Backport of CVE-2020-25829 (any-cache-update) to 4.1.x

author Otto Moerbeek <otto.moerbeek@open-xchange.com>

Mon, 12 Oct 2020 08:08:08 +0000 (10:08 +0200)

committer Otto Moerbeek <otto.moerbeek@open-xchange.com>

Mon, 12 Oct 2020 08:08:08 +0000 (10:08 +0200)
author Otto Moerbeek <otto.moerbeek@open-xchange.com>
Mon, 12 Oct 2020 08:08:08 +0000 (10:08 +0200)
committer Otto Moerbeek <otto.moerbeek@open-xchange.com>
Mon, 12 Oct 2020 08:08:08 +0000 (10:08 +0200)
diff --git a/pdns/recursor_cache.cc b/pdns/recursor_cache.cc

index 9ccecf8c59830c1244e81bc7f116b0e922bee180..216245ca431091180fa98b5b3d635e40dd1b8707 100644 (file)
--- a/pdns/recursor_cache.cc
+++ b/pdns/recursor_cache.cc
@@ -413,9 +413,14 @@ bool MemRecursorCache::doAgeCache(time_t now, const DNSName& name, uint16_t qtyp
  
  bool MemRecursorCache::updateValidationStatus(time_t now, const DNSName &qname, const QType& qt, const ComboAddress& who, bool requireAuth, vState newState)
  {
+  if (qt == QType::ANY || qt == QType::ADDR) {
+    // not doing that
+    return false;
+  }
+
    bool updated = false;
    uint16_t qtype = qt.getCode();
-  if (qtype != QType::ANY && qtype != QType::ADDR && !d_ecsIndex.empty()) {
+  if (!d_ecsIndex.empty()) {
      auto entry = getEntryUsingECSIndex(now, qname, qtype, requireAuth, who);
      if (entry == d_cache.end()) {
        return false;
@@ -434,8 +439,7 @@ bool MemRecursorCache::updateValidationStatus(time_t now, const DNSName &qname,
      i->d_state = newState;
      updated = true;
  
-    if(qtype != QType::ANY && qtype != QType::ADDR) // normally if we have a hit, we are done
-      break;
+    break;
    }
  
    return updated;
author	Otto Moerbeek <otto.moerbeek@open-xchange.com>
	Mon, 12 Oct 2020 08:08:08 +0000 (10:08 +0200)
committer	Otto Moerbeek <otto.moerbeek@open-xchange.com>
	Mon, 12 Oct 2020 08:08:08 +0000 (10:08 +0200)