upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 04:09:59 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fix TSIG key and transport leaks in zone_notify() error paths

Browse source 
Two 'goto next' paths in zone_notify() skipped detaching the TSIG
key and transport, leaking them on TLS configuration failure and
when the destination address is disabled.
This commit is contained in:
Ondřej Surý 2026-03-14 12:53:03 +01:00
parent 80fae7a4b7
commit 1505cb1c24
No known key found for this signature in database
GPG key ID: 2820F37E873DEA41
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
lib/dns/zone.c
View file

@ -12523,6 +12523,9 @@ zone_notify(dns_zone_t *zone, isc_time_t *now) {
"could not get TLS configuration "
"for zone transfer: %s",
isc_result_totext(result));
if (key != NULL) {
dns_tsigkey_detach(&key);
}
goto next;
}
@ -12536,6 +12539,12 @@ zone_notify(dns_zone_t *zone, isc_time_t *now) {
INSIST(isc_sockaddr_pf(&src) == isc_sockaddr_pf(&dst));
if (isc_sockaddr_disabled(&dst)) {
if (key != NULL) {
dns_tsigkey_detach(&key);
}
if (transport != NULL) {
dns_transport_detach(&transport);
}
goto next;
}