CVE-2018-14629 dns: CNAME loop prevention using counter

Count number of answers generated by internal DNS query routine and stop at 20 to match Microsoft's loop prevention mechanism. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600 Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
author: Aaron Haslett <aaronhaslett@catalyst.net.nz> 2018-10-23 17:25:51 +1300
committer: Karolin Seeger <kseeger@samba.org> 2018-11-26 08:54:31 +0100
commit: 86ddd7032489053acba6d240db5db7ef49c38429 (patch)
tree: 591d86ccdbc8d4c1d71b4d1be93fbfa2632eaff6 /selftest
parent: 623c3a99ef7c057fc6685d7671b6a81fdb537bfa (diff)
download: samba-86ddd7032489053acba6d240db5db7ef49c38429.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/selftest/knownfail.d/dns b/selftest/knownfail.d/dns
index cb3003240ea..8c79b3abe00 100644
--- a/selftest/knownfail.d/dns
+++ b/selftest/knownfail.d/dns
@@ -45,3 +45,9 @@ samba.tests.dns.__main__.TestSimpleQueries.test_qtype_all_query\(rodc:local\)
 
 # The SOA override should not pass against the RODC, it must not overstamp
 samba.tests.dns.__main__.TestSimpleQueries.test_one_SOA_query\(rodc:local\)
+
+#
+# rodc and vampire_dc require signed dns updates, so the test setup
+# fails, but the test does run on fl2003dc
+^samba.tests.dns.__main__.TestComplexQueries.test_cname_loop\(rodc:local\)
+^samba.tests.dns.__main__.TestComplexQueries.test_cname_loop\(vampire_dc:local\)
author	Aaron Haslett <aaronhaslett@catalyst.net.nz>	2018-10-23 17:25:51 +1300
committer	Karolin Seeger <kseeger@samba.org>	2018-11-26 08:54:31 +0100
commit	86ddd7032489053acba6d240db5db7ef49c38429 (patch)
tree	591d86ccdbc8d4c1d71b4d1be93fbfa2632eaff6 /selftest
parent	623c3a99ef7c057fc6685d7671b6a81fdb537bfa (diff)
download	samba-86ddd7032489053acba6d240db5db7ef49c38429.tar.gz