From: W.C.A. Wijngaards Date: Wed, 17 Jun 2026 13:16:21 +0000 (+0200) Subject: - Fix that malloc failure in auth-zone insert rr does X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=78d9cfffd831c3254bbfbede01bc92a7cae32b42;p=thirdparty%2Funbound.git - Fix that malloc failure in auth-zone insert rr does not create an empty node and does not cause an infinite loop. Thanks to Qifan Zhang, Palo Alto Networks, for the report. --- diff --git a/doc/Changelog b/doc/Changelog index 266c84897..37762f6ee 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -7,6 +7,10 @@ - Fix that unbound-checkconf checks if an auth-zone download can overwrite another file, by filename collision. Thanks to Qifan Zhang, Palo Alto Networks, for the report. + - Fix that malloc failure in auth-zone insert rr does + not create an empty node and does not cause an infinite + loop. Thanks to Qifan Zhang, Palo Alto Networks, for + the report. 16 June 2026: Wouter - Fix to disallow $INCLUDE for secondary zones. Start up diff --git a/services/authzone.c b/services/authzone.c index f5f4356b1..430674b0c 100644 --- a/services/authzone.c +++ b/services/authzone.c @@ -1204,6 +1204,10 @@ az_insert_rr(struct auth_zone* z, uint8_t* rr, size_t rr_len, if(!az_domain_add_rr(node, rr_type, rr_ttl, rdata, rdatalen, duplicate)) { log_err("cannot add RR to domain"); + if(node->rrsets == NULL) { + (void)rbtree_delete(&z->data, node); + auth_data_delete(node); + } return 0; } if(z->rpz) { @@ -2703,7 +2707,7 @@ az_empty_nonterminal(struct auth_zone* z, struct query_info* qinfo, while(next && (rbnode_type*)next != RBTREE_NULL && next->rrsets == NULL) { /* the next name has empty rrsets, is an empty nonterminal * itself, see if there exists something below it */ - next = (struct auth_data*)rbtree_next(&node->node); + next = (struct auth_data*)rbtree_next(&next->node); } if((rbnode_type*)next == RBTREE_NULL || !next) { /* there is no next node, so something below it cannot