From 248efe8410a5c0e67c14db990b200973e5be4ea9 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Tue, 20 Aug 2019 23:36:49 +0100
Subject: [PATCH] Truncate stupidly large cache sizes.

If the cache size is very large, the malloc() call will overflow
on 32 bit platforms and dnsmasq will crash. Limit to an order of
magnitude less.

Thanks to Lili Xu for spotting this.
---
 src/option.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/option.c b/src/option.c
index 5debcbc..83d57a6 100644
--- a/src/option.c
+++ b/src/option.c
@@ -2690,6 +2690,14 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	    
 	    if (size < 0)
 	      size = 0;
+
+	    /* Note that for very large cache sizes, the malloc()
+	       will overflow. For the size of the cache record
+	       at the time this was noted, the value of "very large"
+               was 46684428. Limit to an order of magnitude less than
+	       that to be safe from changes to the cache record. */
+	    if (size > 5000000)
+	      size = 5000000;
 	    
 	    daemon->cachesize = size;
 	  }