Fixed memory leak in nsupdate if 'realm' was used multiple times

Resolves: #984687
Signed-off-by: Tomas Hozza <thozza@redhat.com>
This commit is contained in:
Tomas Hozza 2013-11-28 10:05:22 +01:00
parent 3267c0ac54
commit 0cd5a0ff48
2 changed files with 38 additions and 1 deletions

View File

@ -27,7 +27,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
Name: bind Name: bind
License: ISC License: ISC
Version: 9.9.4 Version: 9.9.4
Release: 8%{?PATCHVER}%{?PREVER}%{?dist} Release: 9%{?PATCHVER}%{?PREVER}%{?dist}
Epoch: 32 Epoch: 32
Url: http://www.isc.org/products/BIND/ Url: http://www.isc.org/products/BIND/
Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -86,6 +86,8 @@ Patch138:bind-9.9.3-include-update-h.patch
Patch139:bind99-ISC-Bugs-34738.patch Patch139:bind99-ISC-Bugs-34738.patch
# upstream patch [ISC-Bugs #34870] # upstream patch [ISC-Bugs #34870]
Patch140:bind99-ISC-Bugs-34870-v3.patch Patch140:bind99-ISC-Bugs-34870-v3.patch
# upstream applied patch for [ISC-Bugs #35073]
Patch141:bind99-ISC-Bugs-35073.patch
# SDB patches # SDB patches
Patch11: bind-9.3.2b2-sdbsrc.patch Patch11: bind-9.3.2b2-sdbsrc.patch
@ -286,6 +288,7 @@ popd
%patch138 -p1 -b .update %patch138 -p1 -b .update
%patch139 -p1 -b .journal %patch139 -p1 -b .journal
%patch140 -p1 -b .send_buffer %patch140 -p1 -b .send_buffer
%patch141 -p1 -b .leak_35073
%if %{SDB} %if %{SDB}
%patch101 -p1 -b .old-api %patch101 -p1 -b .old-api
@ -804,6 +807,9 @@ rm -rf ${RPM_BUILD_ROOT}
%endif %endif
%changelog %changelog
* Thu Nov 28 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-9
- Fixed memory leak in nsupdate if 'realm' was used multiple times (#984687)
* Tue Nov 12 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-8 * Tue Nov 12 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-8
- Install configuration for rwtab and fix chroot setup script - Install configuration for rwtab and fix chroot setup script

View File

@ -0,0 +1,31 @@
diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
index 486c102..dc12a85 100644
--- a/bin/nsupdate/nsupdate.c
+++ b/bin/nsupdate/nsupdate.c
@@ -1566,16 +1566,20 @@ evaluate_realm(char *cmdline) {
#ifdef GSSAPI
char *word;
char buf[1024];
+ int n;
- word = nsu_strsep(&cmdline, " \t\r\n");
- if (word == NULL || *word == 0) {
- if (realm != NULL)
- isc_mem_free(mctx, realm);
+ if (realm != NULL) {
+ isc_mem_free(mctx, realm);
realm = NULL;
- return (STATUS_MORE);
}
- snprintf(buf, sizeof(buf), "@%s", word);
+ word = nsu_strsep(&cmdline, " \t\r\n");
+ if (word == NULL || *word == 0)
+ return (STATUS_MORE);
+
+ n = snprintf(buf, sizeof(buf), "@%s", word);
+ if (n < 0 || (size_t)n >= sizeof(buf))
+ fatal("realm is too long");
realm = isc_mem_strdup(mctx, buf);
if (realm == NULL)
fatal("out of memory");