dnsdist: Prevent division by zero when computing DNSCrypt padding (YWH-PGM6095-189)

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

diff --git a/pdns/dnsdistdist/dnscrypt.cc b/pdns/dnsdistdist/dnscrypt.cc
index 6e8947cb5a81a84736a2a7224bb019d19610e2b8..3d38d42ff97764f168bff4c1bc2122d49ed71cf8 100644 (file)
--- a/pdns/dnsdistdist/dnscrypt.cc
+++ b/pdns/dnsdistdist/dnscrypt.cc
@@ -639,6 +639,9 @@ uint16_t DNSCryptQuery::computePaddingSize(uint16_t unpaddedLen, size_t maxLen)
   if (d_pair == nullptr) {
     throw std::runtime_error("Trying to compute the padding size from an invalid DNSCrypt query");
   }
+  if (unpaddedLen > maxLen) {
+    throw std::runtime_error("Trying to compute the padding size for an oversized content");
+  }
 
   DNSCryptNonceType nonce;
   memcpy(nonce.data(), d_header.clientNonce.data(), d_header.clientNonce.size());
@@ -696,6 +699,9 @@ int DNSCryptQuery::encryptResponse(PacketBuffer& response, size_t maxResponseSiz
 
   size_t requiredSize = sizeof(responseHeader) + DNSCRYPT_MAC_SIZE + response.size();
   size_t maxSize = std::min(maxResponseSize, requiredSize + DNSCRYPT_MAX_RESPONSE_PADDING_SIZE);
+  if (requiredSize > maxResponseSize) {
+    return ENOBUFS;
+  }
   uint16_t paddingSize = computePaddingSize(requiredSize, maxSize);
   requiredSize += paddingSize;