Add a limit to the number of RRs in RRSets

Previously, the number of RRs in the RRSets were internally unlimited.
As the data structure that holds the RRs is just a linked list, and
there are places where we just walk through all of the RRs, adding an
RRSet with huge number of RRs inside would slow down processing of said
RRSets.

The fix for end-of-life branches make the limit compile-time only for
simplicity and the limit can be changed at the compile time by adding
following define to CFLAGS:

    -DDNS_RDATASET_MAX_RECORDS=<limit>

(cherry picked from commit c5c4d00c38530390c9e1ae4c98b65fbbadfe9e5e)

diff --git a/configure b/configure
index 1b436d63ebeedc9607f9e23399aac6ce952f7bf5..30e65f1568ddbc5fd6068810a9709366108bb5ea 100755 (executable)
--- a/configure
+++ b/configure
@@ -12341,7 +12341,7 @@ fi
 
 XTARGETS=
 if test "$enable_developer" = "yes"; then :
-  STD_CDEFINES="$STD_CDEFINES -DISC_MEM_DEFAULTFILL=1 -DISC_LIST_CHECKINIT=1"
+  STD_CDEFINES="$STD_CDEFINES -DISC_MEM_DEFAULTFILL=1 -DISC_LIST_CHECKINIT=1 -DDNS_RDATASET_MAX_RECORDS=5000"
        test "${enable_fixed_rrset+set}" = set || enable_fixed_rrset=yes
        test "${enable_querytrace+set}" = set || enable_querytrace=yes
        test "${with_cmocka+set}" = set || with_cmocka=yes

diff --git a/configure.ac b/configure.ac
index fb6f172eaef9d77cd23b495914accc16d64fa01c..ffe087e6d7b16b7aa75edfe3b92d912b15a1f9a3 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -96,7 +96,7 @@ AC_ARG_ENABLE([developer],
 
 XTARGETS=
 AS_IF([test "$enable_developer" = "yes"],
-      [STD_CDEFINES="$STD_CDEFINES -DISC_MEM_DEFAULTFILL=1 -DISC_LIST_CHECKINIT=1"
+      [STD_CDEFINES="$STD_CDEFINES -DISC_MEM_DEFAULTFILL=1 -DISC_LIST_CHECKINIT=1 -DDNS_RDATASET_MAX_RECORDS=5000"
        test "${enable_fixed_rrset+set}" = set || enable_fixed_rrset=yes
        test "${enable_querytrace+set}" = set || enable_querytrace=yes
        test "${with_cmocka+set}" = set || with_cmocka=yes

diff --git a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c
index 14c43818b8055acc45ca87e402baef9a3018e7a3..d74e84ce4a6cfff7c7b90ca3f86ab074fe20ab24 100644 (file)
--- a/lib/dns/rdataslab.c
+++ b/lib/dns/rdataslab.c
@@ -112,6 +112,10 @@ fillin_offsets(unsigned char *offsetbase, unsigned int *offsettable,
 }
 #endif /* if DNS_RDATASET_FIXED */
 
+#ifndef DNS_RDATASET_MAX_RECORDS
+#define DNS_RDATASET_MAX_RECORDS 100
+#endif /* DNS_RDATASET_MAX_RECORDS */
+
 isc_result_t
 dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
                           isc_region_t *region, unsigned int reservelen) {
@@ -156,6 +160,10 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
                return (ISC_R_SUCCESS);
        }
 
+       if (nitems > DNS_RDATASET_MAX_RECORDS) {
+               return (DNS_R_TOOMANYRECORDS);
+       }
+
        if (nitems > 0xffff) {
                return (ISC_R_NOSPACE);
        }
@@ -524,6 +532,10 @@ dns_rdataslab_merge(unsigned char *oslab, unsigned char *nslab,
 #endif /* if DNS_RDATASET_FIXED */
        INSIST(ocount > 0 && ncount > 0);
 
+       if (ocount + ncount > DNS_RDATASET_MAX_RECORDS) {
+               return (DNS_R_TOOMANYRECORDS);
+       }
+
 #if DNS_RDATASET_FIXED
        oncount = ncount;
 #endif /* if DNS_RDATASET_FIXED */