5

Steps to reproduce

Bug is in software source code

What is the current bug behavior?

If bug occurs, BIND could abort with a 'segmentation fault (core dumped)'

What is the expected correct behavior?

All memory allocations should be checked to see if memory requested is actually provided (the attached patch file does this)...

Relevant configuration files

N/A

Relevant logs and/or screenshots

N/A

Possible fixes

The following code provides the check needed, and returns ISC_R_NOMEMORY in the event the call to isc_mem_allocate() fails...

--- client.c.orig       2019-09-03 19:15:56.535972000 -0700
+++ client.c    2019-09-03 19:17:21.886573100 -0700
@@ -356,6 +356,8 @@
         * is only executed for TCP connections.
         */
        tconn = isc_mem_allocate(client->sctx->mctx, sizeof(*tconn));
+       if (tconn == NULL) /* memory was not allocated, go home */
+               return (ISC_R_NOMEMORY);
 
        isc_refcount_init(&tconn->refs, 1);
        tconn->tcpquota = quota;

client.c.patch