From: W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Date: Wed, 20 Nov 2019 13:37:13 +0000 (+0100)
Subject: - Fix NULL Pointer Dereference via Control Port,
X-Git-Tag: release-1.9.6rc1~34
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=981fedea0e10d6263ecd1e5022c86f564ce26d78;p=thirdparty%2Funbound.git

- Fix NULL Pointer Dereference via Control Port,
  reported by X41 D-Sec.
---

diff --git a/daemon/remote.c b/daemon/remote.c
index f688b1be8..25547f570 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -674,19 +674,19 @@ static void send_ok(RES* ssl)
 
 /** do the stop command */
 static void
-do_stop(RES* ssl, struct daemon_remote* rc)
+do_stop(RES* ssl, struct worker* worker)
 {
-	rc->worker->need_to_exit = 1;
-	comm_base_exit(rc->worker->base);
+	worker->need_to_exit = 1;
+	comm_base_exit(worker->base);
 	send_ok(ssl);
 }
 
 /** do the reload command */
 static void
-do_reload(RES* ssl, struct daemon_remote* rc)
+do_reload(RES* ssl, struct worker* worker)
 {
-	rc->worker->need_to_exit = 0;
-	comm_base_exit(rc->worker->base);
+	worker->need_to_exit = 0;
+	comm_base_exit(worker->base);
 	send_ok(ssl);
 }
 
@@ -1070,9 +1070,9 @@ print_ext(RES* ssl, struct ub_stats_info* s)
 
 /** do the stats command */
 static void
-do_stats(RES* ssl, struct daemon_remote* rc, int reset)
+do_stats(RES* ssl, struct worker* worker, int reset)
 {
-	struct daemon* daemon = rc->worker->daemon;
+	struct daemon* daemon = worker->daemon;
 	struct ub_stats_info total;
 	struct ub_stats_info s;
 	int i;
@@ -1080,7 +1080,7 @@ do_stats(RES* ssl, struct daemon_remote* rc, int reset)
 	log_assert(daemon->num > 0);
 	/* gather all thread statistics in one place */
 	for(i=0; i<daemon->num; i++) {
-		server_stats_obtain(rc->worker, daemon->workers[i], &s, reset);
+		server_stats_obtain(worker, daemon->workers[i], &s, reset);
 		if(!print_thread_stats(ssl, i, &s))
 			return;
 		if(i == 0)
@@ -1091,10 +1091,10 @@ do_stats(RES* ssl, struct daemon_remote* rc, int reset)
 	total.mesh_time_median /= (double)daemon->num;
 	if(!print_stats(ssl, "total", &total)) 
 		return;
-	if(!print_uptime(ssl, rc->worker, reset))
+	if(!print_uptime(ssl, worker, reset))
 		return;
 	if(daemon->cfg->stat_extended) {
-		if(!print_mem(ssl, rc->worker, daemon, &total)) 
+		if(!print_mem(ssl, worker, daemon, &total))
 			return;
 		if(!print_hist(ssl, &total))
 			return;
@@ -2851,16 +2851,16 @@ execute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd,
 	char* p = skipwhite(cmd);
 	/* compare command */
 	if(cmdcmp(p, "stop", 4)) {
-		do_stop(ssl, rc);
+		do_stop(ssl, worker);
 		return;
 	} else if(cmdcmp(p, "reload", 6)) {
-		do_reload(ssl, rc);
+		do_reload(ssl, worker);
 		return;
 	} else if(cmdcmp(p, "stats_noreset", 13)) {
-		do_stats(ssl, rc, 0);
+		do_stats(ssl, worker, 0);
 		return;
 	} else if(cmdcmp(p, "stats", 5)) {
-		do_stats(ssl, rc, 1);
+		do_stats(ssl, worker, 1);
 		return;
 	} else if(cmdcmp(p, "status", 6)) {
 		do_status(ssl, worker);
diff --git a/doc/Changelog b/doc/Changelog
index 692adb9fe..75fb6a4ca 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -35,6 +35,8 @@
 	- Fix Useless memset() in validator, reported by X41 D-Sec.
 	- Fix Unrequired Checks, reported by X41 D-Sec.
 	- Fix Enum Name not Used, reported by X41 D-Sec.
+	- Fix NULL Pointer Dereference via Control Port,
+	  reported by X41 D-Sec.
 
 19 November 2019: Wouter
 	- Fix CVE-2019-18934, shell execution in ipsecmod.