]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 16adeb3) | patch
[v9_9] limit recursion depth and iterative queries
authorEvan Hunt <each@isc.org>
Tue, 18 Nov 2014 07:49:07 +0000 (23:49 -0800)
committerEvan Hunt <each@isc.org>
Tue, 18 Nov 2014 07:49:07 +0000 (23:49 -0800)
commit603a0e2637b35a2da820bc807f69bcf09c682dce
tree3e4e63786a72cddc7cd0d12cdc859a35dc6f873btree | snapshot
parent16adeb3661c51427957d6dc0b01a5b4f4a0b8ff8commit | diff
[v9_9] limit recursion depth and iterative queries

4006. [security] A flaw in delegation handling could be exploited
to put named into an infinite loop.  This has
been addressed by placing limits on the number
of levels of recursion named will allow (default 7),
and the number of iterative queries that it will
send (default 50) before terminating a recursive
query (CVE-2014-8500).

The recursion depth limit is configured via the
"max-recursion-depth" option.  [RT #35780]
20 files changed:
CHANGES diff | blob | blame | history
bin/named/config.c diff | blob | blame | history
bin/named/include/named/query.h diff | blob | blame | history
bin/named/query.c diff | blob | blame | history
bin/named/server.c diff | blob | blame | history
bin/tests/system/many/clean.sh [new file with mode: 0644] blob
bin/tests/system/many/ns1/named.conf [new file with mode: 0644] blob
bin/tests/system/many/ns2/named.conf [new file with mode: 0644] blob
bin/tests/system/many/ns3/named.conf [new file with mode: 0644] blob
bin/tests/system/many/ns4/named.conf [new file with mode: 0644] blob
bin/tests/system/many/ns5/hints.db [new file with mode: 0644] blob
bin/tests/system/many/ns5/named.conf [new file with mode: 0644] blob
bin/tests/system/many/setup.sh [new file with mode: 0644] blob
bin/tests/system/many/tests.sh [new file with mode: 0644] blob
doc/arm/Bv9ARM-book.xml diff | blob | blame | history
lib/dns/adb.c diff | blob | blame | history
lib/dns/include/dns/adb.h diff | blob | blame | history
lib/dns/include/dns/resolver.h diff | blob | blame | history
lib/dns/resolver.c diff | blob | blame | history
lib/isccfg/namedconf.c diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git