Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:yukoff:openSUSE:Leap:42.1:Backports
pdns
limit_axfr.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File limit_axfr.patch of Package pdns
From: Adam Majer <amajer@suse.de> Date: Mon, 08 Aug 2016 11:03:51 +0200 Subject: Add limits to the size of received AXFR, in megabytes References: bnc#987872, CVE-2016-6172 Upstream: https://github.com/PowerDNS/pdns/commit/0d7042b4178b7c0324b2450ed505f4cf587fa694 Index: pdns-3.4.6/pdns/common_startup.cc =================================================================== --- pdns-3.4.6.orig/pdns/common_startup.cc +++ pdns-3.4.6/pdns/common_startup.cc @@ -167,6 +167,8 @@ void declareArguments() ::arg().set("include-dir","Include *.conf files from this directory"); ::arg().set("security-poll-suffix","Domain name from which to query security update notifications")="secpoll.powerdns.com."; + + ::arg().set("xfr-max-received-mbytes", "Maximum number of megabytes received from an incoming AXFR")="100"; } static uint64_t uptimeOfProcess(const std::string& str) Index: pdns-3.4.6/pdns/pdns.conf-dist =================================================================== --- pdns-3.4.6.orig/pdns/pdns.conf-dist +++ pdns-3.4.6/pdns/pdns.conf-dist @@ -519,4 +519,9 @@ # # webserver-print-arguments=no +################################# +# xfr-max-received-mbytes Maximum number of megabytes received from an incoming AXFR +# +# xfr-max-received-mbytes=100 + Index: pdns-3.4.6/pdns/resolver.cc =================================================================== --- pdns-3.4.6.orig/pdns/resolver.cc +++ pdns-3.4.6/pdns/resolver.cc @@ -379,8 +379,9 @@ AXFRRetriever::AXFRRetriever(const Combo const string& tsigkeyname, const string& tsigalgorithm, const string& tsigsecret, - const ComboAddress* laddr) -: d_tsigkeyname(tsigkeyname), d_tsigsecret(tsigsecret), d_tsigPos(0), d_nonSignedMessages(0) + const ComboAddress* laddr, + size_t maxReceivedBytes) + : d_tsigkeyname(tsigkeyname), d_tsigsecret(tsigsecret), d_receivedBytes(0), d_maxReceivedBytes(maxReceivedBytes), d_tsigPos(0), d_nonSignedMessages(0) { ComboAddress local; if (laddr != NULL) { @@ -461,8 +462,14 @@ int AXFRRetriever::getChunk(Resolver::re int len=getLength(); if(len<0) throw ResolverException("EOF trying to read axfr chunk from remote TCP client"); - - timeoutReadn(len); + + if (d_maxReceivedBytes > 0 && (d_maxReceivedBytes - d_receivedBytes) < (size_t) len) + throw ResolverException("Reached the maximum number of received bytes during AXFR"); + + timeoutReadn(len); + + d_receivedBytes += (uint16_t) len; + MOADNSParser mdp(d_buf.get(), len); int err = parseResult(mdp, "", 0, 0, &res); Index: pdns-3.4.6/pdns/resolver.hh =================================================================== --- pdns-3.4.6.orig/pdns/resolver.hh +++ pdns-3.4.6/pdns/resolver.hh @@ -85,7 +85,8 @@ class AXFRRetriever : public boost::nonc const string& tsigkeyname=string(), const string& tsigalgorithm=string(), const string& tsigsecret=string(), - const ComboAddress* laddr = NULL); + const ComboAddress* laddr = NULL, + size_t maxReceivedBytes=0); ~AXFRRetriever(); int getChunk(Resolver::res_t &res); @@ -104,6 +105,8 @@ class AXFRRetriever : public boost::nonc string d_tsigsecret; string d_prevMac; // RFC2845 4.4 string d_signData; + size_t d_receivedBytes; + size_t d_maxReceivedBytes; uint32_t d_tsigPos; uint d_nonSignedMessages; // RFC2845 4.4 TSIGRecordContent d_trc; Index: pdns-3.4.6/pdns/slavecommunicator.cc =================================================================== --- pdns-3.4.6.orig/pdns/slavecommunicator.cc +++ pdns-3.4.6/pdns/slavecommunicator.cc @@ -151,7 +151,7 @@ void CommunicatorClass::suck(const strin vector<DNSResourceRecord> rrs; ComboAddress raddr(remote, 53); - AXFRRetriever retriever(raddr, domain.c_str(), tsigkeyname, tsigalgorithm, tsigsecret, (laddr.sin4.sin_family == 0) ? NULL : &laddr); + AXFRRetriever retriever(raddr, domain.c_str(), tsigkeyname, tsigalgorithm, tsigsecret, (laddr.sin4.sin_family == 0) ? NULL : &laddr, ((size_t) ::arg().asNum("xfr-max-received-mbytes")) * 1024 * 1024); Resolver::res_t recs; while(retriever.getChunk(recs)) { if(first) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor