From 398c611833584632c6977e2f89746403108637c7 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 3 Nov 2020 18:31:03 +0100 Subject: [PATCH] resolved: put size limit in DnsAnswer size to UINT16_MAX The three answer sections can only carry up to UINT16_MAX entries, hence put a hard upper limit on how far DnsAnswer can grow. The three count fields in the DNS packet header are 16 bit only, hence the limit. If code actually tries to add more than 64K RRs it will get ENOSPC with this new checking. And similar to DnsQuestion. --- src/resolve/resolved-dns-answer.c | 7 +++++++ src/resolve/resolved-dns-question.c | 3 ++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/src/resolve/resolved-dns-answer.c b/src/resolve/resolved-dns-answer.c index d6fba7ead0..74d185fbd6 100644 --- a/src/resolve/resolved-dns-answer.c +++ b/src/resolve/resolved-dns-answer.c @@ -11,6 +11,9 @@ DnsAnswer *dns_answer_new(size_t n) { DnsAnswer *a; + if (n > UINT16_MAX) /* We can only place 64K RRs in an answer at max */ + n = UINT16_MAX; + a = malloc0(offsetof(DnsAnswer, items) + sizeof(DnsAnswerItem) * n); if (!a) return NULL; @@ -624,12 +627,16 @@ int dns_answer_reserve(DnsAnswer **a, size_t n_free) { return -EBUSY; ns = (*a)->n_rrs + n_free; + if (ns > UINT16_MAX) /* Maximum number of RRs we can stick into a DNS packet section */ + ns = UINT16_MAX; if ((*a)->n_allocated >= ns) return 0; /* Allocate more than we need */ ns *= 2; + if (ns > UINT16_MAX) + ns = UINT16_MAX; n = realloc(*a, offsetof(DnsAnswer, items) + sizeof(DnsAnswerItem) * ns); if (!n) diff --git a/src/resolve/resolved-dns-question.c b/src/resolve/resolved-dns-question.c index 62833efa0e..809965a845 100644 --- a/src/resolve/resolved-dns-question.c +++ b/src/resolve/resolved-dns-question.c @@ -8,7 +8,8 @@ DnsQuestion *dns_question_new(size_t n) { DnsQuestion *q; - assert(n > 0); + if (n > UINT16_MAX) /* We can only place 64K key in an question section at max */ + n = UINT16_MAX; q = malloc0(offsetof(DnsQuestion, keys) + sizeof(DnsResourceKey*) * n); if (!q) -- 2.25.1