bc5dde
From 18df9e628ea10c7d607f43fcfd935e7924731f24 Mon Sep 17 00:00:00 2001
bc5dde
From: Evan Hunt <each@isc.org>
bc5dde
Date: Mon, 9 Sep 2013 22:12:47 -0700
bc5dde
Subject: [PATCH] [master] strdup journal filename
bc5dde
bc5dde
3646.	[bug]		Journal filename string could be set incorrectly,
bc5dde
                        causing garbage in log messages.  [RT #34738]
bc5dde
---
bc5dde
 lib/dns/journal.c | 12 +++++++++---
bc5dde
 1 file changed, 9 insertions(+), 3 deletions(-)
bc5dde
bc5dde
diff --git a/lib/dns/journal.c b/lib/dns/journal.c
bc5dde
index 08aabd5..46a52e1 100644
bc5dde
--- a/lib/dns/journal.c
bc5dde
+++ b/lib/dns/journal.c
bc5dde
@@ -307,7 +307,7 @@ struct dns_journal {
bc5dde
 	unsigned int		magic;		/*%< JOUR */
bc5dde
 	isc_mem_t		*mctx;		/*%< Memory context */
bc5dde
 	journal_state_t		state;
bc5dde
-	const char 		*filename;	/*%< Journal file name */
bc5dde
+	char 			*filename;	/*%< Journal file name */
bc5dde
 	FILE *			fp;		/*%< File handle */
bc5dde
 	isc_offset_t		offset;		/*%< Current file offset */
bc5dde
 	journal_header_t 	header;		/*%< In-core journal header */
bc5dde
@@ -573,10 +573,13 @@ journal_open(isc_mem_t *mctx, const char *filename, isc_boolean_t write,
bc5dde
 	isc_mem_attach(mctx, &j->mctx);
bc5dde
 	j->state = JOURNAL_STATE_INVALID;
bc5dde
 	j->fp = NULL;
bc5dde
-	j->filename = filename;
bc5dde
+	j->filename = isc_mem_strdup(mctx, filename);
bc5dde
 	j->index = NULL;
bc5dde
 	j->rawindex = NULL;
bc5dde
 
bc5dde
+	if (j->filename == NULL)
bc5dde
+		FAIL(ISC_R_NOMEMORY);
bc5dde
+
bc5dde
 	result = isc_stdio_open(j->filename, write ? "rb+" : "rb", &fp);
bc5dde
 
bc5dde
 	if (result == ISC_R_FILENOTFOUND) {
bc5dde
@@ -679,6 +682,8 @@ journal_open(isc_mem_t *mctx, const char *filename, isc_boolean_t write,
bc5dde
 			    sizeof(journal_rawpos_t));
bc5dde
 		j->index = NULL;
bc5dde
 	}
bc5dde
+	if (j->filename != NULL)
bc5dde
+		isc_mem_free(j->mctx, j->filename);
bc5dde
 	if (j->fp != NULL)
bc5dde
 		(void)isc_stdio_close(j->fp);
bc5dde
 	isc_mem_putanddetach(&j->mctx, j, sizeof(*j));
bc5dde
@@ -1242,7 +1247,8 @@ dns_journal_destroy(dns_journal_t **journalp) {
bc5dde
 		isc_mem_put(j->mctx, j->it.target.base, j->it.target.length);
bc5dde
 	if (j->it.source.base != NULL)
bc5dde
 		isc_mem_put(j->mctx, j->it.source.base, j->it.source.length);
bc5dde
-
bc5dde
+	if (j->filename != NULL)
bc5dde
+		isc_mem_free(j->mctx, j->filename);
bc5dde
 	if (j->fp != NULL)
bc5dde
 		(void)isc_stdio_close(j->fp);
bc5dde
 	j->magic = 0;
bc5dde
-- 
bc5dde
1.8.3.1
bc5dde