From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Tue, 28 Jul 2020 09:12:27 +0000 (+0200)
Subject: dnsdist: Improve reporting of possible overflow via large Proxy Protocol values
X-Git-Tag: dnsdist-1.5.0~3^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aa14625bf8776c4f612331dac89792a2579dc2a2;p=thirdparty%2Fpdns.git

dnsdist: Improve reporting of possible overflow via large Proxy Protocol values
---

diff --git a/pdns/dnsdistdist/dnsdist-proxy-protocol.cc b/pdns/dnsdistdist/dnsdist-proxy-protocol.cc
index e689902fdd..083b0d345a 100644
--- a/pdns/dnsdistdist/dnsdist-proxy-protocol.cc
+++ b/pdns/dnsdistdist/dnsdist-proxy-protocol.cc
@@ -41,6 +41,10 @@ bool addProxyProtocol(std::vector<uint8_t>& buffer, bool tcp, const ComboAddress
   auto payload = makeProxyHeader(tcp, source, destination, values);
 
   auto previousSize = buffer.size();
+  if (payload.size() > (std::numeric_limits<size_t>::max() - previousSize)) {
+    return false;
+  }
+
   buffer.resize(previousSize + payload.size());
   std::copy_backward(buffer.begin(), buffer.begin() + previousSize, buffer.end());
   std::copy(payload.begin(), payload.end(), buffer.begin());
diff --git a/pdns/proxy-protocol.cc b/pdns/proxy-protocol.cc
index 6cfa5d83e2..5e62e9ea01 100644
--- a/pdns/proxy-protocol.cc
+++ b/pdns/proxy-protocol.cc
@@ -65,10 +65,13 @@ std::string makeProxyHeader(bool tcp, const ComboAddress& source, const ComboAdd
 
   size_t valuesSize = 0;
   for (const auto& value : values) {
-    valuesSize += sizeof(uint8_t) + sizeof(uint8_t) * 2 + value.content.size();    
-    if (valuesSize > std::numeric_limits<uint16_t>::max()) {
+    if (value.content.size() > std::numeric_limits<uint16_t>::max()) {
       throw std::runtime_error("The size of proxy protocol values is limited to " + std::to_string(std::numeric_limits<uint16_t>::max()) + ", trying to add a value of size " + std::to_string(value.content.size()));
     }
+    valuesSize += sizeof(uint8_t) + sizeof(uint8_t) * 2 + value.content.size();
+    if (valuesSize > std::numeric_limits<uint16_t>::max()) {
+      throw std::runtime_error("The total size of proxy protocol values is limited to " + std::to_string(std::numeric_limits<uint16_t>::max()));
+    }
   }
 
   size_t total = (addrSize * 2) + sizeof(sourcePort) + sizeof(destinationPort) + valuesSize;