ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
Files
84708ad97726417fb14686ccdffedcc610d6036d
bind9/lib/dns
History
Ondřej Surý b04cb88462 Fix off-by-one bug in ISC SPNEGO implementation 
The ISC SPNEGO implementation is based on mod_auth_kerb code.  When
CVE-2006-5989 was disclosed, the relevant fix was not applied to the
BIND 9 codebase, making the latter vulnerable to the aforementioned flaw
when "tkey-gssapi-keytab" or "tkey-gssapi-credential" is set in
named.conf.

The original description of CVE-2006-5989 was:

    Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0
    allows remote attackers to cause a denial of service (crash) via a
    crafted Kerberos message that triggers a heap-based buffer overflow
    in the component array.

Later research revealed that this flaw also theoretically enables remote
code execution, though achieving the latter in real-world conditions is
currently deemed very difficult.

This vulnerability was responsibly reported as ZDI-CAN-12302 ("ISC BIND
TKEY Query Heap-based Buffer Overflow Remote Code Execution
Vulnerability") by Trend Micro Zero Day Initiative.
2021-02-17 22:36:08 +01:00
..
include
Stop including <gssapi.h> from <dst/gssapi.h> header
2021-02-16 12:08:21 +11:00
rdata
Silence Insecure data handling (TAINTED_SCALAR)
2021-02-12 10:43:19 +11:00
tests
Drop USE_OPENSSL constraint from dh_test
2021-02-17 12:46:25 +01:00
win32
Added dns_view_staleanswerenabled() function
2021-01-29 10:35:26 +01:00
.gitignore
acl.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
adb.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
badcache.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
byaddr.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
cache.c
Check 'stale-refresh-time' when sharing cache between views
2020-11-11 16:06:23 -03:00
callbacks.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
catz.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
client.c
The dns_message_create() cannot fail, change the return to void
2020-09-30 14:26:26 +02:00
clientinfo.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
compress.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
db.c
Cleanup redundant isc_rwlock_init() result checks
2021-02-08 15:13:49 +11:00
dbiterator.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
dbtable.c
Cleanup redundant isc_rwlock_init() result checks
2021-02-08 15:13:49 +11:00
diff.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
dispatch.c
Silence cppcheck 2.2 false positive in udp_recv()
2020-11-25 13:21:58 +01:00
dlz.c
Cleanup redundant isc_rwlock_init() result checks
2021-02-08 15:13:49 +11:00
dns64.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
dnsrps.c
Add stale-refresh-time option
2020-11-11 15:59:56 -03:00
dnssec.c
Publish CDS/CDNSKEY Delete Records
2020-12-23 11:56:44 +01:00
dnstap.c
Stop including dnstap headers from <dns/dnstap.h>
2021-02-16 12:08:21 +11:00
dnstap.proto
ds.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
dst_api.c
Stop including <gssapi.h> from <dst/gssapi.h> header
2021-02-16 12:08:21 +11:00
dst_internal.h
Stop including <gssapi.h> from <dst/gssapi.h> header
2021-02-16 12:08:21 +11:00
dst_openssl.h
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
dst_parse.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
dst_parse.h
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
dst_pkcs11.h
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
dst_result.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
dyndb.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
ecdb.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
ecs.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
fixedname.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
forward.c
Cleanup redundant isc_rwlock_init() result checks
2021-02-08 15:13:49 +11:00
gen-unix.h
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
gen-win32.h
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
gen.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
geoip2.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
gssapi_link.c
Stop including <gssapi.h> from <dst/gssapi.h> header
2021-02-16 12:08:21 +11:00
gssapictx.c
Stop including <gssapi.h> from <dst/gssapi.h> header
2021-02-16 12:08:21 +11:00
hmac_link.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
ipkeylist.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
iptable.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
journal.c
dns_journal_iter_init() can now return the size of the delta
2021-01-26 12:38:32 +01:00
kasp.c
Fix signatures-validity config option
2021-01-12 13:13:05 +01:00
key.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
keydata.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
keymgr.c
Use NUM_KEYSTATES constant where appropriate
2021-02-03 15:48:20 +01:00
keytable.c
Cleanup redundant isc_rwlock_init() result checks
2021-02-08 15:13:49 +11:00
Kyuafile
lib.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
log.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
lookup.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
Makefile.in
Use -release instead of -version-info for internal library SONAMEs
2021-01-25 15:28:09 +01:00
mapapi
master.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
masterdump.c
rndc dumpdb -expired: print when RRsets expired
2020-09-25 08:21:24 +02:00
message.c
The dns_message_create() cannot fail, change the return to void
2020-09-30 14:26:26 +02:00
name.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
ncache.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
nsec3.c
Detect NSEC3 salt collisions
2020-11-26 14:15:05 +00:00
nsec.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
nta.c
Cleanup redundant isc_rwlock_init() result checks
2021-02-08 15:13:49 +11:00
openssl_link.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
openssldh_link.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
opensslecdsa_link.c
Make opensslecdsa_parse use fromlabel
2021-01-26 15:04:59 +01:00
openssleddsa_link.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
opensslrsa_link.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
order.c
Allow "order none" in "rrset-order" rules
2020-10-02 08:50:51 +02:00
peer.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
pkcs11.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
pkcs11ecdsa_link.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
pkcs11eddsa_link.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
pkcs11rsa_link.c
Fix misplaced declaration
2020-12-01 23:19:20 +11:00
portlist.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
private.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
rbt.c
Reformat sources using clang-format-11
2020-12-08 19:34:05 +01:00
rbtdb.c
Only start stale refresh window when resuming
2021-02-08 16:07:43 +01:00
rbtdb.h
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
rcode.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
rdata.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
rdatalist_p.h
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
rdatalist.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
rdataset.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
rdatasetiter.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
rdataslab.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
request.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
resolver.c
Cleanup redundant isc_rwlock_init() result checks
2021-02-08 15:13:49 +11:00
result.c
Add NSEC3PARAM unit test, refactor zone.c
2020-11-26 14:15:05 +00:00
rootns.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
rpz.c
Cleanup redundant isc_rwlock_init() result checks
2021-02-08 15:13:49 +11:00
rriterator.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
rrl.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
sdb.c
Add stale-refresh-time option
2020-11-11 15:59:56 -03:00
sdlz.c
Add stale-refresh-time option
2020-11-11 15:59:56 -03:00
soa.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
spnego_asn1.c
Reformat sources using clang-format-11
2020-12-08 19:34:05 +01:00
spnego_asn1.pl
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
spnego.asn1
spnego.c
Fix off-by-one bug in ISC SPNEGO implementation
2021-02-17 22:36:08 +01:00
spnego.h
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
ssu_external.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
ssu.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
stats.c
Update comments to have binary notation
2020-09-29 10:40:56 +10:00
tcpmsg.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
time.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
timer.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
tkey.c
Stop including <gssapi.h> from <dst/gssapi.h> header
2021-02-16 12:08:21 +11:00
tsec.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
tsig_p.h
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
tsig.c
Cleanup redundant isc_rwlock_init() result checks
2021-02-08 15:13:49 +11:00
ttl.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
update.c
Treat dnssec-policy "none" as a builtin zone
2020-12-23 11:56:33 +01:00
validator.c
Handle DNS_R_NCACHENXRRSET in fetch_callback_{dnskey,validator}()
2020-10-30 08:21:43 +11:00
version.c
Use -release instead of -version-info for internal library SONAMEs
2021-01-25 15:28:09 +01:00
view.c
Stop including <lmdb.h> from <dns/lmdb.h>
2021-02-16 12:08:21 +11:00
xfrin.c
add serial number to "transfer ended" log messages
2021-01-26 12:38:32 +01:00
zone_p.h
Add NSEC3PARAM unit test, refactor zone.c
2020-11-26 14:15:05 +00:00
zone.c
Fix dangling references to outdated views after reconfig
2021-02-15 11:52:50 -03:00
zonekey.c
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
zoneverify.c
Optimise dnssec-verify
2021-01-28 12:18:31 +11:00
zt.c
Cleanup redundant isc_rwlock_init() result checks
2021-02-08 15:13:49 +11:00