dnsdist: Check the required size before DNSCrypt padding early, as suggested by Miod

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

diff --git a/pdns/dnsdistdist/dnscrypt.cc b/pdns/dnsdistdist/dnscrypt.cc
index 3d38d42ff97764f168bff4c1bc2122d49ed71cf8..c043a7ec0c5c95fb4990822a8473b3a13baa50ee 100644 (file)
--- a/pdns/dnsdistdist/dnscrypt.cc
+++ b/pdns/dnsdistdist/dnscrypt.cc
@@ -698,10 +698,10 @@ int DNSCryptQuery::encryptResponse(PacketBuffer& response, size_t maxResponseSiz
   }
 
   size_t requiredSize = sizeof(responseHeader) + DNSCRYPT_MAC_SIZE + response.size();
-  size_t maxSize = std::min(maxResponseSize, requiredSize + DNSCRYPT_MAX_RESPONSE_PADDING_SIZE);
   if (requiredSize > maxResponseSize) {
     return ENOBUFS;
   }
+  size_t maxSize = std::min(maxResponseSize, requiredSize + DNSCRYPT_MAX_RESPONSE_PADDING_SIZE);
   uint16_t paddingSize = computePaddingSize(requiredSize, maxSize);
   requiredSize += paddingSize;