From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Mon, 2 May 2016 15:24:08 +0000 (+0200)
Subject: rec: Fix a memory leak in DNSSEC validation
X-Git-Tag: rec-4.0.0-alpha3~21^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F3804%2Fhead;p=thirdparty%2Fpdns.git

rec: Fix a memory leak in DNSSEC validation

`DNSCryptoKeyEngine::makeFromPublicKeyString()` returns a naked
pointer to a new object.
---

diff --git a/pdns/validate.cc b/pdns/validate.cc
index e479e7c3a1..8d85b4e370 100644
--- a/pdns/validate.cc
+++ b/pdns/validate.cc
@@ -103,8 +103,10 @@ void validateWithKeySet(const cspmap_t& rrsets, cspmap_t& validated, const keyse
 	bool isValid = false;
 	try {
 	  unsigned int now=time(0);
-	  if(signature->d_siginception < now && signature->d_sigexpire > now)
-	    isValid = DNSCryptoKeyEngine::makeFromPublicKeyString(l.d_algorithm, l.d_key)->verify(msg, signature->d_signature);
+	  if(signature->d_siginception < now && signature->d_sigexpire > now) {
+	    std::shared_ptr<DNSCryptoKeyEngine> dke = shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::makeFromPublicKeyString(l.d_algorithm, l.d_key));
+	    isValid = dke->verify(msg, signature->d_signature);
+	  }
 	  else {
 	    LOG("signature is expired/not yet valid"<<endl);
           }
@@ -273,8 +275,10 @@ vState getKeysFor(DNSRecordOracle& dro, const DNSName& zone, keyset_t &keyset)
           bool isValid = false;
 	  try {
 	    unsigned int now = time(0);
-	    if(i->d_siginception < now && i->d_sigexpire > now)
-	      isValid = DNSCryptoKeyEngine::makeFromPublicKeyString(j.d_algorithm, j.d_key)->verify(msg, i->d_signature);
+	    if(i->d_siginception < now && i->d_sigexpire > now) {
+	      std::shared_ptr<DNSCryptoKeyEngine> dke = shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::makeFromPublicKeyString(j.d_algorithm, j.d_key));
+	      isValid = dke->verify(msg, i->d_signature);
+	    }
 	  }
 	  catch(std::exception& e) {
 	    //	    cerr<<"Could not make a validator for signature: "<<e.what()<<endl;