From: Ralph Dolmans <ralph@nlnetlabs.nl>
Date: Tue, 4 Jun 2019 10:38:44 +0000 (+0200)
Subject: fix double free issue
X-Git-Tag: release-1.10.0rc1~28^2~28^2~17
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bc83e0b01691fdf766ad2318414a620e829e1c07;p=thirdparty%2Funbound.git

fix double free issue
---

diff --git a/doc/example.conf.in b/doc/example.conf.in
index c78156fe1..be1606fa1 100644
--- a/doc/example.conf.in
+++ b/doc/example.conf.in
@@ -991,3 +991,16 @@ remote-control:
 #     redis-server-port: 6379
 #     # timeout (in ms) for communication with the redis server
 #     redis-timeout: 100
+
+# Response Policy Zones
+# RPZ policies. Applied in order of configuration. QNAME trigger is the only
+# supported trigger. Supported actions are: NXDOMAIN, NODATA, PASSTHRU, DROP and
+# Local Data. Policy can be loaded from file or using zone transfer.
+# rpz:
+#     name: "rpz.example.com"
+#     zonefile: "rpz.example.com"
+#     rpz-action-override: cname
+#     rpz-cname-override: www.example.org
+#     rpz-log: yes
+#     rpz-log-name: "example policy"
+#     tags: "example"
diff --git a/services/rpz.c b/services/rpz.c
index 1e3d39fab..fdc10b8dd 100644
--- a/services/rpz.c
+++ b/services/rpz.c
@@ -258,6 +258,7 @@ void rpz_delete(struct rpz* r)
 	local_zones_delete(r->local_zones);
 	regional_destroy(r->region);
 	free(r->taglist);
+	free(r->log_name);
 	free(r);
 }
 
@@ -334,12 +335,10 @@ rpz_create(struct config_auth* p)
 		free(r);
 		return 0;
 	}
-	r->taglist = p->rpz_taglist;
 	r->taglistlen = p->rpz_taglistlen;
+	r->taglist = memdup(p->rpz_taglist, r->taglistlen);
 	if(p->rpz_action_override) {
 		r->action_override = rpz_config_to_action(p->rpz_action_override);
-		free(p->rpz_action_override);
-		p->rpz_action_override = NULL;
 	}
 	else
 		r->action_override = RPZ_NO_OVERRIDE_ACTION;
@@ -358,12 +357,9 @@ rpz_create(struct config_auth* p)
 		if(sldns_str2wire_dname_buf(p->rpz_cname, nm, &nmlen) != 0) {
 			log_err("cannot parse RPZ cname override: %s",
 				p->rpz_cname);
-			free(p->rpz_cname);
 			free(r);
 			return 0;
 		}
-		free(p->rpz_cname);
-		p->rpz_cname = NULL;
 		r->cname_override = new_cname_override(r->region, nm, nmlen);
 		if(!r->cname_override) {
 			free(r);
@@ -371,7 +367,7 @@ rpz_create(struct config_auth* p)
 		}
 	}
 	r->log = p->rpz_log;
-	r->log_name = p->rpz_log_name;
+	r->log_name = strdup(p->rpz_log_name);
 	return r;
 }
 
diff --git a/util/config_file.c b/util/config_file.c
index c12dc88d8..dbd5a7bad 100644
--- a/util/config_file.c
+++ b/util/config_file.c
@@ -1268,8 +1268,10 @@ config_delauth(struct config_auth* p)
 	config_delstrlist(p->urls);
 	config_delstrlist(p->allow_notify);
 	free(p->zonefile);
-	if(p->rpz_taglist)
-		free(p->rpz_taglist);
+	free(p->rpz_taglist);
+	free(p->rpz_action_override);
+	free(p->rpz_cname);
+	free(p->rpz_log_name);
 	free(p);
 }