From 903b4f7298c06264c3eb9c57e50e15c733a58ffb Mon Sep 17 00:00:00 2001
From: Brian Wellington <bwelling@xbill.org>
Date: Wed, 24 Jun 2020 17:04:59 -0700
Subject: [PATCH] Fix TTL limiting.

The message code would convert negative TTL into 0, but the TTL could
never be negative, as it was read with the '!I' format, which reads
unsigned 32 bit integers.  We don't want to change that, since OPT flags
(which are encoded in the TTL) should be treated as unsigned.  Instead,
treat all TTLs > (2^31 - 1) as 0.
---
 dns/message.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dns/message.py b/dns/message.py
index 63a55dbb..132149db 100644
--- a/dns/message.py
+++ b/dns/message.py
@@ -732,7 +732,7 @@ class _WireReader:
                                       self.message.first)
                 self.message.had_tsig = True
             else:
-                if ttl < 0:
+                if ttl > 0x7fffffff:
                     ttl = 0
                 if self.updating and \
                    rdclass in (dns.rdataclass.ANY, dns.rdataclass.NONE):
-- 
2.47.3