From: Mark Andrews <marka@isc.org>
Date: Mon, 1 Feb 2021 00:43:45 +0000 (+1100)
Subject: Fix wrong length passed to isc_mem_put
X-Git-Tag: v9.17.11~61^2~2
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=0a966315b2edf61e512bde27acbf6f182e323870;p=thirdparty%2Fbind9.git

Fix wrong length passed to isc_mem_put

If an invalid key name (e.g. "a..b") in a primaries list in named.conf
is specified the wrong size is passed to isc_mem_put resulting in the
returned memory being put on the wrong freed list.

    *** CID 316784:  Incorrect expression  (SIZEOF_MISMATCH)
    /bin/named/config.c: 636 in named_config_getname()
    630     	isc_buffer_constinit(&b, objstr, strlen(objstr));
    631     	isc_buffer_add(&b, strlen(objstr));
    632     	dns_fixedname_init(&fname);
    633     	result = dns_name_fromtext(dns_fixedname_name(&fname), &b, dns_rootname,
    634     				   0, NULL);
    635     	if (result != ISC_R_SUCCESS) {
       CID 316784:  Incorrect expression  (SIZEOF_MISMATCH)
       Passing argument "*namep" of type "dns_name_t *" and argument "8UL /* sizeof (*namep) */" to function "isc__mem_put" is suspicious.
    636     		isc_mem_put(mctx, *namep, sizeof(*namep));
    637     		*namep = NULL;
    638     		return (result);
    639     	}
    640     	dns_name_dup(dns_fixedname_name(&fname), mctx, *namep);
    641
---

diff --git a/bin/named/config.c b/bin/named/config.c
index 99af2dd570c..a6a918100b6 100644
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -635,7 +635,7 @@ named_config_getname(isc_mem_t *mctx, const cfg_obj_t *obj,
 	result = dns_name_fromtext(dns_fixedname_name(&fname), &b, dns_rootname,
 				   0, NULL);
 	if (result != ISC_R_SUCCESS) {
-		isc_mem_put(mctx, *namep, sizeof(*namep));
+		isc_mem_put(mctx, *namep, sizeof(**namep));
 		*namep = NULL;
 		return (result);
 	}