From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Tue, 14 Feb 2017 10:12:13 +0000 (+0100)
Subject: auth: Don't leak on signing errors during outgoing AXFR
X-Git-Tag: rec-4.1.0-alpha1~197^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c23d888db57b340c23476550a7f3689035150cd1;p=pdns

auth: Don't leak on signing errors during outgoing AXFR
---

diff --git a/pdns/signingpipe.cc b/pdns/signingpipe.cc
index 36558a733..6cd81097d 100644
--- a/pdns/signingpipe.cc
+++ b/pdns/signingpipe.cc
@@ -279,7 +279,7 @@ try
   DNSSECKeeper dk;
   UeberBackend db("key-only");
   
-  chunk_t* chunk;
+  chunk_t* chunk = nullptr;
   int res;
   for(;;) {
     res = readn(fd, &chunk, sizeof(chunk));
@@ -287,21 +287,32 @@ try
       break;
     if(res < 0)
       unixDie("reading object pointer to sign from pdns");
-    set<DNSName> authSet;
-    authSet.insert(d_signer);
-    addRRSigs(dk, db, authSet, *chunk);
-    ++d_signed;
-    
-    writen2(fd, &chunk, sizeof(chunk));
+    try {
+      set<DNSName> authSet;
+      authSet.insert(d_signer);
+      addRRSigs(dk, db, authSet, *chunk);
+      ++d_signed;
+
+      writen2(fd, &chunk, sizeof(chunk));
+      chunk = nullptr;
+    }
+    catch(const PDNSException& pe) {
+      delete chunk;
+      throw;
+    }
+    catch(const std::exception& e) {
+      delete chunk;
+      throw;
+    }
   }
   close(fd);
 }
-catch(PDNSException& pe)
+catch(const PDNSException& pe)
 {
   L<<Logger::Error<<"Signing thread died because of PDNSException: "<<pe.reason<<endl;
   close(fd);
 }
-catch(std::exception& e)
+catch(const std::exception& e)
 {
   L<<Logger::Error<<"Signing thread died because of std::exception: "<<e.what()<<endl;
   close(fd);