]> granicus.if.org Git - pdns/commitdiff
EDNS: ensure the NSID fits in the return packet
authorPieter Lexis <pieter.lexis@powerdns.com>
Thu, 19 Apr 2018 09:01:13 +0000 (11:01 +0200)
committerPieter Lexis <pieter.lexis@powerdns.com>
Wed, 30 May 2018 08:00:53 +0000 (10:00 +0200)
pdns/pdns_recursor.cc

index c8c93c7d014f8f91a27981dcc17be1546423647b..4aa1628e7ad6780eca479234594d6bbe958aa799 100644 (file)
@@ -896,7 +896,8 @@ static void startDoResolve(void *p)
           dc->d_ecsFound = getEDNSSubnetOptsFromString(o.second, &dc->d_ednssubnet);
         } else if (o.first == EDNSOptionCode::NSID) {
           const static string mode_server_id = ::arg()["server-id"];
-          if(mode_server_id != "disabled" && !mode_server_id.empty()) {
+          if(mode_server_id != "disabled" && !mode_server_id.empty() &&
+              maxanswersize > (2 + 2 + mode_server_id.size())) {
             returnedEdnsOptions.push_back(make_pair(EDNSOptionCode::NSID, mode_server_id));
             variableAnswer = true; // Can't packetcache an answer with NSID
             // Option Code and Option Length are both 2