Bug 1977401

Summary: Unchecked NULL pointer issue, regional_alloc() failure not handled
Product: Red Hat Enterprise Linux 9 Reporter: gkamathe
Component: unboundAssignee: Joe Orton <jorton>
Status: CLOSED ERRATA QA Contact: Petr Sklenar <psklenar>
Severity: low Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: jorton, pemensik, psklenar, security-response-team
Target Milestone: betaKeywords: Security
Target Release: ---Flags: gkamathe: needinfo-
pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: unbound-1.13.1-12.el9 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-17 13:59:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description gkamathe 2021-06-29 16:18:35 UTC 
Description of problem:



Unchecked NULL pointer issue

Function regional_alloc() is used to allocate memory. There is a call to it in function dns64_operate() within dns64/dns64.c where if the call to regional_alloc() fails and iq is not properly checked it could lead to operations being done on a NULL pointer. Everywhere else in the codebase there is proper error checking after a call to regional_alloc() which logs "out of memory" and returns


    switch(event) {
        case module_event_new:
            /* Tag this query as being new and fall through. */
            iq = (struct dns64_qstate*)regional_alloc(
                qstate->region, sizeof(*iq));
            qstate->minfo[id] = iq; 
            iq->state = DNS64_NEW_QUERY;
            iq->started_no_cache_store = qstate->no_cache_store;
            qstate->no_cache_store = 1;  
            /* fallthrough */



Some similar issues have been fixed earlier via following commit
https://github.com/NLnetLabs/unbound/commit/2a4e840be42974543e7702eebab35d82c0fe0088



Version-Release number of selected component (if applicable):

I used version unbound-1.13.1-5.el9.rpm while auditing, however I've verified with upstream code base as well, the issue exists there too


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:

regional_alloc() failure is not accounted for as in this case, however it is used elsewhere in the codebase where its failure is checked via an if condition


Expected results:

regional_alloc() failure should be accounted for


Additional info:
Comment 3 gkamathe 2022-01-18 10:51:54 UTC 
Hello Joe,

Since its upstream [1] now, removing security group

[1] https://github.com/NLnetLabs/unbound/pull/522
Comment 15 errata-xmlrpc 2022-05-17 13:59:08 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: unbound), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:2630