From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Fri, 13 Mar 2020 15:32:40 +0000 (+0100)
Subject: Prevent an overflow of the proxy protocol header size
X-Git-Tag: dnsdist-1.5.0-alpha1~12^2~10
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1088cc4faeb8cacef8bb7fa9f12a665fcead8d7c;p=thirdparty%2Fpdns.git

Prevent an overflow of the proxy protocol header size
---

diff --git a/pdns/proxy-protocol.cc b/pdns/proxy-protocol.cc
index d99ffa84cd..be635c4241 100644
--- a/pdns/proxy-protocol.cc
+++ b/pdns/proxy-protocol.cc
@@ -71,8 +71,12 @@ std::string makeProxyHeader(bool tcp, const ComboAddress& source, const ComboAdd
     valuesSize += sizeof(uint8_t) + sizeof(uint8_t) * 2 + value.content.size();
   }
 
-  const uint16_t contentlen = htons((addrSize * 2) + sizeof(sourcePort) + sizeof(destinationPort) + valuesSize);
+  size_t total = (addrSize * 2) + sizeof(sourcePort) + sizeof(destinationPort) + valuesSize;
+  if (total > std::numeric_limits<uint16_t>::max()) {
+    throw std::runtime_error("The size of a proxy protocol header is limited to " + std::to_string(std::numeric_limits<uint16_t>::max()) + ", trying to send one of size " + std::to_string(total));
+  }
 
+  const uint16_t contentlen = htons(static_cast<uint16_t>(total));
   std::string ret = makeSimpleHeader(command, protocol, contentlen);
 
   // We already established source and destination sin_family equivalence