[ldns-users] Crash in ldns_rr_list_clone caused by illegal ldns_pkt ?
willem at nlnetlabs.nl
Fri Sep 1 11:26:31 UTC 2017
Op 01-09-17 om 12:03 schreef Lars Rohwedder:
> Hi there,
> I try to find the reasons for a crash in my program using ldns 1.6.17.
> My program calls ldns_pkt_rr_list_by_type() but it seems the packet it
> got is bogus.
> So I looked into the source of ldns and found this code in function
> ldns_pkt* pkt = NULL;
> if(function_that_might_fail() != LDNS_STATUS_OK)
> ldns_pkt_free( pkt );
> return pkt;
> so when the function returns a failure, the pkt is freed, but the
> pointer pkt is not set to NULL, so a pointer to a freed packet (with
> possibly illegal content) is returned, instead of a null pointer.
> I don't know whether this causes the crash I have but it is nevertheless
> a bug in the code, isn't it?
Well... It certainly doesn't look nice. I see that the intention was
that pkt would be untouched or set to NULL if an error occurred in
function_that_might_fail() (it is passed in by reference). However,
this style is very susceptible to errors (and maybe there are errors in
function_that_might_fail() already...), so I'll patched it anyway:
> Lars R.
> ldns-users mailing list
> ldns-users at nlnetlabs.nl
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 829 bytes
Desc: OpenPGP digital signature
More information about the ldns-users