Use random source ports where possible if source addresses/interfaces in use.
CVE-2021-3448 applies.
It's possible to specify the source address or interface to be
used when contacting upstream nameservers: server=8.8.8.8@1.2.3.4
or server=8.8.8.8@1.2.3.4#66 or server=8.8.8.8@eth0, and all of
these have, until now, used a single socket, bound to a fixed
port. This was originally done to allow an error (non-existent
interface, or non-local address) to be detected at start-up. This
means that any upstream servers specified in such a way don't use
random source ports, and are more susceptible to cache-poisoning
attacks.
We now use random ports where possible, even when the
source is specified, so server=8.8.8.8@1.2.3.4 or
server=8.8.8.8@eth0 will use random source
ports. server=8.8.8.8@1.2.3.4#66 or any use of --query-port will
use the explicitly configured port, and should only be done with
understanding of the security implications.
Note that this change changes non-existing interface, or non-local
source address errors from fatal to run-time. The error will be
logged and communiction with the server not possible.
diff --git a/src/option.c b/src/option.c
index bfda212..159d1d4 100644
--- a/src/option.c
+++ b/src/option.c
@@ -819,7 +819,8 @@
if (interface_opt)
{
#if defined(SO_BINDTODEVICE)
- safe_strncpy(interface, interface_opt, IF_NAMESIZE);
+ safe_strncpy(interface, source, IF_NAMESIZE);
+ source = interface_opt;
#else
return _("interface binding not supported");
#endif