From: W.C.A. Wijngaards Date: Wed, 17 Jun 2026 13:59:29 +0000 (+0200) Subject: - Fix to check for malloc failure in rpz response create, X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=45d1e75cafcb5dae96eaebce5f8fb15751cf777a;p=thirdparty%2Funbound.git - Fix to check for malloc failure in rpz response create, for nodata and nxdomain, so it does not crash later. Thanks to Qifan Zhang, Palo Alto Networks, for the report. --- diff --git a/doc/Changelog b/doc/Changelog index afa7c5ccb..a5351e39d 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -45,6 +45,9 @@ - Fix to check the return value of auth_xfer_create during fast_reload auth-zone add and change processing. Thanks to Qifan Zhang, Palo Alto Networks, for the report. + - Fix to check for malloc failure in rpz response create, + for nodata and nxdomain, so it does not crash later. + Thanks to Qifan Zhang, Palo Alto Networks, for the report. 16 June 2026: Wouter - Fix to disallow $INCLUDE for secondary zones. Start up diff --git a/services/rpz.c b/services/rpz.c index d0895746d..1a23e52a0 100644 --- a/services/rpz.c +++ b/services/rpz.c @@ -1991,8 +1991,9 @@ rpz_synthesize_nodata(struct rpz* ATTR_UNUSED(r), struct module_qstate* ms, 0, /* total */ sec_status_insecure, LDNS_EDE_NONE); - if(msg->rep) - msg->rep->authoritative = 1; + if(!msg->rep) + return NULL; + msg->rep->authoritative = 1; if(!rpz_add_soa(msg->rep, ms, az)) return NULL; return msg; @@ -2022,8 +2023,9 @@ rpz_synthesize_nxdomain(struct rpz* r, struct module_qstate* ms, 0, /* total */ sec_status_insecure, LDNS_EDE_NONE); - if(msg->rep) - msg->rep->authoritative = 1; + if(!msg->rep) + return NULL; + msg->rep->authoritative = 1; if(!rpz_add_soa(msg->rep, ms, az)) return NULL; return msg;