Skip to content

Commit

Permalink
Handle overly large answer buffers in resolver.
Browse files Browse the repository at this point in the history 
In EDNS0 records the maximum result size is transmitted in a 16
bit value.  Large buffer sizes were handled incorrectly by using
only the low 16 bits.  Fix this by limiting the size to 0xffff.
  • Loading branch information
Ulrich Drepper committed Jul 17, 2009
1 parent 137028b commit 1c0ab5b
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 1 deletion.
6 changes: 6 additions & 0 deletions ChangeLog
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,9 @@
2009-07-16 Ulrich Drepper <drepper@redhat.com>

[BZ #10360]
* resolv/res-mkquery.c (__res_nopt): If anslen is > 0xffff store
0xffff in the EDNS0 record.

2009-07-16 Petr Baudis <pasky@suse.cz>

* nscd/mem.c (mempool_alloc): Fix unlock missing in the else branch.
Expand Down
2 changes: 1 addition & 1 deletion resolv/res_mkquery.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -244,7 +244,7 @@ __res_nopt(res_state statp,
*cp++ = 0; /* "." */

NS_PUT16(T_OPT, cp); /* TYPE */
NS_PUT16(anslen & 0xffff, cp); /* CLASS = UDP payload size */
NS_PUT16(MIN(anslen, 0xffff), cp); /* CLASS = UDP payload size */
*cp++ = NOERROR; /* extended RCODE */
*cp++ = 0; /* EDNS version */
/* XXX Once we support DNSSEC we change the flag value here. */
Expand Down

0 comments on commit 1c0ab5b

Please sign in to comment.