net: double-free of cgo pointer when handling long CNAME response

[neild]

When using LookupCNAME with the cgo DNS resolver,
a very long CNAME response could trigger a double-free of C memory
and a crash. The double-free has been fixed.

Thanks to hamayanhamayan for reporting this issue.

This is CVE-2026-33811 and Go issue https://go.dev/issue/78803.

---

This was a PUBLIC track issue, tracked in http://b/495821212.

[gopherbot]

Change https://go.dev/cl/767860 mentions this issue: net: avoid double-free of cgo pointer when handling large DNS response

[neild]

@gopherbot please open backport issues for this security issue.

[gopherbot]

Backport issue(s) opened: #78812 (for 1.25), #78813 (for 1.26).

Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://go.dev/wiki/MinorReleases.

[gopherbot]

Change https://go.dev/cl/767541 mentions this issue: [release-branch.go1.25] net: avoid double-free of cgo pointer when handling large DNS response

[gopherbot]

Change https://go.dev/cl/767542 mentions this issue: [release-branch.go1.26] net: avoid double-free of cgo pointer when handling large DNS response