From 4c19d35614f8cd80d8748156a5bad361e19abc28 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Tue, 16 Jan 2024 15:58:53 -0800 Subject: [PATCH] fix a message parsing regression the fix for CVE-2023-4408 introduced a regression in the message parser, which could cause a crash if duplicate rdatasets were found in the question section. this commit ensures that rdatasets are correctly disassociated and freed when this occurs. --- lib/dns/message.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/dns/message.c b/lib/dns/message.c index 8280aa287f..b0d5f16da7 100644 --- a/lib/dns/message.c +++ b/lib/dns/message.c @@ -1130,6 +1130,9 @@ getquestions(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t dctx, cleanup: if (rdataset != NULL) { + if (dns_rdataset_isassociated(rdataset)) { + dns_rdataset_disassociate(rdataset); + } dns_message_puttemprdataset(msg, &rdataset); }