Commit cbdea694 authored by Mark Andrews's avatar Mark Andrews Committed by Michał Kępień
Browse files

Check DNAME resolution via itself

parent 715dc196
Pipeline #73479 failed with stages
in 26 minutes and 26 seconds
......@@ -80,6 +80,34 @@ sub reply_handler {
$rr = new Net::DNS::RR("$synth2 $ttl $qclass DNAME .");
push @ans, $rr;
$rcode = "NOERROR";
# The following three code branches referring to the "example.dname"
# zone are necessary for the resolver variant of the CVE-2021-25215
# regression test to work. A named instance cannot be used for
# serving the DNAME records below as a version of BIND vulnerable to
# CVE-2021-25215 would crash while answering the queries asked by
# the tested resolver.
} elsif ($qname eq "ns3.example.dname") {
if ($qtype eq "A") {
my $rr = new Net::DNS::RR("$qname $ttl $qclass A 10.53.0.3");
push @ans, $rr;
}
if ($qtype eq "AAAA") {
my $rr = new Net::DNS::RR("example.dname. $ttl $qclass SOA . . 0 0 0 0 $ttl");
push @auth, $rr;
}
$rcode = "NOERROR";
} elsif ($qname eq "self.example.self.example.dname") {
my $rr = new Net::DNS::RR("self.example.dname. $ttl $qclass DNAME dname.");
push @ans, $rr;
$rr = new Net::DNS::RR("$qname $ttl $qclass CNAME self.example.dname.");
push @ans, $rr;
$rcode = "NOERROR";
} elsif ($qname eq "self.example.dname") {
if ($qtype eq "DNAME") {
my $rr = new Net::DNS::RR("$qname $ttl $qclass DNAME dname.");
push @ans, $rr;
}
$rcode = "NOERROR";
} else {
$rcode = "REFUSED";
}
......
......@@ -24,6 +24,10 @@ ns2.example. A 10.53.0.2
example.broken. NS ns3.example.broken.
ns3.example.broken. A 10.53.0.3
; for the resolver variant of the CVE-2021-25215 regression test
example.dname. NS ns3.example.dname.
ns3.example.dname. A 10.53.0.3
domain0.nil. NS ns2.domain0.nil
domain1.nil. NS ns2.domain0.nil
domain2.nil. NS ns2.domain0.nil
......
......@@ -16,3 +16,5 @@ ns2 86400 AAAA fd92:7065:b8e:ffff::2
@ 86400 AAAA 1:2:3::4
* 86400 A 1.2.3.4
* 86400 AAAA 1:2:3::4
; CVE-2021-25215 regression test data
self 86400 DNAME nil.
......@@ -295,5 +295,23 @@ grep 'status: NOERROR' dig.out.7.$n > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
# Regression test for CVE-2021-25215 (authoritative server).
n=`expr $n + 1`
echo_i "checking DNAME resolution via itself (authoritative) ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.2 DNAME self.domain0.self.domain0.nil. > dig.out.2.$n 2>&1
grep 'status: NOERROR' dig.out.2.$n > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
# Regression test for CVE-2021-25215 (recursive resolver).
n=`expr $n + 1`
echo_i "checking DNAME resolution via itself (recursive) ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.7 DNAME self.example.self.example.dname. > dig.out.7.$n 2>&1
grep 'status: NOERROR' dig.out.7.$n > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment