samba/CVE-2020-14303-1.patch

From 11034ea33fca9b8a1c2e14480e70069b55fca6a2 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 25 Jun 2020 11:59:54 +1200
Subject: [PATCH 19/22] CVE-2020-14303 Ensure an empty packet will not DoS the
 NBT server

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
---
 python/samba/tests/dns_packet.py | 19 +++++++++++++++++++
 selftest/knownfail.d/empty-nbt   |  1 +
 2 files changed, 20 insertions(+)
 create mode 100644 selftest/knownfail.d/empty-nbt

diff --git a/python/samba/tests/dns_packet.py b/python/samba/tests/dns_packet.py
index c4f843eb613..ae7bcb3ad8c 100644
--- a/python/samba/tests/dns_packet.py
+++ b/python/samba/tests/dns_packet.py
@@ -156,6 +156,19 @@ class TestDnsPacketBase(TestCase):
         rcode = self.decode_reply(data)['rcode']
         return expected_rcode == rcode
 
+    def _test_empty_packet(self):
+
+        packet = b""
+        s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+        s.sendto(packet, self.server)
+        s.close()
+
+        # It is reasonable not to reply to an empty packet
+        # but it is not reasonable to render the server
+        # unresponsive.
+        ok = self._known_good_query()
+        self.assertTrue(ok, f"the server is unresponsive")
+
 
 class TestDnsPackets(TestDnsPacketBase):
     server = (SERVER, 53)
@@ -174,6 +187,9 @@ class TestDnsPackets(TestDnsPacketBase):
         label = b'x.' * 31 + b'x'
         self._test_many_repeated_components(label, 127)
 
+    def test_empty_packet(self):
+        self._test_empty_packet()
+
 
 class TestNbtPackets(TestDnsPacketBase):
     server = (SERVER, 137)
@@ -209,3 +225,6 @@ class TestNbtPackets(TestDnsPacketBase):
     def test_127_half_dotty_components(self):
         label = b'x.' * 31 + b'x'
         self._test_many_repeated_components(label, 127)
+
+    def test_empty_packet(self):
+        self._test_empty_packet()
diff --git a/selftest/knownfail.d/empty-nbt b/selftest/knownfail.d/empty-nbt
new file mode 100644
index 00000000000..e4bcccab4e5
--- /dev/null
+++ b/selftest/knownfail.d/empty-nbt
@@ -0,0 +1 @@
+^samba.tests.dns_packet.samba.tests.dns_packet.TestNbtPackets.test_empty_packet
\ No newline at end of file
-- 
2.17.1