Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 932846 - net-dns/djbdns: locally truncated udp response results in denial-of-service
Summary: net-dns/djbdns: locally truncated udp response results in denial-of-service
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Stabilization (show other bugs)
Hardware: All Linux
: Normal major
Assignee: Jaco Kroon
URL:
Whiteboard:
Keywords: CC-ARCHES, STABLEREQ
Depends on:
Blocks:
 
Reported: 2024-05-27 13:48 UTC by Jaco Kroon
Modified: 2024-06-27 01:25 UTC (History)
2 users (show)

See Also:
Package list:
=net-dns/djbdns-1.05-r40
Runtime testing required: No
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jaco Kroon 2024-05-27 13:48:56 UTC
By default djbdns has a size-limited UDP response buffer.

If the UDP response overflows this buffer it's treated as "no response received", resulting in a denial of service.  Options are:

1.  Increase the default response buffer size (limited fix).
2.  Dynamically increase the buffer size (multiple back and forth to find the right buffer size).
3.  Fall back to TCP.

Patch to follow.

One could argue this a "denial of service" security issue, but don't think this is of such a nature that public disclosure isn't responsible, therefore I'm disclosing it here - it definitely doesn't cause the process to deadlock/stop.  Not sure if DJB would consider this a security issue, although this is present in his original code (https://cr.yp.to/djbdns/guarantee.html specifically excludes Denial-of-service attacks).

Reproducible: Always
Comment 1 Larry the Git Cow gentoo-dev 2024-05-27 15:08:44 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b938f9f9a917d3bacb73ef914c371dfc5f2d8ebe

commit b938f9f9a917d3bacb73ef914c371dfc5f2d8ebe
Author:     Jaco Kroon <jaco@uls.co.za>
AuthorDate: 2024-05-27 14:37:52 +0000
Commit:     Viorel Munteanu <ceamac@gentoo.org>
CommitDate: 2024-05-27 15:08:30 +0000

    net-dns/djbdns: 1.05-r40
    
    Work around local receive overflow bug.
    
    Bug: https://bugs.gentoo.org/932846
    Signed-off-by: Jaco Kroon <jaco@uls.co.za>
    Closes: https://github.com/gentoo/gentoo/pull/36841
    Signed-off-by: Viorel Munteanu <ceamac@gentoo.org>

 net-dns/djbdns/djbdns-1.05-r40.ebuild              | 143 +++++++++++++++++++++
 ...dp-overflow-response-buffer-truncate-nov6.patch |  13 ++
 ...-udp-overflow-response-buffer-truncate-v6.patch |  34 +++++
 3 files changed, 190 insertions(+)
Comment 2 Jaco Kroon 2024-05-28 06:27:11 UTC
Question is, can we "emergency" stable?

Is this considered a security issue by Gentoo? It's certainly a denial of service ... but is it a security issue in this specific case?
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-06-26 23:52:17 UTC
ppc64 done
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-06-26 23:52:18 UTC
sparc done
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-06-27 01:25:32 UTC
x86 done
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-06-27 01:25:33 UTC
amd64 done
Comment 7 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-06-27 01:25:35 UTC
ppc done

all arches done