From: W.C.A. Wijngaards Date: Wed, 9 Dec 2020 12:52:49 +0000 (+0100) Subject: Fix leak of socket mem on failure and fix if tcp has to wait we X-Git-Tag: release-1.13.2rc1~254^2~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=af96ff157eaa3bc3526d9b288259cde930d25c0d;p=thirdparty%2Funbound.git Fix leak of socket mem on failure and fix if tcp has to wait we do not know the interface at the time. Later when it knows the interface we do not have 'sq' with the zone name. --- diff --git a/dnstap/dnstap.c b/dnstap/dnstap.c index e1abfeeb3..6577a019a 100644 --- a/dnstap/dnstap.c +++ b/dnstap/dnstap.c @@ -347,7 +347,7 @@ dt_msg_fill_net(struct dt_msg *dm, * This block is to fill second set of fields in DNSTAP-message defined as request_/response_ names. * Additional responsive structure is: struct sockaddr_storage *rs */ - if (rs->ss_family == AF_INET6) { + if (rs && rs->ss_family == AF_INET6) { struct sockaddr_in6 *r = (struct sockaddr_in6 *) rs; /* addr: query_address or response_address */ @@ -358,7 +358,7 @@ dt_msg_fill_net(struct dt_msg *dm, /* port: query_port or response_port */ *rport = ntohs(r->sin6_port); *has_rport = 1; - } else if (rs->ss_family == AF_INET) { + } else if (rs && rs->ss_family == AF_INET) { struct sockaddr_in *r = (struct sockaddr_in *) rs; /* addr: query_address or response_address */ diff --git a/services/listen_dnsport.c b/services/listen_dnsport.c index 3de8c5fe4..9e3ad8b79 100644 --- a/services/listen_dnsport.c +++ b/services/listen_dnsport.c @@ -1177,6 +1177,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1, &noip6, rcv, snd, reuseport, transparent, tcp_mss, nodelay, freebind, use_systemd, dscp, &ub_sock)) == -1) { + free(ub_sock); if(noip6) { log_warn("IPv6 protocol not available"); return 1; @@ -1186,11 +1187,13 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, /* getting source addr packet info is highly non-portable */ if(!set_recvpktinfo(s, hints->ai_family)) { sock_close(s); + free(ub_sock); return 0; } if(!port_insert(list, s, is_dnscrypt?listen_type_udpancil_dnscrypt:listen_type_udpancil, ub_sock)) { sock_close(s); + free(ub_sock); return 0; } } else if(do_udp) { @@ -1201,6 +1204,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1, &noip6, rcv, snd, reuseport, transparent, tcp_mss, nodelay, freebind, use_systemd, dscp, &ub_sock)) == -1) { + free(ub_sock); if(noip6) { log_warn("IPv6 protocol not available"); return 1; @@ -1210,6 +1214,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, if(!port_insert(list, s, is_dnscrypt?listen_type_udp_dnscrypt:listen_type_udp, ub_sock)) { sock_close(s); + free(ub_sock); return 0; } } @@ -1231,6 +1236,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, if((s = make_sock_port(SOCK_STREAM, ifname, port, hints, 1, &noip6, 0, 0, reuseport, transparent, tcp_mss, nodelay, freebind, use_systemd, dscp, &ub_sock)) == -1) { + free(ub_sock); if(noip6) { /*log_warn("IPv6 protocol not available");*/ return 1; @@ -1241,6 +1247,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, verbose(VERB_ALGO, "setup TCP for SSL service"); if(!port_insert(list, s, port_type, ub_sock)) { sock_close(s); + free(ub_sock); return 0; } } diff --git a/services/outside_network.c b/services/outside_network.c index 1854e5dac..815a805ce 100644 --- a/services/outside_network.c +++ b/services/outside_network.c @@ -2215,8 +2215,8 @@ pending_tcp_query(struct serviced_query* sq, sldns_buffer* packet, (sq->outnet->dtenv->log_resolver_query_messages || sq->outnet->dtenv->log_forwarder_query_messages)) dt_msg_send_outside_query(sq->outnet->dtenv, &sq->addr, - &pend->pi->addr, comm_tcp, sq->zone, sq->zonelen, - packet); + (pend?&pend->pi->addr:NULL), comm_tcp, sq->zone, + sq->zonelen, packet); #endif return w; }