DMARC: fix use-after-free in dmarc_dns_lookup

This fixes a use-after-free in dmarc_dns_lookup where the result of dns_lookup in dnsa is freed before the required data is copied out. Fixes: 9258363 ("DNS: explicit alloc/free of workspace")
Exim · Oct 18, 2022 · 12fb384 · 12fb384
1 parent 1561c5d
commit 12fb384
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/src/src/dmarc.c b/src/src/dmarc.c
@@ -230,8 +230,9 @@ if (rc == DNS_SUCCEED)
        rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
     if (rr->type == T_TXT && rr->size > 3)
       {
+      uschar *record = string_copyn_taint(US rr->data, rr->size, GET_TAINTED);
       store_free_dns_answer(dnsa);
-      return string_copyn_taint(US rr->data, rr->size, GET_TAINTED);
+      return record;
       }
 store_free_dns_answer(dnsa);
 return NULL;