mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-02 15:45:25 +00:00
Code Issues Releases Wiki Activity

explicit DNAME query could trigger a crash if deny-answer-aliases was set

Browse Source
This commit is contained in:
Evan Hunt
2018-07-05 14:34:30 -07:00
parent fa03f94102
commit cac3978af2
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/dns/resolver.c
View File

@@ -6608,6 +6608,7 @@ is_answertarget_allowed(fetchctx_t *fctx, dns_name_t *qname, dns_name_t *rname,
unsigned int nlabels; unsigned int nlabels;
dns_fixedname_t fixed; dns_fixedname_t fixed;
dns_name_t prefix; dns_name_t prefix;
int order;
REQUIRE(rdataset != NULL); REQUIRE(rdataset != NULL);
REQUIRE(rdataset->type == dns_rdatatype_cname || REQUIRE(rdataset->type == dns_rdatatype_cname ||
@@ -6630,17 +6631,24 @@ is_answertarget_allowed(fetchctx_t *fctx, dns_name_t *qname, dns_name_t *rname,
tname = &cname.cname; tname = &cname.cname;
break; break;
case dns_rdatatype_dname: case dns_rdatatype_dname:
if (dns_name_fullcompare(qname, rname, &order, &nlabels) !=
dns_namereln_subdomain)
{
return (true);
}
result = dns_rdata_tostruct(&rdata, &dname, NULL); result = dns_rdata_tostruct(&rdata, &dname, NULL);
RUNTIME_CHECK(result == ISC_R_SUCCESS); RUNTIME_CHECK(result == ISC_R_SUCCESS);
dns_name_init(&prefix, NULL); dns_name_init(&prefix, NULL);
tname = dns_fixedname_initname(&fixed); tname = dns_fixedname_initname(&fixed);
nlabels = dns_name_countlabels(qname) - nlabels = dns_name_countlabels(qname) -
dns_name_countlabels(rname); dns_name_countlabels(rname);
INSIST(nlabels > 0);
dns_name_split(qname, nlabels, &prefix, NULL); dns_name_split(qname, nlabels, &prefix, NULL);
result = dns_name_concatenate(&prefix, &dname.dname, tname, result = dns_name_concatenate(&prefix, &dname.dname, tname,
NULL); NULL);
if (result == DNS_R_NAMETOOLONG) if (result == DNS_R_NAMETOOLONG) {
return (true); return (true);
}
RUNTIME_CHECK(result == ISC_R_SUCCESS); RUNTIME_CHECK(result == ISC_R_SUCCESS);
break; break;
default: default:
@@ -8172,6 +8180,8 @@ rctx_answer_match(respctx_t *rctx) {
} }
if ((rctx->ardataset->type == dns_rdatatype_cname || if ((rctx->ardataset->type == dns_rdatatype_cname ||
rctx->ardataset->type == dns_rdatatype_dname) && rctx->ardataset->type == dns_rdatatype_dname) &&
rctx->type != rctx->ardataset->type &&
rctx->type != dns_rdatatype_any &&
!is_answertarget_allowed(fctx, &fctx->name, rctx->aname, !is_answertarget_allowed(fctx, &fctx->name, rctx->aname,
rctx->ardataset, NULL)) rctx->ardataset, NULL))
{ {