From dba3c8b0b8655a516cad3af87749ff27717d43a5 Mon Sep 17 00:00:00 2001
From: Joshua Rogers <MegaManSec@users.noreply.github.com>
Date: Tue, 9 Sep 2025 01:14:06 +0000
Subject: [PATCH] DNS: Do not leak RR data upon RR data unpacking errors
 (#2193)

---
 src/dns/rfc1035.cc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/dns/rfc1035.cc b/src/dns/rfc1035.cc
index 53cfced6c6..e16b4f8650 100644
--- a/src/dns/rfc1035.cc
+++ b/src/dns/rfc1035.cc
@@ -420,6 +420,8 @@ rfc1035RRUnpack(const char *buf, size_t sz, unsigned int *off, rfc1035_rr * RR)
         RR->rdlength = 0;   /* Filled in by rfc1035NameUnpack */
         if (rfc1035NameUnpack(buf, sz, &rdata_off, &RR->rdlength, RR->rdata, RFC1035_MAXHOSTNAMESZ, 0)) {
             RFC1035_UNPACK_DEBUG;
+            xfree(RR->rdata);
+            memset(RR, '\0', sizeof(*RR));
             return 1;
         }
         if (rdata_off > ((*off) + rdlength)) {
-- 
2.47.3