Fix wrong length passed to isc_mem_put

If an invalid key name (e.g. "a..b") in a primaries list in named.conf
is specified the wrong size is passed to isc_mem_put resulting in the
returned memory being put on the wrong freed list.

    *** CID 316784:  Incorrect expression  (SIZEOF_MISMATCH)
    /bin/named/config.c: 636 in named_config_getname()
    630     	isc_buffer_constinit(&b, objstr, strlen(objstr));
    631     	isc_buffer_add(&b, strlen(objstr));
    632     	dns_fixedname_init(&fname);
    633     	result = dns_name_fromtext(dns_fixedname_name(&fname), &b, dns_rootname,
    634     				   0, NULL);
    635     	if (result != ISC_R_SUCCESS) {
       CID 316784:  Incorrect expression  (SIZEOF_MISMATCH)
       Passing argument "*namep" of type "dns_name_t *" and argument "8UL /* sizeof (*namep) */" to function "isc__mem_put" is suspicious.
    636     		isc_mem_put(mctx, *namep, sizeof(*namep));
    637     		*namep = NULL;
    638     		return (result);
    639     	}
    640     	dns_name_dup(dns_fixedname_name(&fname), mctx, *namep);
    641

diff --git a/bin/named/config.c b/bin/named/config.c
index 99af2dd570cb7c9420b5581b9032cc1d0acd3881..a6a918100b6517c99308d302f39c537a311de7e7 100644 (file)
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -635,7 +635,7 @@ named_config_getname(isc_mem_t *mctx, const cfg_obj_t *obj,
        result = dns_name_fromtext(dns_fixedname_name(&fname), &b, dns_rootname,
                                   0, NULL);
        if (result != ISC_R_SUCCESS) {
-               isc_mem_put(mctx, *namep, sizeof(*namep));
+               isc_mem_put(mctx, *namep, sizeof(**namep));
                *namep = NULL;
                return (result);
        }