Handle overly large answer buffers in resolver.

In EDNS0 records the maximum result size is transmitted in a 16
bit value.  Large buffer sizes were handled incorrectly by using
only the low 16 bits.  Fix this by limiting the size to 0xffff.
This commit is contained in:
Ulrich Drepper 2009-07-16 23:37:50 -07:00
parent 137028b4d7
commit 1c0ab5bd34
2 changed files with 7 additions and 1 deletions

View File

@ -1,3 +1,9 @@
2009-07-16 Ulrich Drepper <drepper@redhat.com>
[BZ #10360]
* resolv/res-mkquery.c (__res_nopt): If anslen is > 0xffff store
0xffff in the EDNS0 record.
2009-07-16 Petr Baudis <pasky@suse.cz> 2009-07-16 Petr Baudis <pasky@suse.cz>
* nscd/mem.c (mempool_alloc): Fix unlock missing in the else branch. * nscd/mem.c (mempool_alloc): Fix unlock missing in the else branch.

View File

@ -244,7 +244,7 @@ __res_nopt(res_state statp,
*cp++ = 0; /* "." */ *cp++ = 0; /* "." */
NS_PUT16(T_OPT, cp); /* TYPE */ NS_PUT16(T_OPT, cp); /* TYPE */
NS_PUT16(anslen & 0xffff, cp); /* CLASS = UDP payload size */ NS_PUT16(MIN(anslen, 0xffff), cp); /* CLASS = UDP payload size */
*cp++ = NOERROR; /* extended RCODE */ *cp++ = NOERROR; /* extended RCODE */
*cp++ = 0; /* EDNS version */ *cp++ = 0; /* EDNS version */
/* XXX Once we support DNSSEC we change the flag value here. */ /* XXX Once we support DNSSEC we change the flag value here. */