Merge branch '2924-fix-heap-user-after-free-when-checking-for-http-duplicates' into 'main'
Fix heap use after free when checking for "http" duplicates Closes #2924 See merge request isc-projects/bind9!5452
This commit is contained in:
Artem Boldariev
3
CHANGES
3
CHANGES
@@ -1,3 +1,6 @@
|
||||
5726. [bug] Fix heap use after free when cheking for "http"
|
||||
clauses duplicates. [GL #2924]
|
||||
|
||||
5725. [bug] Validate HTTP path passed to dig. [GL #2923]
|
||||
|
||||
5724. [bug] Address potential dead lock when checking zone
|
||||
|
||||
38
bin/tests/system/checkconf/bad-doh-duplicates.conf
Normal file
38
bin/tests/system/checkconf/bad-doh-duplicates.conf
Normal file
@@ -0,0 +1,38 @@
|
||||
/*
|
||||
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*
|
||||
* See the COPYRIGHT file distributed with this work for additional
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
tls local-tls {
|
||||
key-file "key.pem";
|
||||
cert-file "cert.pem";
|
||||
};
|
||||
|
||||
http local-http-server {
|
||||
endpoints { "/dns-query"; };
|
||||
listener-clients 100;
|
||||
streams-per-connection 100;
|
||||
};
|
||||
|
||||
# duplicated HTTP configuration
|
||||
http local-http-server {
|
||||
endpoints { "/dns-query"; };
|
||||
listener-clients 100;
|
||||
streams-per-connection 100;
|
||||
};
|
||||
|
||||
options {
|
||||
listen-on { 10.53.0.1; };
|
||||
http-port 80;
|
||||
https-port 443;
|
||||
http-listener-clients 100;
|
||||
http-streams-per-connection 100;
|
||||
listen-on port 443 tls local-tls http local-http-server { 10.53.0.1; };
|
||||
listen-on port 8080 tls none http local-http-server { 10.53.0.1; };
|
||||
};
|
||||
@@ -2031,23 +2031,22 @@ bind9_check_parentalagentlists(const cfg_obj_t *cctx, isc_log_t *logctx,
|
||||
#if HAVE_LIBNGHTTP2
|
||||
static isc_result_t
|
||||
bind9_check_httpserver(const cfg_obj_t *http, isc_log_t *logctx,
|
||||
isc_symtab_t *symtab, isc_mem_t *mctx) {
|
||||
isc_symtab_t *symtab) {
|
||||
isc_result_t result, tresult;
|
||||
const char *name = cfg_obj_asstring(cfg_map_getname(http));
|
||||
char *tmp = isc_mem_strdup(mctx, name);
|
||||
const cfg_obj_t *eps = NULL;
|
||||
const cfg_listelt_t *elt = NULL;
|
||||
isc_symvalue_t symvalue;
|
||||
|
||||
/* Check for duplicates */
|
||||
symvalue.as_cpointer = http;
|
||||
result = isc_symtab_define(symtab, tmp, 1, symvalue,
|
||||
result = isc_symtab_define(symtab, name, 1, symvalue,
|
||||
isc_symexists_reject);
|
||||
if (result == ISC_R_EXISTS) {
|
||||
const char *file = NULL;
|
||||
unsigned int line;
|
||||
|
||||
tresult = isc_symtab_lookup(symtab, tmp, 1, &symvalue);
|
||||
tresult = isc_symtab_lookup(symtab, name, 1, &symvalue);
|
||||
RUNTIME_CHECK(tresult == ISC_R_SUCCESS);
|
||||
|
||||
line = cfg_obj_line(symvalue.as_cpointer);
|
||||
@@ -2061,7 +2060,6 @@ bind9_check_httpserver(const cfg_obj_t *http, isc_log_t *logctx,
|
||||
"also defined at %s:%u",
|
||||
name, file, line);
|
||||
}
|
||||
isc_mem_free(mctx, tmp);
|
||||
|
||||
/* Check endpoints are valid */
|
||||
tresult = cfg_map_get(http, "endpoints", &eps);
|
||||
@@ -2106,7 +2104,7 @@ bind9_check_httpservers(const cfg_obj_t *config, isc_log_t *logctx,
|
||||
|
||||
for (elt = cfg_list_first(obj); elt != NULL; elt = cfg_list_next(elt)) {
|
||||
obj = cfg_listelt_value(elt);
|
||||
tresult = bind9_check_httpserver(obj, logctx, symtab, mctx);
|
||||
tresult = bind9_check_httpserver(obj, logctx, symtab);
|
||||
if (result == ISC_R_SUCCESS) {
|
||||
result = tresult;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user