--- /dev/null
+#!/usr/bin/python3
+
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+import socket
+import time
+
+import pytest
+
+pytest.importorskip("dns")
+import dns.message
+import dns.query
+import dns.rcode
+
+
+def test_cve_2023_3341(named_port, control_port):
+ depth = 4500
+ # Should not be more than isccc_ccmsg_setmaxsize(&conn->ccmsg, 32768)
+ total_len = 10 + (depth * 7) - 6
+
+ with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
+ data = b"".join(
+ [
+ total_len.to_bytes(4, "big"), # <total lenght>
+ b"\x00\x00\x00\x01", # <version>
+ b"\x01\x41", # <size><name>
+ ]
+ )
+
+ for i in range(depth, 0, -1):
+ l = (i - 1) * 7
+ t = b"".join(
+ [
+ b"\x02", # ISCCC_CCMSGTYPE_TABLE
+ l.to_bytes(4, "big"), # <size>
+ b"\x01\x41", # <size><name>
+ ]
+ )
+ data = b"".join([data, t])
+
+ s.connect(("10.53.0.2", control_port))
+ s.sendall(data)
+
+ # Wait for named to (possibly) crash
+ time.sleep(10)
+ msg = dns.message.make_query("version.bind", "TXT", "CH")
+ ans = dns.query.udp(msg, "10.53.0.2", timeout=10, port=named_port)
+ assert ans.rcode() == dns.rcode.NOERROR
projects / thirdparty / bind9.git / commitdiff
