From 3b5ddf37d9c841ce48a63cff653cf2bdc2a9b4b7 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Sat, 2 Sep 2023 21:34:54 +0100
Subject: [PATCH] Fix problem with arbitrary RR caching.

Caching an answer which has more that one RR, with at least
one answer being <=13 bytes and at least one being >13 bytes
can screw up the F_KEYTAG flag bit, resulting in the wrong
type of the address union being used and either a bad value
return or a crash in the block code.

Thanks to Dominik Derigs and the Pi-hole project for finding
and characterising this.
---
 src/rfc1035.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/rfc1035.c b/src/rfc1035.c
index 56b65bb..32b43fd 100644
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -812,6 +812,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
 		    {
 		       addr.rrdata.rrtype = aqtype;
 		       addr.rrdata.datalen = (char)ardlen;
+		       flags &= ~F_KEYTAG; /* in case of >1 answer, not all the same. */ 
 		       if (ardlen != 0)
 			 memcpy(addr.rrdata.data, p1, ardlen);
 		    }