From: Mark Andrews Date: Tue, 14 Feb 2017 04:52:40 +0000 (+1100) Subject: 4574. [bug] Dig leaked memory with multiple +subnet options. X-Git-Tag: v9.12.0a1~446 X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=af2b20ee3fc4a01ce9f18cf1b323caf1c8703f7e;p=thirdparty%2Fbind9.git 4574. [bug] Dig leaked memory with multiple +subnet options. [RT #44683] --- diff --git a/CHANGES b/CHANGES index a696770b443..74036906b3e 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +4574. [bug] Dig leaked memory with multiple +subnet options. + [RT #44683] + 4573. [func] Query logic has been substantially refactored (e.g. query_find function has been split into smaller functions) for improved readability, maintainability diff --git a/bin/dig/dig.c b/bin/dig/dig.c index 2804a59efd8..6e183d48f87 100644 --- a/bin/dig/dig.c +++ b/bin/dig/dig.c @@ -1378,7 +1378,10 @@ plus_option(const char *option, isc_boolean_t is_batchfile, } if (lookup->edns == -1) lookup->edns = 0; - + if (lookup->ecs_addr != NULL) { + isc_mem_free(mctx, lookup->ecs_addr); + lookup->ecs_addr = NULL; + } result = parse_netprefix(&lookup->ecs_addr, value); if (result != ISC_R_SUCCESS) fatal("Couldn't parse client"); diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c index 28f7eda59f3..1030afc1f1c 100644 --- a/bin/dig/dighost.c +++ b/bin/dig/dighost.c @@ -1096,6 +1096,8 @@ parse_netprefix(isc_sockaddr_t **sap, const char *value) { isc_boolean_t prefix_parsed = ISC_FALSE; char buf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:XXX.XXX.XXX.XXX/128")]; + REQUIRE(sap != NULL && *sap == NULL); + if (strlcpy(buf, value, sizeof(buf)) >= sizeof(buf)) fatal("invalid prefix '%s'\n", value); diff --git a/bin/tests/system/digdelv/tests.sh b/bin/tests/system/digdelv/tests.sh index 594f74fc9e9..10628f8218a 100644 --- a/bin/tests/system/digdelv/tests.sh +++ b/bin/tests/system/digdelv/tests.sh @@ -269,6 +269,14 @@ if [ -x ${DIG} ] ; then if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` + n=`expr $n + 1` + echo "I:checking dig +subnet +subnet ($n)" + ret=0 + $DIG $DIGOPTS +tcp @10.53.0.2 +subnet=127.0.0.0 +subnet=127.0.0.1 A a.example > dig.out.test$n 2>&1 || ret=1 + grep "CLIENT-SUBNET: 127.0.0.1/32/0" < dig.out.test$n > /dev/null || ret=1 + if [ $ret != 0 ]; then echo "I:failed"; fi + status=`expr $status + $ret` + n=`expr $n + 1` echo "I:checking dig +subnet with various prefix lengths ($n)" ret=0