Github
/
FTL
mirror of
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FTL v5.25 + warning if NSEC3 iterations exceed limit 

Signed-off-by: DL6ER <dl6er@dl6er.de>
This commit is contained in:
DL6ER 2024-02-18 09:41:52 +01:00
parent 4f92b48ff2
commit 5ebcc20406
No known key found for this signature in database
GPG Key ID: 00135ACBD90B28DD
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/dnsmasq/dnssec.c
View File

@ -16,6 +16,7 @@
*/
#include "dnsmasq.h"
#include "log.h"
#ifdef HAVE_DNSSEC
@ -1533,7 +1534,10 @@ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, uns
GETSHORT (iterations, p);
/* Upper-bound iterations, to avoid DoS. RFC 9276 refers. */
if (iterations > daemon->limit[LIMIT_NSEC3_ITERS])
{
logg("NSEC3 iterations %d exceeds set limit %d, failing query to avoid DoS", iterations, daemon->limit[LIMIT_NSEC3_ITERS]);
return DNSSEC_FAIL_NSEC3_ITERS;
}
salt_len = *p++;
salt = p;