[exim-cvs] DMARC: fix use-after-free in dmarc_dns_lookup

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Exim Git Commits Mailing List
Date:  
À: exim-cvs
Sujet: [exim-cvs] DMARC: fix use-after-free in dmarc_dns_lookup
Gitweb: https://git.exim.org/exim.git/commitdiff/12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445
Commit:     12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445
Parent:     1561c5d88b3a23a4348d8e3c1ce28554fcbcfe46
Author:     Lorenz Brun <lorenz@???>
AuthorDate: Fri Oct 14 21:02:51 2022 +0200
Committer:  Heiko Schlittermann (HS12-RIPE) <hs@???>
CommitDate: Tue Oct 18 22:59:52 2022 +0200


    DMARC: fix use-after-free in dmarc_dns_lookup


    This fixes a use-after-free in dmarc_dns_lookup where the result
    of dns_lookup in dnsa is freed before the required data is copied out.


    Fixes: 9258363 ("DNS: explicit alloc/free of workspace")
---
 src/src/dmarc.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)


diff --git a/src/src/dmarc.c b/src/src/dmarc.c
index ad0c26c91..53c2752ac 100644
--- a/src/src/dmarc.c
+++ b/src/src/dmarc.c
@@ -230,8 +230,9 @@ if (rc == DNS_SUCCEED)
        rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
     if (rr->type == T_TXT && rr->size > 3)
       {
+      uschar *record = string_copyn_taint(US rr->data, rr->size, GET_TAINTED);
       store_free_dns_answer(dnsa);
-      return string_copyn_taint(US rr->data, rr->size, GET_TAINTED);
+      return record;
       }
 store_free_dns_answer(dnsa);
 return NULL;