Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 18:28:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Bound the value of UDP packet size in the EDNS0 header of

Browse Source 
forwarded queries to the configured or default value of
edns-packet-max. There's no point letting a client set a larger
value if we're unable to return the answer.
This commit is contained in:
Bertie, Taylor
2022-07-31 17:20:21 +01:00
committed by Simon Kelley
parent 6134b94c02
commit 5586934da0
2 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/forward.c
View File

@@ -1619,13 +1619,17 @@ void receive_query(struct listener *listen, time_t now)
/* If the client provides an EDNS0 UDP size, use that to limit our reply.
(bounded by the maximum configured). If no EDNS0, then it
defaults to 512 */
defaults to 512. We write this value into the query packet too, so that
if it's forwarded, we don't specify a maximum size greater than we can handle. */
if (udp_size > daemon->edns_pktsz)
udp_size = daemon->edns_pktsz;
else if (udp_size < PACKETSZ)
udp_size = PACKETSZ; /* Sanity check - can't reduce below default. RFC 6891 6.2.3 */
}
pheader -= 6; /* ext_class */
PUTSHORT(udp_size, pheader); /* Bounding forwarded queries to maximum configured */
}
#ifdef HAVE_CONNTRACK
#ifdef HAVE_AUTH
if (!auth_dns || local_auth)