From be35c484189df01d2cc2589858a2b8b1a916027c Mon Sep 17 00:00:00 2001
From: Remi Gacogne <rgacogne-github@coredump.fr>
Date: Fri, 27 Nov 2015 15:00:36 +0100
Subject: [PATCH] Check the length of TCP queries

There is no point in trying to parse queries whose length
is < sizeof(dnsheader).
---
 pdns/dnsdist-tcp.cc | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/pdns/dnsdist-tcp.cc b/pdns/dnsdist-tcp.cc
index a69c0ae728..a24680b852 100644
--- a/pdns/dnsdist-tcp.cc
+++ b/pdns/dnsdist-tcp.cc
@@ -146,7 +146,12 @@ void* tcpClientThread(int pipefd)
       for(;;) {      
         if(!getNonBlockingMsgLen(ci.fd, &qlen, g_tcpRecvTimeout))
           break;
-        
+
+        if (qlen < sizeof(dnsheader)) {
+          g_stats.nonCompliantQueries++;
+          break;
+        }
+
         char query[qlen];
         readn2WithTimeout(ci.fd, query, qlen, g_tcpRecvTimeout);
 	uint16_t qtype;
-- 
2.47.2