diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 23:51:28 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 23:51:28 +0000 |
| commit | 3a8f8bef7340cf47837e9bb89b7a24d3844005ec (patch) | |
| tree | be267b16d2782cfdbd4781cbde4cc712308faf6f /bin/tests/system/rndc/tests_cve-2023-3341.py | |
| parent | Adding upstream version 1:9.16.44. (diff) | |
| download | bind9-3a8f8bef7340cf47837e9bb89b7a24d3844005ec.tar.xz bind9-3a8f8bef7340cf47837e9bb89b7a24d3844005ec.zip | |
Adding upstream version 1:9.16.48.upstream/1%9.16.48upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'bin/tests/system/rndc/tests_cve-2023-3341.py')
| -rw-r--r-- | bin/tests/system/rndc/tests_cve-2023-3341.py | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/bin/tests/system/rndc/tests_cve-2023-3341.py b/bin/tests/system/rndc/tests_cve-2023-3341.py new file mode 100644 index 0000000..de2991b --- /dev/null +++ b/bin/tests/system/rndc/tests_cve-2023-3341.py @@ -0,0 +1,57 @@ +#!/usr/bin/python3 + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +import socket +import time + +import pytest + +pytest.importorskip("dns") +import dns.message +import dns.query +import dns.rcode + + +def test_cve_2023_3341(named_port, control_port): + depth = 4500 + # Should not be more than isccc_ccmsg_setmaxsize(&conn->ccmsg, 32768) + total_len = 10 + (depth * 7) - 6 + + with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s: + data = b"".join( + [ + total_len.to_bytes(4, "big"), # <total lenght> + b"\x00\x00\x00\x01", # <version> + b"\x01\x41", # <size><name> + ] + ) + + for i in range(depth, 0, -1): + l = (i - 1) * 7 + t = b"".join( + [ + b"\x02", # ISCCC_CCMSGTYPE_TABLE + l.to_bytes(4, "big"), # <size> + b"\x01\x41", # <size><name> + ] + ) + data = b"".join([data, t]) + + s.connect(("10.53.0.2", control_port)) + s.sendall(data) + + # Wait for named to (possibly) crash + time.sleep(10) + msg = dns.message.make_query("version.bind", "TXT", "CH") + ans = dns.query.udp(msg, "10.53.0.2", timeout=10, port=named_port) + assert ans.rcode() == dns.rcode.NOERROR |