Reject AXFR streams where the message id is not consistent.

author Mark Andrews <marka@isc.org>

Thu, 16 Apr 2020 06:59:33 +0000 (16:59 +1000)

committer Mark Andrews <marka@isc.org>

Mon, 20 Apr 2020 08:24:12 +0000 (18:24 +1000)
author Mark Andrews <marka@isc.org>
Thu, 16 Apr 2020 06:59:33 +0000 (16:59 +1000)
committer Mark Andrews <marka@isc.org>
Mon, 20 Apr 2020 08:24:12 +0000 (18:24 +1000)
diff --git a/CHANGES b/CHANGES

index 44f01ad9b041487aafaf73d7308836cc1c2fe151..6d6435e2bda07ddf7c2a760a74b6d4a19725d543 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,9 @@
-5386.  [cleanup]       Address Coverity warnings in keymgr.c [GL #1737]
+5388.  [func]          Reject AXFR streams where the message id is not
+                       consistent. [GL #1674]
+
+5387.  [placeholder]
  
+5386.  [cleanup]       Address Coverity warnings in keymgr.c [GL #1737]
  
  5385.  [func]          Make ISC rwlock implementation the default again.
                         [GL #1753]
diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c

index c5a6d2d351ec509bd536a2e07e28baa6d084850d..657ee4a5d4a700a1e2117aacec2e5dcdd8160e6a 100644 (file)
--- a/lib/dns/xfrin.c
+++ b/lib/dns/xfrin.c
@@ -111,7 +111,6 @@ struct dns_xfrin_ctx {
         dns_name_t name; /*%< Name of zone to transfer */
         dns_rdataclass_t rdclass;
  
-       bool checkid;
         dns_messageid_t id;
  
         /*%
@@ -551,9 +550,6 @@ redo:
                                   xfr->ixfr.request_serial, xfr->end_serial);
                         FAIL(DNS_R_UPTODATE);
                 }
-               if (xfr->reqtype == dns_rdatatype_axfr) {
-                       xfr->checkid = false;
-               }
                 xfr->state = XFRST_FIRSTDATA;
                 break;
  
@@ -835,7 +831,6 @@ xfrin_create(isc_mem_t *mctx, dns_zone_t *zone, dns_db_t *db, isc_task_t *task,
  
         dns_name_init(&xfr->name, NULL);
         xfr->rdclass = rdclass;
-       xfr->checkid = true;
         xfr->id = (dns_messageid_t)isc_random16();
         xfr->reqtype = reqtype;
         xfr->dscp = dscp;
@@ -1145,7 +1140,6 @@ xfrin_send_request(dns_xfrin_ctx_t *xfr) {
                                           &xfr->ixfr.request_serial));
         }
  
-       xfr->checkid = true;
         xfr->id++;
         xfr->nmsg = 0;
         xfr->nrecs = 0;
@@ -1289,7 +1283,7 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) {
  
         if (result != ISC_R_SUCCESS || msg->rcode != dns_rcode_noerror ||
             msg->opcode != dns_opcode_query || msg->rdclass != xfr->rdclass ||
-           (xfr->checkid && msg->id != xfr->id))
+           msg->id != xfr->id)
         {
                 if (result == ISC_R_SUCCESS && msg->rcode != dns_rcode_noerror)
                 {
author	Mark Andrews <marka@isc.org>
	Thu, 16 Apr 2020 06:59:33 +0000 (16:59 +1000)
committer	Mark Andrews <marka@isc.org>
	Mon, 20 Apr 2020 08:24:12 +0000 (18:24 +1000)
CHANGES		patch \| blob \| blame \| history
lib/dns/xfrin.c		patch \| blob \| blame \| history