From: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Date: Mon, 12 Oct 2020 08:11:21 +0000 (+0200)
Subject: Backport of CVE-2020-25829 (any-cache-update) to 4.2.x
X-Git-Tag: rec-4.2.5^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F9603%2Fhead;p=thirdparty%2Fpdns.git

Backport of CVE-2020-25829 (any-cache-update) to 4.2.x
---

diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index 50e0dc9620..59e21e2763 100644
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -952,6 +952,11 @@ DNSName SyncRes::getBestNSNamesFromCache(const DNSName &qname, const QType& qtyp
 
 void SyncRes::updateValidationStatusInCache(const DNSName &qname, const QType& qt, bool aa, vState newState) const
 {
+  if (qt == QType::ANY || qt == QType::ADDR) {
+    // not doing that
+    return;
+  }
+
   if (newState == Bogus) {
     t_RC->updateValidationStatus(d_now.tv_sec, qname, qt, d_cacheRemote, aa, newState, s_maxbogusttl + d_now.tv_sec);
   }