Fix cb_args memory leak in ns_query() error path

Initialize cb_args to NULL and free it in the cleanup path so it
is not leaked when the function fails after allocation.

(cherry picked from commit d7e1013741e3921f0f18246d15ef6f800ada77a2)

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 705795d443cf03afe15c5df1c0caa1b9191ed8ea..2887d09e8c410e8969dc73945c75353341a5ea4a 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -14794,7 +14794,7 @@ ns_query(dns_zone_t *zone, dns_rdataset_t *soardataset, dns_stub_t *stub) {
        bool reqnsid;
        uint16_t udpsize = SEND_BUFFER_SIZE;
        isc_sockaddr_t curraddr, sourceaddr;
-       struct stub_cb_args *cb_args;
+       struct stub_cb_args *cb_args = NULL;
 
        REQUIRE(DNS_ZONE_VALID(zone));
        REQUIRE(LOCKED_ZONE(zone));
@@ -15016,6 +15016,9 @@ cleanup:
        if (stub->zone != NULL) {
                zone_idetach(&stub->zone);
        }
+       if (cb_args != NULL) {
+               isc_mem_put(zone->mctx, cb_args, sizeof(*cb_args));
+       }
        isc_mem_put(stub->mctx, stub, sizeof(*stub));
        if (message != NULL) {
                dns_message_detach(&message);