fix a message parsing regression

the fix for CVE-2023-4408 introduced a regression in the message
parser, which could cause a crash if duplicate rdatasets were found
in the question section. this commit ensures that rdatasets are
correctly disassociated and freed when this occurs.

(cherry picked from commit 4c19d35614f8cd80d8748156a5bad361e19abc28)

diff --git a/lib/dns/message.c b/lib/dns/message.c
index cc42b01ae016d984d74f39b11a40e639b248b0f4..d09eb498ddc79975355274e976aeb269d99d6290 100644 (file)
--- a/lib/dns/message.c
+++ b/lib/dns/message.c
@@ -1164,7 +1164,9 @@ getquestions(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
 
 cleanup:
        if (rdataset != NULL) {
-               INSIST(!dns_rdataset_isassociated(rdataset));
+               if (dns_rdataset_isassociated(rdataset)) {
+                       dns_rdataset_disassociate(rdataset);
+               }
                isc_mempool_put(msg->rdspool, rdataset);
        }
        if (free_name) {