mirror of
https://github.com/isc-projects/bind9.git
synced 2026-05-28 04:34:54 -04:00
d5ba6e1c26
The three tools interpolated their key-name argument verbatim into the
generated 'key "..." { ... };' clause. A name containing '"', '{', '}',
or ';' could close the clause and append additional named.conf
statements — for example, a second key block with an attacker-chosen
secret. The injected output passes named-checkconf and is loaded by
named as a valid configuration. The risk shows up when an automation
wrapper feeds tenant or zone names from a less-trusted source through
-k / -y / -s / -z (or the tsig-keygen positional argument).
Validate the final key name (after the optional -s / -z suffix is
concatenated in tsig-keygen) against [A-Za-z0-9._-]+ and exit with an
error otherwise. The allowlist covers the documented usage; every
character used in the injection vectors is excluded.
Add a system test that runs the documented PoC payloads through each
tool and asserts a non-zero exit, plus sanity coverage for the default
key names and dotted DNS-style names.
Assisted-by: Claude:claude-opus-4-7
39 lines
926 B
C
39 lines
926 B
C
/*
|
|
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
*
|
|
* SPDX-License-Identifier: MPL-2.0
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
*
|
|
* See the COPYRIGHT file distributed with this work for additional
|
|
* information regarding copyright ownership.
|
|
*/
|
|
|
|
#pragma once
|
|
|
|
/*! \file */
|
|
|
|
#include <isc/buffer.h>
|
|
#include <isc/mem.h>
|
|
|
|
#include <dns/secalg.h>
|
|
|
|
void
|
|
validate_keyname(const char *keyname);
|
|
|
|
void
|
|
generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize,
|
|
isc_buffer_t *key_txtbuffer);
|
|
|
|
void
|
|
write_key_file(const char *keyfile, const char *user, const char *keyname,
|
|
isc_buffer_t *secret, dns_secalg_t alg);
|
|
|
|
const char *
|
|
alg_totext(dns_secalg_t alg);
|
|
dns_secalg_t
|
|
alg_fromtext(const char *name);
|
|
int
|
|
alg_bits(dns_secalg_t alg);
|