hoelee/cloudflared
1
0
Fork 0
mirror of https://github.com/cloudflare/cloudflared.git synced 2025-07-28 06:29:59 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

TUN-9467: bump coredns to solve CVE

Browse Source 
* TUN-9467: bump coredns to solve CVE
This commit is contained in:
João Oliveirinha
2025-06-12 10:46:10 +00:00
committed by João "Pisco" Fernandes
parent f8d12c9d39
commit a408612f26
459 changed files with 30077 additions and 16165 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
vendor/github.com/miekg/dns/xfr.go generated vendored
View File

@@ -1,6 +1,7 @@
package dns
import (
"crypto/tls"
"fmt"
"time"
)
@@ -20,6 +21,7 @@ type Transfer struct {
TsigProvider TsigProvider // An implementation of the TsigProvider interface. If defined it replaces TsigSecret and is used for all TSIG operations.
TsigSecret map[string]string // Secret(s) for Tsig map[<zonename>]<base64 secret>, zonename must be in canonical form (lowercase, fqdn, see RFC 4034 Section 6.2)
tsigTimersOnly bool
TLS *tls.Config // TLS config. If Xfr over TLS will be attempted
}
func (t *Transfer) tsigProvider() TsigProvider {
@@ -57,7 +59,11 @@ func (t *Transfer) In(q *Msg, a string) (env chan *Envelope, err error) {
}
if t.Conn == nil {
t.Conn, err = DialTimeout("tcp", a, timeout)
if t.TLS != nil {
t.Conn, err = DialTimeoutWithTLS("tcp-tls", a, t.TLS, timeout)
} else {
t.Conn, err = DialTimeout("tcp", a, timeout)
}
if err != nil {
return nil, err
}
@@ -182,7 +188,7 @@ func (t *Transfer) inIxfr(q *Msg, c chan *Envelope) {
if v, ok := rr.(*SOA); ok {
if v.Serial == serial {
n++
// quit if it's a full axfr or the the servers' SOA is repeated the third time
// quit if it's a full axfr or the servers' SOA is repeated the third time
if axfr && n == 2 || n == 3 {
c <- &Envelope{in.Answer, nil}
return
@@ -203,6 +209,7 @@ func (t *Transfer) inIxfr(q *Msg, c chan *Envelope) {
// ch := make(chan *dns.Envelope)
// tr := new(dns.Transfer)
// var wg sync.WaitGroup
// wg.Add(1)
// go func() {
// tr.Out(w, r, ch)
// wg.Done()
@@ -244,10 +251,13 @@ func (t *Transfer) ReadMsg() (*Msg, error) {
if err := m.Unpack(p); err != nil {
return nil, err
}
if ts, tp := m.IsTsig(), t.tsigProvider(); ts != nil && tp != nil {
if tp := t.tsigProvider(); tp != nil {
// Need to work on the original message p, as that was used to calculate the tsig.
err = TsigVerifyWithProvider(p, tp, t.tsigRequestMAC, t.tsigTimersOnly)
t.tsigRequestMAC = ts.MAC
if ts := m.IsTsig(); ts != nil {
t.tsigRequestMAC = ts.MAC
}
}
return m, err
}