Bound the value of UDP packet size in the EDNS0 header of

forwarded queries to the configured or default value of edns-packet-max. There's no point letting a client set a larger value if we're unable to return the answer.
2025-12-19 10:18:25 +00:00 · 2022-07-31 17:20:21 +01:00
parent 6134b94c02
commit 5586934da0
2 changed files with 12 additions and 2 deletions
--- a/6
+++ b/6
@@ -66,6 +66,12 @@ version 2.87
 	compatibility, if required. Thanks to Damian Kaczkowski 
 	for the feature suggestion.

+	Bound the value of UDP packet size in the EDNS0 header of
+	forwarded queries to the configured or default value of
+	edns-packet-max. There's no point letting a client set a larger
+	value if we're unable to return the answer. Thanks to Bertie
+	Taylor for pointing out the problem and supplying the patch.
+	
 	
 version 2.86
 	Handle DHCPREBIND requests in the DHCPv6 server code.
--- a/src/forward.c
+++ b/src/forward.c
@@ -1619,11 +1619,15 @@ void receive_query(struct listener *listen, time_t now)
 	
      /* If the client provides an EDNS0 UDP size, use that to limit our reply.
 	 (bounded by the maximum configured). If no EDNS0, then it
-	 defaults to 512 */
+	 defaults to 512. We write this value into the query packet too, so that
+	 if it's forwarded, we don't specify a maximum size greater than we can handle. */
      if (udp_size > daemon->edns_pktsz)
 	udp_size = daemon->edns_pktsz;
      else if (udp_size < PACKETSZ)
 	udp_size = PACKETSZ; /* Sanity check - can't reduce below default. RFC 6891 6.2.3 */
+
+      pheader -= 6; /* ext_class */
+      PUTSHORT(udp_size, pheader); /* Bounding forwarded queries to maximum configured */
    }
  
 #ifdef HAVE_CONNTRACK