More TSIG/TKEY minor fixes (including a few more plugged memory leaks)

2025-08-30 22:15:20 +00:00 · 2000-01-22 04:45:17 +00:00
parent 29fe07c7a4
commit b6666e61dc
5 changed files with 34 additions and 31 deletions
--- a/lib/dns/include/dns/message.h
+++ b/lib/dns/include/dns/message.h
@@ -190,7 +190,6 @@ struct dns_message {
 	ISC_LIST(dns_rdata_t)		freerdata;
 	ISC_LIST(dns_rdatalist_t)	freerdatalist;

-	dns_tsig_keyring_t	       *ring;
 	dns_rcode_t			tsigstatus;
 	dns_rcode_t			querytsigstatus;
 	dns_rdata_any_tsig_t	       *tsig;
--- a/lib/dns/include/dns/tsig.h
+++ b/lib/dns/include/dns/tsig.h
@@ -53,6 +53,7 @@ struct dns_tsigkey {
 	dns_name_t		algorithm;	/* Algorithm name */
 	dns_name_t		*creator;	/* name that created secret */
 	isc_boolean_t		generated;	/* was this generated? */
+	dns_tsig_keyring_t	*ring;		/* the enclosing keyring */
 	isc_mutex_t		lock;
 	/* Locked */
 	isc_boolean_t		deleted;	/* has this been deleted? */
@@ -92,7 +93,7 @@ dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm,
 */

 void
-dns_tsigkey_free(dns_tsigkey_t **key, dns_tsig_keyring_t *ring);
+dns_tsigkey_free(dns_tsigkey_t **key);
 /*
 *	Frees the tsig key structure pointed to by 'key'.
 *
--- a/lib/dns/message.c
+++ b/lib/dns/message.c
@@ -288,7 +288,6 @@ msginitprivate(dns_message_t *m)
 static inline void
 msginittsig(dns_message_t *m)
 {
-	m->ring = NULL;
 	m->tsigstatus = m->querytsigstatus = dns_rcode_noerror;
 	m->tsig = m->querytsig = NULL;
 	m->tsigkey = NULL;
@@ -457,7 +456,7 @@ msgreset(dns_message_t *msg, isc_boolean_t everything)
        }

 	if (msg->tsigkey != NULL) {
-		dns_tsigkey_free(&msg->tsigkey, msg->ring);
+		dns_tsigkey_free(&msg->tsigkey);
 		msg->tsigkey = NULL;
 	}

--- a/lib/dns/tkey.c
+++ b/lib/dns/tkey.c
@@ -16,7 +16,7 @@
 */

 /*
- * $Id: tkey.c,v 1.17 2000/01/21 22:51:48 bwelling Exp $
+ * $Id: tkey.c,v 1.18 2000/01/22 04:45:13 bwelling Exp $
 * Principal Author: Brian Wellington
 */

@@ -403,7 +403,7 @@ process_dhtkey(dns_message_t *msg, dns_name_t *name,
 	tsigkey = NULL;
 	result = dns_tsigkey_create(name, &tkeyin->algorithm, r.base, r.length,
 				    ISC_TRUE, creator, msg->mctx, ring,
-				    &tsigkey);
+				    NULL);
 	isc_buffer_free(&shared);
 	shared = NULL;
 	if (result == ISC_R_NOTFOUND) {
@@ -494,7 +494,7 @@ process_deletetkey(dns_message_t *msg, dns_name_t *name,
 	 */
 	dns_tsigkey_setdeleted(tsigkey);
 	/* Release the reference */
-	dns_tsigkey_free(&tsigkey, ring);
+	dns_tsigkey_free(&tsigkey);

 	return (ISC_R_SUCCESS);
 }
@@ -505,7 +505,7 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkey_ctx_t *tctx,
 {
 	isc_result_t result = ISC_R_SUCCESS;
 	dns_rdata_generic_tkey_t tkeyin, tkeyout;
-	dns_name_t *qname, *name, *keyname;
+	dns_name_t *qname, *name, *keyname, tempkeyname;
 	dns_rdataset_t *tkeyset;
 	dns_rdata_t tkeyrdata, *rdata = NULL;
 	isc_buffer_t *dynbuf = NULL;
@@ -578,9 +578,8 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkey_ctx_t *tctx,
 		unsigned char tdata[64];
 		dns_tsigkey_t *tsigkey = NULL;

-		keyname = NULL;
-		result = dns_message_gettempname(msg, &keyname);
-		dns_name_init(keyname, NULL);
+		dns_name_init(&tempkeyname, NULL);
+		keyname = &tempkeyname;
 		dns_name_init(&prefix, NULL);
 		RETERR(isc_buffer_allocate(msg->mctx, &buf, 256,
 					   ISC_BUFFERTYPE_BINARY));
@@ -631,7 +630,7 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkey_ctx_t *tctx,
 		result = dns_tsigkey_find(&tsigkey, keyname, NULL, ring);
 		if (result == ISC_R_SUCCESS) {
 			tkeyout.error = dns_tsigerror_badname;
-			dns_tsigkey_free(&tsigkey, ring);
+			dns_tsigkey_free(&tsigkey);
 			goto failure_with_tkey;
 		}
 		else if (result != ISC_R_NOTFOUND)
@@ -1035,12 +1034,12 @@ dns_tkey_processdeleteresponse(dns_message_t *qmsg, dns_message_t *rmsg,
 		goto failure;
 	}

-	RETERR(dns_tsigkey_find(&tsigkey, tkeyname, &rtkey.algorithm,ring));
+	RETERR(dns_tsigkey_find(&tsigkey, tkeyname, &rtkey.algorithm, ring));

 	/* Mark the key as deleted */
 	dns_tsigkey_setdeleted(tsigkey);
 	/* Release the reference */
-	dns_tsigkey_free(&tsigkey, ring);
+	dns_tsigkey_free(&tsigkey);

 failure:
 	return (result);
--- a/lib/dns/tsig.c
+++ b/lib/dns/tsig.c
@@ -16,7 +16,7 @@
 */

 /*
- * $Id: tsig.c,v 1.39 2000/01/21 22:51:47 bwelling Exp $
+ * $Id: tsig.c,v 1.40 2000/01/22 04:45:14 bwelling Exp $
 * Principal Author: Brian Wellington
 */

@@ -93,8 +93,6 @@ dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm,
 	tkey = (dns_tsigkey_t *) isc_mem_get(mctx, sizeof(dns_tsigkey_t));
 	if (tkey == NULL)
 		return (ISC_R_NOMEMORY);
-	if (key != NULL)
-		*key = tkey;

 	dns_name_init(&tkey->name, NULL);
 	ret = dns_name_dup(name, mctx, &tkey->name);
@@ -149,7 +147,9 @@ dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm,
 		isc_rwlock_lock(&ring->lock, isc_rwlocktype_write);
 		tmp = ISC_LIST_HEAD(ring->keys);
 		while (tmp != NULL) {
-			if (dns_name_equal(&tkey->name, &tmp->name)) {
+			if (dns_name_equal(&tkey->name, &tmp->name) &&
+			    !tmp->deleted)
+			{
 				ret = ISC_R_EXISTS;
 				isc_rwlock_unlock(&ring->lock,
 						  isc_rwlocktype_write);
@@ -159,9 +159,12 @@ dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm,
 		}
 		ISC_LIST_APPEND(ring->keys, tkey, link);
 		isc_rwlock_unlock(&ring->lock, isc_rwlocktype_write);
+		tkey->ring = ring;
 	}
-	else
+	else {
 		tkey->key = NULL;
+		tkey->ring = NULL;
+	}

 	tkey->refs = 0;
 	if (key != NULL)
@@ -178,6 +181,10 @@ dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm,
 	}
 	
 	tkey->magic = TSIG_MAGIC;
+
+	if (key != NULL)
+		*key = tkey;
+
 	return (ISC_R_SUCCESS);

 cleanup_algorithm:
@@ -191,13 +198,15 @@ cleanup_key:
 }

 static void
-tsigkey_free(dns_tsigkey_t **key, dns_tsig_keyring_t *ring) {
+tsigkey_free(dns_tsigkey_t **key) {
 	dns_tsigkey_t *tkey;
+	dns_tsig_keyring_t *ring;

 	REQUIRE(key != NULL);
 	REQUIRE(VALID_TSIG_KEY(*key));
 	tkey = *key;
 	*key = NULL;
+	ring = tkey->ring;

 	tkey->magic = 0;
 	if (tkey->key != NULL) {
@@ -217,22 +226,22 @@ tsigkey_free(dns_tsigkey_t **key, dns_tsig_keyring_t *ring) {
 }

 void
-dns_tsigkey_free(dns_tsigkey_t **key, dns_tsig_keyring_t *ring) {
+dns_tsigkey_free(dns_tsigkey_t **key) {
 	dns_tsigkey_t *tkey;

 	REQUIRE(key != NULL);
 	REQUIRE(VALID_TSIG_KEY(*key));
 	tkey = *key;
-	*key = NULL;

 	isc_mutex_lock(&tkey->lock);
 	tkey->refs--;
-	if (tkey->refs > 0 || !tkey->deleted) {
+	if (tkey->refs > 0 || (!tkey->deleted && tkey->key != NULL)) {
 		isc_mutex_unlock(&tkey->lock);
+		*key = NULL;
 		return;
 	}
 	isc_mutex_unlock(&tkey->lock);
-	tsigkey_free(key, ring);
+	tsigkey_free(key);
 }

 void
@@ -768,7 +777,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,

 cleanup_key:
 	if (dns_tsigkey_empty(msg->tsigkey)) {
-		dns_tsigkey_free(&msg->tsigkey, dring);
+		dns_tsigkey_free(&msg->tsigkey);
 		msg->tsigkey = NULL;
 	}
 cleanup_struct:
@@ -1113,16 +1122,12 @@ dns_tsig_init(dns_c_ctx_t *confctx, isc_mem_t *mctx, dns_tsig_keyring_t **ring)
 		if (ret == ISC_R_SUCCESS)
 			ret = add_initial_keys(keylist, *ring, mctx);
 		else if (ret != ISC_R_NOTFOUND)
-			goto failure;
+			return (ret);
 	}

 	(*ring)->mctx = mctx;

 	return (ISC_R_SUCCESS);
-
- failure:
-	isc_mem_put(mctx, dns_tsig_hmacmd5_name, sizeof(dns_name_t));
-	return (ret);
 }

 void
@@ -1136,7 +1141,7 @@ dns_tsig_destroy(dns_tsig_keyring_t **ring) {
 		dns_tsigkey_t *key = ISC_LIST_HEAD((*ring)->keys);
 		key->refs = 0;
 		key->deleted = ISC_TRUE;
-		tsigkey_free(&key, *ring);
+		tsigkey_free(&key);
 	}
 	isc_rwlock_destroy(&(*ring)->lock);
 	mctx = (*ring)->mctx;