git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3b98e80)
CVE-2020-14303 Ensure an empty packet will not DoS the NBT server
authorAndrew Bartlett <abartlet@samba.org>
Wed, 24 Jun 2020 23:59:54 +0000 (11:59 +1200)
committerKarolin Seeger <kseeger@samba.org>
Thu, 25 Jun 2020 08:43:52 +0000 (10:43 +0200)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
python/samba/tests/dns_packet.py patch | blob | history
selftest/knownfail.d/empty-nbt [new file with mode: 0644] patch | blob

diff --git a/python/samba/tests/dns_packet.py b/python/samba/tests/dns_packet.py
index c4f843eb6134e807aeced3b425249781fe48a001..ae7bcb3ad8c1ff254662a42133bd23a3274a3b2d 100644 (file)
--- a/python/samba/tests/dns_packet.py
+++ b/python/samba/tests/dns_packet.py
@@ -156,6 +156,19 @@ class TestDnsPacketBase(TestCase):
         rcode = self.decode_reply(data)['rcode']
         return expected_rcode == rcode
 
+    def _test_empty_packet(self):
+
+        packet = b""
+        s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+        s.sendto(packet, self.server)
+        s.close()
+
+        # It is reasonable not to reply to an empty packet
+        # but it is not reasonable to render the server
+        # unresponsive.
+        ok = self._known_good_query()
+        self.assertTrue(ok, f"the server is unresponsive")
+
 
 class TestDnsPackets(TestDnsPacketBase):
     server = (SERVER, 53)
@@ -174,6 +187,9 @@ class TestDnsPackets(TestDnsPacketBase):
         label = b'x.' * 31 + b'x'
         self._test_many_repeated_components(label, 127)
 
+    def test_empty_packet(self):
+        self._test_empty_packet()
+
 
 class TestNbtPackets(TestDnsPacketBase):
     server = (SERVER, 137)
@@ -209,3 +225,6 @@ class TestNbtPackets(TestDnsPacketBase):
     def test_127_half_dotty_components(self):
         label = b'x.' * 31 + b'x'
         self._test_many_repeated_components(label, 127)
+
+    def test_empty_packet(self):
+        self._test_empty_packet()
diff --git a/selftest/knownfail.d/empty-nbt b/selftest/knownfail.d/empty-nbt
new file mode 100644 (file)
index 0000000..e4bccca
--- /dev/null
+++ b/selftest/knownfail.d/empty-nbt
@@ -0,0 +1 @@
+^samba.tests.dns_packet.samba.tests.dns_packet.TestNbtPackets.test_empty_packet
\ No newline at end of file
Samba Shared Repository