From aa14625bf8776c4f612331dac89792a2579dc2a2 Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Tue, 28 Jul 2020 11:12:27 +0200 Subject: [PATCH] dnsdist: Improve reporting of possible overflow via large Proxy Protocol values --- pdns/dnsdistdist/dnsdist-proxy-protocol.cc | 4 ++++ pdns/proxy-protocol.cc | 7 +++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/pdns/dnsdistdist/dnsdist-proxy-protocol.cc b/pdns/dnsdistdist/dnsdist-proxy-protocol.cc index e689902fdd..083b0d345a 100644 --- a/pdns/dnsdistdist/dnsdist-proxy-protocol.cc +++ b/pdns/dnsdistdist/dnsdist-proxy-protocol.cc @@ -41,6 +41,10 @@ bool addProxyProtocol(std::vector& buffer, bool tcp, const ComboAddress auto payload = makeProxyHeader(tcp, source, destination, values); auto previousSize = buffer.size(); + if (payload.size() > (std::numeric_limits::max() - previousSize)) { + return false; + } + buffer.resize(previousSize + payload.size()); std::copy_backward(buffer.begin(), buffer.begin() + previousSize, buffer.end()); std::copy(payload.begin(), payload.end(), buffer.begin()); diff --git a/pdns/proxy-protocol.cc b/pdns/proxy-protocol.cc index 6cfa5d83e2..5e62e9ea01 100644 --- a/pdns/proxy-protocol.cc +++ b/pdns/proxy-protocol.cc @@ -65,10 +65,13 @@ std::string makeProxyHeader(bool tcp, const ComboAddress& source, const ComboAdd size_t valuesSize = 0; for (const auto& value : values) { - valuesSize += sizeof(uint8_t) + sizeof(uint8_t) * 2 + value.content.size(); - if (valuesSize > std::numeric_limits::max()) { + if (value.content.size() > std::numeric_limits::max()) { throw std::runtime_error("The size of proxy protocol values is limited to " + std::to_string(std::numeric_limits::max()) + ", trying to add a value of size " + std::to_string(value.content.size())); } + valuesSize += sizeof(uint8_t) + sizeof(uint8_t) * 2 + value.content.size(); + if (valuesSize > std::numeric_limits::max()) { + throw std::runtime_error("The total size of proxy protocol values is limited to " + std::to_string(std::numeric_limits::max())); + } } size_t total = (addrSize * 2) + sizeof(sourcePort) + sizeof(destinationPort) + valuesSize; -- 2.47.2