mirror of
https://github.com/isc-projects/bind9.git
synced 2026-06-11 10:29:59 -04:00
[v9_9] fix rpz formerr loop
4531. [security] Some RPZ configurations could go into an infinite query loop when encountering responses with TTL=0. (CVE-2017-3140) [RT #45181] (cherry picked from commit3440cf9c60) (cherry picked from commita57b289ed0)
This commit is contained in:
Evan Hunt
parent
fbfaa3e731
commit
10f80ef83a
5 changed files with 20 additions and 3 deletions
4
CHANGES
4
CHANGES
|
|
@ -1,3 +1,7 @@
|
|||
4531. [security] Some RPZ configurations could go into an infinite
|
||||
query loop when encountering responses with TTL=0.
|
||||
(CVE-2017-3140) [RT #45181]
|
||||
|
||||
4629. [bug] dns_client_startupdate could not be called with a
|
||||
running client. [RT #45277]
|
||||
|
||||
|
|
|
|||
5
README
5
README
|
|
@ -229,6 +229,11 @@ disclosed in CVE-2016-2775, CVE-2016-2776, CVE-2016-6170, CVE-2016-8864,
|
|||
CVE-2016-9131, CVE-2016-9147, CVE-2016-9444, CVE-2017-3135, CVE-2017-3136,
|
||||
CVE-2017-3137, and CVE-2017-3138.
|
||||
|
||||
BIND 9.9.11
|
||||
|
||||
BIND 9.9.11 is a maintenance release, and addresses the security flaw
|
||||
disclosed in CVE-2017-3140.
|
||||
|
||||
Building BIND
|
||||
|
||||
BIND requires a UNIX or Linux system with an ANSI C compiler, basic POSIX
|
||||
|
|
|
|||
|
|
@ -246,6 +246,11 @@ flaws disclosed in CVE-2016-2775, CVE-2016-2776, CVE-2016-6170,
|
|||
CVE-2016-8864, CVE-2016-9131, CVE-2016-9147, CVE-2016-9444,
|
||||
CVE-2017-3135, CVE-2017-3136, CVE-2017-3137, and CVE-2017-3138.
|
||||
|
||||
#### BIND 9.9.11
|
||||
|
||||
BIND 9.9.11 is a maintenance release, and addresses the security flaw
|
||||
disclosed in CVE-2017-3140.
|
||||
|
||||
### <a name="build"/> Building BIND
|
||||
|
||||
BIND requires a UNIX or Linux system with an ANSI C compiler, basic POSIX
|
||||
|
|
|
|||
|
|
@ -7033,7 +7033,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
|||
/*
|
||||
* If we have a zero ttl from the cache refetch it.
|
||||
*/
|
||||
if (!is_zone && event == NULL && rdataset->ttl == 0 &&
|
||||
if (!is_zone && !resuming && rdataset->ttl == 0 &&
|
||||
RECURSIONOK(client))
|
||||
{
|
||||
if (dns_rdataset_isassociated(rdataset))
|
||||
|
|
@ -7455,7 +7455,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
|||
/*
|
||||
* If we have a zero ttl from the cache refetch it.
|
||||
*/
|
||||
if (!is_zone && event == NULL && rdataset->ttl == 0 &&
|
||||
if (!is_zone && !resuming && rdataset->ttl == 0 &&
|
||||
RECURSIONOK(client))
|
||||
{
|
||||
if (dns_rdataset_isassociated(rdataset))
|
||||
|
|
|
|||
|
|
@ -73,7 +73,10 @@
|
|||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
None.
|
||||
With certain RPZ configurations, a response with TTL 0
|
||||
could cause <command>named</command> to go into an infinite
|
||||
query loop. This flaw is disclosed in CVE-2017-3140.
|
||||
[RT #45181]
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
|
|
|||
Loading…
Reference in a new issue