diff options
author | Andrew Bartlett <abartlet@samba.org> | 2020-06-25 11:59:54 +1200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2020-07-02 09:01:41 +0000 |
commit | b232a7bc546f8e6fdb638164a8411772e67c8864 (patch) | |
tree | 0b5de56d913aa9ddeaaabc84c28375ff8d353081 | |
parent | 17fc8d2bfb21294667507fda8f3a7160640e2da0 (diff) | |
download | samba-b232a7bc546f8e6fdb638164a8411772e67c8864.tar.gz |
CVE-2020-14303 Ensure an empty packet will not DoS the NBT server
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
-rw-r--r-- | python/samba/tests/dns_packet.py | 19 | ||||
-rw-r--r-- | selftest/knownfail.d/empty-nbt | 1 |
2 files changed, 20 insertions, 0 deletions
diff --git a/python/samba/tests/dns_packet.py b/python/samba/tests/dns_packet.py index c4f843eb613..ae7bcb3ad8c 100644 --- a/python/samba/tests/dns_packet.py +++ b/python/samba/tests/dns_packet.py @@ -156,6 +156,19 @@ class TestDnsPacketBase(TestCase): rcode = self.decode_reply(data)['rcode'] return expected_rcode == rcode + def _test_empty_packet(self): + + packet = b"" + s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + s.sendto(packet, self.server) + s.close() + + # It is reasonable not to reply to an empty packet + # but it is not reasonable to render the server + # unresponsive. + ok = self._known_good_query() + self.assertTrue(ok, f"the server is unresponsive") + class TestDnsPackets(TestDnsPacketBase): server = (SERVER, 53) @@ -174,6 +187,9 @@ class TestDnsPackets(TestDnsPacketBase): label = b'x.' * 31 + b'x' self._test_many_repeated_components(label, 127) + def test_empty_packet(self): + self._test_empty_packet() + class TestNbtPackets(TestDnsPacketBase): server = (SERVER, 137) @@ -209,3 +225,6 @@ class TestNbtPackets(TestDnsPacketBase): def test_127_half_dotty_components(self): label = b'x.' * 31 + b'x' self._test_many_repeated_components(label, 127) + + def test_empty_packet(self): + self._test_empty_packet() diff --git a/selftest/knownfail.d/empty-nbt b/selftest/knownfail.d/empty-nbt new file mode 100644 index 00000000000..e4bcccab4e5 --- /dev/null +++ b/selftest/knownfail.d/empty-nbt @@ -0,0 +1 @@ +^samba.tests.dns_packet.samba.tests.dns_packet.TestNbtPackets.test_empty_packet
\ No newline at end of file |