Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/dist/bind/bin/named BIND823 bug ID 1150: forwarders: it was ...
details: https://anonhg.NetBSD.org/src/rev/ec12faa4854a
branches: trunk
changeset: 503441:ec12faa4854a
user: itojun <itojun%NetBSD.org@localhost>
date: Tue Feb 06 10:02:04 2001 +0000
description:
BIND823 bug ID 1150: forwarders: it was possible to use freed memory.
diffstat:
dist/bind/bin/named/db_dump.c | 12 ++++---
dist/bind/bin/named/ns_config.c | 59 +++++++++++++++++++++++++++++-----------
2 files changed, 49 insertions(+), 22 deletions(-)
diffs (155 lines):
diff -r 81cbbdbdcf27 -r ec12faa4854a dist/bind/bin/named/db_dump.c
--- a/dist/bind/bin/named/db_dump.c Tue Feb 06 05:03:43 2001 +0000
+++ b/dist/bind/bin/named/db_dump.c Tue Feb 06 10:02:04 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: db_dump.c,v 1.3 2001/01/27 07:21:58 itojun Exp $ */
+/* $NetBSD: db_dump.c,v 1.4 2001/02/06 10:02:04 itojun Exp $ */
#if !defined(lint) && !defined(SABER)
static const char sccsid[] = "@(#)db_dump.c 4.33 (Berkeley) 3/3/91";
@@ -219,11 +219,13 @@
static int
fwd_dump(FILE *fp) {
int i;
+
fprintf(fp, ";; ++forwarders table++\n");
- for (i=0;i<fwddata_count;i++) {
- fprintf(fp,"; %s rtt=%d\n",
- inet_ntoa(fwddata[i]->fwdaddr.sin_addr),
- fwddata[i]->nsdata->d_nstime);
+ for (i = 0; i < fwddata_count; i++) {
+ if (fwddata[i] != NULL)
+ fprintf(fp,"; %s rtt=%d\n",
+ inet_ntoa(fwddata[i]->fwdaddr.sin_addr),
+ fwddata[i]->nsdata->d_nstime);
}
fprintf(fp, ";; --forwarders table--\n");
return (0);
diff -r 81cbbdbdcf27 -r ec12faa4854a dist/bind/bin/named/ns_config.c
--- a/dist/bind/bin/named/ns_config.c Tue Feb 06 05:03:43 2001 +0000
+++ b/dist/bind/bin/named/ns_config.c Tue Feb 06 10:02:04 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ns_config.c,v 1.4 2001/01/27 07:21:58 itojun Exp $ */
+/* $NetBSD: ns_config.c,v 1.5 2001/02/06 10:02:05 itojun Exp $ */
#if !defined(lint) && !defined(SABER)
static const char rcsid[] = "Id: ns_config.c,v 8.118 2000/12/23 08:14:37 vixie Exp";
@@ -2261,41 +2261,59 @@
find_forwarder(struct in_addr address)
{
struct fwddata *fdp;
+ struct fwddata **fdpp = NULL;
struct databuf *ns, *nsdata;
register int i;
- for (i=0;i<fwddata_count; i++) {
- fdp=fwddata[i];
- if (memcmp(&fdp->fwdaddr.sin_addr,&address,sizeof(address))==0) {
+ for (i = 0; i < fwddata_count; i++) {
+ fdp = fwddata[i];
+ if (fdp == NULL) {
+ if (fdpp == NULL)
+ fdpp = &fwddata[i];
+ continue;
+ }
+ if (memcmp(&fdp->fwdaddr.sin_addr, &address,
+ sizeof(address)) == 0) {
fdp->ref_count++;
- return fdp;
+ return (fdp);
}
}
fdp = (struct fwddata *)memget(sizeof(struct fwddata));
if (!fdp)
panic("memget failed in find_forwarder", NULL);
+
fdp->fwdaddr.sin_family = AF_INET;
fdp->fwdaddr.sin_addr = address;
fdp->fwdaddr.sin_port = ns_port;
+
ns = fdp->ns = (struct databuf *)memget(sizeof(*ns));
if (!ns)
panic("memget failed in find_forwarder", NULL);
- memset(ns,0,sizeof(*ns));
+ memset(ns, 0, sizeof(*ns));
+
nsdata = fdp->nsdata = (struct databuf *)memget(sizeof(*nsdata));
if (!nsdata)
panic("memget failed in find_forwarder", NULL);
- memset(nsdata,0,sizeof(*nsdata));
+ memset(nsdata, 0, sizeof(*nsdata));
+
ns->d_type = T_NS;
ns->d_class = C_IN;
- ns->d_rcnt=1;
+ ns->d_rcnt = 1;
+
nsdata->d_type = T_A;
nsdata->d_class = C_IN;
nsdata->d_nstime = 1 + (int)(25.0*rand()/(RAND_MAX + 1.0));
- nsdata->d_rcnt=1;
- fdp->ref_count=1;
+ nsdata->d_rcnt = 1;
+
+ fdp->ref_count = 1;
+
+ if (fdpp != NULL) {
+ *fdpp = fdp;
+ return (fdp);
+ }
- i=0;
+ i = 0;
if (fwddata == NULL) {
fwddata = memget(sizeof *fwddata);
if (fwddata == NULL)
@@ -2303,6 +2321,7 @@
} else {
register size_t size;
register struct fwddata **an_tmp;
+
size = fwddata_count * sizeof *fwddata;
an_tmp = memget(size + sizeof *fwddata);
if (an_tmp == NULL) {
@@ -2318,13 +2337,13 @@
fwddata[fwddata_count] = fdp;
fwddata_count++;
} else {
- ns_warning(ns_log_config,
- "forwarder add failed (memget) [%s]",
- inet_ntoa(address));
+ ns_warning(ns_log_config, "forwarder add failed (memget) [%s]",
+ inet_ntoa(address));
}
- return fdp;
+ return (fdp);
}
+
/*
* Forwarder glue
*
@@ -2462,14 +2481,20 @@
void
free_forwarders(struct fwdinfo *fwdtab) {
struct fwdinfo *ftp, *fnext;
+ int i;
for (ftp = fwdtab; ftp != NULL; ftp = fnext) {
fnext = ftp->next;
- if (!--ftp->fwddata->ref_count) {
+ if (--ftp->fwddata->ref_count == 0) {
+ for (i = 0 ; i < fwddata_count; i++)
+ if (fwddata[i] == ftp->fwddata) {
+ fwddata[i] = NULL;
+ break;
+ }
memput(ftp->fwddata->ns, sizeof *ftp->fwddata->ns);
memput(ftp->fwddata->nsdata,
sizeof *ftp->fwddata->nsdata);
- memput(ftp->fwddata,sizeof *ftp->fwddata);
+ memput(ftp->fwddata, sizeof *ftp->fwddata);
}
memput(ftp, sizeof *ftp);
}
Home |
Main Index |
Thread Index |
Old Index