upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-26 11:22:52 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
bind9/lib
History
Ondřej Surý c420039fee
Fix GSS-API context leak in TKEY negotiation 
Reject multi-round GSS-API negotiation (GSS_S_CONTINUE_NEEDED) in
dst_gssapi_acceptctx().  Each call to gss_accept_sec_context()
allocates a context inside the GSS library; without this fix, the
context handle was passed back to process_gsstkey() which did not
store it persistently, leaking it on every incomplete negotiation.

An unauthenticated attacker could exhaust server memory by sending
repeated TKEY queries with GSSAPI tokens, each leaking one GSS
context.  The leaked memory is allocated by the GSS library via
malloc(), bypassing BIND's memory accounting.

In practice, Kerberos/SPNEGO (the only mechanism used with BIND)
completes in a single round, so rejecting continuation does not
affect real-world deployments.  See RFC 3645 Section 4.1.3.

(cherry picked from commit 3d8e0d068f08694282c5ecd3bd6c332de6c75485)
2026-05-07 13:21:59 +02:00
..
bind9 Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
dns Fix GSS-API context leak in TKEY negotiation 2026-05-07 13:21:59 +02:00
irs standardize CHECK and RETERR macros 2025-12-03 19:18:12 -08:00
isc Add MOVE_OWNERSHIP() macro for transferring pointer ownership 2026-03-23 12:05:18 +01:00
isccc Remove redundant parentheses from the return statement 2024-11-19 16:06:16 +01:00
isccfg standardize CHECK and RETERR macros 2025-12-03 19:18:12 -08:00
ns Apply XFR-out quota after ACL is checked 2026-05-07 13:21:59 +02:00
.gitignore The isc/platform.h header has been completely removed 2021-07-06 05:33:48 +00:00
Makefile.am move samples/resolve.c to bin/tests/system 2021-04-16 14:29:43 +02:00