search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: 60dbfbd) | patch
bug #10609: CVE-2014-0239 Don't reply to replies
commitbb0871c3ec44f6fb5fbd01e0f1522dfd7934cfe5
authorKai Blin <kai@samba.org>
Tue, 13 May 2014 06:13:29 +0000 (13 08:13 +0200)
committerKarolin Seeger <kseeger@samba.org>
Tue, 20 May 2014 11:54:40 +0000 (20 13:54 +0200)
tree411db69d8efe3d0e4f9b928a60b57c77e40ec37etree | snapshot (tar.gz zip)
parent60dbfbdadf7bce70cb2f74a79afe04017da3035dcommit | diff
bug #10609: CVE-2014-0239 Don't reply to replies

Due to insufficient input checking, the DNS server will reply to a packet that
has the "reply" bit set. Over UDP, this allows to send a packet with a spoofed
sender address and have two servers DOS each other with circular replies.

This patch fixes bug #10609 and adds a test to make sure we don't regress.
CVE-2014-2039 has been assigned to this issue.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10609

Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Tue May 20 04:15:44 CEST 2014 on sn-devel-104

(cherry picked from commit 392ec4d241eb19c812cd49ff73bd32b2b09d8533)

Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-1-test): Tue May 20 13:54:40 CEST 2014 on sn-devel-104
python/samba/tests/dns.py diff | blob | blame | history
source4/dns_server/dns_server.c diff | blob | blame | history
Samba GIT mirror