From a64fd6af8493db34d65656999f5c73ceaedee1fc Mon Sep 17 00:00:00 2001
From: Kees Monshouwer <mind04@monshouwer.org>
Date: Tue, 13 Jan 2015 13:12:54 +0100
Subject: [PATCH] auth: limit long version strings to 63 characters and catch
 exceptions in secpoll

---
 pdns/common_startup.cc | 5 ++++-
 pdns/secpoll-auth.cc   | 5 +++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
index c1abe1d26b..bef05b8dc5 100644
--- a/pdns/common_startup.cc
+++ b/pdns/common_startup.cc
@@ -430,7 +430,10 @@ void mainthread()
    DNSPacket::s_udpTruncationThreshold = std::max(512, ::arg().asNum("udp-truncation-threshold"));
    DNSPacket::s_doEDNSSubnetProcessing = ::arg().mustDo("edns-subnet-processing");
 
-   doSecPoll(true); // this must be BEFORE chroot
+   try {
+     doSecPoll(true); // this must be BEFORE chroot
+   }
+   catch(...) {}
 
    if(!::arg()["chroot"].empty()) {  
      triggerLoadOfLibraries();
diff --git a/pdns/secpoll-auth.cc b/pdns/secpoll-auth.cc
index cfdce04d7d..50d9d4db74 100644
--- a/pdns/secpoll-auth.cc
+++ b/pdns/secpoll-auth.cc
@@ -122,7 +122,8 @@ void doSecPoll(bool first)
   struct timeval now;
   gettimeofday(&now, 0);
 
-  string query = "auth-" PACKAGEVERSION ".security-status."+::arg()["security-poll-suffix"];
+  string version = "auth-" + string(PACKAGEVERSION);
+  string query = version.substr(0, 63) +".security-status."+::arg()["security-poll-suffix"];
 
   if(*query.rbegin()!='.')
     query+='.';
@@ -149,7 +150,7 @@ void doSecPoll(bool first)
 
   }
   else {
-    L<<Logger::Warning<<"Could not retrieve security status update for '" PACKAGEVERSION "' on '"+query+"', RCODE = "<< RCode::to_s(res)<<endl;
+    L<<Logger::Warning<<"Could not retrieve security status update for '"<<PACKAGEVERSION<<"' on '"+query+"', RCODE = "<< RCode::to_s(res)<<endl;
     if(security_status == 1) // it was ok, not it is unknown
       security_status = 0;
   }
-- 
2.47.2