Fixed memory leak in nsupdate if 'realm' was used multiple times

Resolves: #984687 Signed-off-by: Tomas Hozza <thozza@redhat.com>
author: Tomas Hozza <thozza@redhat.com> 2013-11-28 10:05:22 +0100
committer: Tomas Hozza <thozza@redhat.com> 2013-11-28 10:05:22 +0100
commit: 0cd5a0ff483e4b7bd8b233961d34708334c0db51 (patch)
tree: 701dbf7c3ff219573f5c6e3428b18b5c54056920 /bind99-ISC-Bugs-35073.patch
parent: 3267c0ac549035c0e7987b9a1dec92d9965b6dfa (diff)
1 files changed, 31 insertions, 0 deletions
diff --git a/bind99-ISC-Bugs-35073.patch b/bind99-ISC-Bugs-35073.patch
new file mode 100644
index 0000000..c8be3ed
--- /dev/null
+++ b/bind99-ISC-Bugs-35073.patch
@@ -0,0 +1,31 @@
+diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
+index 486c102..dc12a85 100644
+--- a/bin/nsupdate/nsupdate.c
++++ b/bin/nsupdate/nsupdate.c
+@@ -1566,16 +1566,20 @@ evaluate_realm(char *cmdline) {
+ #ifdef GSSAPI
+ 	char *word;
+ 	char buf[1024];
++	int n;
+ 
+-	word = nsu_strsep(&cmdline, " \t\r\n");
+-	if (word == NULL || *word == 0) {
+-		if (realm != NULL)
+-			isc_mem_free(mctx, realm);
++	if (realm != NULL) {
++		isc_mem_free(mctx, realm);
+ 		realm = NULL;
+-		return (STATUS_MORE);
+ 	}
+ 
+-	snprintf(buf, sizeof(buf), "@%s", word);
++	word = nsu_strsep(&cmdline, " \t\r\n");
++	if (word == NULL || *word == 0)
++		return (STATUS_MORE);
++
++	n = snprintf(buf, sizeof(buf), "@%s", word);
++	if (n < 0 || (size_t)n >= sizeof(buf))
++		fatal("realm is too long");
+ 	realm = isc_mem_strdup(mctx, buf);
+ 	if (realm == NULL)
+ 		fatal("out of memory");
author	Tomas Hozza <thozza@redhat.com>	2013-11-28 10:05:22 +0100
committer	Tomas Hozza <thozza@redhat.com>	2013-11-28 10:05:22 +0100
commit	0cd5a0ff483e4b7bd8b233961d34708334c0db51 (patch)
tree	701dbf7c3ff219573f5c6e3428b18b5c54056920 /bind99-ISC-Bugs-35073.patch
parent	3267c0ac549035c0e7987b9a1dec92d9965b6dfa (diff)