diff options
author | Aaron Haslett <aaronhaslett@catalyst.net.nz> | 2018-10-23 17:25:51 +1300 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2018-11-25 14:46:43 +0100 |
commit | bf596c14c2462b9a15ea738ef4f32b3abb8b63d1 (patch) | |
tree | fdd2636c83d41649248f6a0a80ba06177d41c50b /selftest | |
parent | a96d403ff304b917195c9536a8a109779daf7d2e (diff) | |
download | samba-bf596c14c2462b9a15ea738ef4f32b3abb8b63d1.tar.gz |
CVE-2018-14629 dns: CNAME loop prevention using counter
Count number of answers generated by internal DNS query routine and stop at
20 to match Microsoft's loop prevention mechanism.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Diffstat (limited to 'selftest')
-rw-r--r-- | selftest/knownfail.d/dns | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/selftest/knownfail.d/dns b/selftest/knownfail.d/dns index a5176654cc2..a248432aafa 100644 --- a/selftest/knownfail.d/dns +++ b/selftest/knownfail.d/dns @@ -69,3 +69,9 @@ samba.tests.dns.__main__.TestSimpleQueries.test_qtype_all_query\(rodc:local\) # The SOA override should not pass against the RODC, it must not overstamp samba.tests.dns.__main__.TestSimpleQueries.test_one_SOA_query\(rodc:local\) + +# +# rodc and vampire_dc require signed dns updates, so the test setup +# fails, but the test does run on fl2003dc +^samba.tests.dns.__main__.TestComplexQueries.test_cname_loop\(rodc:local\) +^samba.tests.dns.__main__.TestComplexQueries.test_cname_loop\(vampire_dc:local\) |