search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: d4b0b74) | patch
bug #10609: CVE-2014-0239 Don't reply to replies
commit97a32749b4c567890a92de97aaf8b85d5ec0134b
authorKai Blin <kai@samba.org>
Tue, 13 May 2014 06:13:29 +0000 (13 08:13 +0200)
committerKarolin Seeger <kseeger@samba.org>
Mon, 26 May 2014 12:54:32 +0000 (26 14:54 +0200)
tree384d0bdb7223c8c500fdbae65ccb9103039ed812tree | snapshot (tar.gz zip)
parentd4b0b741427e6d5ec9626f26eff4068399d8f771commit | diff
bug #10609: CVE-2014-0239 Don't reply to replies

Due to insufficient input checking, the DNS server will reply to a packet that
has the "reply" bit set. Over UDP, this allows to send a packet with a spoofed
sender address and have two servers DOS each other with circular replies.

This patch fixes bug #10609 and adds a test to make sure we don't regress.
CVE-2014-2039 has been assigned to this issue.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10609

Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Tue May 20 04:15:44 CEST 2014 on sn-devel-104

(cherry picked from commit 392ec4d241eb19c812cd49ff73bd32b2b09d8533)

Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Mon May 26 14:54:32 CEST 2014 on sn-devel-104
python/samba/tests/dns.py diff | blob | blame | history
source4/dns_server/dns_server.c diff | blob | blame | history
Samba GIT mirror