Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • BIND BIND
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 565
    • Issues 565
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 93
    • Merge requests 93
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • ISC Open Source ProjectsISC Open Source Projects
  • BINDBIND
  • Issues
  • #1215
Closed
Open
Issue created Sep 05, 2019 by Ghost User@ghost

Potential for NULL pointer dereference (CWE-476) in BIND 9.14.5, file 'controlconf.c'

Summary

In reviewing calls to 'isc_mem_strdup()', in directory '/bin/named' file 'controlconf.c' at line 874, there is a call made to 'isc_mem_strdup()' that is not checked for a return value of NULL, which potentially could cause a NULL pointer dereference

BIND version used

9.14.5

Steps to reproduce

Bug is in software

What is the current bug behavior?

If memory allocation fails, the end result could be a 'segmentation fault (core dumped)', the check added prevents this by a graceful exit...

What is the expected correct behavior?

All memory allocations should be checked to ensure the memory requested is actually returned.

Relevant configuration files

N/A

Relevant logs and/or screenshots

N/A

Possible fixes

I am attaching the patch file to this bug report... controlconf.c.patch

--- controlconf.c.orig  2019-09-04 19:22:17.948484000 -0700
+++ controlconf.c       2019-09-04 19:23:54.870529800 -0700
@@ -874,6 +874,8 @@
                CHECK(ISC_R_NOMEMORY);
        keyid->keyname = isc_mem_strdup(mctx,
                                        cfg_obj_asstring(cfg_map_getname(key)));
+       if (keyid->keyname == NULL) /* do we need to free memory allocated previously to keyid? */
+           CHECK(ISC_R_NOMEMORY);
        keyid->secret.base = NULL;
        keyid->secret.length = 0;
        keyid->algorithm = DST_ALG_UNKNOWN;
Assignee
Assign to
Time tracking