• Vladimír Čunát's avatar
    lib/cache: fix CVE-2019-10191 · bef03dcf
    Vladimír Čunát authored and Petr Špaček's avatar Petr Špaček committed
    Don't stash a packet with mismatching QNAME+QTYPE.
    When receiving an NXDOMAIN or NODATA packet in an insecure zone,
    it would get cached with KR_RANK_INSECURE regardless of mismatch
    in QNAME.  If the 0x20 pattern was preserved in the fake QNAME,
    such packet would then be used to answer queries with matching QNAME,
    even if there's no proof that this QNAME is insecure.
    bef03dcf
To find the state of this project's repository at the time of any of these versions, check out the tags.