Potential for NULL pointer dereference (CWE-476) in BIND 9.14.5, file 'controlconf.c'
Summary
In reviewing calls to 'isc_mem_strdup()', in directory '/bin/named' file 'controlconf.c' at line 874, there is a call made to 'isc_mem_strdup()' that is not checked for a return value of NULL, which potentially could cause a NULL pointer dereference
BIND version used
9.14.5
Steps to reproduce
Bug is in software
What is the current bug behavior?
If memory allocation fails, the end result could be a 'segmentation fault (core dumped)', the check added prevents this by a graceful exit...
What is the expected correct behavior?
All memory allocations should be checked to ensure the memory requested is actually returned.
Relevant configuration files
N/A
Relevant logs and/or screenshots
N/A
Possible fixes
I am attaching the patch file to this bug report... controlconf.c.patch
--- controlconf.c.orig 2019-09-04 19:22:17.948484000 -0700
+++ controlconf.c 2019-09-04 19:23:54.870529800 -0700
@@ -874,6 +874,8 @@
CHECK(ISC_R_NOMEMORY);
keyid->keyname = isc_mem_strdup(mctx,
cfg_obj_asstring(cfg_map_getname(key)));
+ if (keyid->keyname == NULL) /* do we need to free memory allocated previously to keyid? */
+ CHECK(ISC_R_NOMEMORY);
keyid->secret.base = NULL;
keyid->secret.length = 0;
keyid->algorithm = DST_ALG_UNKNOWN;