Date: Mon, 29 Jan 2018 13:28:28 -1000
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
X-RT-Interface: Web
X-Mailer: MIME-tools 5.508 (Entity 5.508)
Content-Transfer-Encoding: binary
From: marka@isc.org
Subject: possible reference leak in dns_update_signaturesinc(
Message-ID: <rt-4.4.1-3411-1517268508-523.0-0-0@isc.org>
To: bind9-public@isc.org
MIME-Version: 1.0
X-RT-Original-Encoding: utf-8
Content-Length: 780

According to code inspection, there seems to be possible reference
leak to dns_dbnode_t in lib/dns/update.c:dns_update_signaturesinc():

		CHECK(dns_db_findnode(db, dns_db_origin(db), ISC_FALSE, &node));
		dns_rdataset_init(&rdataset);
		CHECK(dns_db_findrdataset(db, node, newver, dns_rdatatype_soa,
					  0, (isc_stdtime_t) 0, &rdataset,
					  NULL));
		CHECK(dns_rdataset_first(&rdataset));
		dns_rdataset_current(&rdataset, &rdata);
		CHECK(dns_rdata_tostruct(&rdata, &soa, NULL));
		state->nsecttl = soa.minimum;
		dns_rdataset_disassociate(&rdataset);
		dns_db_detachnode(db, &node);

If some of the above CHECK fails after dns_db_findnode() succeeds, it
jumps to 'failure', but 'node' isn't detached in that code block and
will leak.

The same issue seems to exist for ol