]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ae17992) | patch
Reproducer for CVE-2023-2911
authorTom Krizek <tkrizek@isc.org>
Mon, 24 Jul 2023 14:29:31 +0000 (16:29 +0200)
committerTom Krizek <tkrizek@isc.org>
Tue, 25 Jul 2023 07:23:24 +0000 (09:23 +0200)
commitf617512d37f2ce95902eacef46192ece4246dc31
tree4f0c0d00943048f54719813a50584d05872720c1tree | snapshot
parentae179921e0e40b8a8f9f0fbfa863586ec7db5b75commit | diff
Reproducer for CVE-2023-2911

The conditions that trigger the crash:
- a stale record is in cache
- stale-answer-client-timeout is 0
- multiple clients query for the stale record, enough of them to exceed
  the recursive-clients quota
- the response from the authoritative is sufficiently delayed so that
  recursive-clients quota is exceeded first

The reproducer attempts to simulate this situation. However, it hasn't
proven to be 100 % reproducible, especially in CI. When reproducing
locally, the priming query also seems to sometimes interfere and prevent
the crash. When the reproducer is ran twice, it appears to be more
reliable in reproducing the issue.
bin/tests/system/serve-stale/ns3/named4.conf.in diff | blob | blame | history
bin/tests/system/serve-stale/tests.sh diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git