bug #10609: CVE-2014-0239 Don't reply to replies

[samba.git] / source4 / dns_server / dns_server.c

diff --git a/source4/dns_server/dns_server.c b/source4/dns_server/dns_server.c
index 95a2db4dd684cfb740402b5a1439900bd1fbd90a..cd18c311616ebc9655f6a1b3e48bfe85f8d945a6 100644 (file)
--- a/source4/dns_server/dns_server.c
+++ b/source4/dns_server/dns_server.c
@@ -153,6 +153,12 @@ static struct tevent_req *dns_process_send(TALLOC_CTX *mem_ctx,
                return tevent_req_post(req, ev);
        }
 
+       if (state->in_packet.operation & DNS_FLAG_REPLY) {
+               DEBUG(1, ("Won't reply to replies.\n"));
+               tevent_req_werror(req, WERR_INVALID_PARAM);
+               return tevent_req_post(req, ev);
+       }
+
        state->state.flags = state->in_packet.operation;
        state->state.flags |= DNS_FLAG_REPLY;