diff options
author | Andrew Bartlett <abartlet@samba.org> | 2020-06-25 11:59:54 +1200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2020-07-02 09:01:41 +0000 |
commit | b232a7bc546f8e6fdb638164a8411772e67c8864 (patch) | |
tree | 0b5de56d913aa9ddeaaabc84c28375ff8d353081 /python | |
parent | 17fc8d2bfb21294667507fda8f3a7160640e2da0 (diff) | |
download | samba-b232a7bc546f8e6fdb638164a8411772e67c8864.tar.gz |
CVE-2020-14303 Ensure an empty packet will not DoS the NBT server
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'python')
-rw-r--r-- | python/samba/tests/dns_packet.py | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/python/samba/tests/dns_packet.py b/python/samba/tests/dns_packet.py index c4f843eb613..ae7bcb3ad8c 100644 --- a/python/samba/tests/dns_packet.py +++ b/python/samba/tests/dns_packet.py @@ -156,6 +156,19 @@ class TestDnsPacketBase(TestCase): rcode = self.decode_reply(data)['rcode'] return expected_rcode == rcode + def _test_empty_packet(self): + + packet = b"" + s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + s.sendto(packet, self.server) + s.close() + + # It is reasonable not to reply to an empty packet + # but it is not reasonable to render the server + # unresponsive. + ok = self._known_good_query() + self.assertTrue(ok, f"the server is unresponsive") + class TestDnsPackets(TestDnsPacketBase): server = (SERVER, 53) @@ -174,6 +187,9 @@ class TestDnsPackets(TestDnsPacketBase): label = b'x.' * 31 + b'x' self._test_many_repeated_components(label, 127) + def test_empty_packet(self): + self._test_empty_packet() + class TestNbtPackets(TestDnsPacketBase): server = (SERVER, 137) @@ -209,3 +225,6 @@ class TestNbtPackets(TestDnsPacketBase): def test_127_half_dotty_components(self): label = b'x.' * 31 + b'x' self._test_many_repeated_components(label, 127) + + def test_empty_packet(self): + self._test_empty_packet() |