Reproducer for CVE-2023-2911 (!8132) · Merge requests · ISC Open Source Projects / BIND

Nicki Křížek requested to merge 4089-stale-query-loop-test into main Jul 24, 2023

The conditions that trigger the crash:

a stale record is in cache
stale-answer-client-timeout is 0
multiple clients query for the stale record, enough of them to exceed the recursive-clients quota
the response from the authoritative is sufficiently delayed so that recursive-clients quota is exceeded first

The reproducer attempts to simulate this situation. However, it hasn't proven to be 100 % reproducible, especially in CI. When reproducing locally, the priming query also seems to sometimes interfere and prevent the crash. When the reproducer is ran twice, it appears to be more reliable in reproducing the issue.

Closes #4089 (closed)

reproducer failing on affected 9.18: https://gitlab.isc.org/isc-projects/bind9/-/pipelines/143454
reproducer failing on affected 9.16: https://gitlab.isc.org/isc-projects/bind9/-/pipelines/143456

Reproducer for CVE-2023-2911

Merge request reports