From 9b0c4bf7003db929fe00a345fc96fb97677d29e0 Mon Sep 17 00:00:00 2001
From: Brian Wellington <source@isc.org>
Date: Thu, 11 Jan 2001 04:23:39 +0000
Subject: [PATCH]  675.   [func]          TKEY queries could cause the server
 to leak                         memory.

---
 CHANGES        |  3 +++
 lib/dns/tkey.c | 30 ++++++++++++++++++++++++++----
 2 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/CHANGES b/CHANGES
index 989fa5348e..6224325cdd 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+ 675.	[func]		TKEY queries could cause the server to leak
+			memory.
+
  674.	[func]		Allow messages to be TSIG signed / verified using
 			a offset from the current time.
 
diff --git a/lib/dns/tkey.c b/lib/dns/tkey.c
index 8226b21993..0a7f6f90b1 100644
--- a/lib/dns/tkey.c
+++ b/lib/dns/tkey.c
@@ -16,7 +16,7 @@
  */
 
 /*
- * $Id: tkey.c,v 1.59 2001/01/11 04:00:17 bwelling Exp $
+ * $Id: tkey.c,v 1.60 2001/01/11 04:23:39 bwelling Exp $
  */
 
 #include <config.h>
@@ -154,19 +154,39 @@ add_rdata_to_list(dns_message_t *msg, dns_name_t *name, dns_rdata_t *rdata,
 	return (ISC_R_SUCCESS);
 
  failure:
-	if (newrdata != NULL)
+	if (newrdata != NULL) {
+		if (ISC_LINK_LINKED(newrdata, link))
+			ISC_LIST_UNLINK(newlist->rdata, newrdata, link);
 		dns_message_puttemprdata(msg, &newrdata);
+	}
 	if (newname != NULL)
 		dns_message_puttempname(msg, &newname);
-	if (newlist != NULL)
-		dns_message_puttemprdatalist(msg, &newlist);
 	if (newset != NULL) {
 		dns_rdataset_disassociate(newset);
 		dns_message_puttemprdataset(msg, &newset);
 	}
+	if (newlist != NULL)
+		dns_message_puttemprdatalist(msg, &newlist);
 	return (result);
 }
 
+static void
+free_namelist(dns_message_t *msg, dns_namelist_t *namelist) {
+	dns_name_t *name;
+	dns_rdataset_t *set;
+
+	while (!ISC_LIST_EMPTY(*namelist)) {
+		name = ISC_LIST_HEAD(*namelist);
+		ISC_LIST_UNLINK(*namelist, name, link);
+		while (!ISC_LIST_EMPTY(name->list)) {
+			set = ISC_LIST_HEAD(name->list);
+			ISC_LIST_UNLINK(name->list, set, link);
+			dns_message_puttemprdataset(msg, &set);
+		}
+		dns_message_puttempname(msg, &name);
+	}
+}
+
 static isc_result_t
 compute_secret(isc_buffer_t *shared, isc_region_t *queryrandomness,
 	       isc_region_t *serverrandomness, isc_buffer_t *secret)
@@ -777,6 +797,8 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx,
 		dns_message_puttemprdata(msg, &rdata);
 	if (dynbuf != NULL)
 		isc_buffer_free(&dynbuf);
+	if (!ISC_LIST_EMPTY(namelist))
+		free_namelist(msg, &namelist);
 	return (result);
 }