const int zname_labels = knot_dname_labels(k->zname, NULL);
int last_nxproven_labels = -1;
const knot_dname_t *name = qry->sname;
+
+ /* Avoid doing too much work on SHA1; we might consider that a part of mitigating
+ * CVE-2023-50868: NSEC3 closest encloser proof can exhaust CPU
+ * As currently the code iterates from the longest name, we limit that.
+ * Note that we don't want to limit too much, as the alternative usually includes
+ * sending more queries upstream, which would come with nontrivial work, too.
+ */
+ const int max_labels = zname_labels + kr_nsec3_max_depth(&ans->nsec_p.libknot);
+ if (sname_labels > max_labels)
+ VERBOSE_MSG(qry, "=> NSEC3 hashing partly skipped due to too long SNAME (CVE-2023-50868)\n");
+
for (int name_labels = sname_labels; name_labels >= zname_labels;
--name_labels, name += 1 + name[0]) {
+ if (name_labels > max_labels)
+ continue; // avoid the hashing
+
/* Find a previous-or-equal NSEC3 in cache covering the name,
* checking TTL etc. */
const knot_db_val_t key = key_NSEC3_name(k, name, false, &ans->nsec_p);
return kr_nsec3_limited(params->iterations, params->salt.size);
}
+/** Return limit on NSEC3 depth. The point is to avoid doing too much work on SHA1.
+ *
+ * CVE-2023-50868: NSEC3 closest encloser proof can exhaust CPU
+ *
+ * 128 is chosen so that zones with good NSEC3 parameters (giving _price() == 1)
+ * won't be limited in any way. Performance doesn't seem too bad with that either.
+ */
+static inline int kr_nsec3_max_depth(const dnssec_nsec3_params_t *params)
+{
+ return 128 / kr_nsec3_price(params->iterations, params->salt.size);
+}
+
/**
* Name error response check (RFC5155 7.2.2).
projects / thirdparty / knot-resolver.git / commitdiff
