Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • BIND BIND
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 574
    • Issues 574
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 115
    • Merge requests 115
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • ISC Open Source ProjectsISC Open Source Projects
  • BINDBIND
  • Issues
  • #401
Closed
Open
Issue created Jul 10, 2018 by Ghost User@ghost

NULL Pointer de-reference found in BIND 9.12.1-P2

Summary

In reviewing source code in BIND-9.12.1-P2, in directory 'bin/pkcs11', file 'pkcs11-keygen.c', while allocating space for parameter attributes, no check is made to see if calls to malloc() actually succeed (that is, return != NULL), which could lead to a de-reference and segmentation fault.

Steps to reproduce

N/A - Problem exists in source code

What is the current bug behavior?

Calls to malloc() are not tested for NULL before actually assigning values.

What is the expected correct behavior?

Code patch now checks for NULL after a call to malloc() is made.

Relevant configuration files

N/A

Relevant logs and/or screenshots

N/A

Possible fixes

Patch file is below and attached to this report:

--- pkcs11-keygen.c.orig 2018-07-08 14:59:26.888555710 -0700 +++ pkcs11-keygen.c 2018-07-08 15:02:44.140876562 -0700 @@ -657,8 +657,14 @@ }

    /* Allocate space for parameter attributes */
  •   for (i = 0; i < param_attrcnt; i++)
  •   for (i = 0; i < param_attrcnt; i++) {
              param_template[i].pValue = malloc(param_template[i].ulValueLen);
  •           if (param_template[i].pvalue == NULL) {
  •                   fprintf(stderr, "Unable to allocate memory for param_template[]\");
  •                   error = 1;
  •                   goto exit_params;
  •           } /* end if malloc sanity check */
  •   } /* end for i < param_attrcnt */
    
      rv = pkcs_C_GetAttributeValue(hSession, domainparams,
                               dsa_param_template, DSA_PARAM_ATTRS);

pkcs11-keygen.c.patch

Assignee
Assign to
Time tracking