4574. [bug] Dig leaked memory with multiple +subnet options.

[RT #44683]

(cherry picked from commit af2b20ee3f)

CHANGES

@@ -1,6 +1,9 @@
 4584.	[bug]		A number of memory usage statistics were not properly
 			reported when they exceeded 4G.  [RT #44750]
 
+4574.	[bug]		Dig leaked memory with multiple +subnet options.
+			[RT #44683]
+
 	--- 9.10.5 released ---
 
 	--- 9.10.5rc3 released ---

bin/dig/dig.c

@@ -1306,7 +1306,10 @@ plus_option(const char *option, isc_boolean_t is_batchfile,
 			}
 			if (lookup->edns == -1)
 				lookup->edns = 0;
-
+			if (lookup->ecs_addr != NULL) {
+				isc_mem_free(mctx, lookup->ecs_addr);
+				lookup->ecs_addr = NULL;
+			}
 			result = parse_netprefix(&lookup->ecs_addr, value);
 			if (result != ISC_R_SUCCESS)
 				fatal("Couldn't parse client");

bin/dig/dighost.c

@@ -1078,6 +1078,8 @@ parse_netprefix(isc_sockaddr_t **sap, const char *value) {
 	isc_boolean_t prefix_parsed = ISC_FALSE;
 	char buf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:XXX.XXX.XXX.XXX/128")];
 
+	REQUIRE(sap != NULL && *sap == NULL);
+
 	if (strlcpy(buf, value, sizeof(buf)) >= sizeof(buf))
 		fatal("invalid prefix '%s'\n", value);
 

bin/tests/system/digdelv/tests.sh

@@ -135,9 +135,104 @@ if [ -x ${DIG} ] ; then
   grep "CLIENT-SUBNET: 127.0.0.1/32/0" < dig.out.test$n > /dev/null || ret=1
   if [ $ret != 0 ]; then echo "I:failed"; fi
   status=`expr $status + $ret`
+
+  n=`expr $n + 1`
+  echo "I:checking dig +subnet +subnet ($n)"
+  ret=0
+  $DIG $DIGOPTS +tcp @10.53.0.2 +subnet=127.0.0.0 +subnet=127.0.0.1 A a.example > dig.out.test$n 2>&1 || ret=1
+  grep "status: NOERROR" < dig.out.test$n > /dev/null || ret=1
+  if [ $ret != 0 ]; then echo "I:failed"; fi
+  status=`expr $status + $ret`
+
+  echo "I:checking dig +subnet with various prefix lengths ($n)"
+  ret=0
+  for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24; do
+      $DIG $DIGOPTS +tcp +qr @10.53.0.2 +subnet=255.255.255.255/$i A a.example > dig.out.$i.test$n 2>&1 || ret=1
+      case $i in
+      1|9|17) octet=128 ;;
+      2|10|18) octet=192 ;;
+      3|11|19) octet=224 ;;
+      4|12|20) octet=240 ;;
+      5|13|21) octet=248 ;;
+      6|14|22) octet=252 ;;
+      7|15|23) octet=254 ;;
+      8|16|24) octet=255 ;;
+      esac
+      case $i in
+      1|2|3|4|5|6|7|8) addr="${octet}.0.0.0";;
+      9|10|11|12|13|14|15|16) addr="255.${octet}.0.0";;
+      17|18|19|20|21|22|23|24) addr="255.255.${octet}.0" ;;
+      esac
+      grep "FORMERR" < dig.out.$i.test$n > /dev/null && ret=1
+      grep "CLIENT-SUBNET: $addr/$i/0" < dig.out.$i.test$n > /dev/null || ret=1
+  done
+  if [ $ret != 0 ]; then echo "I:failed"; fi
+  status=`expr $status + $ret`
+
+  n=`expr $n + 1`
+  echo "I:checking dig +subnet=0/0 ($n)"
+  ret=0
+  $DIG $DIGOPTS +tcp +qr @10.53.0.2 +subnet=0/0 A a.example > dig.out.test$n 2>&1 || ret=1
+  grep "status: NOERROR" < dig.out.test$n > /dev/null || ret=1
+  grep "CLIENT-SUBNET: 0.0.0.0/0/0" < dig.out.test$n > /dev/null || ret=1
+  grep "10.0.0.1" < dig.out.test$n > /dev/null || ret=1
+  if [ $ret != 0 ]; then echo "I:failed"; fi
+  status=`expr $status + $ret`
+
+  n=`expr $n + 1`
+  echo "I:checking dig +subnet=0 ($n)"
+  ret=0
+  $DIG $DIGOPTS +tcp +qr @10.53.0.2 +subnet=0 A a.example > dig.out.test$n 2>&1 || ret=1
+  grep "status: NOERROR" < dig.out.test$n > /dev/null || ret=1
+  grep "CLIENT-SUBNET: 0.0.0.0/0/0" < dig.out.test$n > /dev/null || ret=1
+  grep "10.0.0.1" < dig.out.test$n > /dev/null || ret=1
+  if [ $ret != 0 ]; then echo "I:failed"; fi
+  status=`expr $status + $ret`
+
+  n=`expr $n + 1`
+  echo "I:checking dig +subnet=::/0 ($n)"
+  ret=0
+  $DIG $DIGOPTS +tcp @10.53.0.2 +qr +subnet=::/0 A a.example > dig.out.test$n 2>&1 || ret=1
+  grep "status: NOERROR" < dig.out.test$n > /dev/null || ret=1
+  grep "CLIENT-SUBNET: ::/0/0" < dig.out.test$n > /dev/null || ret=1
+  grep "10.0.0.1" < dig.out.test$n > /dev/null || ret=1
+  if [ $ret != 0 ]; then echo "I:failed"; fi
+  status=`expr $status + $ret`
+
+  n=`expr $n + 1`
+  echo "I:checking dig +ednsopt=8:00000000 (family=0, source=0, scope=0) ($n)"
+  ret=0
+  $DIG $DIGOPTS +tcp +qr @10.53.0.2 +ednsopt=8:00000000 A a.example > dig.out.test$n 2>&1 || ret=1
+  grep "status: NOERROR" < dig.out.test$n > /dev/null || ret=1
+  grep "CLIENT-SUBNET: 0/0/0" < dig.out.test$n > /dev/null || ret=1
+  grep "10.0.0.1" < dig.out.test$n > /dev/null || ret=1
+  if [ $ret != 0 ]; then echo "I:failed"; fi
+  status=`expr $status + $ret`
+
+  n=`expr $n + 1`
+  echo "I:checking dig +ednsopt=8:00030000 (family=3, source=0, scope=0) ($n)"
+  ret=0
+  $DIG $DIGOPTS +qr +tcp @10.53.0.2 +ednsopt=8:00030000 A a.example > dig.out.test$n 2>&1 || ret=1
+  grep "status: FORMERR" < dig.out.test$n > /dev/null || ret=1
+  grep "CLIENT-SUBNET: 00 03 00 00" < dig.out.test$n > /dev/null || ret=1
+  lines=`grep "CLIENT-SUBNET: 00 03 00 00" dig.out.test$n | wc -l`
+  [ ${lines:-0} -eq 1 ] || ret=1
+  if [ $ret != 0 ]; then echo "I:failed"; fi
+  status=`expr $status + $ret`
+
+  n=`expr $n + 1`
+  echo "I:checking dig +subnet with prefix lengths between byte boundaries ($n)"
+  ret=0
+  for p in 9 10 11 12 13 14 15; do
+    $DIG $DIGOPTS +tcp +qr @10.53.0.2 +subnet=10.53/$p A a.example > dig.out.test.$p.$n 2>&1 || ret=1
+    grep "FORMERR" < dig.out.test.$p.$n > /dev/null && ret=1
+    grep "CLIENT-SUBNET.*/$p/0" < dig.out.test.$p.$n > /dev/null || ret=1
+  done
+  if [ $ret != 0 ]; then echo "I:failed"; fi
+  status=`expr $status + $ret`
   
   n=`expr $n + 1`
-  echo "I:checking dig +sp works as an abbriviated form of split ($n)"
+  echo "I:checking dig +sp works as an abbreviated form of split ($n)"
   ret=0
   $DIG $DIGOPTS @10.53.0.3 +sp=4 -t sshfp foo.example > dig.out.test$n || ret=1
   grep " 9ABC DEF6 7890 " < dig.out.test$n > /dev/null || ret=1
@@ -301,7 +396,7 @@ if [ -x ${DELV} ] ; then
   status=`expr $status + $ret`
   
   n=`expr $n + 1`
-  echo "I:checking delv +sh works as an abbriviated form of short ($n)"
+  echo "I:checking delv +sh works as an abbreviated form of short ($n)"
   ret=0
   $DELV $DELVOPTS @10.53.0.3 +sh a a.example > delv.out.test$n || ret=1
   if test `wc -l < delv.out.test$n` != 1 ; then ret=1 ; fi