From: Mark Andrews <marka@isc.org>
Date: Wed, 6 Oct 2021 08:10:36 +0000 (+1100)
Subject: Fix cleanup of signature buffer in dns_dnssec_signmessage
X-Git-Tag: v9.17.20~62^2~1
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=0378c05ba04a6a4c2718afa742289990eaae04f0;p=thirdparty%2Fbind9.git

Fix cleanup of signature buffer in dns_dnssec_signmessage

A NULL pointer could be freed if error handling occured.
---

diff --git a/lib/dns/dnssec.c b/lib/dns/dnssec.c
index 6e1dc30f7cc..450c34f7b60 100644
--- a/lib/dns/dnssec.c
+++ b/lib/dns/dnssec.c
@@ -943,7 +943,6 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) {
 	dst_context_t *ctx = NULL;
 	isc_mem_t *mctx;
 	isc_result_t result;
-	bool signeedsfree = true;
 
 	REQUIRE(msg != NULL);
 	REQUIRE(key != NULL);
@@ -1032,7 +1031,6 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) {
 				    dynbuf));
 
 	isc_mem_put(mctx, sig.signature, sig.siglen);
-	signeedsfree = false;
 
 	dns_message_takebuffer(msg, &dynbuf);
 
@@ -1053,7 +1051,7 @@ failure:
 	if (dynbuf != NULL) {
 		isc_buffer_free(&dynbuf);
 	}
-	if (signeedsfree) {
+	if (sig.signature != NULL) {
 		isc_mem_put(mctx, sig.signature, sig.siglen);
 	}
 	if (ctx != NULL) {