|
 |
9abc64 |
From f6ca6392adf7f5a94c804d8a8a1233d90170f490 Mon Sep 17 00:00:00 2001
|
|
|
9abc64 |
From: Petr Mensik <pemensik@redhat.com>
|
|
|
9abc64 |
Date: Fri, 15 May 2020 14:56:33 +0200
|
|
|
9abc64 |
Subject: [PATCH] CVE-2020-8617
|
|
|
9abc64 |
|
|
|
9abc64 |
5390. [security] Replaying a TSIG BADTIME response as a request could
|
|
|
9abc64 |
trigger an assertion failure. (CVE-2020-8617)
|
|
|
9abc64 |
[GL #1703]
|
|
|
9abc64 |
---
|
|
|
9abc64 |
lib/dns/tsig.c | 7 ++++---
|
|
|
9abc64 |
1 file changed, 4 insertions(+), 3 deletions(-)
|
|
|
9abc64 |
|
|
|
9abc64 |
diff --git a/lib/dns/tsig.c b/lib/dns/tsig.c
|
|
|
9abc64 |
index c6f9d1b..aee8eb0 100644
|
|
|
9abc64 |
--- a/lib/dns/tsig.c
|
|
|
9abc64 |
+++ b/lib/dns/tsig.c
|
|
|
9abc64 |
@@ -1431,8 +1431,9 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
|
|
|
9abc64 |
goto cleanup_context;
|
|
|
9abc64 |
}
|
|
|
9abc64 |
msg->verified_sig = 1;
|
|
|
9abc64 |
- } else if (tsig.error != dns_tsigerror_badsig &&
|
|
|
9abc64 |
- tsig.error != dns_tsigerror_badkey) {
|
|
|
9abc64 |
+ } else if (!response || (tsig.error != dns_tsigerror_badsig &&
|
|
|
9abc64 |
+ tsig.error != dns_tsigerror_badkey))
|
|
|
9abc64 |
+ {
|
|
|
9abc64 |
tsig_log(msg->tsigkey, 2, "signature was empty");
|
|
|
9abc64 |
return (DNS_R_TSIGVERIFYFAILURE);
|
|
|
9abc64 |
}
|
|
|
9abc64 |
@@ -1488,7 +1489,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
|
|
|
9abc64 |
}
|
|
|
9abc64 |
}
|
|
|
9abc64 |
|
|
|
9abc64 |
- if (tsig.error != dns_rcode_noerror) {
|
|
|
9abc64 |
+ if (response && tsig.error != dns_rcode_noerror) {
|
|
|
9abc64 |
msg->tsigstatus = tsig.error;
|
|
|
9abc64 |
if (tsig.error == dns_tsigerror_badtime)
|
|
|
9abc64 |
ret = DNS_R_CLOCKSKEW;
|
|
|
9abc64 |
--
|
|
|
9abc64 |
2.21.1
|
|
|
9abc64 |
|