From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Thu, 19 Apr 2018 09:01:13 +0000 (+0200)
Subject: EDNS: ensure the NSID fits in the return packet
X-Git-Tag: dnsdist-1.3.1~50^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8a42919a8bd3f6f4ffb2982c108ff0c8c944bd56;p=thirdparty%2Fpdns.git

EDNS: ensure the NSID fits in the return packet
---

diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index c8c93c7d01..4aa1628e7a 100644
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -896,7 +896,8 @@ static void startDoResolve(void *p)
           dc->d_ecsFound = getEDNSSubnetOptsFromString(o.second, &dc->d_ednssubnet);
         } else if (o.first == EDNSOptionCode::NSID) {
           const static string mode_server_id = ::arg()["server-id"];
-          if(mode_server_id != "disabled" && !mode_server_id.empty()) {
+          if(mode_server_id != "disabled" && !mode_server_id.empty() &&
+              maxanswersize > (2 + 2 + mode_server_id.size())) {
             returnedEdnsOptions.push_back(make_pair(EDNSOptionCode::NSID, mode_server_id));
             variableAnswer = true; // Can't packetcache an answer with NSID
             // Option Code and Option Length are both 2