upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Fix KASP key leaks on keystore lookup failure

Browse source 
In both cfg_kasp_fromconfig() and cfg_kasp_builtinconfig(), the
newly allocated KASP key was not destroyed when the keystore
lookup failed.
This commit is contained in:
Ondřej Surý 2026-03-14 12:54:50 +01:00
parent 2ab3d7c075
commit df1993611b
No known key found for this signature in database
GPG key ID: 2820F37E873DEA41
1 changed files with 8 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
lib/isccfg/kaspconf.c
View file

@ -817,6 +817,7 @@ cfg_kasp_fromconfig(const cfg_obj_t *config, dns_kasp_t *default_kasp,
"find keystore (%s)",
isc_result_totext(result));
}
dns_kasp_key_destroy(new_key);
goto cleanup;
}
dns_kasp_addkey(kasp, new_key);
@ -930,9 +931,13 @@ cfg_kasp_builtinconfig(isc_mem_t *mctx, const char *name,
new_key->lifetime = 0;
new_key->algorithm = DST_ALG_ECDSA256;
new_key->length = 256;
CHECK(dns_keystorelist_find(keystorelist,
DNS_KEYSTORE_KEYDIRECTORY,
&new_key->keystore));
result = dns_keystorelist_find(keystorelist,
DNS_KEYSTORE_KEYDIRECTORY,
&new_key->keystore);
if (result != ISC_R_SUCCESS) {
dns_kasp_key_destroy(new_key);
goto cleanup;
}
dns_kasp_addkey(kasp, new_key);
}