From 69256b3553d3b8b73b6fa4de9b030b39f1b96d34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Mon, 19 Sep 2022 09:07:51 +0200 Subject: [PATCH 1/2] Fix memory leak in dns_message_checksig() - SIG(0) sigs Impact should be visible only in tests or tools because named never uses view == NULL, which is a necessary condition to trigger this leak. --- lib/dns/message.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/dns/message.c b/lib/dns/message.c index 830d452a10..0995821fb6 100644 --- a/lib/dns/message.c +++ b/lib/dns/message.c @@ -3174,7 +3174,8 @@ dns_message_checksig(dns_message_t *msg, dns_view_t *view) { dns_rdataset_init(&keyset); if (view == NULL) { - return (DNS_R_KEYUNAUTHORIZED); + result = DNS_R_KEYUNAUTHORIZED; + goto freesig; } result = dns_view_simplefind(view, &sig.signer, dns_rdatatype_key /* SIG(0) */, 0, From d6ad56bd9e98382f8bd41a25756efdbbc3e39bd9 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Wed, 21 Sep 2022 11:54:48 +1000 Subject: [PATCH 2/2] Stop passing mctx to dns_rdata_tostruct as it is unnecessary for SIG dns_rdata_tostruct doesn't need a mctx passed to it for SIG (the signer is already expanded at this point). About the only time when mctx is needed is when the structure is to be used after the rdata has been destroyed. --- lib/dns/message.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/dns/message.c b/lib/dns/message.c index 0995821fb6..b67d6d299c 100644 --- a/lib/dns/message.c +++ b/lib/dns/message.c @@ -3167,7 +3167,7 @@ dns_message_checksig(dns_message_t *msg, dns_view_t *view) { return (ISC_R_UNEXPECTEDEND); } - result = dns_rdata_tostruct(&rdata, &sig, msg->mctx); + result = dns_rdata_tostruct(&rdata, &sig, NULL); if (result != ISC_R_SUCCESS) { return (result); }