An authenticated DDNS client could bypass update-policy per-type record limits
(e.g. TXT(3)) by including padding records in the UPDATE message that are
silently skipped during processing. Each skipped record shifted an internal
counter, causing subsequent records to be checked against the wrong quota —
potentially reading an unlimited (0) entry instead of the configured maximum.
This allowed a client with valid TSIG credentials to add an arbitrary number of
records beyond the configured limit across repeated UPDATE messages up to the
`max-records-per-type` limit.
Closes #5799
Merge branch '5799-fix-counter-desync-in-SSU' into 'main'
See merge request isc-projects/bind9!11708
projects / thirdparty / bind9.git / commitdiff
