Merge branch '4152-reproducer-stack-exhaustion' into 'main'

Add test for CVE-2023-3341

See merge request isc-projects/bind9!8410

bin/tests/system/rndc/tests_cve-2023-3341.py

@@ -0,0 +1,57 @@
+#!/usr/bin/python3
+
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+import socket
+import time
+
+import pytest
+
+pytest.importorskip("dns")
+import dns.message
+import dns.query
+import dns.rcode
+
+
+def test_cve_2023_3341(named_port, control_port):
+    depth = 4500
+    # Should not be more than isccc_ccmsg_setmaxsize(&conn->ccmsg, 32768)
+    total_len = 10 + (depth * 7) - 6
+
+    with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
+        data = b"".join(
+            [
+                total_len.to_bytes(4, "big"),  # <total lenght>
+                b"\x00\x00\x00\x01",  # <version>
+                b"\x01\x41",  # <size><name>
+            ]
+        )
+
+        for i in range(depth, 0, -1):
+            l = (i - 1) * 7
+            t = b"".join(
+                [
+                    b"\x02",  # ISCCC_CCMSGTYPE_TABLE
+                    l.to_bytes(4, "big"),  # <size>
+                    b"\x01\x41",  # <size><name>
+                ]
+            )
+            data = b"".join([data, t])
+
+        s.connect(("10.53.0.2", control_port))
+        s.sendall(data)
+
+    # Wait for named to (possibly) crash
+    time.sleep(10)
+    msg = dns.message.make_query("version.bind", "TXT", "CH")
+    ans = dns.query.udp(msg, "10.53.0.2", timeout=10, port=named_port)
+    assert ans.rcode() == dns.rcode.NOERROR