Fix TSIG key and transport leaks in zone_notify() error paths

Two 'goto next' paths in zone_notify() skipped detaching the TSIG
key and transport, leaking them on TLS configuration failure and
when the destination address is disabled.

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index b524a901890ff94a13c51646644a8a2afabab0cc..693e048f899ed277c5af7472ab49de48fefc958b 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -12523,6 +12523,9 @@ zone_notify(dns_zone_t *zone, isc_time_t *now) {
                                              "could not get TLS configuration "
                                              "for zone transfer: %s",
                                              isc_result_totext(result));
+                               if (key != NULL) {
+                                       dns_tsigkey_detach(&key);
+                               }
                                goto next;
                        }
 
@@ -12536,6 +12539,12 @@ zone_notify(dns_zone_t *zone, isc_time_t *now) {
                INSIST(isc_sockaddr_pf(&src) == isc_sockaddr_pf(&dst));
 
                if (isc_sockaddr_disabled(&dst)) {
+                       if (key != NULL) {
+                               dns_tsigkey_detach(&key);
+                       }
+                       if (transport != NULL) {
+                               dns_transport_detach(&transport);
+                       }
                        goto next;
                }