Potential for NULL pointer de-reference (CWE-476) in file 'dnssec-signzone.c'
In reviewing calls to 'isc_mem_get()', in directory '/bin/dnssec' file 'dnssec-signzone.c' at line 532, there are 2 calls made to 'isc_mem_get()' that are not checked for a return value of NULL, which potentially could cause a NULL pointer dereference
BIND version used
Bug is in software
What is the current bug behavior?
If memory allocation fails, the end result could be a 'segmentation fault (core dumped)', the check added prevents this by a graceful exit...
What is the expected correct behavior?
All memory allocations should be checked to ensure the memory requested is actually returned.
Relevant configuration files
Relevant logs and/or screenshots
I am attaching the patch file to this bug report...
--- dnssec-signzone.c.orig 2019-09-05 19:12:14.902007900 -0700 +++ dnssec-signzone.c 2019-09-05 19:17:19.847175100 -0700 @@ -532,7 +532,11 @@ if (!nosigs) arraysize += dns_rdataset_count(&sigset); wassignedby = isc_mem_get(mctx, arraysize * sizeof(bool)); + if (wassignedby == NULL) + fatal("out of memory"); nowsignedby = isc_mem_get(mctx, arraysize * sizeof(bool)); + if (nowsignedby == NULL) + fatal("out of memory"); for (i = 0; i < arraysize; i++) wassignedby[i] = nowsignedby[i] = false;