mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-02 07:35:26 +00:00
Code Issues Releases Wiki Activity

Merge branch '4281-CVE-2023-5517-test' into 'main'

Browse Source 
[CVE-2023-5517] Check nxdomain-redirect against built-in RFC-1918 zone

Closes #4281

See merge request isc-projects/bind9!8919
This commit is contained in:
Michał Kępień
2024-03-28 13:42:02 +00:00
parent 0371223343 2789906ce4
commit 7b5b3a842b
2 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
bin/tests/system/redirect/ns3/redirect.db
View File

@@ -12,5 +12,6 @@
$TTL 300 $TTL 300
@ IN SOA a.root-servers.nil. hostmaster.example.net. 0 0 0 0 0 @ IN SOA a.root-servers.nil. hostmaster.example.net. 0 0 0 0 0
@ IN NS a.root-servers.nil. @ IN NS a.root-servers.nil.
10.in-addr.arpa TXT turn off redirect
* IN A 100.100.100.1 * IN A 100.100.100.1
* IN AAAA 2001:ffff:ffff::100.100.100.1 * IN AAAA 2001:ffff:ffff::100.100.100.1

8
bin/tests/system/redirect/tests.sh
View File

@@ -518,6 +518,14 @@ n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret)) status=$((status + ret))
echo_i "checking nxdomain-redirect against built-in RFC-1918 zone ($n)"
ret=0
$DIG $DIGOPTS -x 10.0.0.1 @10.53.0.4 -b 10.53.0.2 >dig.out.ns4.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking tld nxdomain-redirect against signed root zone ($n)" echo_i "checking tld nxdomain-redirect against signed root zone ($n)"
ret=0 ret=0
$DIG $DIGOPTS @10.53.0.5 asdfasdfasdf >dig.out.ns5.test$n || ret=1 $DIG $DIGOPTS @10.53.0.5 asdfasdfasdf >dig.out.ns5.test$n || ret=1