mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-02 23:55:27 +00:00
Code Issues Releases Wiki Activity

Merge branch '3619-serve-stale-client-timeout-crash-test' into 'main'

Browse Source 
[CVE-2022-3924] Add a reproducer for the serve-stale crash when recursive clients soft quota is reached

Closes #3619

See merge request isc-projects/bind9!7575
This commit is contained in:
Tom Krizek
2023-02-22 11:54:42 +00:00
parent 1fb5d42416 4b52b0b4a9
commit af33cd479b
3 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
bin/tests/system/serve-stale/ans2/ans.pl
View File

@@ -100,6 +100,12 @@ sub reply_handler {
# If we are not responding to queries we are done. # If we are not responding to queries we are done.
return if (!$send_response); return if (!$send_response);
if (index($qname, "latency") == 0) {
# simulate network latency before answering
print " Sleeping 50 milliseconds\n";
select(undef, undef, undef, 0.05);
}
# Construct the response and send it. # Construct the response and send it.
if ($qname eq "ns.example" ) { if ($qname eq "ns.example" ) {
if ($qtype eq "A") { if ($qtype eq "A") {

1
bin/tests/system/serve-stale/ns3/named2.conf.in
View File

@@ -39,6 +39,7 @@ options {
stale-answer-ttl 3; stale-answer-ttl 3;
stale-refresh-time 0; stale-refresh-time 0;
stale-answer-client-timeout 1800; # 1.8 seconds stale-answer-client-timeout 1800; # 1.8 seconds
recursive-clients 10; # CVE-2022-3924
max-stale-ttl 3600; max-stale-ttl 3600;
resolver-query-timeout 30000; # 30 seconds resolver-query-timeout 30000; # 30 seconds
}; };

19
bin/tests/system/serve-stale/tests.sh
View File

@@ -1781,6 +1781,25 @@ grep "ANSWER: 1," dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status+ret)) status=$((status+ret))
# CVE-2022-3924, GL #3619
n=$((n+1))
echo_i "check that named survives reaching recursive-clients quota (stale-answer-client-timeout 1.8) ($n)"
ret=0
num=0
# Make sure to exceed the configured value of 'recursive-clients 10;' by running
# 20 parallel queries with simulated network latency.
while [ $num -lt 20 ]; do
$DIG +tries=1 -p ${PORT} @10.53.0.3 "latency${num}.data.example" TXT >/dev/null 2>&1 &
num=$((num+1))
done;
_dig_data() {
$DIG -p ${PORT} @10.53.0.3 data.example TXT >dig.out.test$n || return 1
grep "status: NOERROR" dig.out.test$n > /dev/null || return 1
}
retry_quiet 5 _dig_data || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status+ret))
############################################# #############################################
# Test for stale-answer-client-timeout off. # # Test for stale-answer-client-timeout off. #
############################################# #############################################