4060. [bug] dns_rdata_freestruct could be call on a uninitialised

                        structure when handling a error. [RT #38568]

(cherry picked from commit f4102ab13ea049d73f5523c1a94fe2b83c408c9e)

diff --git a/CHANGES b/CHANGES
index ee7c5d0cbbd7a8db6ffcfe8748e08b367962e393..e0e8feb0bbce9f7c24bc13142691040dfe8e9038 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,8 @@
        --- 9.9.7rc2 released ---
 
+4060.  [bug]           dns_rdata_freestruct could be call on a uninitialised
+                       structure when handling a error. [RT #38568]
+
 4059.  [bug]           Addressed valgrind warnings. [RT #38549]
 
 4058.  [bug]           UDP dispatches could use the wrong psuedorandom

diff --git a/lib/dns/tkey.c b/lib/dns/tkey.c
index 14242a03d0aabd41650e2613d76214fb98dd95b9..f46577f01d7b2c24a60720caa7d57e146b7c2de2 100644 (file)
--- a/lib/dns/tkey.c
+++ b/lib/dns/tkey.c
@@ -1397,6 +1397,7 @@ dns_tkey_gssnegotiate(dns_message_t *qmsg, dns_message_t *rmsg,
        dst_key_t *dstkey = NULL;
        isc_result_t result;
        unsigned char array[1024];
+       isc_boolean_t freertkey = ISC_FALSE;
 
        REQUIRE(qmsg != NULL);
        REQUIRE(rmsg != NULL);
@@ -1409,6 +1410,7 @@ dns_tkey_gssnegotiate(dns_message_t *qmsg, dns_message_t *rmsg,
 
        RETERR(find_tkey(rmsg, &tkeyname, &rtkeyrdata, DNS_SECTION_ANSWER));
        RETERR(dns_rdata_tostruct(&rtkeyrdata, &rtkey, NULL));
+       freertkey = ISC_TRUE;
 
        if (win2k == ISC_TRUE)
                RETERR(find_tkey(qmsg, &tkeyname, &qtkeyrdata,
@@ -1461,7 +1463,8 @@ dns_tkey_gssnegotiate(dns_message_t *qmsg, dns_message_t *rmsg,
        /*
         * XXXSRA This probably leaks memory from qtkey.
         */
-       dns_rdata_freestruct(&rtkey);
+       if (freertkey)
+               dns_rdata_freestruct(&rtkey);
        if (dstkey != NULL)
                dst_key_free(&dstkey);
        return (result);