git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: be20d15)
CVE-2020-10745: ndr_dns: do not allow consecutive dots
authorDouglas Bagnall <douglas.bagnall@catalyst.net.nz>
Fri, 24 Apr 2020 23:10:18 +0000 (11:10 +1200)
committerKarolin Seeger <kseeger@samba.org>
Thu, 25 Jun 2020 08:43:52 +0000 (10:43 +0200)
The empty subdomain component is reserved for the root domain, which we
should only (and always) see at the end of the list. That is, we expect
"example.com.", but never "example..com".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
librpc/ndr/ndr_dns_utils.c patch | blob | history
selftest/knownfail.d/dns_packet patch | blob | history
selftest/knownfail.d/ndr_dns_nbt patch | blob | history

diff --git a/librpc/ndr/ndr_dns_utils.c b/librpc/ndr/ndr_dns_utils.c
index 2ce300863bca1b97802c045db7375e54f47d9654..6931dac422d038f16ebc3b8f1c5f563e547e1a0b 100644 (file)
--- a/librpc/ndr/ndr_dns_utils.c
+++ b/librpc/ndr/ndr_dns_utils.c
@@ -58,6 +58,12 @@ enum ndr_err_code ndr_push_dns_string_list(struct ndr_push *ndr,
                                              (unsigned)complen);
                }
 
+               if (complen == 0 && s[complen] == '.') {
+                       return ndr_push_error(ndr, NDR_ERR_STRING,
+                                             "component length is 0 "
+                                             "(consecutive dots)");
+               }
+
                compname = talloc_asprintf(ndr, "%c%*.*s",
                                                (unsigned char)complen,
                                                (unsigned char)complen,
diff --git a/selftest/knownfail.d/dns_packet b/selftest/knownfail.d/dns_packet
index 6e2e5a699de16954f98441f60f45ec44798a572d..0662266f689c4b088e7316cfda637e3187351a17 100644 (file)
--- a/selftest/knownfail.d/dns_packet
+++ b/selftest/knownfail.d/dns_packet
@@ -1,2 +1 @@
-samba.tests.dns_packet.samba.tests.dns_packet.TestDnsPackets.test_127_very_dotty_components
 samba.tests.dns_packet.samba.tests.dns_packet.TestNbtPackets.test_127_very_dotty_components
diff --git a/selftest/knownfail.d/ndr_dns_nbt b/selftest/knownfail.d/ndr_dns_nbt
index f30217c40337de22f94e92e5d6b86ec022ccd006..e11c121b7a7b7238a1a96c591763e975714fc497 100644 (file)
--- a/selftest/knownfail.d/ndr_dns_nbt
+++ b/selftest/knownfail.d/ndr_dns_nbt
@@ -1,4 +1,3 @@
-librpc.ndr.ndr_dns_nbt.test_ndr_dns_string_all_dots
 librpc.ndr.ndr_dns_nbt.test_ndr_dns_string_half_dots
 librpc.ndr.ndr_dns_nbt.test_ndr_nbt_string_all_dots
 librpc.ndr.ndr_dns_nbt.test_ndr_nbt_string_half_dots
Samba Shared Repository