This fixes a use-after-free in dmarc_dns_lookup where the result
of dns_lookup in dnsa is freed before the required data is copied out.
Fixes: 9258363 ("DNS: explicit alloc/free of workspace")
rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
if (rr->type == T_TXT && rr->size > 3)
{
+ uschar *record = string_copyn_taint(US rr->data, rr->size, GET_TAINTED);
store_free_dns_answer(dnsa);
- return string_copyn_taint(US rr->data, rr->size, GET_TAINTED);
+ return record;
}
store_free_dns_answer(dnsa);
return NULL;