Bug 1281 - getrrsetbyname() does not check the presence of SIG records
Summary: getrrsetbyname() does not check the presence of SIG records
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: 4.4p1
Hardware: Alpha Other
: P2 normal
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks: V_4_6
  Show dependency treegraph
 
Reported: 2007-02-10 00:54 AEDT by Simon Vallet
Modified: 2008-04-04 09:58 AEDT (History)
0 users

See Also:

Attachments
Patch against 4.4p1 (587 bytes, patch)
2007-02-10 00:58 AEDT, Simon Vallet 		dtucker: ok+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Simon Vallet 2007-02-10 00:54:26 AEDT 
In getrrsetbyname(), the value of rrset->rri_nsigs is not checked before calling calloc() to initialize rrset->rri_sigs -- this is a problem when rri_nsigs is 0, since calloc() returns a null pointer on some OSes when asked to allocate 0 bytes.

Quoting POSIX regarding calloc():
"If the size of the space requested is 0, the behavior is
implementation-defined: the value returned shall be either a null
pointer or a unique pointer."

Tru64 5.1A, for example, does return NULL in this case -- see http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=117098800530793

A minimal patch against 4.4p1 is attached
Comment 1 Simon Vallet 2007-02-10 00:58:08 AEDT 
Created attachment 1236 [details]
Patch against 4.4p1

This patch checks that there are indeed SIG records before allocating space for them -- see bug report for mor details
Comment 2 Darren Tucker 2007-02-10 11:35:44 AEDT 
Comment on attachment 1236 [details]
Patch against 4.4p1

Looks reasonable to me.
Comment 3 Darren Tucker 2007-02-19 22:57:31 AEDT 
Applied thanks, and nice work figuring it out.
Comment 4 Damien Miller 2008-04-04 09:58:15 AEDT 
Close resolved bugs after release.