upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 12:10:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

[9.20] fix: dev: free per-command rndc state when response serialisation fails

Browse source 
When isccc_cc_towire failed while building an rndc reply,
control_respond returned without releasing the per-command request,
response, HMAC secret copy, and text buffer.  They were eventually
freed when the connection closed, but until then the HMAC key copy
stayed in named's memory.  The failure path now goes through the
same cleanup label as every other error.

Closes #5913

Backport of MR !11915

Merge branch 'backport-5913-controlconf-control-respond-cleanup-leak-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!11919
This commit is contained in:
Ondřej Surý 2026-04-30 10:31:47 +02:00
commit 070b394f53
1 changed files with 2 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
bin/named/controlconf.c
View file

@ -368,11 +368,8 @@ control_respond(controlconnection_t *conn) {
/* Skip the length field (4 bytes) */
isc_buffer_add(conn->buffer, 4);
result = isccc_cc_towire(conn->response, &conn->buffer, conn->alg,
&conn->secret);
if (result != ISC_R_SUCCESS) {
return;
}
CHECK(isccc_cc_towire(conn->response, &conn->buffer, conn->alg,
&conn->secret));
isc_buffer_init(&b, conn->buffer->base, 4);
isc_buffer_putuint32(&b, conn->buffer->used - 4);