Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • BIND BIND
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 565
    • Issues 565
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 93
    • Merge requests 93
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • ISC Open Source ProjectsISC Open Source Projects
  • BINDBIND
  • Issues
  • #1208
Closed
Open
Issue created Sep 04, 2019 by Ghost User@ghost

Potential for NULL pointer de-reference (CWE-476) in file 'client.c'

Summary

In BIND 9.14.5, in directory 'lib/ns', file 'client.c' in function 'tcpconn_ini' at approximately line 358, a call to function 'isc_mem_allocate()' is made without checking for a return value of NULL, which could lead to a NULL pointer dereference. The patch file in the body of this report and attached to it corrects this issue.

BIND version used

9.14.5

Steps to reproduce

Bug is in software source code

What is the current bug behavior?

If bug occurs, BIND could abort with a 'segmentation fault (core dumped)'

What is the expected correct behavior?

All memory allocations should be checked to see if memory requested is actually provided (the attached patch file does this)...

Relevant configuration files

N/A

Relevant logs and/or screenshots

N/A

Possible fixes

The following code provides the check needed, and returns ISC_R_NOMEMORY in the event the call to isc_mem_allocate() fails...

--- client.c.orig       2019-09-03 19:15:56.535972000 -0700
+++ client.c    2019-09-03 19:17:21.886573100 -0700
@@ -356,6 +356,8 @@
         * is only executed for TCP connections.
         */
        tconn = isc_mem_allocate(client->sctx->mctx, sizeof(*tconn));
+       if (tconn == NULL) /* memory was not allocated, go home */
+               return (ISC_R_NOMEMORY);
 
        isc_refcount_init(&tconn->refs, 1);
        tconn->tcpquota = quota;

client.c.patch

Edited Sep 04, 2019 by Mark Andrews
Assignee
Assign to
Time tracking