An attacker controlling a malicious DNS server returns a DNAME record,
and the we stores a pointer to resp->foundname, frees the response
structure, then uses the dangling pointer in dns_name_fullcompare()
possibly causing invalid match. Only the `delv`is affected. This has
been fixed.
Closes #5728
Backport of MR !11570
Merge branch 'backport-5728-heap-uaf-in-bind9-dns_client_resolve-via-dname-response-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!11571
projects / thirdparty / bind9.git / commitdiff
