upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-21 17:41:35 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Fix GSS context leak on error paths in process_gsstkey()

Browse source 
After gss_accept_sec_context() succeeds, the GSS context is passed
to dst_key_fromgssapi() which transfers ownership to the dst_key.
If a subsequent operation fails (dst_key_fromgssapi itself,
dns_tsigkey_createfromkey, or dns_tsigkeyring_add), the cleanup
label frees the dst_key but only if it was created.  If the failure
happened before dst_key_fromgssapi, the GSS context was orphaned.

Delete the GSS context in the cleanup path when it was not
transferred to a dst_key.
This commit is contained in:
Ondřej Surý 2026-03-18 01:01:34 +01:00
parent 5305679633
commit c0a6f3bf65
No known key found for this signature in database
GPG key ID: 2820F37E873DEA41
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
lib/dns/tkey.c
View file

@ -265,6 +265,14 @@ process_gsstkey(dns_message_t *msg, dns_name_t *name, dns_rdata_tkey_t *tkeyin,
return ISC_R_SUCCESS;
cleanup:
/*
* If dstkey was created, the GSS context was transferred to it
* and will be freed when dstkey is freed. Otherwise, we must
* delete the GSS context directly to prevent a leak.
*/
if (dstkey == NULL && gss_ctx != NULL) {
dst_gssapi_deletectx(tctx->mctx, &gss_ctx);
}
if (tsigkey != NULL) {
dns_tsigkey_detach(&tsigkey);
}