From dd9ebcf6dcba5c71f29b949bad0d8d4d73bc75a0 Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Thu, 28 Sep 2023 01:25:11 +0200
Subject: [PATCH] dnsdist: Fix the maximum size of a DoQ retry token

---
 pdns/dnsdistdist/doq.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pdns/dnsdistdist/doq.cc b/pdns/dnsdistdist/doq.cc
index 8786c55d0f..1ba7a8a638 100644
--- a/pdns/dnsdistdist/doq.cc
+++ b/pdns/dnsdistdist/doq.cc
@@ -382,7 +382,7 @@ static std::optional<PacketBuffer> getCID()
   return buffer;
 }
 
-static constexpr size_t MAX_TOKEN_LEN = std::tuple_size<decltype(SodiumNonce::value)>{} /* nonce */ + sizeof(uint64_t) /* TTD */ + 16 /* IPv6 */ + QUICHE_MAX_CONN_ID_LEN;
+static constexpr size_t MAX_TOKEN_LEN = std::tuple_size<decltype(SodiumNonce::value)>{} /* nonce */ + /* MAC */ crypto_secretbox_MACBYTES + sizeof(uint64_t) /* TTD */ + 16 /* IPv6 */ + QUICHE_MAX_CONN_ID_LEN;
 
 static PacketBuffer mintToken(const PacketBuffer& dcid, const ComboAddress& peer)
 {
-- 
2.47.2