From: Joshua Rogers <MegaManSec@users.noreply.github.com>
Date: Tue, 9 Sep 2025 01:14:06 +0000 (+0000)
Subject: DNS: Do not leak RR data upon RR data unpacking errors (#2193)
X-Git-Tag: SQUID_7_2~22
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1f9de9f5cafb246b045c3203fd4954e252b1a18e;p=thirdparty%2Fsquid.git

DNS: Do not leak RR data upon RR data unpacking errors (#2193)
---

diff --git a/src/dns/rfc1035.cc b/src/dns/rfc1035.cc
index 5e31741d0b..c17f288e3e 100644
--- a/src/dns/rfc1035.cc
+++ b/src/dns/rfc1035.cc
@@ -420,6 +420,8 @@ rfc1035RRUnpack(const char *buf, size_t sz, unsigned int *off, rfc1035_rr * RR)
         RR->rdlength = 0;   /* Filled in by rfc1035NameUnpack */
         if (rfc1035NameUnpack(buf, sz, &rdata_off, &RR->rdlength, RR->rdata, RFC1035_MAXHOSTNAMESZ, 0)) {
             RFC1035_UNPACK_DEBUG;
+            xfree(RR->rdata);
+            memset(RR, '\0', sizeof(*RR));
             return 1;
         }
         if (rdata_off > ((*off) + rdlength)) {