dnsdist: Prevent unbounded memory allocation for DoH3 queries

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

diff --git a/pdns/dnsdistdist/doh3.cc b/pdns/dnsdistdist/doh3.cc
index 5f46661a47c465973af4d8eb8f9ce434a7dce0f1..4b435dc13d5ba80ae2fe34ca7da3b35f3a9c5cde 100644 (file)
--- a/pdns/dnsdistdist/doh3.cc
+++ b/pdns/dnsdistdist/doh3.cc
@@ -847,6 +847,14 @@ static void processH3DataEvent(ClientState& clientState, DOH3Frontend& frontend,
       break;
     }
 
+    if (len > std::numeric_limits<uint16_t>::max() || (std::numeric_limits<uint16_t>::max() - streamBuffer.size()) < static_cast<size_t>(len)) {
+      VERBOSESLOG(infolog("DOH3 data frame of size %d is too large for a DNS query (we already have %d)", len, streamBuffer.size()),
+                  frontend.d_logger->info(Logr::Info, "DOH3 data frame is too large for a DNS query", "http.stream_id", Logging::Loggable(streamID), "frame_size", Logging::Loggable(len), "existing_payload_size", Logging::Loggable(streamBuffer.size())));
+      conn.d_streamBuffers.erase(streamID);
+      handleImmediateError("DoH3 non-compliant query");
+      return;
+    }
+
     buffer.resize(static_cast<size_t>(len));
     streamBuffer.insert(streamBuffer.end(), buffer.begin(), buffer.end());
   }