From a4e1db793d4971d87631276ea57808074ed2c1c7 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Thu, 21 Feb 2019 17:23:53 +0100
Subject: [PATCH 1/3] Fix CVE-2018-5744

5110.	[security]	Named leaked memory if there were multiple Key Tag
			EDNS options present. (CVE-2018-5744) [GL #772]
---
 bin/named/client.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/bin/named/client.c b/bin/named/client.c
index b9ebc93..b7d8a98 100644
--- a/bin/named/client.c
+++ b/bin/named/client.c
@@ -2112,6 +2112,12 @@ process_keytag(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
 		return (DNS_R_OPTERR);
 	}
 
+	/* Silently drop additional keytag options. */
+	if (client->keytag != NULL) {
+		isc_buffer_forward(buf, (unsigned int)optlen);
+		return (ISC_R_SUCCESS);
+	}
+
 	client->keytag = isc_mem_get(client->mctx, optlen);
 	if (client->keytag != NULL) {
 		client->keytag_len = (isc_uint16_t)optlen;
-- 
2.20.1