From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Thu, 7 Sep 2017 07:43:53 +0000 (+0200)
Subject: auth: Treat requestor's payload size lower than 512 as equal to 512
X-Git-Tag: auth-4.0.5~1^2~13^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=722dc74746922dee33c1a111c7f63a6dda5801f1;p=pdns

auth: Treat requestor's payload size lower than 512 as equal to 512

(cherry picked from commit 7a9b7c95891deddb1f907b743f30df82fad84ffd)
---

diff --git a/pdns/dnspacket.cc b/pdns/dnspacket.cc
index e1583ca34..66f73a5e0 100644
--- a/pdns/dnspacket.cc
+++ b/pdns/dnspacket.cc
@@ -559,7 +559,10 @@ try
 
   if(getEDNSOpts(mdp, &edo)) {
     d_haveednssection=true;
-    d_maxreplylen=std::min(edo.d_packetsize, s_udpTruncationThreshold);
+    /* rfc6891 6.2.3:
+       "Values lower than 512 MUST be treated as equal to 512."
+    */
+    d_maxreplylen=std::min(std::max(static_cast<uint16_t>(512), edo.d_packetsize), s_udpTruncationThreshold);
 //    cerr<<edo.d_Z<<endl;
     if(edo.d_Z & EDNSOpts::DNSSECOK)
       d_dnssecOk=true;