Fix TSIG key and transport leaks in zone_notify() error paths

Two 'goto next' paths in zone_notify() skipped detaching the TSIG
key and transport, leaking them on TLS configuration failure and
when the destination address is disabled.

(cherry picked from commit 1505cb1c24fcbfcf43b1a1de6957c73afacccdd1)

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 40b0e1fdade7cf1ae7ca75d61e7fddecba715c63..705795d443cf03afe15c5df1c0caa1b9191ed8ea 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -13020,6 +13020,9 @@ zone_notify(dns_zone_t *zone, isc_time_t *now) {
                                              "could not get TLS configuration "
                                              "for zone transfer: %s",
                                              isc_result_totext(result));
+                               if (key != NULL) {
+                                       dns_tsigkey_detach(&key);
+                               }
                                goto next;
                        }
 
@@ -13033,6 +13036,12 @@ zone_notify(dns_zone_t *zone, isc_time_t *now) {
                INSIST(isc_sockaddr_pf(&src) == isc_sockaddr_pf(&dst));
 
                if (isc_sockaddr_disabled(&dst)) {
+                       if (key != NULL) {
+                               dns_tsigkey_detach(&key);
+                       }
+                       if (transport != NULL) {
+                               dns_transport_detach(&transport);
+                       }
                        goto next;
                }