Skip to content

GitLab

  • Menu
Projects Groups Snippets
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • BIND BIND
  • Project information
    • Project information
    • Activity
    • Labels
    • Planning hierarchy
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 525
    • Issues 525
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 101
    • Merge requests 101
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • ISC Open Source Projects
  • BINDBIND
  • Issues
  • #413

Closed
Open
Created Jul 13, 2018 by Bill Parker@dogbert2

Potential for NULL pointer de-references (CWE-476) in file 'rbt-tests.c' in BIND-9.12.1-P2

Summary

In reviewing source code in BIND-9.12.1-P2, in directory 'lib/dns/tests', file 'rbt_tests.c', calls to isc_mem_get() are not checked for a return value of NULL, indicating failure which could lead to a de-reference and segmentation fault.

Steps to reproduce

N/A

What is the current bug behavior?

Calls to isc_mem_get() are not checked for a return value of NULL

What is the expected correct behavior?

Check all calls to isc_mem_get() for a return value of NULL

Relevant configuration files

N/A

Relevant logs and/or screenshots

N/A

Possible fixes

Fixes are below and attached as a patch file to this issue report:

--- rbt_test.c.orig 2018-07-13 03:52:52.202531585 -0700 +++ rbt_test.c 2018-07-13 03:55:53.938567060 -0700 @@ -182,11 +182,13 @@ name = dns_fixedname_name(&fname);

            n = isc_mem_get(mctx, sizeof(size_t));
  •           ATF_REQUIRE(n != NULL);
              *n = i + 1;
              result = dns_rbt_addname(ctx->rbt, name, n);
              ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
    
              n = isc_mem_get(mctx, sizeof(size_t));
  •           ATF_REQUIRE(n != NULL);
              *n = node_distances[i];
              result = dns_rbt_addname(ctx->rbt_distances, name, n);
              ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);

@@ -379,6 +381,7 @@ char namebuf[34];

            n = isc_mem_get(mctx, sizeof(size_t));
  •           AFT_REQUIRE(n != NULL);
              *n = i + 1;
    
              while (1) {

@@ -465,6 +468,7 @@ dns_name_t *name;

            n = isc_mem_get(mctx, sizeof(size_t));
  •           AFT_REQUIRE(n != NULL);
              *n = i + 1;
    
              snprintf(namebuf, sizeof(namebuf), "name%08x.", i);

@@ -751,6 +755,7 @@ ATF_REQUIRE_EQ(node->data, NULL);

                    n = isc_mem_get(mctx, sizeof(size_t));
  •                   ATF_REQUIRE(n != NULL);
                      *n = i;
    
                      node->data = n;[rbt_test.c.patch](/uploads/c938d79d54cf63220630c33756f6f05f/rbt_test.c.patch)
Assignee
Assign to
Time tracking