mirror of
https://github.com/isc-projects/bind9.git
synced 2026-06-11 09:48:34 -04:00
[v9_10] fix rpz formerr loop
4531. [security] Some RPZ configurations could go into an infinite
query loop when encountering responses with TTL=0.
(CVE-2017-3140) [RT #45181]
(cherry picked from commit 3440cf9c60)
This commit is contained in:
Evan Hunt
parent
b9892c25c9
commit
a57b289ed0
5 changed files with 20 additions and 3 deletions
4
CHANGES
4
CHANGES
|
|
@ -1,3 +1,7 @@
|
|||
4531. [security] Some RPZ configurations could go into an infinite
|
||||
query loop when encountering responses with TTL=0.
|
||||
(CVE-2017-3140) [RT #45181]
|
||||
|
||||
4629. [bug] dns_client_startupdate could not be called with a
|
||||
running client. [RT #45277]
|
||||
|
||||
|
|
|
|||
5
README
5
README
|
|
@ -261,6 +261,11 @@ disclosed in CVE-2016-2775, CVE-2016-2776, CVE-2016-6170, CVE-2016-8864,
|
|||
CVE-2016-9131, CVE-2016-9147, CVE-2016-9444, CVE-2017-3135, CVE-2017-3136,
|
||||
CVE-2017-3137, and CVE-2017-3138.
|
||||
|
||||
BIND 9.10.6
|
||||
|
||||
BIND 9.10.6 is a maintenance release, and addresses the security flaw
|
||||
disclosed in CVE-2017-3140.
|
||||
|
||||
Building BIND
|
||||
|
||||
BIND requires a UNIX or Linux system with an ANSI C compiler, basic POSIX
|
||||
|
|
|
|||
|
|
@ -275,6 +275,11 @@ disclosed in CVE-2016-2775, CVE-2016-2776, CVE-2016-6170, CVE-2016-8864,
|
|||
CVE-2016-9131, CVE-2016-9147, CVE-2016-9444, CVE-2017-3135, CVE-2017-3136,
|
||||
CVE-2017-3137, and CVE-2017-3138.
|
||||
|
||||
#### BIND 9.10.6
|
||||
|
||||
BIND 9.10.6 is a maintenance release, and addresses the security flaw
|
||||
disclosed in CVE-2017-3140.
|
||||
|
||||
### <a name="build"/> Building BIND
|
||||
|
||||
BIND requires a UNIX or Linux system with an ANSI C compiler, basic POSIX
|
||||
|
|
|
|||
|
|
@ -7651,7 +7651,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
|||
/*
|
||||
* If we have a zero ttl from the cache refetch it.
|
||||
*/
|
||||
if (!is_zone && event == NULL && rdataset->ttl == 0 &&
|
||||
if (!is_zone && !resuming && rdataset->ttl == 0 &&
|
||||
RECURSIONOK(client))
|
||||
{
|
||||
if (dns_rdataset_isassociated(rdataset))
|
||||
|
|
@ -8093,7 +8093,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
|||
/*
|
||||
* If we have a zero ttl from the cache refetch it.
|
||||
*/
|
||||
if (!is_zone && event == NULL && rdataset->ttl == 0 &&
|
||||
if (!is_zone && !resuming && rdataset->ttl == 0 &&
|
||||
RECURSIONOK(client))
|
||||
{
|
||||
if (dns_rdataset_isassociated(rdataset))
|
||||
|
|
|
|||
|
|
@ -71,7 +71,10 @@
|
|||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
None.
|
||||
With certain RPZ configurations, a response with TTL 0
|
||||
could cause <command>named</command> to go into an infinite
|
||||
query loop. This flaw is disclosed in CVE-2017-3140.
|
||||
[RT #45181]
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
|
|
|||
Loading…
Reference in a new issue