network: limit the total number of Encrypted DNS options processed

We need a sensible limit on the number of Encrypted DNS options allowed
so that the set of resolvers per link does not grow without bound.

Fixes: 0c90d1d2f243 ("ndisc: Parse RFC9463 encrypted DNS (DNR) option")

diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c
index 0773e9e8ca8fac2ee91e640bb49f443c9422ac7a..677ddc6b1cc457272ad52e21a972f419ba0e40c7 100644 (file)
--- a/src/network/networkd-ndisc.c
+++ b/src/network/networkd-ndisc.c
@@ -30,6 +30,7 @@
 
 #define NDISC_DNSSL_MAX 64U
 #define NDISC_RDNSS_MAX 64U
+#define NDISC_ENCRYPTED_DNS_MAX 64U
 /* Not defined in the RFC, but let's set an upper limit to make not consume much memory.
  * This should be safe as typically there should be at most 1 portal per network. */
 #define NDISC_CAPTIVE_PORTAL_MAX 64U
@@ -1942,6 +1943,11 @@ static int ndisc_router_process_encrypted_dns(Link *link, sd_ndisc_router *rt) {
                 return 0;
         }
 
+        if (set_size(link->ndisc_dnr) >= NDISC_ENCRYPTED_DNS_MAX) {
+                log_link_warning(link, "Too many Encrypted DNS records received. Only first %u records will be used.", NDISC_ENCRYPTED_DNS_MAX);
+                return 0;
+        }
+
         new_entry = new(NDiscDNR, 1);
         if (!new_entry)
                 return log_oom();