upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 02:59:59 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Release gnamebuf also on the error path

Browse source 
In dst_gssapi_acceptctx(), the gnamebuf could leak a little bit of
memory if dns_name_fromtext() would theoretically fail.  This would
require a Kerberos principal with invalid DNS name.

(cherry picked from commit 3ad87f1ad6)
This commit is contained in:
Ondřej Surý 2026-02-06 17:50:55 +01:00 committed by Ondřej Surý
parent ecbe2b7da3
commit 7a90d3c406
No known key found for this signature in database
GPG key ID: 2820F37E873DEA41
1 changed files with 9 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
lib/dns/gssapictx.c
View file

@ -774,15 +774,6 @@ dst_gssapi_acceptctx(dns_gss_cred_id_t cred, const char *gssapi_keytab,
CHECK(dns_name_fromtext(principal, &namebuf, dns_rootname, 0,
NULL));
if (gnamebuf.length != 0U) {
gret = gss_release_buffer(&minor, &gnamebuf);
if (gret != GSS_S_COMPLETE) {
gss_log(3, "failed gss_release_buffer: %s",
gss_error_tostring(gret, minor, buf,
sizeof(buf)));
}
}
} else {
result = DNS_R_CONTINUE;
}
@ -790,6 +781,15 @@ dst_gssapi_acceptctx(dns_gss_cred_id_t cred, const char *gssapi_keytab,
*ctxout = context;
cleanup:
if (gnamebuf.length != 0U) {
gret = gss_release_buffer(&minor, &gnamebuf);
if (gret != GSS_S_COMPLETE) {
gss_log(3, "failed gss_release_buffer: %s",
gss_error_tostring(gret, minor, buf,
sizeof(buf)));
}
}
if (gname != NULL) {
gret = gss_release_name(&minor, &gname);
if (gret != GSS_S_COMPLETE) {