From: Mark Andrews Date: Wed, 27 Nov 2013 19:45:30 +0000 (+1100) Subject: 3677. [bug] 'nsupdate' leaked memory if 'realm' was used multiple X-Git-Tag: v9.10.0a2~204 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=49ae04f6ee2f2e2578e6cd8cd3d4c74e9098ccb0;p=thirdparty%2Fbind9.git 3677. [bug] 'nsupdate' leaked memory if 'realm' was used multiple times. [RT #35073] --- diff --git a/CHANGES b/CHANGES index 68b4d312149..e87a941ec6b 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +3677. [bug] 'nsupdate' leaked memory if 'realm' was used multiple + times. [RT #35073] + 3676. [bug] "named-checkconf -z" now checks zones of type hint and redirect as well as master. [RT #35046] diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c index 486c1023250..dc12a85eb20 100644 --- a/bin/nsupdate/nsupdate.c +++ b/bin/nsupdate/nsupdate.c @@ -1566,16 +1566,20 @@ evaluate_realm(char *cmdline) { #ifdef GSSAPI char *word; char buf[1024]; + int n; - word = nsu_strsep(&cmdline, " \t\r\n"); - if (word == NULL || *word == 0) { - if (realm != NULL) - isc_mem_free(mctx, realm); + if (realm != NULL) { + isc_mem_free(mctx, realm); realm = NULL; - return (STATUS_MORE); } - snprintf(buf, sizeof(buf), "@%s", word); + word = nsu_strsep(&cmdline, " \t\r\n"); + if (word == NULL || *word == 0) + return (STATUS_MORE); + + n = snprintf(buf, sizeof(buf), "@%s", word); + if (n < 0 || (size_t)n >= sizeof(buf)) + fatal("realm is too long"); realm = isc_mem_strdup(mctx, buf); if (realm == NULL) fatal("out of memory");