From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Thu, 13 Sep 2018 10:23:30 +0000 (+0000)
Subject: - Free memory leak in config strlist append.
X-Git-Tag: release-1.8.1rc1~18
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=75b8b8c8758a54f2331ad9be2633671d0c8c1428;p=thirdparty%2Funbound.git

- Free memory leak in config strlist append.
- make sure nsec3 comparison salt is initialized.


git-svn-id: file:///svn/unbound/trunk@4900 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/doc/Changelog b/doc/Changelog
index 95b3cfb65..c963297a5 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -7,6 +7,8 @@
 	- in testcode, free async ids, initialise array, and check for null
 	  pointer during test of the test.  And use exit for return to note
 	  irregular program stop.
+	- Free memory leak in config strlist append.
+	- make sure nsec3 comparison salt is initialized.
 
 11 September 2018: Wouter
 	- Fixed unused return value warnings in contrib/fastrpz.patch for
diff --git a/util/config_file.c b/util/config_file.c
index e6fbaeef4..2568af2eb 100644
--- a/util/config_file.c
+++ b/util/config_file.c
@@ -841,6 +841,7 @@ config_get_option(struct config_file* cfg, const char* opt,
 {
 	char buf[1024], nopt[64];
 	size_t len = sizeof(buf);
+	if(!opt) return 0;
 	if(opt && opt[strlen(opt)-1] == ':' && strlen(opt)<sizeof(nopt)) {
 		memmove(nopt, opt, strlen(opt));
 		nopt[strlen(opt)-1] = 0;
@@ -1526,11 +1527,15 @@ int ub_c_wrap(void)
 int cfg_strlist_append(struct config_strlist_head* list, char* item)
 {
 	struct config_strlist *s;
-	if(!item || !list)
+	if(!item || !list) {
+		free(item);
 		return 0;
+	}
 	s = (struct config_strlist*)calloc(1, sizeof(struct config_strlist));
-	if(!s)
+	if(!s) {
+		free(item);
 		return 0;
+	}
 	s->str = item;
 	s->next = NULL;
 	if(list->last)
diff --git a/util/config_file.h b/util/config_file.h
index 54edec410..8c630b8a1 100644
--- a/util/config_file.h
+++ b/util/config_file.h
@@ -792,6 +792,7 @@ char* config_collate_cat(struct config_strlist* list);
  * @param list: list head. zeroed at start.
  * @param item: new item. malloced by caller. if NULL the insertion fails.
  * @return true on success.
+ * on fail the item is free()ed.
  */
 int cfg_strlist_append(struct config_strlist_head* list, char* item);
 
diff --git a/validator/val_nsec3.c b/validator/val_nsec3.c
index 773ed30cd..763b5ab7c 100644
--- a/validator/val_nsec3.c
+++ b/validator/val_nsec3.c
@@ -520,6 +520,10 @@ nsec3_hash_cmp(const void* c1, const void* c2)
 	}
 	(void)nsec3_get_salt(h1->nsec3, h1->rr, &s1, &s1len);
 	(void)nsec3_get_salt(h2->nsec3, h2->rr, &s2, &s2len);
+	if(s1len == 0 && s2len == 0)
+		return 0;
+	if(!s1) return -1;
+	if(!s2) return 1;
 	if(s1len != s2len) {
 		if(s1len < s2len)
 			return -1;
@@ -736,7 +740,7 @@ find_matching_nsec3(struct module_env* env, struct nsec3_filter* flt,
 	size_t i_rs;
 	int i_rr;
 	struct ub_packed_rrset_key* s;
-	struct nsec3_cached_hash* hash;
+	struct nsec3_cached_hash* hash = NULL;
 	int r;
 
 	/* this loop skips other-zone and unknown NSEC3s, also non-NSEC3 RRs */
@@ -748,7 +752,7 @@ find_matching_nsec3(struct module_env* env, struct nsec3_filter* flt,
 		if(r == 0) {
 			log_err("nsec3: malloc failure");
 			break; /* alloc failure */
-		} else if(r < 0)
+		} else if(r != 1)
 			continue; /* malformed NSEC3 */
 		else if(nsec3_hash_matches_owner(flt, hash, s)) {
 			*rrset = s; /* rrset with this name */
@@ -829,7 +833,7 @@ find_covering_nsec3(struct module_env* env, struct nsec3_filter* flt,
 	size_t i_rs;
 	int i_rr;
 	struct ub_packed_rrset_key* s;
-	struct nsec3_cached_hash* hash;
+	struct nsec3_cached_hash* hash = NULL;
 	int r;
 
 	/* this loop skips other-zone and unknown NSEC3s, also non-NSEC3 RRs */
@@ -841,7 +845,7 @@ find_covering_nsec3(struct module_env* env, struct nsec3_filter* flt,
 		if(r == 0) {
 			log_err("nsec3: malloc failure");
 			break; /* alloc failure */
-		} else if(r < 0)
+		} else if(r != 1)
 			continue; /* malformed NSEC3 */
 		else if(nsec3_covers(flt->zone, hash, s, i_rr, 
 			env->scratch_buffer)) {