From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Thu, 29 Dec 2016 10:46:36 +0000 (+0100)
Subject: dnsdist: Check that cached responses are >= sizeof(dnsheader)
X-Git-Tag: dnsdist-1.1.0^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F4812%2Fhead;p=thirdparty%2Fpdns.git

dnsdist: Check that cached responses are >= sizeof(dnsheader)

The check is done before inserting the response into the cache, but
it feels safer to check it again before passing it to `memcpy()`.
We check that the cached response is larger than
`sizeof(dnsheader) + qname` afterwards, but the previous commit
moved the header copy before that check.
---

diff --git a/pdns/dnsdist-cache.cc b/pdns/dnsdist-cache.cc
index e36fa5d451..2b9c25cc49 100644
--- a/pdns/dnsdist-cache.cc
+++ b/pdns/dnsdist-cache.cc
@@ -156,7 +156,7 @@ bool DNSDistPacketCache::get(const DNSQuestion& dq, uint16_t consumed, uint16_t
       }
     }
 
-    if (*responseLen < value.len) {
+    if (*responseLen < value.len || value.len < sizeof(dnsheader)) {
       return false;
     }