The three answer sections can only carry up to UINT16_MAX entries, hence
put a hard upper limit on how far DnsAnswer can grow. The three count
fields in the DNS packet header are 16 bit only, hence the limit.
If code actually tries to add more than 64K RRs it will get ENOSPC with
this new checking.
And similar to DnsQuestion.
DnsAnswer *dns_answer_new(size_t n) {
DnsAnswer *a;
+ if (n > UINT16_MAX) /* We can only place 64K RRs in an answer at max */
+ n = UINT16_MAX;
+
a = malloc0(offsetof(DnsAnswer, items) + sizeof(DnsAnswerItem) * n);
if (!a)
return NULL;
return -EBUSY;
ns = (*a)->n_rrs + n_free;
+ if (ns > UINT16_MAX) /* Maximum number of RRs we can stick into a DNS packet section */
+ ns = UINT16_MAX;
if ((*a)->n_allocated >= ns)
return 0;
/* Allocate more than we need */
ns *= 2;
+ if (ns > UINT16_MAX)
+ ns = UINT16_MAX;
n = realloc(*a, offsetof(DnsAnswer, items) + sizeof(DnsAnswerItem) * ns);
if (!n)
DnsQuestion *dns_question_new(size_t n) {
DnsQuestion *q;
- assert(n > 0);
+ if (n > UINT16_MAX) /* We can only place 64K key in an question section at max */
+ n = UINT16_MAX;
q = malloc0(offsetof(DnsQuestion, keys) + sizeof(DnsResourceKey*) * n);
if (!q)
projects / thirdparty / systemd.git / commitdiff
