From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 24 Jun 2020 23:59:54 +0000 (+1200)
Subject: CVE-2020-14303 Ensure an empty packet will not DoS the NBT server
X-Git-Tag: samba-4.10.17~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9773231e3a53291214a914ed168065f5ed5ea1e6;p=thirdparty%2Fsamba.git

CVE-2020-14303 Ensure an empty packet will not DoS the NBT server

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

(backported from master commit)
[abartlet@samba.org: Remove f"" format string not supported in
 Python 3.4]
---

diff --git a/python/samba/tests/dns_packet.py b/python/samba/tests/dns_packet.py
index a9996664e57..68e4d154cad 100644
--- a/python/samba/tests/dns_packet.py
+++ b/python/samba/tests/dns_packet.py
@@ -155,6 +155,19 @@ class TestDnsPacketBase(TestCase):
         rcode = self.decode_reply(data)['rcode']
         return expected_rcode == rcode
 
+    def _test_empty_packet(self):
+
+        packet = b""
+        s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+        s.sendto(packet, self.server)
+        s.close()
+
+        # It is reasonable not to reply to an empty packet
+        # but it is not reasonable to render the server
+        # unresponsive.
+        ok = self._known_good_query()
+        self.assertTrue(ok, "the server is unresponsive")
+
 
 class TestDnsPackets(TestDnsPacketBase):
     server = (SERVER, 53)
@@ -173,6 +186,9 @@ class TestDnsPackets(TestDnsPacketBase):
         label = b'x.' * 31 + b'x'
         self._test_many_repeated_components(label, 127)
 
+    def test_empty_packet(self):
+        self._test_empty_packet()
+
 
 class TestNbtPackets(TestDnsPacketBase):
     server = (SERVER, 137)
@@ -208,3 +224,6 @@ class TestNbtPackets(TestDnsPacketBase):
     def test_127_half_dotty_components(self):
         label = b'x.' * 31 + b'x'
         self._test_many_repeated_components(label, 127)
+
+    def test_empty_packet(self):
+        self._test_empty_packet()
diff --git a/selftest/knownfail.d/empty-nbt b/selftest/knownfail.d/empty-nbt
new file mode 100644
index 00000000000..e4bcccab4e5
--- /dev/null
+++ b/selftest/knownfail.d/empty-nbt
@@ -0,0 +1 @@
+^samba.tests.dns_packet.samba.tests.dns_packet.TestNbtPackets.test_empty_packet
\ No newline at end of file