From 99c991f31d46e6beac2a48e99cbd4c3064f27d75 Mon Sep 17 00:00:00 2001
From: Seonah Moon <seonah1.moon@samsung.com>
Date: Mon, 20 Feb 2023 13:50:53 +0900
Subject: [CVE-2020-8621] Ensure QNAME minimization is permanently disabled
 when forwarding [TEST] [v9.16]

See merge request isc-projects/bind9!4042

https://kb.isc.org/v1/docs/cve-2020-8621

Change-Id: I754eb4efae881f57f5dea2bfada27d4208e0c4b7
---
 CHANGES            | 4 ++++
 lib/dns/resolver.c | 9 +++++++++
 2 files changed, 13 insertions(+)

diff --git a/CHANGES b/CHANGES
index 4e3dc618..47fe6de9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+5479.	[security]	named could crash in certain query resolution scenarios
+			where QNAME minimization and forwarding were both
+			enabled. (CVE-2020-8621) [GL #1997]
+
 	--- 9.14.12 released ---
 
 5395.	[security]	Further limit the number of queries that can be
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 07276adb..374d35be 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -3909,6 +3909,15 @@ fctx_nextaddress(fetchctx_t *fctx) {
 			addrinfo->flags |= FCTX_ADDRINFO_MARK;
 			fctx->find = NULL;
 			fctx->forwarding = true;
+
+			/*
+			 * QNAME minimization is disabled when
+			 * forwarding, and has to remain disabled if
+			 * we switch back to normal recursion; otherwise
+			 * forwarding could leave us in an inconsistent
+			 * state.
+			 */
+			fctx->minimized = false;
 			return (addrinfo);
 		}
 	}
-- 
cgit v1.2.3