NULL Pointer de-reference found in BIND 9.12.1-P2
Summary
In reviewing source code in BIND-9.12.1-P2, in directory 'bin/pkcs11', file 'pkcs11-keygen.c', while allocating space for parameter attributes, no check is made to see if calls to malloc() actually succeed (that is, return != NULL), which could lead to a de-reference and segmentation fault.
Steps to reproduce
N/A - Problem exists in source code
What is the current bug behavior?
Calls to malloc() are not tested for NULL before actually assigning values.
What is the expected correct behavior?
Code patch now checks for NULL after a call to malloc() is made.
Relevant configuration files
N/A
Relevant logs and/or screenshots
N/A
Possible fixes
Patch file is below and attached to this report:
--- pkcs11-keygen.c.orig 2018-07-08 14:59:26.888555710 -0700 +++ pkcs11-keygen.c 2018-07-08 15:02:44.140876562 -0700 @@ -657,8 +657,14 @@ }
/* Allocate space for parameter attributes */-
for (i = 0; i < param_attrcnt; i++)
-
for (i = 0; i < param_attrcnt; i++) { param_template[i].pValue = malloc(param_template[i].ulValueLen); -
if (param_template[i].pvalue == NULL) { -
fprintf(stderr, "Unable to allocate memory for param_template[]\"); -
error = 1; -
goto exit_params; -
} /* end if malloc sanity check */ -
} /* end for i < param_attrcnt */ rv = pkcs_C_GetAttributeValue(hSession, domainparams, dsa_param_template, DSA_PARAM_ATTRS);