From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 10 Nov 2020 17:45:28 +0000 (+0100)
Subject: resolved: paranoia — ensure DNS reply came over stream we sent it to
X-Git-Tag: v248-rc1~105
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b52eac2010ab652678e92ae93956db87f4f844e0;p=thirdparty%2Fsystemd.git

resolved: paranoia — ensure DNS reply came over stream we sent it to
---

diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index 36e38f65322..bd2ae5e4fb7 100644
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -630,7 +630,8 @@ static int on_stream_packet(DnsStream *s) {
         assert_se(p = dns_stream_take_read_packet(s));
 
         t = hashmap_get(s->manager->dns_transactions, UINT_TO_PTR(DNS_PACKET_ID(p)));
-        if (t)
+        if (t && t->stream == s) /* Validate that the stream we got this on actually is the stream the
+                                  * transaction was using. */
                 return dns_transaction_on_stream_packet(t, s, p);
 
         /* Ignore incorrect transaction id as an old transaction can have been canceled. */