From 1088cc4faeb8cacef8bb7fa9f12a665fcead8d7c Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Fri, 13 Mar 2020 16:32:40 +0100
Subject: [PATCH] Prevent an overflow of the proxy protocol header size

---
 pdns/proxy-protocol.cc | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/pdns/proxy-protocol.cc b/pdns/proxy-protocol.cc
index d99ffa84cd..be635c4241 100644
--- a/pdns/proxy-protocol.cc
+++ b/pdns/proxy-protocol.cc
@@ -71,8 +71,12 @@ std::string makeProxyHeader(bool tcp, const ComboAddress& source, const ComboAdd
     valuesSize += sizeof(uint8_t) + sizeof(uint8_t) * 2 + value.content.size();
   }
 
-  const uint16_t contentlen = htons((addrSize * 2) + sizeof(sourcePort) + sizeof(destinationPort) + valuesSize);
+  size_t total = (addrSize * 2) + sizeof(sourcePort) + sizeof(destinationPort) + valuesSize;
+  if (total > std::numeric_limits<uint16_t>::max()) {
+    throw std::runtime_error("The size of a proxy protocol header is limited to " + std::to_string(std::numeric_limits<uint16_t>::max()) + ", trying to send one of size " + std::to_string(total));
+  }
 
+  const uint16_t contentlen = htons(static_cast<uint16_t>(total));
   std::string ret = makeSimpleHeader(command, protocol, contentlen);
 
   // We already established source and destination sin_family equivalence
-- 
2.47.2