Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 18:28:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Protect against malicious DNS replies with very large RRsets.

Browse Source
This commit is contained in:
Simon Kelley
2014-02-06 12:01:05 +00:00
parent 12fae49fff
commit bb201c211a
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/dnssec.c
View File

@@ -531,6 +531,11 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in
{ {
unsigned char **new; unsigned char **new;
/* Protect against insane/maliciuos queries which bloat the workspace
and eat CPU in the sort */
if (rrsetidx >= 100)
return STAT_INSECURE;
/* expand */ /* expand */
if (!(new = whine_malloc((rrset_sz + 5) * sizeof(unsigned char **)))) if (!(new = whine_malloc((rrset_sz + 5) * sizeof(unsigned char **))))
return STAT_INSECURE; return STAT_INSECURE;