GitLab

[CVE-2020-8616] [CVE-2020-8617] Merge 9.14.12 release branch

See merge request !3564

Mark Andrews authored May 01, 2020 and Michał Kępień committed May 05, 2020

1388 confidential issue security v9 14

See merge request isc-private/bind9!152

Mark Andrews authored Mar 31, 2020 and Michał Kępień committed May 05, 2020

from max-recursion-queries limits.

Stephen Morris authored Mar 05, 2020 and Michał Kępień committed May 05, 2020

Add a system test that counts how many address fetches are made
for different numbers of NS records and checks that the number
are successfully limited.

Mark Andrews authored Apr 21, 2020 and Michał Kępień committed May 05, 2020

1703 tsig verify failure security v9 14

See merge request isc-private/bind9!149

Mark Andrews authored Feb 06, 2020 and Michał Kępień committed May 05, 2020

If there are more that 5 NS record for a zone only perform a
maximum of 4 address lookups for all the name servers.  This
limits the amount of remote lookup performed for server
addresses at each level for a given query.

Prepare release notes for BIND 9.14.12

See merge request !3496

Incorrect job in needs, gcc:asan -> clang:asan

See merge request !3463

(cherry picked from commit 0adf9562)

[v9_14] Fix "srcid" on Windows

See merge request !3372

Windows BIND releases produced by GitLab CI are built from Git
repositories, not from release tarballs, which means the "srcid" file is
not present in the top source directory when MSBuild is invoked.  This
causes the Git commit hash for such builds to be set to "unset_id".
Enable win32utils/Configure to try determining the commit hash for a
build by invoking Git on the build host if the "srcid" file is not
present (which is what its Unix counterpart does).

(cherry picked from commit 05e13e7c)

Merge branch '1574-confidential-issue-rebinding-protection-fail-in-forwarding-mode-v9_14' into 'v9_14'

Resolve "DNS rebinding protection is ineffective when BIND is configured as a forwarding DNS server"

See merge request !3344

Diego Fronza authored Feb 13, 2020 and Ondřej Surý committed Apr 08, 2020

This test asserts that option "deny-answer-aliases" works correctly
when forwarding requests.

As a matter of example, the behavior expected for a forwarder BIND
instance, having an option such as deny-answer-aliases { "domain"; }
is that when forwarding a request for *.anything-but-domain, it is
expected that it will return SERVFAIL if any answer received has a CNAME
for "*.domain".

Diego Fronza authored Feb 13, 2020 and Ondřej Surý committed Apr 08, 2020

BIND wasn't honoring option "deny-answer-aliases" when configured to
forward queries.

Before the fix it was possible for nameservers listed in "forwarders"
option to return CNAME answers pointing to unrelated domains of the
original query, which could be used as a vector for rebinding attacks.

The fix ensures that BIND apply filters even if configured as a forwarder
instance.

Fix new warnings reported by scan-build from LLVM/Clang 10 (v9.14) v2

See merge request !3297

These are mostly false positives, the clang-analyzer FAQ[1] specifies
why and how to fix it:

> The reason the analyzer often thinks that a pointer can be null is
> because the preceding code checked compared it against null. So if you
> are absolutely sure that it cannot be null, remove the preceding check
> and, preferably, add an assertion as well.

The 2 warnings reported are:

dnssec-cds.c:781:4: warning: Access to field 'base' results in a dereference of a null pointer (loaded from variable 'buf')
                        isc_buffer_availableregion(buf, &r);
                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/builds/isc-projects/bind9/lib/isc/include/isc/buffer.h:996:36: note: expanded from macro 'isc_buffer_availableregion'
                                   ^
/builds/isc-projects/bind9/lib/isc/include/isc/buffer.h:821:16: note: expanded from macro 'ISC__BUFFER_AVAILABLEREGION'
                (_r)->base = isc_buffer_used(_b);              \
                             ^~~~~~~~~~~~~~~~~~~
/builds/isc-projects/bind9/lib/isc/include/isc/buffer.h:152:29: note: expanded from macro 'isc_buffer_used'
        ((void *)((unsigned char *)(b)->base + (b)->used)) /*d*/
                                   ^~~~~~~~~
1 warning generated.

--

./main.c:1254:9: warning: Access to field 'sctx' results in a dereference of a null pointer (loaded from variable 'named_g_server')
        sctx = named_g_server->sctx;
               ^~~~~~~~~~~~~~~~~~~~
1 warning generated.

References:
1. https://clang-analyzer.llvm.org/faq.html#null_pointer

The 1 warning reported is:

os.c:872:7: warning: Although the value stored to 'ptr' is used in the enclosing expression, the value is never actually read from 'ptr'
        if ((ptr = strtok_r(command, " \t", &last)) == NULL) {
             ^     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.

[v9_14] Miscellaneous .gitlab-ci.yml cleanups

See merge request !3301

Some YAML anchors defined in .gitlab-ci.yml are not subsequently used.
Remove them to prevent confusion.

(cherry picked from commit 3d121ede)

compiledb is already included in the Docker image used by the cppcheck
job.  Do not attempt installing it again.

(cherry picked from commit 3d264dbe)

Most build/test job names already contain a "clang", "gcc", or "msvc"
prefix which indicates the compiler used for a given job.  Apply that
naming convention to all build/test job names.

(cherry picked from commit 0c898084)

Multiple YAML keys have identical values for both TSAN unit test job
definitions.  Extract these common keys to a YAML anchor and use it in
TSAN unit test job definitions to reduce code duplication.

(cherry picked from commit 84463f33)