From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Tue, 14 Feb 2017 10:12:13 +0000 (+0100)
Subject: auth: Don't leak on signing errors during outgoing AXFR
X-Git-Tag: auth-4.0.4-rc1~3^2~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d9af9b047214d1ab331027126fbff5fbecf3cb71;p=thirdparty%2Fpdns.git

auth: Don't leak on signing errors during outgoing AXFR
---

diff --git a/pdns/signingpipe.cc b/pdns/signingpipe.cc
index 3cfbc13aaa..8c1616f627 100644
--- a/pdns/signingpipe.cc
+++ b/pdns/signingpipe.cc
@@ -279,7 +279,7 @@ try
   DNSSECKeeper dk;
   UeberBackend db("key-only");
   
-  chunk_t* chunk;
+  chunk_t* chunk = nullptr;
   int res;
   for(;;) {
     res = readn(fd, &chunk, sizeof(chunk));
@@ -287,21 +287,32 @@ try
       break;
     if(res < 0)
       unixDie("reading object pointer to sign from pdns");
-    set<DNSName> authSet;
-    authSet.insert(d_signer);
-    addRRSigs(dk, db, authSet, *chunk);
-    ++d_signed;
-    
-    writen2(fd, &chunk, sizeof(chunk));
+    try {
+      set<DNSName> authSet;
+      authSet.insert(d_signer);
+      addRRSigs(dk, db, authSet, *chunk);
+      ++d_signed;
+
+      writen2(fd, &chunk, sizeof(chunk));
+      chunk = nullptr;
+    }
+    catch(const PDNSException& pe) {
+      delete chunk;
+      throw;
+    }
+    catch(const std::exception& e) {
+      delete chunk;
+      throw;
+    }
   }
   close(fd);
 }
-catch(PDNSException& pe)
+catch(const PDNSException& pe)
 {
   L<<Logger::Error<<"Signing thread died because of PDNSException: "<<pe.reason<<endl;
   close(fd);
 }
-catch(std::exception& e)
+catch(const std::exception& e)
 {
   L<<Logger::Error<<"Signing thread died because of std::exception: "<<e.what()<<endl;
   close(fd);