[git commit 0_9_30] Fix use-after-free bug in __dns_lookup

[Bernhard Reutner-Fischer]

commit: http://git.uclibc.org/uClibc/commit/?id=d1544065270bd1a799b9248b7bd41e73d4655163
branch: http://git.uclibc.org/uClibc/commit/?id=refs/heads/0_9_30

If the type of the first answer does not match with the requested type,
then the dotted name was freed. If there are no further answers in
the DNS reply, this pointer was used later on in the same function.
Additionally it is passed to the caller, and caused strange
behaviour.

Signed-off-by: Gabor Juhos <juhosg at openwrt.org>
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop at gmail.com>
---
 libc/inet/resolv.c |    4 +---
 1 files changed, 1 insertions(+), 3 deletions(-)

diff --git a/libc/inet/resolv.c b/libc/inet/resolv.c
index 044059d..1f46b1a 100644
--- a/libc/inet/resolv.c
+++ b/libc/inet/resolv.c
@@ -1011,10 +1011,8 @@ int attribute_hidden __dns_lookup(const char *name, int type,
 				memcpy(a, &ma, sizeof(ma));
 				if (a->atype != T_SIG && (NULL == a->buf || (type != T_A && type != T_AAAA)))
 					break;
-				if (a->atype != type) {
-					free(a->dotted);
+				if (a->atype != type)
 					continue;
-				}
 				a->add_count = h.ancount - j - 1;
 				if ((a->rdlength + sizeof(struct in_addr*)) * a->add_count > a->buflen)
 					break;
-- 
1.6.3.3