1. 10 Jul, 2019 1 commit
    • Vladimír Čunát's avatar
      lib/cache: fix CVE-2019-10191 · bef03dcf
      Vladimír Čunát authored
      Don't stash a packet with mismatching QNAME+QTYPE.
      When receiving an NXDOMAIN or NODATA packet in an insecure zone,
      it would get cached with KR_RANK_INSECURE regardless of mismatch
      in QNAME.  If the 0x20 pattern was preserved in the fake QNAME,
      such packet would then be used to answer queries with matching QNAME,
      even if there's no proof that this QNAME is insecure.
      bef03dcf
  2. 08 Mar, 2019 1 commit
  3. 14 Jan, 2019 1 commit
    • Vladimír Čunát's avatar
      kr_rplan_pop(): avoid reordering kr_rplan::pending · 288cca5b
      Vladimír Čunát authored
      - It's not ideal, but this will need significant overhaul anyway when
        "parallel queries" get implemented.
      - I didn't put this into array.h, as we don't seem likely to need it
        anywhere else and implementation in macros would be ugly.
      - It's unclear whether this "bug" could cause anything in practice.
      288cca5b
  4. 02 Jul, 2018 1 commit
  5. 25 Jun, 2018 1 commit
  6. 28 Mar, 2018 1 commit
  7. 19 Mar, 2018 1 commit
  8. 15 Feb, 2018 1 commit
  9. 05 Feb, 2018 1 commit
  10. 31 Jan, 2018 1 commit
  11. 30 Jan, 2018 1 commit
  12. 24 Jan, 2018 1 commit
  13. 08 Jan, 2018 1 commit
  14. 03 Jan, 2018 1 commit
  15. 21 Dec, 2017 1 commit
  16. 11 Dec, 2017 1 commit
  17. 08 Dec, 2017 1 commit
    • Vitezslav Kriz's avatar
      use monotonic time · 0abbe1f4
      Vitezslav Kriz authored
      Monotonic time from libuv function uv_now (wrapped in kr_now) is
      used for query timeout, stats and RTT in reputation cache.
      
      Cache, DNSSEC Validation and Cookies use real time.
      0abbe1f4
  18. 07 Dec, 2017 1 commit
  19. 11 Sep, 2017 1 commit
  20. 07 Sep, 2017 1 commit
  21. 01 Aug, 2017 4 commits
  22. 07 Jul, 2017 1 commit
  23. 12 Jun, 2017 1 commit
    • Vladimír Čunát's avatar
      iterate: be more precise when detecting CNAME loops · ac92745d
      Vladimír Čunát authored
      Iterating over sibling sub-queries isn't precise enough,
      and in particular in forwarding mode it reported non-existing loops.
      
      Example ATM: www.dpo.cz - there forwarding spawns multiple sub-queries,
      and one of those is a CNAME to another of them.  Due to them being siblings,
      the old code misdetected that as a CNAME loop.  Now that we have these
      cname_parent pointers, we can do a precise detection.
      ac92745d
  24. 01 Jun, 2017 3 commits
  25. 10 May, 2017 1 commit
  26. 05 Apr, 2017 2 commits
  27. 20 Mar, 2017 1 commit
  28. 06 Mar, 2017 1 commit
  29. 01 Mar, 2017 1 commit
  30. 16 Feb, 2017 1 commit
  31. 10 Feb, 2017 1 commit
  32. 09 Feb, 2017 1 commit
  33. 25 Jan, 2017 1 commit
  34. 23 Jan, 2017 1 commit