|
|
6d0937 |
From b58aa4f06463947e0f899609ab03264e333c67a1 Mon Sep 17 00:00:00 2001
|
|
|
6d0937 |
From: Petr Mensik <pemensik@redhat.com>
|
|
|
6d0937 |
Date: Wed, 21 Apr 2021 12:39:17 +0200
|
|
|
6d0937 |
Subject: [PATCH] Accept responses also from non-last bound interface
|
|
|
6d0937 |
|
|
|
6d0937 |
Partial backport of upstream commit
|
|
|
6d0937 |
74d4fcd756a85bc1823232ea74334f7ccfb9d5d2, smaller part of CVE-2021-3448
|
|
|
6d0937 |
fix.
|
|
|
6d0937 |
---
|
|
|
6d0937 |
src/forward.c | 20 +++++++++++++++++---
|
|
|
6d0937 |
1 file changed, 17 insertions(+), 3 deletions(-)
|
|
|
6d0937 |
|
|
|
6d0937 |
diff --git a/src/forward.c b/src/forward.c
|
|
|
6d0937 |
index a0b1f1d..ec2de6f 100644
|
|
|
6d0937 |
--- a/src/forward.c
|
|
|
6d0937 |
+++ b/src/forward.c
|
|
|
6d0937 |
@@ -2228,6 +2228,8 @@ struct frec *get_new_frec(time_t now, int *wait, int force)
|
|
|
6d0937 |
static struct frec *lookup_frec(unsigned short id, int fd, int family, void *hash)
|
|
|
6d0937 |
{
|
|
|
6d0937 |
struct frec *f;
|
|
|
6d0937 |
+ struct server *s;
|
|
|
6d0937 |
+ int type;
|
|
|
6d0937 |
|
|
|
6d0937 |
for(f = daemon->frec_list; f; f = f->next)
|
|
|
6d0937 |
if (f->sentto && f->new_id == id &&
|
|
|
6d0937 |
@@ -2240,9 +2242,21 @@ static struct frec *lookup_frec(unsigned short id, int fd, int family, void *has
|
|
|
6d0937 |
if (family == AF_INET6 && f->rfd6 && f->rfd6->fd == fd)
|
|
|
6d0937 |
return f;
|
|
|
6d0937 |
|
|
|
6d0937 |
- /* sent to upstream from bound socket. */
|
|
|
6d0937 |
- if (f->sentto->sfd && f->sentto->sfd->fd == fd)
|
|
|
6d0937 |
- return f;
|
|
|
6d0937 |
+ /* Sent to upstream from socket associated with a server.
|
|
|
6d0937 |
+ Note we have to iterate over all the possible servers, since they may
|
|
|
6d0937 |
+ have different bound sockets. */
|
|
|
6d0937 |
+ type = f->sentto->flags & SERV_TYPE;
|
|
|
6d0937 |
+ s = f->sentto;
|
|
|
6d0937 |
+ do {
|
|
|
6d0937 |
+ if ((type == (s->flags & SERV_TYPE)) &&
|
|
|
6d0937 |
+ (type != SERV_HAS_DOMAIN ||
|
|
|
6d0937 |
+ (s->domain && hostname_isequal(f->sentto->domain, s->domain))) &&
|
|
|
6d0937 |
+ !(s->flags & (SERV_LITERAL_ADDRESS | SERV_LOOP)) &&
|
|
|
6d0937 |
+ s->sfd && s->sfd->fd == fd)
|
|
|
6d0937 |
+ return f;
|
|
|
6d0937 |
+
|
|
|
6d0937 |
+ s = s->next ? s->next : daemon->servers;
|
|
|
6d0937 |
+ } while (s != f->sentto);
|
|
|
6d0937 |
}
|
|
|
6d0937 |
|
|
|
6d0937 |
return NULL;
|
|
|
6d0937 |
--
|
|
|
6d0937 |
2.26.3
|
|
|
6d0937 |
|