bind/bind99-ISC-Bugs-34738.patch
Tomas Hozza 4a918b84b0 Fix [ISC-Bugs #34738] dns_journal_open() returns a pointer to stack
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-09-10 10:03:44 +02:00

62 lines
2.1 KiB
Diff

From 18df9e628ea10c7d607f43fcfd935e7924731f24 Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Mon, 9 Sep 2013 22:12:47 -0700
Subject: [PATCH] [master] strdup journal filename
3646. [bug] Journal filename string could be set incorrectly,
causing garbage in log messages. [RT #34738]
---
lib/dns/journal.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/lib/dns/journal.c b/lib/dns/journal.c
index 08aabd5..46a52e1 100644
--- a/lib/dns/journal.c
+++ b/lib/dns/journal.c
@@ -307,7 +307,7 @@ struct dns_journal {
unsigned int magic; /*%< JOUR */
isc_mem_t *mctx; /*%< Memory context */
journal_state_t state;
- const char *filename; /*%< Journal file name */
+ char *filename; /*%< Journal file name */
FILE * fp; /*%< File handle */
isc_offset_t offset; /*%< Current file offset */
journal_header_t header; /*%< In-core journal header */
@@ -573,10 +573,13 @@ journal_open(isc_mem_t *mctx, const char *filename, isc_boolean_t write,
isc_mem_attach(mctx, &j->mctx);
j->state = JOURNAL_STATE_INVALID;
j->fp = NULL;
- j->filename = filename;
+ j->filename = isc_mem_strdup(mctx, filename);
j->index = NULL;
j->rawindex = NULL;
+ if (j->filename == NULL)
+ FAIL(ISC_R_NOMEMORY);
+
result = isc_stdio_open(j->filename, write ? "rb+" : "rb", &fp);
if (result == ISC_R_FILENOTFOUND) {
@@ -679,6 +682,8 @@ journal_open(isc_mem_t *mctx, const char *filename, isc_boolean_t write,
sizeof(journal_rawpos_t));
j->index = NULL;
}
+ if (j->filename != NULL)
+ isc_mem_free(j->mctx, j->filename);
if (j->fp != NULL)
(void)isc_stdio_close(j->fp);
isc_mem_putanddetach(&j->mctx, j, sizeof(*j));
@@ -1242,7 +1247,8 @@ dns_journal_destroy(dns_journal_t **journalp) {
isc_mem_put(j->mctx, j->it.target.base, j->it.target.length);
if (j->it.source.base != NULL)
isc_mem_put(j->mctx, j->it.source.base, j->it.source.length);
-
+ if (j->filename != NULL)
+ isc_mem_free(j->mctx, j->filename);
if (j->fp != NULL)
(void)isc_stdio_close(j->fp);
j->magic = 0;
--
1.8.3.1