From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Thu, 7 Sep 2017 07:43:53 +0000 (+0200)
Subject: auth: Treat requestor's payload size lower than 512 as equal to 512
X-Git-Tag: rec-4.1.0-rc1~44^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7a9b7c95891deddb1f907b743f30df82fad84ffd;p=thirdparty%2Fpdns.git

auth: Treat requestor's payload size lower than 512 as equal to 512
---

diff --git a/pdns/dnspacket.cc b/pdns/dnspacket.cc
index e40f88114f..e03f7fad9b 100644
--- a/pdns/dnspacket.cc
+++ b/pdns/dnspacket.cc
@@ -551,7 +551,10 @@ try
 
   if(getEDNSOpts(mdp, &edo)) {
     d_haveednssection=true;
-    d_maxreplylen=std::min(edo.d_packetsize, s_udpTruncationThreshold);
+    /* rfc6891 6.2.3:
+       "Values lower than 512 MUST be treated as equal to 512."
+    */
+    d_maxreplylen=std::min(std::max(static_cast<uint16_t>(512), edo.d_packetsize), s_udpTruncationThreshold);
 //    cerr<<edo.d_Z<<endl;
     if(edo.d_Z & EDNSOpts::DNSSECOK)
       d_dnssecOk=true;