Permalink
Browse files

Patch to fix ghost domain attack vulnerability.

Applied a security patch to fix ghost domain attack vulnerability
CVE-2012-1911, BZ#838761.

 -> http://marc.info/?l=djbdns&m=134269902121506&w=2

The original patch was written by Mr Peter Conrad. While the issue
was created by Mr Mark Johnson. Sincere thanks to both Mark & Peter.
  • Loading branch information...
1 parent 26bc58e commit c90dbbbac5622e2744733f39e037263e63b51266 @pjps committed Jan 13, 2013
Showing with 10 additions and 0 deletions.
  1. +10 −0 query.c
View
10 query.c
@@ -878,6 +878,16 @@ doit (struct query *z, int state)
i = j;
continue;
}
+ if (!flagforwardonly && byte_equal (type, 2, DNS_T_NS)
+ && dns_domain_equal (t1, control))
+ {
+ char dummy[256];
+ if (!roots (dummy, control))
+ {
+ i = j;
+ continue;
+ }
+ }
if (!roots_same (t1, control))
{
i = j;

0 comments on commit c90dbbb

Please sign in to comment.