DMARC: fix use-after-free in dmarc_dns_lookup

This fixes a use-after-free in dmarc_dns_lookup where the result of dns_lookup in dnsa is freed before the required data is copied out. Fixes: 9258363 ("DNS: explicit alloc/free of workspace")
author: Lorenz Brun <lorenz@brun.one> 2022-10-14 21:02:51 +0200
committer: Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> 2022-10-18 22:59:52 +0200
commit: 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445 (patch)
tree: 195c6b2a3d53f9a94aeb9d4c2de6a0303484cbb3
parent: 1561c5d88b3a23a4348d8e3c1ce28554fcbcfe46 (diff)
download: exim4-12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/src/src/dmarc.c b/src/src/dmarc.c
index ad0c26c91..53c2752ac 100644
--- a/src/src/dmarc.c
+++ b/src/src/dmarc.c
@@ -230,8 +230,9 @@ if (rc == DNS_SUCCEED)
        rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
     if (rr->type == T_TXT && rr->size > 3)
       {
+      uschar *record = string_copyn_taint(US rr->data, rr->size, GET_TAINTED);
       store_free_dns_answer(dnsa);
-      return string_copyn_taint(US rr->data, rr->size, GET_TAINTED);
+      return record;
       }
 store_free_dns_answer(dnsa);
 return NULL;
author	Lorenz Brun <lorenz@brun.one>	2022-10-14 21:02:51 +0200
committer	Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>	2022-10-18 22:59:52 +0200
commit	12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445 (patch)
tree	195c6b2a3d53f9a94aeb9d4c2de6a0303484cbb3
parent	1561c5d88b3a23a4348d8e3c1ce28554fcbcfe46 (diff)
download	exim4-12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445.tar.gz