From 6dc130c7c95107748fff5f767161c2bb742f9f87 Mon Sep 17 00:00:00 2001 From: Brian Wellington Date: Tue, 25 Jul 2000 22:51:46 +0000 Subject: [PATCH] 351. [bug] Constructing a response with rcode SERVFAIL to a TSIG signed query could crash the server. --- CHANGES | 4 ++++ lib/dns/message.c | 5 +++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index e280bf902e..5aae798ccd 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ + 351. [bug] Constructing a response with rcode SERVFAIL to a TSIG + signed query could crash the server. + + block were not correctly reference counted, causing 350. [bug] Also-notify lists specified in the global options block were not correctly reference counted, causing a memory leak. diff --git a/lib/dns/message.c b/lib/dns/message.c index 1123b71e1f..2639c8f216 100644 --- a/lib/dns/message.c +++ b/lib/dns/message.c @@ -15,7 +15,7 @@ * SOFTWARE. */ -/* $Id: message.c,v 1.135 2000/07/20 00:05:32 gson Exp $ */ +/* $Id: message.c,v 1.136 2000/07/25 22:51:45 bwelling Exp $ */ /*** *** Imports @@ -442,9 +442,10 @@ msgresetsigs(dns_message_t *msg, isc_boolean_t replying) { isc_mempool_put(msg->namepool, msg->tsigname); msg->tsig = NULL; msg->tsigname = NULL; - } else if (msg->querytsig != NULL) { + } else if (msg->querytsig != NULL && !replying) { dns_rdataset_disassociate(msg->querytsig); isc_mempool_put(msg->rdspool, msg->querytsig); + msg->querytsig = NULL; } if (msg->sig0 != NULL) { INSIST(dns_rdataset_isassociated(msg->sig0));