From: Simon Kelley <simon@thekelleys.org.uk>
Date: Sat, 2 Sep 2023 20:34:54 +0000 (+0100)
Subject: Fix problem with arbitrary RR caching.
X-Git-Tag: v2.90test1~18
X-Git-Url: https://thekelleys.org.uk/gitweb/?a=commitdiff_plain;h=3b5ddf37d9c841ce48a63cff653cf2bdc2a9b4b7;p=dnsmasq.git

Fix problem with arbitrary RR caching.

Caching an answer which has more that one RR, with at least
one answer being <=13 bytes and at least one being >13 bytes
can screw up the F_KEYTAG flag bit, resulting in the wrong
type of the address union being used and either a bad value
return or a crash in the block code.

Thanks to Dominik Derigs and the Pi-hole project for finding
and characterising this.
---

diff --git a/src/rfc1035.c b/src/rfc1035.c
index 56b65bb..32b43fd 100644
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -812,6 +812,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
 		    {
 		       addr.rrdata.rrtype = aqtype;
 		       addr.rrdata.datalen = (char)ardlen;
+		       flags &= ~F_KEYTAG; /* in case of >1 answer, not all the same. */ 
 		       if (ardlen != 0)
 			 memcpy(addr.rrdata.data, p1, ardlen);
 		    }