resolve: several follow-ups for 9ca133e97a0c8795b1f293ccea4965b4ad1accc4.

- add missing initialization for DnsQuery.answer_ede_rcode,

- clear EDE code and message in dns_transaction_reset_answer(),
  otherwise the previous EDE code or message may be mistakenly reused
  on restart. This fixes memory leak of DnsTransaction.answer_ede_msg.

- also clear EDE code and message in dns_query_reset_answer(),
  otherwise ede message is leaked if dns_query_accept() is called
  multiple times for the same DnsQuery.

Follow-up for 9ca133e97a0c8795b1f293ccea4965b4ad1accc4.

Fixes #30752.

diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c
index a7bc45838f74ceee05b2ff00eccd664d54b31dcb..861a2db2ccea61245094aeede5d7b98b25dbd85c 100644 (file)
--- a/src/resolve/resolved-dns-query.c
+++ b/src/resolve/resolved-dns-query.c
@@ -368,6 +368,8 @@ static void dns_query_reset_answer(DnsQuery *q) {
 
         q->answer = dns_answer_unref(q->answer);
         q->answer_rcode = 0;
+        q->answer_ede_rcode = _DNS_EDE_RCODE_INVALID;
+        q->answer_ede_msg = mfree(q->answer_ede_msg);
         q->answer_dnssec_result = _DNSSEC_RESULT_INVALID;
         q->answer_errno = 0;
         q->answer_query_flags = 0;
@@ -421,8 +423,6 @@ DnsQuery *dns_query_free(DnsQuery *q) {
         dns_answer_unref(q->reply_authoritative);
         dns_answer_unref(q->reply_additional);
 
-        free(q->answer_ede_msg);
-
         if (q->request_stream) {
                 /* Detach the stream from our query, in case something else keeps a reference to it. */
                 (void) set_remove(q->request_stream->queries, q);
@@ -516,6 +516,7 @@ int dns_query_new(
                 .question_bypass = dns_packet_ref(question_bypass),
                 .ifindex = ifindex,
                 .flags = flags,
+                .answer_ede_rcode = _DNS_EDE_RCODE_INVALID,
                 .answer_dnssec_result = _DNSSEC_RESULT_INVALID,
                 .answer_protocol = _DNS_PROTOCOL_INVALID,
                 .answer_family = AF_UNSPEC,
@@ -898,20 +899,13 @@ static void dns_query_accept(DnsQuery *q, DnsQueryCandidate *c) {
                             !FLAGS_SET(t->answer_query_flags, SD_RESOLVED_AUTHENTICATED))
                                 continue;
 
-                        char *answer_ede_msg = NULL;
-                        if (t->answer_ede_msg) {
-                                answer_ede_msg = strdup(t->answer_ede_msg);
-                                if (!answer_ede_msg) {
-                                        r = log_oom();
-                                        goto fail;
-                                }
-                        }
-
                         DNS_ANSWER_REPLACE(q->answer, dns_answer_ref(t->answer));
                         q->answer_rcode = t->answer_rcode;
-                        q->answer_dnssec_result = t->answer_dnssec_result;
                         q->answer_ede_rcode = t->answer_ede_rcode;
-                        q->answer_ede_msg = answer_ede_msg;
+                        r = free_and_strdup_warn(&q->answer_ede_msg, t->answer_ede_msg);
+                        if (r < 0)
+                                goto fail;
+                        q->answer_dnssec_result = t->answer_dnssec_result;
                         q->answer_query_flags = t->answer_query_flags | dns_transaction_source_to_query_flags(t->answer_source);
                         q->answer_errno = t->answer_errno;
                         DNS_PACKET_REPLACE(q->answer_full_packet, dns_packet_ref(t->received));

diff --git a/src/resolve/resolved-dns-query.h b/src/resolve/resolved-dns-query.h
index 74ad2c7350061d79afcf831800eb0f35e27401c8..29d7288981fa7e020650ca0d2af8660be7afb058 100644 (file)
--- a/src/resolve/resolved-dns-query.h
+++ b/src/resolve/resolved-dns-query.h
@@ -73,9 +73,9 @@ struct DnsQuery {
         /* Discovered data */
         DnsAnswer *answer;
         int answer_rcode;
-        DnssecResult answer_dnssec_result;
         int answer_ede_rcode;
         char *answer_ede_msg;
+        DnssecResult answer_dnssec_result;
         uint64_t answer_query_flags;
         DnsProtocol answer_protocol;
         int answer_family;

diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index 12c48deb662577886b229d51c67cad43585df70c..aabaa12944721d728b192085889b071331431354 100644 (file)
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -28,6 +28,8 @@ static void dns_transaction_reset_answer(DnsTransaction *t) {
         t->received = dns_packet_unref(t->received);
         t->answer = dns_answer_unref(t->answer);
         t->answer_rcode = 0;
+        t->answer_ede_rcode = _DNS_EDE_RCODE_INVALID;
+        t->answer_ede_msg = mfree(t->answer_ede_msg);
         t->answer_dnssec_result = _DNSSEC_RESULT_INVALID;
         t->answer_source = _DNS_TRANSACTION_SOURCE_INVALID;
         t->answer_query_flags = 0;
@@ -166,8 +168,6 @@ DnsTransaction* dns_transaction_free(DnsTransaction *t) {
         dns_resource_key_unref(t->key);
         dns_packet_unref(t->bypass);
 
-        free(t->answer_ede_msg);
-
         return mfree(t);
 }