Opened 9 years ago
Closed 9 years ago
#307 closed defect (fixed)
review: A DS query could crash b10-auth
| Reported by: | jinmei | Owned by: | jinmei |
|---|---|---|---|
| Priority: | high | Milestone: | y2 6 month milestone |
| Component: | data source | Version: | |
| Keywords: | Cc: | ||
| CVSS Scoring: | Parent Tickets: | ||
| Sensitive: | no | Defect Severity: | |
| Sub-Project: | Feature Depending on Ticket: | ||
| Estimated Difficulty: | 0.0 | Add Hours to Ticket: | 0 |
| Total Hours: | 2.0 | Internal?: | no |
Description
Configure the bind 10 server as an authoritative server for "example.com".
If you query for example.com/SOA then example.com/DS the server will crash.
As an experiment I'm going to check the "sensitive" box.
Subtickets
Change History (9)
comment:1 Changed 9 years ago by jinmei
- Add Hours to Ticket changed from 0.0 to 1.5
- Total Hours changed from 0.0 to 1.5
comment:2 Changed 9 years ago by jinmei
- Sensitive unset
comment:3 Changed 9 years ago by jinmei
comment:4 Changed 9 years ago by jinmei
- Summary changed from A DS query could crash b10-auth to review: A DS query could crash b10-auth
Please review branches/trac307.
This is a proposed ChangeLog entry:
91.? [bug] jinmei lib/datasrc: A DS query could crash the library (and therefore, e.g. the authoritative server) if some RR of the same apex name is stored in the hot spot cache. (Trac #307, svn rTBD)
I downgraded the category from "security" to "bug" based on the discussion on today's weekly call.
comment:5 Changed 9 years ago by jinmei
- Add Hours to Ticket changed from 0.0 to 0.5
- Owner set to UnAssigned
- Status changed from new to reviewing
- Total Hours changed from 1.5 to 2.0
comment:6 Changed 9 years ago by stephen
- Owner changed from UnAssigned to stephen
comment:7 follow-up: ↓ 8 Changed 9 years ago by stephen
- Owner changed from stephen to jinmei
Branch taken at revision 2791
Revision checked 2907
src/lib/datasrc/data_source.cc
src/lib/datasrc/tests/datasrc_unittest.cc
The changes to the code are OK and the unit tests pass (as does a test whether a DS query crashes the server built with this code). It can be merged with trunk.
BTW, the comment in datasrc_unittest.cc indicates that the server is returning an incorrect rcode in the case covered by this change; has a ticket been raised for that?
comment:8 in reply to: ↑ 7 Changed 9 years ago by jreed
Replying to stephen:
BTW, the comment in datasrc_unittest.cc indicates that the server is returning an incorrect rcode in the case covered by this change; has a ticket been raised for that?
I think it is
http://bind10.isc.org/ticket/306
comment:9 Changed 9 years ago by jreed
- Resolution set to fixed
- Status changed from reviewing to closed
Closed. committed to trunk in r2923.
(removed the "sensitive" flag based on today's call)