resolved: put size limit in DnsAnswer size to UINT16_MAX

The three answer sections can only carry up to UINT16_MAX entries, hence put a hard upper limit on how far DnsAnswer can grow. The three count fields in the DNS packet header are 16 bit only, hence the limit. If code actually tries to add more than 64K RRs it will get ENOSPC with this new checking. And similar to DnsQuestion.
author: Lennart Poettering <lennart@poettering.net> 2020-11-03 18:31:03 +0100
committer: Lennart Poettering <lennart@poettering.net> 2020-11-03 20:35:04 +0100
commit: 398c611833584632c6977e2f89746403108637c7 (patch)
tree: f0797475b14972c649497e51d7bee0f3d3a1a8ce /src/resolve/resolved-dns-question.c
parent: resolved: check return value of memdup() correctly for OOM (diff)
download: systemd-398c611833584632c6977e2f89746403108637c7.tar.xz
systemd-398c611833584632c6977e2f89746403108637c7.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/src/resolve/resolved-dns-question.c b/src/resolve/resolved-dns-question.c
index 62833efa0e..809965a845 100644
--- a/src/resolve/resolved-dns-question.c
+++ b/src/resolve/resolved-dns-question.c
@@ -8,7 +8,8 @@
 DnsQuestion *dns_question_new(size_t n) {
         DnsQuestion *q;
 
-        assert(n > 0);
+        if (n > UINT16_MAX) /* We can only place 64K key in an question section at max */
+                n = UINT16_MAX;
 
         q = malloc0(offsetof(DnsQuestion, keys) + sizeof(DnsResourceKey*) * n);
         if (!q)
author	Lennart Poettering <lennart@poettering.net>	2020-11-03 18:31:03 +0100
committer	Lennart Poettering <lennart@poettering.net>	2020-11-03 20:35:04 +0100
commit	398c611833584632c6977e2f89746403108637c7 (patch)
tree	f0797475b14972c649497e51d7bee0f3d3a1a8ce /src/resolve/resolved-dns-question.c
parent	resolved: check return value of memdup() correctly for OOM (diff)
download	systemd-398c611833584632c6977e2f89746403108637c7.tar.xz systemd-398c611833584632c6977e2f89746403108637c7.zip