From: Brian Wellington <bwelling@xbill.org>
Date: Thu, 25 Jun 2020 00:04:59 +0000 (-0700)
Subject: Fix TTL limiting.
X-Git-Tag: v2.0.0rc2~64
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=903b4f7298c06264c3eb9c57e50e15c733a58ffb;p=thirdparty%2Fdnspython.git

Fix TTL limiting.

The message code would convert negative TTL into 0, but the TTL could
never be negative, as it was read with the '!I' format, which reads
unsigned 32 bit integers.  We don't want to change that, since OPT flags
(which are encoded in the TTL) should be treated as unsigned.  Instead,
treat all TTLs > (2^31 - 1) as 0.
---

diff --git a/dns/message.py b/dns/message.py
index 63a55dbb..132149db 100644
--- a/dns/message.py
+++ b/dns/message.py
@@ -732,7 +732,7 @@ class _WireReader:
                                       self.message.first)
                 self.message.had_tsig = True
             else:
-                if ttl < 0:
+                if ttl > 0x7fffffff:
                     ttl = 0
                 if self.updating and \
                    rdclass in (dns.rdataclass.ANY, dns.rdataclass.NONE):