| commit | 53b2e9aff3a292e0383168aa0e1c3d8fc417f17a | |
| author | Stefan Metzmacher <metze@samba.org> | |
| Wed, 28 Nov 2018 14:21:56 +0000 (28 15:21 +0100) | ||
| committer | Karolin Seeger <kseeger@samba.org> | |
| Mon, 10 Dec 2018 09:12:21 +0000 (10 10:12 +0100) | ||
| tree | 30e1d067326c572b9a95442d6dd2fc5a27af9130 | treesnapshot (tar.gz zip) |
| parent | 850a5521a3bfcbacd6fe029200eb9ea0f908a80c | commitdiff |
CVE-2018-14629 dns: fix CNAME loop prevention using counter regression
The loop prevention should only be done for CNAME records!
Otherwise we truncate the answer records for A, AAAA or
SRV queries, which is a bad idea if you have more than 20 DCs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Dec 4 08:52:29 CET 2018 on sn-devel-144
(cherry picked from commit 34f4491d79b47b2fe2457b8882f11644cf773bc4)
The loop prevention should only be done for CNAME records!
Otherwise we truncate the answer records for A, AAAA or
SRV queries, which is a bad idea if you have more than 20 DCs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Dec 4 08:52:29 CET 2018 on sn-devel-144
(cherry picked from commit 34f4491d79b47b2fe2457b8882f11644cf773bc4)
| selftest/knownfail.d/dns | diffblobblamehistory | |
| source4/dns_server/dns_query.c | diffblobblamehistory |