Zero packet buffers before building output, to reduce risk of information leakage.

src/auth.c

@@ -101,6 +101,11 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
   struct all_addr addr;
   struct cname *a;
   
+  /* Clear buffer beyond request to avoid risk of
+     information disclosure. */
+  memset(((char *)header) + qlen, 0, 
+	 (limit - ((char *)header)) - qlen);
+  
   if (ntohs(header->qdcount) == 0 || OPCODE(header) != QUERY )
     return 0;