[exim-dev] [PATCH] DMARC: fix use-after-free in dmarc_dns_lo…

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Lorenz Brun
Data:  
Para: exim-dev
Asunto: [exim-dev] [PATCH] DMARC: fix use-after-free in dmarc_dns_lookup
This fixes a use-after-free in dmarc_dns_lookup where the result
of dns_lookup in dnsa is freed before the required data is copied out.

Fixes: 9258363 ("DNS: explicit alloc/free of workspace")
---
src/src/dmarc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/src/dmarc.c b/src/src/dmarc.c
index 17bba9d75..082e56d43 100644
--- a/src/src/dmarc.c
+++ b/src/src/dmarc.c
@@ -230,8 +230,9 @@ if (rc == DNS_SUCCEED)
        rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
     if (rr->type == T_TXT && rr->size > 3)
       {
+      uschar *record = string_copyn_taint(US rr->data, rr->size, GET_TAINTED);
       store_free_dns_answer(dnsa);
-      return string_copyn_taint(US rr->data, rr->size, GET_TAINTED);
+      return record;
       }
 store_free_dns_answer(dnsa);
 return NULL;
-- 
2.37.2