auth: Don't leak on signing errors during outgoing AXFR

author Remi Gacogne <remi.gacogne@powerdns.com>

Tue, 14 Feb 2017 10:12:13 +0000 (11:12 +0100)

committer mind04 <mind04@monshouwer.org>

Thu, 4 May 2017 20:38:55 +0000 (22:38 +0200)
author Remi Gacogne <remi.gacogne@powerdns.com>
Tue, 14 Feb 2017 10:12:13 +0000 (11:12 +0100)
committer mind04 <mind04@monshouwer.org>
Thu, 4 May 2017 20:38:55 +0000 (22:38 +0200)
diff --git a/pdns/signingpipe.cc b/pdns/signingpipe.cc

index 3cfbc13aaabe419ced34b8e924a2a1332ec12989..8c1616f627e1715a0ee3c23dbb22c880e9a3c624 100644 (file)
--- a/pdns/signingpipe.cc
+++ b/pdns/signingpipe.cc
@@ -279,7 +279,7 @@ try
    DNSSECKeeper dk;
    UeberBackend db("key-only");
    
-  chunk_t* chunk;
+  chunk_t* chunk = nullptr;
    int res;
    for(;;) {
      res = readn(fd, &chunk, sizeof(chunk));
@@ -287,21 +287,32 @@ try
        break;
      if(res < 0)
        unixDie("reading object pointer to sign from pdns");
-    set<DNSName> authSet;
-    authSet.insert(d_signer);
-    addRRSigs(dk, db, authSet, *chunk);
-    ++d_signed;
-    
-    writen2(fd, &chunk, sizeof(chunk));
+    try {
+      set<DNSName> authSet;
+      authSet.insert(d_signer);
+      addRRSigs(dk, db, authSet, *chunk);
+      ++d_signed;
+
+      writen2(fd, &chunk, sizeof(chunk));
+      chunk = nullptr;
+    }
+    catch(const PDNSException& pe) {
+      delete chunk;
+      throw;
+    }
+    catch(const std::exception& e) {
+      delete chunk;
+      throw;
+    }
    }
    close(fd);
  }
-catch(PDNSException& pe)
+catch(const PDNSException& pe)
  {
    L<<Logger::Error<<"Signing thread died because of PDNSException: "<<pe.reason<<endl;
    close(fd);
  }
-catch(std::exception& e)
+catch(const std::exception& e)
  {
    L<<Logger::Error<<"Signing thread died because of std::exception: "<<e.what()<<endl;
    close(fd);
author	Remi Gacogne <remi.gacogne@powerdns.com>
	Tue, 14 Feb 2017 10:12:13 +0000 (11:12 +0100)
committer	mind04 <mind04@monshouwer.org>
	Thu, 4 May 2017 20:38:55 +0000 (22:38 +0200)