RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1977401 - Unchecked NULL pointer issue, regional_alloc() failure not handled
Summary: Unchecked NULL pointer issue, regional_alloc() failure not handled
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: unbound
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: beta
: ---
Assignee: Joe Orton
QA Contact: Petr Sklenar
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-06-29 16:18 UTC by gkamathe
Modified: 2022-05-17 14:36 UTC (History)
4 users (show)

Fixed In Version: unbound-1.13.1-12.el9
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-05-17 13:59:08 UTC
Type: Bug
Target Upstream Version:
Embargoed:
gkamathe: needinfo-
pm-rhel: mirror+

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-108436 0 None None None 2022-01-18 11:00:08 UTC

Description gkamathe 2021-06-29 16:18:35 UTC 
Description of problem:



Unchecked NULL pointer issue

Function regional_alloc() is used to allocate memory. There is a call to it in function dns64_operate() within dns64/dns64.c where if the call to regional_alloc() fails and iq is not properly checked it could lead to operations being done on a NULL pointer. Everywhere else in the codebase there is proper error checking after a call to regional_alloc() which logs "out of memory" and returns


    switch(event) {
        case module_event_new:
            /* Tag this query as being new and fall through. */
            iq = (struct dns64_qstate*)regional_alloc(
                qstate->region, sizeof(*iq));
            qstate->minfo[id] = iq; 
            iq->state = DNS64_NEW_QUERY;
            iq->started_no_cache_store = qstate->no_cache_store;
            qstate->no_cache_store = 1;  
            /* fallthrough */



Some similar issues have been fixed earlier via following commit
https://github.com/NLnetLabs/unbound/commit/2a4e840be42974543e7702eebab35d82c0fe0088



Version-Release number of selected component (if applicable):

I used version unbound-1.13.1-5.el9.rpm while auditing, however I've verified with upstream code base as well, the issue exists there too


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:

regional_alloc() failure is not accounted for as in this case, however it is used elsewhere in the codebase where its failure is checked via an if condition


Expected results:

regional_alloc() failure should be accounted for


Additional info:
Comment 3 gkamathe 2022-01-18 10:51:54 UTC 
Hello Joe,

Since its upstream [1] now, removing security group

[1] https://github.com/NLnetLabs/unbound/pull/522
Comment 15 errata-xmlrpc 2022-05-17 13:59:08 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: unbound), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:2630
Note You need to log in before you can comment on or make changes to this bug.