From: Scott Kitterman <scott@kitterman.com>
Date: Sat, 12 Feb 2024 19:41:26 -0500
Subject: Validate TXID in client.py
Fixes CVE-2022-22846
Origin: backport, https://github.com/paulc/dnslib/commit/76e8677699ed098387d502c57980f58da642aeba

---
 dnslib/client.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/dnslib/client.py b/dnslib/client.py
index 628ea81..09572b6 100644
--- a/dnslib/client.py
+++ b/dnslib/client.py
@@ -76,6 +76,9 @@ if __name__ == '__main__':
         a_pkt = q.send(address,port,tcp=args.tcp)
         a = DNSRecord.parse(a_pkt)
 
+        if q.header.id != a.header.id:
+            raise DNSError('Response transaction id does not match query transaction id')
+
         if a.header.tc and args.noretry == False:
             # Truncated - retry in TCP mode
             a_pkt = q.send(address,port,tcp=True)