In-Reply-To: Your message of "Tue, 25 Jul 2017 12:05:47 +0000." X-Original-To: bind9-confidential@bugs.isc.org X-RT-Original-Encoding: utf-8 To: bind9-confidential@isc.org X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00, RP_MATCHES_RCVD autolearn=ham autolearn_force=no version=3.4.0 Delivered-To: bind9-confidential@bugs.isc.org References: <4047355f-73fd-b201-18e8-72f73e4bdaa0@isc.org> content-type: text/plain; charset="utf-8" X-RT-Incoming-Encryption: Not encrypted Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx.pao1.isc.org", Issuer "COMODO RSA Organization Validation Secure Server CA" (not verified)) by bugs.isc.org (Postfix) with ESMTPS id 07171D78AA2 for ; Tue, 25 Jul 2017 13:11:43 +0000 (UTC) Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id C86453493ED for ; Tue, 25 Jul 2017 13:11:40 +0000 (UTC) Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id ABC6B16003A for ; Tue, 25 Jul 2017 13:11:40 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 8FE3416005B for ; Tue, 25 Jul 2017 13:11:40 +0000 (UTC) Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id wmw0Dc7UUF4z for ; Tue, 25 Jul 2017 13:11:40 +0000 (UTC) Received: from rock.dv.isc.org (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 4D4AA16003A for ; Tue, 25 Jul 2017 13:11:40 +0000 (UTC) Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 55A487FDF328 for ; Tue, 25 Jul 2017 23:11:37 +1000 (AEST) Return-Path: Message-ID: <20170725131137.55A487FDF328@rock.dv.isc.org> X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mx.pao1.isc.org From marka@isc.org Tue Jul 25 13:11:43 2017 Subject: Re: [ISC-Bugs #45611] dig's handling of OPT RRs X-RT-Interface: Email From: "Mark Andrews" Date: Tue, 25 Jul 2017 23:11:37 +1000 RT-Message-ID: Content-Length: 1411 In message , "Ray Bellis via RT" writes: > If you supply +ednsopt=nn[:xx] dighost.c accumulates the supplied > options in a global array, but doesn't dispose of old ones, eventually > triggering a fatal() error when the number reaches EDNSOPT_OPTIONS (100). +noednsopt will reset the index pointer. We do have a memory leak if there was a value and the index is reused. diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c index 320ed1a953..5e65b1d61d 100644 --- a/bin/dig/dighost.c +++ b/bin/dig/dighost.c @@ -1582,6 +1582,9 @@ save_opt(dig_lookup_t *lookup, char *code, char *value) { fatal("bad edns code point: %s", code); } + if (ednsopts[ednsoptscnt].value != NULL) + isc_mem_free(mctx, ednsopts[ednsoptscnt].value); + ednsopts[ednsoptscnt].code = num; ednsopts[ednsoptscnt].length = 0; ednsopts[ednsoptscnt].value = NULL; > In batch mode this terminates the program. In dig for iOS the fatal() > call doesn't happen, but the array fills up and a crash would occur. > > The array of options is ultimately disposed of in destroy_libs(), but > it's unclear why the entries aren't cleaned up and the array > reinitialised for each query. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org