IMO, there's no reason to (implicitly) give a higher level of trust to
something that happened to hit the cache first.
But, I don't claim to be a security expert.
- Kevin
L. Gabriel Somlo wrote:
> All,
>
> I believe the attached patch fixes Dan Kaminsky's bug, and puts us
> back to where an attacker would have to wait for the TTL to expire
> before being able to poison the cache.
>
> Anyone see any reason why we shouldn't do this ?
>
> Thanks,
> Gabriel
>
>
> diff -NarU5 bind-9.5.0-P1.orig/lib/dns/rbtdb.c bind-9.5.0-P1/lib/dns/rbtdb.c
> --- bind-9.5.0-P1.orig/lib/dns/rbtdb.c 2008-05-01 14:32:31.000000000
> -0400
> +++ bind-9.5.0-P1/lib/dns/rbtdb.c 2008-08-26 23:25:45.000000000 -0400
> @@ -4939,11 +4939,11 @@
>
> /*
> * Trying to add an rdataset with lower trust to a cache DB
> * has no effect, provided that the cache data isn't stale.
> */
> - if (rbtversion == NULL && trust < header->trust &&
> + if (rbtversion == NULL && trust <= header->trust &&
> (header->rdh_ttl > now || header_nx)) {
> free_rdataset(rbtdb, rbtdb->common.mctx, newheader);
> if (addedrdataset != NULL)
> bind_rdataset(rbtdb, rbtnode, header, now,
> addedrdataset);
>
>
>
>
