From: Peter van Dijk <peter.van.dijk@powerdns.com>
Date: Tue, 2 Oct 2018 10:40:50 +0000 (+0200)
Subject: stop crashing on out-of-zone data during inbound AXFR
X-Git-Tag: dnsdist-1.3.3~75^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=15da1925cefee2d569de48ffd3e344cba7cf30dc;p=thirdparty%2Fpdns.git

stop crashing on out-of-zone data during inbound AXFR
---

diff --git a/pdns/ixfrdist.cc b/pdns/ixfrdist.cc
index 98fc97e820..7053c0e87e 100644
--- a/pdns/ixfrdist.cc
+++ b/pdns/ixfrdist.cc
@@ -342,6 +342,9 @@ void updateThread(const string& workdir, const uint16_t& keep, const uint16_t& a
           for(auto& dr : chunk) {
             if(dr.d_type == QType::TSIG)
               continue;
+            if(!dr.d_name.isPartOf(domain)) {
+              throw PDNSException("Out-of-zone data received during AXFR of "+domain.toLogString());
+            }
             dr.d_name.makeUsRelative(domain);
             records.insert(dr);
             nrecords++;
diff --git a/regression-tests.ixfrdist/test_IXFR.py b/regression-tests.ixfrdist/test_IXFR.py
index 23624c110a..217259583c 100644
--- a/regression-tests.ixfrdist/test_IXFR.py
+++ b/regression-tests.ixfrdist/test_IXFR.py
@@ -36,7 +36,8 @@ class IXFRDistBasicTest(IXFRDistTest):
     global xfrServerPort
     _xfrDone = 0
     _config_domains = { 'example': '127.0.0.1:' + str(xfrServerPort),
-                        'example2': '127.0.0.1:1' } # bogus port is intentional
+                        'example2': '127.0.0.1:1',       # bogus port is intentional
+                        'example4': '127.0.0.1:' + str(xfrServerPort) }
 
     @classmethod
     def setUpClass(cls):