bug #10609: CVE-2014-0239 Don't reply to replies
commit392ec4d241eb19c812cd49ff73bd32b2b09d8533
authorKai Blin <kai@samba.org>
Tue, 13 May 2014 06:13:29 +0000 (13 08:13 +0200)
committerKai Blin <kai@samba.org>
Tue, 20 May 2014 02:15:44 +0000 (20 04:15 +0200)
tree0efd8aae099421ed446f939e68def422d827380b
parente5649ef6ee7fe2fd333ffdce3464c45a0cf01c9f
bug #10609: CVE-2014-0239 Don't reply to replies

Due to insufficient input checking, the DNS server will reply to a packet that
has the "reply" bit set. Over UDP, this allows to send a packet with a spoofed
sender address and have two servers DOS each other with circular replies.

This patch fixes bug #10609 and adds a test to make sure we don't regress.
CVE-2014-2039 has been assigned to this issue.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10609

Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Tue May 20 04:15:44 CEST 2014 on sn-devel-104
python/samba/tests/dns.py
source4/dns_server/dns_server.c