From: Joshua Rogers <MegaManSec@users.noreply.github.com>
Date: Tue, 9 Sep 2025 01:14:06 +0000 (+0000)
Subject: DNS: Do not leak RR data upon RR data unpacking errors (#2193)
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=dba3c8b0b8655a516cad3af87749ff27717d43a5;p=thirdparty%2Fsquid.git

DNS: Do not leak RR data upon RR data unpacking errors (#2193)
---

diff --git a/src/dns/rfc1035.cc b/src/dns/rfc1035.cc
index 53cfced6c6..e16b4f8650 100644
--- a/src/dns/rfc1035.cc
+++ b/src/dns/rfc1035.cc
@@ -420,6 +420,8 @@ rfc1035RRUnpack(const char *buf, size_t sz, unsigned int *off, rfc1035_rr * RR)
         RR->rdlength = 0;   /* Filled in by rfc1035NameUnpack */
         if (rfc1035NameUnpack(buf, sz, &rdata_off, &RR->rdlength, RR->rdata, RFC1035_MAXHOSTNAMESZ, 0)) {
             RFC1035_UNPACK_DEBUG;
+            xfree(RR->rdata);
+            memset(RR, '\0', sizeof(*RR));
             return 1;
         }
         if (rdata_off > ((*off) + rdlength)) {