From: Evan Hunt <each@isc.org>
Date: Tue, 16 Jan 2024 23:58:53 +0000 (-0800)
Subject: fix a message parsing regression
X-Git-Tag: v9.19.21~4^2~2
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=4c19d35614f8cd80d8748156a5bad361e19abc28;p=thirdparty%2Fbind9.git

fix a message parsing regression

the fix for CVE-2023-4408 introduced a regression in the message
parser, which could cause a crash if duplicate rdatasets were found
in the question section. this commit ensures that rdatasets are
correctly disassociated and freed when this occurs.
---

diff --git a/lib/dns/message.c b/lib/dns/message.c
index 8280aa287fa..b0d5f16da7a 100644
--- a/lib/dns/message.c
+++ b/lib/dns/message.c
@@ -1130,6 +1130,9 @@ getquestions(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t dctx,
 
 cleanup:
 	if (rdataset != NULL) {
+		if (dns_rdataset_isassociated(rdataset)) {
+			dns_rdataset_disassociate(rdataset);
+		}
 		dns_message_puttemprdataset(msg, &rdataset);
 	}