• Vladimír Čunát's avatar
    lib/cache: fix CVE-2019-10191 · bef03dcf
    Vladimír Čunát authored
    Don't stash a packet with mismatching QNAME+QTYPE.
    When receiving an NXDOMAIN or NODATA packet in an insecure zone,
    it would get cached with KR_RANK_INSECURE regardless of mismatch
    in QNAME.  If the 0x20 pattern was preserved in the fake QNAME,
    such packet would then be used to answer queries with matching QNAME,
    even if there's no proof that this QNAME is insecure.
    bef03dcf
Name
Last commit
Last update
..
cache Loading commit data...
cookies Loading commit data...
dnssec Loading commit data...
generic Loading commit data...
layer Loading commit data...
README.rst Loading commit data...
defines.h Loading commit data...
dnssec.c Loading commit data...
dnssec.h Loading commit data...
layer.h Loading commit data...
meson.build Loading commit data...
module.c Loading commit data...
module.h Loading commit data...
nsrep.c Loading commit data...
nsrep.h Loading commit data...
resolve.c Loading commit data...
resolve.h Loading commit data...
rplan.c Loading commit data...
rplan.h Loading commit data...
test_module.c Loading commit data...
test_rplan.c Loading commit data...
test_utils.c Loading commit data...
test_zonecut.c Loading commit data...
utils.c Loading commit data...
utils.h Loading commit data...
zonecut.c Loading commit data...
zonecut.h Loading commit data...