Add a check for a null pointer before calling the regexec function.

Without out this check we could, under some circumstances, pass a null pointer to the regexec function causing it to segfault. [ISC-Bugs #26704].
2025-08-30 13:57:50 +00:00 · 2011-11-22 23:56:50 +00:00
parent 7595a1a772
commit b95f1ee070
2 changed files with 9 additions and 0 deletions
--- a/8
+++ b/8
@@ -39,6 +39,14 @@ The system has only been tested on Linux, FreeBSD, and Solaris, and may not
 work on other platforms. Please report any problems and suggested fixes to
 <dhcp-users@isc.org>.

+			Changes since 4.2.3
+
+! Add a check for a null pointer before calling the regexec function.
+  Without out this check we could, under some circumstances, pass
+  a null pointer to the regexec function causing it to segfault.
+  [ISC-Bugs #26704].
+  CVE:
+
 			Changes since 4.2.2

 - Fix the code that checks for an existing DDNS transaction to cancel
--- a/common/tree.c
+++ b/common/tree.c
@@ -1120,6 +1120,7 @@ int evaluate_boolean_expression (result, packet, lease, client_state,
 		*result = 0;
 		memset(&re, 0, sizeof(re));
 		if (bleft && bright &&
+		    (left.data != NULL) &&
        	    (regcomp(&re, (char *)right.data, regflags) == 0) &&
 		    (regexec(&re, (char *)left.data, (size_t)0, NULL, 0) == 0))
 				*result = 1;