$rr = new Net::DNS::RR("$synth2 $ttl $qclass DNAME .");
push @ans, $rr;
$rcode = "NOERROR";
+ # The following three code branches referring to the "example.dname"
+ # zone are necessary for the resolver variant of the CVE-2021-25215
+ # regression test to work. A named instance cannot be used for
+ # serving the DNAME records below as a version of BIND vulnerable to
+ # CVE-2021-25215 would crash while answering the queries asked by
+ # the tested resolver.
+ } elsif ($qname eq "ns3.example.dname") {
+ if ($qtype eq "A") {
+ my $rr = new Net::DNS::RR("$qname $ttl $qclass A 10.53.0.3");
+ push @ans, $rr;
+ }
+ if ($qtype eq "AAAA") {
+ my $rr = new Net::DNS::RR("example.dname. $ttl $qclass SOA . . 0 0 0 0 $ttl");
+ push @auth, $rr;
+ }
+ $rcode = "NOERROR";
+ } elsif ($qname eq "self.example.self.example.dname") {
+ my $rr = new Net::DNS::RR("self.example.dname. $ttl $qclass DNAME dname.");
+ push @ans, $rr;
+ $rr = new Net::DNS::RR("$qname $ttl $qclass CNAME self.example.dname.");
+ push @ans, $rr;
+ $rcode = "NOERROR";
+ } elsif ($qname eq "self.example.dname") {
+ if ($qtype eq "DNAME") {
+ my $rr = new Net::DNS::RR("$qname $ttl $qclass DNAME dname.");
+ push @ans, $rr;
+ }
+ $rcode = "NOERROR";
} else {
$rcode = "REFUSED";
}
example.broken. NS ns3.example.broken.
ns3.example.broken. A 10.53.0.3
+; for the resolver variant of the CVE-2021-25215 regression test
+example.dname. NS ns3.example.dname.
+ns3.example.dname. A 10.53.0.3
+
domain0.nil. NS ns2.domain0.nil
domain1.nil. NS ns2.domain0.nil
domain2.nil. NS ns2.domain0.nil
@ 86400 AAAA 1:2:3::4
* 86400 A 1.2.3.4
* 86400 AAAA 1:2:3::4
+; CVE-2021-25215 regression test data
+self 86400 DNAME nil.
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
+# Regression test for CVE-2021-25215 (authoritative server).
+n=`expr $n + 1`
+echo_i "checking DNAME resolution via itself (authoritative) ($n)"
+ret=0
+$DIG $DIGOPTS @10.53.0.2 DNAME self.domain0.self.domain0.nil. > dig.out.2.$n 2>&1
+grep 'status: NOERROR' dig.out.2.$n > /dev/null 2>&1 || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+# Regression test for CVE-2021-25215 (recursive resolver).
+n=`expr $n + 1`
+echo_i "checking DNAME resolution via itself (recursive) ($n)"
+ret=0
+$DIG $DIGOPTS @10.53.0.7 DNAME self.example.self.example.dname. > dig.out.7.$n 2>&1
+grep 'status: NOERROR' dig.out.7.$n > /dev/null 2>&1 || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
projects / thirdparty / bind9.git / commitdiff
