mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-30 22:15:20 +00:00
Merge branch '3622-serve-stale-rrsig-fix-security' into 'security-main'
[CVE-2022-3736] Properly handle stale RRSIG lookups See merge request isc-private/bind9!470
This commit is contained in:
3
CHANGES
3
CHANGES
@@ -1,6 +1,7 @@
|
||||
6067. [placeholder]
|
||||
|
||||
6066. [placeholder]
|
||||
6066. [security] Handle RRSIG lookups when serve-stale is active.
|
||||
(CVE-2022-3736) [GL #3622]
|
||||
|
||||
6065. [placeholder]
|
||||
|
||||
|
@@ -24,6 +24,14 @@ Security Fixes
|
||||
ISC would like to thank Rob Schulhof from Infoblox for bringing this
|
||||
vulnerability to our attention. :gl:`#3523`
|
||||
|
||||
- :iscman:`named` could crash with an assertion failure when an RRSIG
|
||||
query was received and :any:`stale-answer-client-timeout` was set to a
|
||||
non-zero value. This has been fixed. (CVE-2022-3736)
|
||||
|
||||
ISC would like to thank Borja Marcos from Sarenet (with assistance by
|
||||
Iratxe Niño from Fundación Sarenet) for bringing this vulnerability to
|
||||
our attention. :gl:`#3622`
|
||||
|
||||
New Features
|
||||
~~~~~~~~~~~~
|
||||
|
||||
|
@@ -5356,6 +5356,15 @@ qctx_init(ns_client_t *client, dns_fetchevent_t **eventp, dns_rdatatype_t qtype,
|
||||
qctx->result = ISC_R_SUCCESS;
|
||||
qctx->findcoveringnsec = qctx->view->synthfromdnssec;
|
||||
|
||||
/*
|
||||
* If it's an RRSIG or SIG query, we'll iterate the node.
|
||||
*/
|
||||
if (qctx->qtype == dns_rdatatype_rrsig ||
|
||||
qctx->qtype == dns_rdatatype_sig)
|
||||
{
|
||||
qctx->type = dns_rdatatype_any;
|
||||
}
|
||||
|
||||
CALL_HOOK_NORETURN(NS_QUERY_QCTX_INITIALIZED, qctx);
|
||||
}
|
||||
|
||||
@@ -5523,15 +5532,6 @@ query_setup(ns_client_t *client, dns_rdatatype_t qtype) {
|
||||
|
||||
CALL_HOOK(NS_QUERY_SETUP, &qctx);
|
||||
|
||||
/*
|
||||
* If it's a SIG query, we'll iterate the node.
|
||||
*/
|
||||
if (qctx.qtype == dns_rdatatype_rrsig ||
|
||||
qctx.qtype == dns_rdatatype_sig)
|
||||
{
|
||||
qctx.type = dns_rdatatype_any;
|
||||
}
|
||||
|
||||
/*
|
||||
* Check SERVFAIL cache
|
||||
*/
|
||||
|
Reference in New Issue
Block a user