1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
Description: Fix ghost domain attack vulnerability (CVE-2012-1191)
Origin: http://marc.info/?l=djbdns&m=134269902121506&w=2
Author: Peter Conrad <conrad@tivano.de>
Date: Tue, 18 Jun 2019 00:51:18 +0000
Gentoo-Bug: https://bugs.gentoo.org/404959
Last-Update: 2020-07-26
diff --git a/query.c b/query.c
index 61fe708..085cf44 100644
--- a/query.c
+++ b/query.c
@@ -578,6 +578,12 @@ static int doit(struct query *z,int state)
}
if (!dns_domain_suffix(t1,control)) { i = j; continue; }
+
+ if (!flagforwardonly && byte_equal(type,2,DNS_T_NS) && dns_domain_equal(t1,control)) {
+ char dummy[256];
+ if (!roots(dummy,control)) { i = j; continue; }
+ }
+
if (!roots_same(t1,control)) { i = j; continue; }
if (byte_equal(type,2,DNS_T_ANY))
|
