From: Andoni Duarte <andoni@isc.org>
Date: Wed, 15 Jan 2025 11:56:06 +0000 (+0000)
Subject: [CVE-2024-11187] sec: usr: Limit the additional processing for large RDATA sets
X-Git-Tag: v9.21.4~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4d054cca7a006edbaafffa0aa2ebe4b47fb8db35;p=thirdparty%2Fbind9.git

[CVE-2024-11187] sec: usr: Limit the additional processing for large RDATA sets

When answering queries, don't add data to the additional section if the answer has more than 13 names in the RDATA. This limits the number of lookups into the database(s) during a single client query, reducing query processing load.

See isc-projects/bind9#5034

Merge branch '5034-security-limit-additional' into 'v9.21.4-release'

See merge request isc-private/bind9!750
---

4d054cca7a006edbaafffa0aa2ebe4b47fb8db35