Blob Blame History Raw
From e2aae621408c7622d094f13a67b928f911a2793b Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Tue, 18 Aug 2020 10:55:50 +0200
Subject: [PATCH] Fix CVE-2020-8624

5481.	[security]	"update-policy" rules of type "subdomain" were
			incorrectly treated as "zonesub" rules, which allowed
			keys used in "subdomain" rules to update names outside
			of the specified subdomains. The problem was fixed by
			making sure "subdomain" rules are again processed as
			described in the ARM. (CVE-2020-8624) [GL #2055]
---
 bin/named/zoneconf.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c
index 55f191b..b77a07c 100644
--- a/bin/named/zoneconf.c
+++ b/bin/named/zoneconf.c
@@ -239,7 +239,8 @@ configure_zone_ssutable(const cfg_obj_t *zconfig, dns_zone_t *zone,
 
 		str = cfg_obj_asstring(matchtype);
 		CHECK(dns_ssu_mtypefromstring(str, &mtype));
-		if (mtype == dns_ssumatchtype_subdomain) {
+		if (mtype == dns_ssumatchtype_subdomain &&
+		    strcasecmp(str, "zonesub") == 0) {
 			usezone = true;
 		}
 
-- 
2.26.2