The Samba-Bugzilla – Attachment 14691 Details for
Bug 13600
[SECURITY] CVE-2018-14629 CNAME loops in Samba AD DC DNS server
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Possible regression fix for master
tmp.diff.txt (text/plain), 1.59 KB, created by
Stefan Metzmacher
on 2018-11-28 14:32:46 UTC
(
hide
)
Description:
Possible regression fix for master
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2018-11-28 14:32:46 UTC
Size:
1.59 KB
patch
obsolete
>From ff99987c9d79ca15c1502da6f74bd7ed70335267 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 28 Nov 2018 15:21:56 +0100 >Subject: [PATCH] CVE-2018-14629 dns: fix CNAME loop prevention using counter > regression > >The loop prevention should only be done for CNAME records! > >Otherwise we truncate the answer records for A, AAAA or >SRV queries, which is a bad idea if you have more than 20 DCs. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >--- > source4/dns_server/dns_query.c | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) > >diff --git a/source4/dns_server/dns_query.c b/source4/dns_server/dns_query.c >index 65faeac3b6a4..0e632b8db4e6 100644 >--- a/source4/dns_server/dns_query.c >+++ b/source4/dns_server/dns_query.c >@@ -420,11 +420,6 @@ static struct tevent_req *handle_dnsrpcrec_send( > state->answers = answers; > state->nsrecs = nsrecs; > >- if (talloc_array_length(*answers) >= MAX_Q_RECURSION_DEPTH) { >- tevent_req_done(req); >- return tevent_req_post(req, ev); >- } >- > resolve_cname = ((rec->wType == DNS_TYPE_CNAME) && > ((question->question_type == DNS_QTYPE_A) || > (question->question_type == DNS_QTYPE_AAAA))); >@@ -446,6 +441,11 @@ static struct tevent_req *handle_dnsrpcrec_send( > return tevent_req_post(req, ev); > } > >+ if (talloc_array_length(*answers) >= MAX_Q_RECURSION_DEPTH) { >+ tevent_req_done(req); >+ return tevent_req_post(req, ev); >+ } >+ > werr = add_response_rr(question->name, rec, state->answers); > if (tevent_req_werror(req, werr)) { > return tevent_req_post(req, ev); >-- >2.17.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
slow
:
review+
Actions:
View
Attachments on
bug 13600
:
14460
|
14537
|
14572
|
14573
|
14574
|
14575
|
14594
|
14631
|
14632
|
14635
|
14636
|
14649
|
14667
|
14668
|
14670
|
14685
|
14691
|
14692
|
14693
|
14694
|
14696
|
14697
|
14704
|
14711
|
14712
|
14717
|
14719
|
14720
|
14724
|
17140