diff options
Diffstat (limited to 'debian/patches/75_19-DMARC-fix-use-after-free-in-dmarc_dns_lookup.patch')
-rw-r--r-- | debian/patches/75_19-DMARC-fix-use-after-free-in-dmarc_dns_lookup.patch | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/debian/patches/75_19-DMARC-fix-use-after-free-in-dmarc_dns_lookup.patch b/debian/patches/75_19-DMARC-fix-use-after-free-in-dmarc_dns_lookup.patch new file mode 100644 index 0000000..e8bda9e --- /dev/null +++ b/debian/patches/75_19-DMARC-fix-use-after-free-in-dmarc_dns_lookup.patch @@ -0,0 +1,39 @@ +From 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445 Mon Sep 17 00:00:00 2001 +From: Lorenz Brun <lorenz@brun.one> +Date: Fri, 14 Oct 2022 21:02:51 +0200 +Subject: [PATCH 2/2] DMARC: fix use-after-free in dmarc_dns_lookup + +This fixes a use-after-free in dmarc_dns_lookup where the result +of dns_lookup in dnsa is freed before the required data is copied out. + +Fixes: 9258363 ("DNS: explicit alloc/free of workspace") +--- + src/dmarc.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/dmarc.c b/src/dmarc.c +index ad0c26c91..53c2752ac 100644 +--- a/src/dmarc.c ++++ b/src/dmarc.c +@@ -226,16 +226,17 @@ dns_scan dnss; + int rc = dns_lookup(dnsa, string_sprintf("_dmarc.%s", dom), T_TXT, NULL); + + if (rc == DNS_SUCCEED) + for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr; + rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) + if (rr->type == T_TXT && rr->size > 3) + { ++ uschar *record = string_copyn_taint(US rr->data, rr->size, GET_TAINTED); + store_free_dns_answer(dnsa); +- return string_copyn_taint(US rr->data, rr->size, GET_TAINTED); ++ return record; + } + store_free_dns_answer(dnsa); + return NULL; + } + + + static int +-- +2.35.1 + |