Commit 2648c49b authored by Evan Hunt's avatar Evan Hunt
Browse files

[master] fix rpz formerr loop

4531.	[security]	Some RPZ configurations could go into an infinite
			query loop when encountering responses with TTL=0.
			(CVE-2017-3140) [RT #45181]
parent aa3a8979
4531. [security] Some RPZ configurations could go into an infinite
query loop when encountering responses with TTL=0.
(CVE-2017-3140) [RT #45181]
4530. [bug] "dyndb" is dependent on dlopen existing / being
enabled. [RT #45291]
......
......@@ -6428,7 +6428,7 @@ query_respond(query_ctx_t *qctx) {
/*
* If we have a zero ttl from the cache, refetch.
*/
if (!qctx->is_zone && qctx->event == NULL &&
if (!qctx->is_zone && !qctx->resuming &&
qctx->rdataset->ttl == 0 && RECURSIONOK(qctx->client))
{
qctx_clean(qctx);
......@@ -7895,7 +7895,7 @@ query_cname(query_ctx_t *qctx) {
/*
* If we have a zero ttl from the cache refetch it.
*/
if (!qctx->is_zone && qctx->event == NULL &&
if (!qctx->is_zone && !qctx->resuming &&
qctx->rdataset->ttl == 0 && RECURSIONOK(qctx->client))
{
qctx_clean(qctx);
......
......@@ -67,6 +67,14 @@
<section xml:id="relnotes_security"><info><title>Security Fixes</title></info>
<itemizedlist>
<listitem>
<para>
With certain RPZ configurations, a response with TTL 0
could cause <command>named</command> to go into an infinite
query loop. This flaw is disclosed in CVE-2017-3140.
[RT #45181]
</para>
</listitem>
<listitem>
<para>
<command>rndc ""</command> could trigger an assertion failure
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment