All,
I believe the attached patch fixes Dan Kaminsky's bug, and puts us
back to where an attacker would have to wait for the TTL to expire
before being able to poison the cache.
Anyone see any reason why we shouldn't do this ?
Thanks,
Gabriel
diff -NarU5 bind-9.5.0-P1.orig/lib/dns/rbtdb.c bind-9.5.0-P1/lib/dns/rbtdb.c
--- bind-9.5.0-P1.orig/lib/dns/rbtdb.c 2008-05-01 14:32:31.000000000 -0400
+++ bind-9.5.0-P1/lib/dns/rbtdb.c 2008-08-26 23:25:45.000000000 -0400
@@ -4939,11 +4939,11 @@
/*
* Trying to add an rdataset with lower trust to a cache DB
* has no effect, provided that the cache data isn't stale.
*/
- if (rbtversion == NULL && trust < header->trust &&
+ if (rbtversion == NULL && trust <= header->trust &&
(header->rdh_ttl > now || header_nx)) {
free_rdataset(rbtdb, rbtdb->common.mctx, newheader);
if (addedrdataset != NULL)
bind_rdataset(rbtdb, rbtnode, header, now,
addedrdataset);
