95 lines
3.3 KiB
Diff
95 lines
3.3 KiB
Diff
From fdabf4b9570a60688f9f7d1e88d885f7a3718bca Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@isc.org>
|
|
Date: Fri, 1 Mar 2024 08:26:07 +0100
|
|
Subject: [PATCH 1/3] Add a limit to the number of RRs in RRSets
|
|
|
|
Previously, the number of RRs in the RRSets were internally unlimited.
|
|
As the data structure that holds the RRs is just a linked list, and
|
|
there are places where we just walk through all of the RRs, adding an
|
|
RRSet with huge number of RRs inside would slow down processing of said
|
|
RRSets.
|
|
|
|
The fix for end-of-life branches make the limit compile-time only for
|
|
simplicity and the limit can be changed at the compile time by adding
|
|
following define to CFLAGS:
|
|
|
|
-DDNS_RDATASET_MAX_RECORDS=<limit>
|
|
|
|
(cherry picked from commit c5c4d00c38530390c9e1ae4c98b65fbbadfe9e5e)
|
|
|
|
Conflict:NA
|
|
Reference:https://gitlab.isc.org/isc-projects/bind9/-/commit/5360c90612abf51deb4a80b30e1da84fd61212a5
|
|
|
|
---
|
|
configure | 2 +-
|
|
configure.ac | 2 +-
|
|
lib/dns/rdataslab.c | 12 ++++++++++++
|
|
3 files changed, 14 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/configure b/configure
|
|
index ed2d486..bdfd59f 100755
|
|
--- a/configure
|
|
+++ b/configure
|
|
@@ -12295,7 +12295,7 @@ fi
|
|
|
|
XTARGETS=
|
|
if test "$enable_developer" = "yes"; then :
|
|
- STD_CDEFINES="$STD_CDEFINES -DISC_MEM_DEFAULTFILL=1 -DISC_LIST_CHECKINIT=1"
|
|
+ STD_CDEFINES="$STD_CDEFINES -DISC_MEM_DEFAULTFILL=1 -DISC_LIST_CHECKINIT=1 -DDNS_RDATASET_MAX_RECORDS=5000"
|
|
test "${enable_fixed_rrset+set}" = set || enable_fixed_rrset=yes
|
|
test "${enable_querytrace+set}" = set || enable_querytrace=yes
|
|
test "${with_cmocka+set}" = set || with_cmocka=yes
|
|
diff --git a/configure.ac b/configure.ac
|
|
index cb8e841..5be8c76 100644
|
|
--- a/configure.ac
|
|
+++ b/configure.ac
|
|
@@ -94,7 +94,7 @@ AC_ARG_ENABLE([developer],
|
|
|
|
XTARGETS=
|
|
AS_IF([test "$enable_developer" = "yes"],
|
|
- [STD_CDEFINES="$STD_CDEFINES -DISC_MEM_DEFAULTFILL=1 -DISC_LIST_CHECKINIT=1"
|
|
+ [STD_CDEFINES="$STD_CDEFINES -DISC_MEM_DEFAULTFILL=1 -DISC_LIST_CHECKINIT=1 -DDNS_RDATASET_MAX_RECORDS=5000"
|
|
test "${enable_fixed_rrset+set}" = set || enable_fixed_rrset=yes
|
|
test "${enable_querytrace+set}" = set || enable_querytrace=yes
|
|
test "${with_cmocka+set}" = set || with_cmocka=yes
|
|
diff --git a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c
|
|
index 1d5e88f..dda9038 100644
|
|
--- a/lib/dns/rdataslab.c
|
|
+++ b/lib/dns/rdataslab.c
|
|
@@ -110,6 +110,10 @@ fillin_offsets(unsigned char *offsetbase, unsigned int *offsettable,
|
|
}
|
|
#endif /* if DNS_RDATASET_FIXED */
|
|
|
|
+#ifndef DNS_RDATASET_MAX_RECORDS
|
|
+#define DNS_RDATASET_MAX_RECORDS 100
|
|
+#endif /* DNS_RDATASET_MAX_RECORDS */
|
|
+
|
|
isc_result_t
|
|
dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
|
|
isc_region_t *region, unsigned int reservelen) {
|
|
@@ -154,6 +158,10 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
|
|
return (ISC_R_SUCCESS);
|
|
}
|
|
|
|
+ if (nitems > DNS_RDATASET_MAX_RECORDS) {
|
|
+ return (DNS_R_TOOMANYRECORDS);
|
|
+ }
|
|
+
|
|
if (nitems > 0xffff) {
|
|
return (ISC_R_NOSPACE);
|
|
}
|
|
@@ -520,6 +528,10 @@ dns_rdataslab_merge(unsigned char *oslab, unsigned char *nslab,
|
|
#endif /* if DNS_RDATASET_FIXED */
|
|
INSIST(ocount > 0 && ncount > 0);
|
|
|
|
+ if (ocount + ncount > DNS_RDATASET_MAX_RECORDS) {
|
|
+ return (DNS_R_TOOMANYRECORDS);
|
|
+ }
|
|
+
|
|
#if DNS_RDATASET_FIXED
|
|
oncount = ncount;
|
|
#endif /* if DNS_RDATASET_FIXED */
|
|
--
|
|
2.33.0
|
|
|