]> git.ipfire.org Git - thirdparty/pdns.git/commitdiff
projects / thirdparty / pdns.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c309dea)
dnsdist: Improve reporting of possible overflow via large Proxy Protocol values 9355/head
authorRemi Gacogne <remi.gacogne@powerdns.com>
Tue, 28 Jul 2020 09:12:27 +0000 (11:12 +0200)
committerRemi Gacogne <remi.gacogne@powerdns.com>
Tue, 28 Jul 2020 09:12:27 +0000 (11:12 +0200)
pdns/dnsdistdist/dnsdist-proxy-protocol.cc patch | blob | blame | history
pdns/proxy-protocol.cc patch | blob | blame | history

diff --git a/pdns/dnsdistdist/dnsdist-proxy-protocol.cc b/pdns/dnsdistdist/dnsdist-proxy-protocol.cc
index e689902fdd2f891e5909496cc4d8015b61c93f0c..083b0d345af3cddc890182f152815f6fd0b6460b 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-proxy-protocol.cc
+++ b/pdns/dnsdistdist/dnsdist-proxy-protocol.cc
@@ -41,6 +41,10 @@ bool addProxyProtocol(std::vector<uint8_t>& buffer, bool tcp, const ComboAddress
   auto payload = makeProxyHeader(tcp, source, destination, values);
 
   auto previousSize = buffer.size();
+  if (payload.size() > (std::numeric_limits<size_t>::max() - previousSize)) {
+    return false;
+  }
+
   buffer.resize(previousSize + payload.size());
   std::copy_backward(buffer.begin(), buffer.begin() + previousSize, buffer.end());
   std::copy(payload.begin(), payload.end(), buffer.begin());
diff --git a/pdns/proxy-protocol.cc b/pdns/proxy-protocol.cc
index 6cfa5d83e2a2dd220ad3d2bb38932ec72ba83d24..5e62e9ea0114f9d4de5fdf70ccccca62d72fc721 100644 (file)
--- a/pdns/proxy-protocol.cc
+++ b/pdns/proxy-protocol.cc
@@ -65,10 +65,13 @@ std::string makeProxyHeader(bool tcp, const ComboAddress& source, const ComboAdd
 
   size_t valuesSize = 0;
   for (const auto& value : values) {
-    valuesSize += sizeof(uint8_t) + sizeof(uint8_t) * 2 + value.content.size();    
-    if (valuesSize > std::numeric_limits<uint16_t>::max()) {
+    if (value.content.size() > std::numeric_limits<uint16_t>::max()) {
       throw std::runtime_error("The size of proxy protocol values is limited to " + std::to_string(std::numeric_limits<uint16_t>::max()) + ", trying to add a value of size " + std::to_string(value.content.size()));
     }
+    valuesSize += sizeof(uint8_t) + sizeof(uint8_t) * 2 + value.content.size();
+    if (valuesSize > std::numeric_limits<uint16_t>::max()) {
+      throw std::runtime_error("The total size of proxy protocol values is limited to " + std::to_string(std::numeric_limits<uint16_t>::max()));
+    }
   }
 
   size_t total = (addrSize * 2) + sizeof(sourcePort) + sizeof(destinationPort) + valuesSize;
Unnamed repository; edit this file 'description' to name the repository.