Merge pull request #14196 from rgacogne/auth-fix-bindparser-leak

auth: Fix memory leaks in the bind file format parser
PowerDNS · May 17, 2024 · 2b266b1 · 2b266b1
2 parents 3ac2970 + 9a8bd90
commit 2b266b1
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 16 deletions.
diff --git a/pdns/bindparser.yy b/pdns/bindparser.yy
@@ -17,7 +17,7 @@ extern int yydebug;
 
 #define YYSTYPE char *
 
-extern "C" 
+extern "C"
 {
 	int yyparse(void);
 	int yylex(void);
@@ -35,7 +35,7 @@ const char *bind_directory;
 extern int linenumber;
 static void yyerror(const char *str)
 {
-  extern char *current_filename;	
+  extern char *current_filename;
   throw PDNSException("Error in bind configuration '"+string(current_filename)+"' on line "+std::to_string(linenumber)+": "+str);
 }
 
@@ -44,7 +44,7 @@ static BindParser *parent;
 BindDomainInfo s_di;
 
 void BindParser::parse(const string &fname)
-{	
+{
 	yydebug=0;
 	yyin=fopen(fname.c_str(),"r");
 	yyrestart(yyin);
@@ -113,7 +113,7 @@ void BindParser::commit(BindDomainInfo DI)
 %%
 
 root_commands:
-	|	 
+	|
 	root_commands root_command SEMICOLON
   	;
 
@@ -126,7 +126,7 @@ commands:
 	;
 
 command:
-	terms 
+	terms
 	;
 
 global_zone_command:
@@ -137,7 +137,7 @@ global_zone_command:
 		parent->commit(s_di);
 		s_di.clear();
 	}
-	|	
+	|
 	ZONETOK quotedname AWORD zone_block
 	{
 	        s_di.name=DNSName($2);
@@ -156,19 +156,26 @@ global_options_command:
 
 
 acl_command:
-	ACLTOK quotedname acl_block | 	ACLTOK filename acl_block
+	ACLTOK quotedname acl_block
+	{
+		free($2);
+	}
+	| 	ACLTOK filename acl_block
 	;
 
 acl_block: OBRACE acls EBRACE
 	;
-	
-acls: 
+
+acls:
 	|
 	acl SEMICOLON acls
 	;
 
 acl:
 	AWORD
+	{
+		free($1);
+	}
 	;
 
 options_commands:
@@ -189,10 +196,10 @@ options_directory_command: DIRECTORYTOK quotedname
 	}
 	;
 
-also_notify_command: ALSONOTIFYTOK OBRACE also_notify_list EBRACE 
+also_notify_command: ALSONOTIFYTOK OBRACE also_notify_list EBRACE
 	;
 
-also_notify_list: 
+also_notify_list:
 	|
 	also_notify SEMICOLON also_notify_list
 	;
@@ -208,10 +215,17 @@ terms: /* empty */
 	terms term
 	;
 
-term: AWORD | block | quotedname
+term: AWORD
+	{
+		free($1);
+	}
+	| block | quotedname
+	{
+		free($1);
+	}
 	;
-block: 
-	OBRACE commands EBRACE 
+block:
+	OBRACE commands EBRACE
 	;
 
 zone_block:
@@ -252,7 +266,7 @@ zone_also_notify: AWORD
         ;
 
 primaries: /* empty */
-	| 
+	|
 	primaries primary SEMICOLON
 	;
 
@@ -266,7 +280,6 @@ primary: AWORD
 zone_file_command:
 	FILETOK quotedname
 	{
-	  //		printf("Found a filename: '%s'\n",$2);
 		s_di.filename=$2;
 		free($2);
 	}
@@ -289,4 +302,7 @@ quotedname:
 	;
 
 filename: AWORD
+	{
+		free($1);
+	}
 	;
diff --git a/pdns/named.conf.parsertest b/pdns/named.conf.parsertest
@@ -1,6 +1,15 @@
 # this file is used by ../pdns/test-bindparser_cc.cc
 # if you change it, please make check!
 
+acl bogusnets {
+    0.0.0.0/8;  192.0.2.0/24; 224.0.0.0/3;
+    10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16;
+};
+
+acl "not-these-ips" {
+    !192.168.0/24;!10.0/16;any;
+};
+
 options {
 	directory "./zones/";
 	recursion no;