fix a message parsing regression

the fix for CVE-2023-4408 introduced a regression in the message
parser, which could cause a crash if duplicate rdatasets were found
in the question section. this commit ensures that rdatasets are
correctly disassociated and freed when this occurs.

diff --git a/lib/dns/message.c b/lib/dns/message.c
index 8280aa287fa3e6c242f0b721ebf4f7b6b2963d51..b0d5f16da7abaa0d3020f532c64e1613a251a65c 100644 (file)
--- a/lib/dns/message.c
+++ b/lib/dns/message.c
@@ -1130,6 +1130,9 @@ getquestions(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t dctx,
 
 cleanup:
        if (rdataset != NULL) {
+               if (dns_rdataset_isassociated(rdataset)) {
+                       dns_rdataset_disassociate(rdataset);
+               }
                dns_message_puttemprdataset(msg, &rdataset);
        }