Potential for NULL pointer de-reference (CWE-476) in file 'dnssec-signzone.c'
Summary
In reviewing calls to 'isc_mem_get()', in directory '/bin/dnssec' file 'dnssec-signzone.c' at line 532, there are 2 calls made to 'isc_mem_get()' that are not checked for a return value of NULL, which potentially could cause a NULL pointer dereference
BIND version used
9.14.5
dnssec-signzone.c.patch
Steps to reproduceBug is in software
What is the current bug behavior?
If memory allocation fails, the end result could be a 'segmentation fault (core dumped)', the check added prevents this by a graceful exit...
What is the expected correct behavior?
All memory allocations should be checked to ensure the memory requested is actually returned.
Relevant configuration files
N/A
Relevant logs and/or screenshots
N/A
Possible fixes
I am attaching the patch file to this bug report...
--- dnssec-signzone.c.orig 2019-09-05 19:12:14.902007900 -0700
+++ dnssec-signzone.c 2019-09-05 19:17:19.847175100 -0700
@@ -532,7 +532,11 @@
if (!nosigs)
arraysize += dns_rdataset_count(&sigset);
wassignedby = isc_mem_get(mctx, arraysize * sizeof(bool));
+ if (wassignedby == NULL)
+ fatal("out of memory");
nowsignedby = isc_mem_get(mctx, arraysize * sizeof(bool));
+ if (nowsignedby == NULL)
+ fatal("out of memory");
for (i = 0; i < arraysize; i++)
wassignedby[i] = nowsignedby[i] = false;