address memory leak with bad tsig secret

3359. [bug] An improperly-formed TSIG secret could cause a memory leak. [RT #30607]
2026-06-08 20:32:06 -04:00 · 2012-08-10 20:15:59 -07:00 · 2012-08-10 20:15:59 -07:00 · 3f755529ee
commit 3f755529ee
parent 6bbefe5319
4 changed files with 42 additions and 7 deletions
--- a/3
+++ b/3
@ -1,3 +1,6 @@
+3359.	[bug]		An improperly-formed TSIG secret could cause a
+                        memory leak. [RT #30607]
+
 3358.	[placeholder]

 3357.	[port]		Add support for libxml2-2.8.x [RT #30440]
--- a/bin/tests/system/checkconf/badtsig.conf
+++ b/bin/tests/system/checkconf/badtsig.conf
@ -0,0 +1,22 @@
+/*
+ * Copyright (C) 2012  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* Bad secret */
+key "badtsig" {
+	algorithm hmac-md5;
+	secret "jEdD+BPKg==";
+};
+
--- a/bin/tests/system/checkconf/tests.sh
+++ b/bin/tests/system/checkconf/tests.sh
@ -37,7 +37,13 @@ status=`expr $status + $ret`
 echo "I: checking that named-checkconf handles a known bad config"
 ret=0
 $CHECKCONF bad.conf > /dev/null 2>&1 && ret=1
-if [ $ret != 0 ]; then echo "I:failed"; fi
+if [ $? != 1 ]; then echo "I:failed"; ret=1; fi
+status=`expr $status + $ret`
+
+echo "I: checking that named-checkconf handles a known bad tsig secret"
+ret=0
+$CHECKCONF badtsig.conf > /dev/null 2>&1
+if [ $? != 1 ]; then echo "I:failed"; ret=1; fi
 status=`expr $status + $ret`

 echo "I: checking named-checkconf dnssec warnings"
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@ -2250,15 +2250,15 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
 	tresult = isc_symtab_create(mctx, 1000, freekey, mctx,
 				    ISC_FALSE, &symtab);
 	if (tresult != ISC_R_SUCCESS)
-		return (ISC_R_NOMEMORY);
+		goto cleanup;

 	(void)cfg_map_get(config, "key", &keys);
 	tresult = check_keylist(keys, symtab, mctx, logctx);
 	if (tresult == ISC_R_EXISTS)
 		result = ISC_R_FAILURE;
 	else if (tresult != ISC_R_SUCCESS) {
-		isc_symtab_destroy(&symtab);
-		return (tresult);
+		result = tresult;
+		goto cleanup;
 	}

 	if (voptions != NULL) {
@ -2268,8 +2268,8 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
 		if (tresult == ISC_R_EXISTS)
 			result = ISC_R_FAILURE;
 		else if (tresult != ISC_R_SUCCESS) {
-			isc_symtab_destroy(&symtab);
-			return (tresult);
+			result = tresult;
+			goto cleanup;
 		}
 	}

@ -2390,7 +2390,11 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
 	if (tresult != ISC_R_SUCCESS)
 		result = tresult;

-	cfg_aclconfctx_detach(&actx);
+ cleanup:
+	if (symtab != NULL)
+		isc_symtab_destroy(&symtab);
+	if (actx != NULL)
+		cfg_aclconfctx_detach(&actx);

 	return (result);
 }