Bound the value of UDP packet size in the EDNS0 header of

forwarded queries to the configured or default value of
edns-packet-max. There's no point letting a client set a larger
value if we're unable to return the answer.

2 files changed, 12 insertions, 2 deletions

diff --git a/CHANGELOG b/CHANGELOG
index 780e55c..4774656 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -65,6 +65,12 @@ version 2.87
 	The new feature allows configuration to provide bug-for-bug
 	compatibility, if required. Thanks to Damian Kaczkowski 
 	for the feature suggestion.
+
+	Bound the value of UDP packet size in the EDNS0 header of
+	forwarded queries to the configured or default value of
+	edns-packet-max. There's no point letting a client set a larger
+	value if we're unable to return the answer. Thanks to Bertie
+	Taylor for pointing out the problem and supplying the patch.
 	
 	
 version 2.86
diff --git a/src/forward.c b/src/forward.c
index b522c1f..0291986 100644
--- a/src/forward.c
+++ b/src/forward.c
@@ -1619,13 +1619,17 @@ void receive_query(struct listener *listen, time_t now)
 	
       /* If the client provides an EDNS0 UDP size, use that to limit our reply.
 	 (bounded by the maximum configured). If no EDNS0, then it
-	 defaults to 512 */
+	 defaults to 512. We write this value into the query packet too, so that
+	 if it's forwarded, we don't specify a maximum size greater than we can handle. */
       if (udp_size > daemon->edns_pktsz)
 	udp_size = daemon->edns_pktsz;
       else if (udp_size < PACKETSZ)
 	udp_size = PACKETSZ; /* Sanity check - can't reduce below default. RFC 6891 6.2.3 */
-    }
 
+      pheader -= 6; /* ext_class */
+      PUTSHORT(udp_size, pheader); /* Bounding forwarded queries to maximum configured */
+    }
+  
 #ifdef HAVE_CONNTRACK
 #ifdef HAVE_AUTH
   if (!auth_dns || local_auth)