From f43e5c8ed2e68b7064c909b1fece6d976799b8db Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Thu, 17 Sep 2015 14:05:19 +1000
Subject: [PATCH] 4210.   [cleanup]       Silence use after free false
 positive. [RT #40743]

---
 CHANGES           |  2 ++
 lib/dns/message.c | 19 ++++++++-----------
 2 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/CHANGES b/CHANGES
index 18eb1ae34b..00e9c039aa 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+4210.	[cleanup]	Silence use after free false positive. [RT #40743]
+
 4209.	[bug]		Address resource leaks in dlz modules. [RT #40654]
 
 4208.	[bug]		Address null pointer dereferences on out of memory.
diff --git a/lib/dns/message.c b/lib/dns/message.c
index b752da61b1..896f31d9a5 100644
--- a/lib/dns/message.c
+++ b/lib/dns/message.c
@@ -1289,6 +1289,7 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
 			 * it must be the first OPT we've seen.
 			 */
 			if (!dns_name_equal(dns_rootname, name) ||
+			    sectionid != DNS_SECTION_ADDITIONAL ||
 			    msg->opt != NULL)
 				DO_FORMERR;
 			skip_name_search = ISC_TRUE;
@@ -1526,9 +1527,12 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
 		ISC_LIST_APPEND(rdatalist->rdata, rdata, link);
 
 		/*
-		 * If this is an OPT record, remember it.  Also, set
-		 * the extended rcode.  Note that msg->opt will only be set
-		 * if best-effort parsing is enabled.
+		 * If this is an OPT, SIG(0) or TSIG record, remember it.
+		 * Also, set the extended rcode for TSIG.
+		 *
+		 * Note msg->opt, msg->sig0 and msg->tsig will only be
+		 * already set if best-effort parsing is enabled otherwise
+		 * there will only be at most one of each.
 		 */
 		if (rdtype == dns_rdatatype_opt && msg->opt == NULL) {
 			dns_rcode_t ercode;
@@ -1542,14 +1546,7 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
 			msg->rcode |= ercode;
 			isc_mempool_put(msg->namepool, name);
 			free_name = ISC_FALSE;
-		}
-
-		/*
-		 * If this is an SIG(0) or TSIG record, remember it.  Note
-		 * that msg->sig0 or msg->tsig will only be set if best-effort
-		 * parsing is enabled.
-		 */
-		if (issigzero && msg->sig0 == NULL) {
+		} else if (issigzero && msg->sig0 == NULL) {
 			msg->sig0 = rdataset;
 			msg->sig0name = name;
 			rdataset = NULL;