]> git.ipfire.org Git - thirdparty/pdns.git/commit
projects / thirdparty / pdns.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d24089b) | patch
rec: Check the remote host on handleGenUDPQueryResponse()
authorRemi Gacogne <remi.gacogne@powerdns.com>
Mon, 13 Nov 2017 16:18:24 +0000 (17:18 +0100)
committerRemi Gacogne <remi.gacogne@powerdns.com>
Fri, 12 Jan 2018 11:23:44 +0000 (12:23 +0100)
commit7c77ce630aeaa54ae7fb64540a33b0ef55dddf6e
tree20cff2168105241a765c3961ceb2d9f5e38a0014tree
parentd24089b75a9f71c2433f7d5ca3eb7c64ea28abe3commit | diff
rec: Check the remote host on handleGenUDPQueryResponse()

We do connect the socket before sending, but it looks like various
kernels have a race condition allowing an attacker to inject a
packet between the bind() and the connect() calls, which then does
not necessarily comes from the expected host. Have fun.
pdns/pdns_recursor.cc diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.