Warn early when parsing a too large DNS record

author Remi Gacogne <remi.gacogne@powerdns.com>

Tue, 17 Mar 2026 13:10:51 +0000 (14:10 +0100)

committer Remi Gacogne <remi.gacogne@powerdns.com>

Tue, 31 Mar 2026 10:31:45 +0000 (12:31 +0200)
author Remi Gacogne <remi.gacogne@powerdns.com>
Tue, 17 Mar 2026 13:10:51 +0000 (14:10 +0100)
committer Remi Gacogne <remi.gacogne@powerdns.com>
Tue, 31 Mar 2026 10:31:45 +0000 (12:31 +0200)
diff --git a/pdns/dnsparser.cc b/pdns/dnsparser.cc

index 6b66788380505c734ce972f12e044d9231cec356..d22bbbf79cfaf72bad6e39ec05a6aba87f321998 100644 (file)
--- a/pdns/dnsparser.cc
+++ b/pdns/dnsparser.cc
@@ -372,6 +372,9 @@ void PacketReader::getDnsrecordheader(struct dnsrecordheader &ah)
  
    d_startrecordpos = d_pos; // needed for getBlob later on
    d_recordlen = ah.d_clen;
+  if (d_pos > d_content.size() || (d_content.size() - d_pos) < (d_recordlen)) {
+    throw std::out_of_range("DNS record length (" + std::to_string(d_recordlen) + " starting at " + std::to_string(d_pos) + ") goes beyond the packet's content (" + std::to_string(d_content.size()) + ")");
+  }
  }
author	Remi Gacogne <remi.gacogne@powerdns.com>
	Tue, 17 Mar 2026 13:10:51 +0000 (14:10 +0100)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Tue, 31 Mar 2026 10:31:45 +0000 (12:31 +0200)