Merge branch 'dns_memleak' of https://github.com/MaxKellermann/zeek

* 'dns_memleak' of https://github.com/MaxKellermann/zeek:
  analyzer/protocol/dns: fix NSEC3 memory leak
  analyzer/protocol/dns: change runtime check to assert()
  analyzer/protocol/dns: fix memory leak

CHANGES

@@ -1,4 +1,17 @@
 
+3.2.0-dev.53 | 2020-02-18 12:12:28 -0800
+
+  * Make DNS NSEC3 parsing more resilient to introducing a memory leak
+    when no dns_NSEC3 handler exists (Max Kellermann)
+
+  * analyzer/protocol/dns: change runtime check to assert() (Max Kellermann)
+
+    If it were legal to call SendReplyOrRejectEvent() without an
+    EventHandlerPtr, then this would leak the `question_name` object.  But
+    this method has just one caller, and it verifies the EventHandlerPtr.
+
+  * Fix memory leak when no dns_TSIG_addl event handler exists (Max Kellermann)
+
 3.2.0-dev.46 | 2020-02-14 22:02:50 -0800
 
   * Fix code format of various reporter btests (Jon Siwek, Corelight)

VERSION

@@ -1 +1 @@
-3.2.0-dev.46
+3.2.0-dev.53

src/analyzer/protocol/dns/DNS.cc

@@ -769,7 +769,7 @@ int DNS_Interpreter::ParseRR_TSIG(DNS_MsgInfo* msg,
 	unsigned int sign_time_msec = ExtractShort(data, len);
 	unsigned int fudge = ExtractShort(data, len);
 	BroString* request_MAC;
-	ExtractOctets(data, len, &request_MAC);
+	ExtractOctets(data, len, dns_TSIG_addl ? &request_MAC : nullptr);
 	unsigned int orig_id = ExtractShort(data, len);
 	unsigned int rr_error = ExtractShort(data, len);
 	ExtractOctets(data, len, 0);  // Other Data
@@ -1129,6 +1129,8 @@ int DNS_Interpreter::ParseRR_NSEC3(DNS_MsgInfo* msg,
 			msg->BuildNSEC3_Val(&nsec3),
 		});
 		}
+	else
+		Unref(char_strings);
 
 	return 1;
 	}
@@ -1415,7 +1417,8 @@ void DNS_Interpreter::SendReplyOrRejectEvent(DNS_MsgInfo* msg,
 	RR_Type qtype = RR_Type(ExtractShort(data, len));
 	int qclass = ExtractShort(data, len);
 
-	if ( event )
+	assert(event);
+
 	analyzer->ConnectionEventFast(event, {
 		analyzer->BuildConnVal(),
 		msg->BuildHdrVal(),