Uploaded image for project: 'Support'
  1. Support
  2. SUPPORT-220

Possible NULL pointer dereference in OpenDNSSEC 2.1.3

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: OpenDNSSEC 2.1
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Environment:

      Operating Systems: ALL

      X86/64

      Description

      In reviewing code in file 'cmdhandler.c', in function 'cmdhandler_start()', there is a call to malloc() which is not checked for a return value of NULL, indicating failure, as a resume, attempts to assign lvalues to this variable could result in a segmentation fault (SEGFAULT) being generated:

      Here is the code block in question:

      (F_GETFL) failed: %s",
      module_str, strerror(errno));
      close(connfd);
      continue;
      }
      if (fcntl(connfd, F_SETFL, flags & ~O_NONBLOCK) < 0) {
      ods_log_error("[%s] unable to create, fcntl(F_SETFL) failed: %s",
      module_str, strerror(errno));
      close(connfd);
      continue;
      }
      /* client accepted, create new thread */
      cmdclient = malloc(sizeof(cmdhandler_ctx_type)); /* need test for NULL being returned */
      cmdclient->cmdhandler = cmdhandler;
      cmdclient->sockfd = connfd;
      cmdclient->globalcontext = cmdhandler->globalcontext;
      cmdclient->localcontext = NULL;
      janitor_thread_create(&cmdclientthread, cmdhandlerthreadclass, &cmdhandler_accept_client, (void*) cmdclient);
      }
      }

      /* join threads */
      janitor_thread_joinall(cmdhandlerthreadclass);

      ods_log_debug("[%s] done", module_str);
      cmdhandler->stopped = 1;
      }

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            dogbert2 Bill Parker
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: