From 5586934da01f1d802606459829235e87ab12aae0 Mon Sep 17 00:00:00 2001 From: "Bertie, Taylor" Date: Sun, 31 Jul 2022 17:20:21 +0100 Subject: Bound the value of UDP packet size in the EDNS0 header of forwarded queries to the configured or default value of edns-packet-max. There's no point letting a client set a larger value if we're unable to return the answer. --- CHANGELOG | 6 ++++++ src/forward.c | 8 ++++++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 780e55c..4774656 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -65,6 +65,12 @@ version 2.87 The new feature allows configuration to provide bug-for-bug compatibility, if required. Thanks to Damian Kaczkowski for the feature suggestion. + + Bound the value of UDP packet size in the EDNS0 header of + forwarded queries to the configured or default value of + edns-packet-max. There's no point letting a client set a larger + value if we're unable to return the answer. Thanks to Bertie + Taylor for pointing out the problem and supplying the patch. version 2.86 diff --git a/src/forward.c b/src/forward.c index b522c1f..0291986 100644 --- a/src/forward.c +++ b/src/forward.c @@ -1619,13 +1619,17 @@ void receive_query(struct listener *listen, time_t now) /* If the client provides an EDNS0 UDP size, use that to limit our reply. (bounded by the maximum configured). If no EDNS0, then it - defaults to 512 */ + defaults to 512. We write this value into the query packet too, so that + if it's forwarded, we don't specify a maximum size greater than we can handle. */ if (udp_size > daemon->edns_pktsz) udp_size = daemon->edns_pktsz; else if (udp_size < PACKETSZ) udp_size = PACKETSZ; /* Sanity check - can't reduce below default. RFC 6891 6.2.3 */ - } + pheader -= 6; /* ext_class */ + PUTSHORT(udp_size, pheader); /* Bounding forwarded queries to maximum configured */ + } + #ifdef HAVE_CONNTRACK #ifdef HAVE_AUTH if (!auth_dns || local_auth) -- cgit v1.2.1