fix(dnstap): add bounds for plugin args (#7557)

Validate dnstap writebuffer (MiB) and queue (x10k) args. Reject
non-integers and out-of-range values with clear errors. Updated
plugin documentation and tests.

Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>

plugin/dnstap/setup.go

@@ -17,6 +17,14 @@ var log = clog.NewWithPlugin("dnstap")
 
 func init() { plugin.Register("dnstap", setup) }
 
+const (
+	// Upper bounds chosen to keep memory use and kernel socket buffer requests reasonable
+	// while allowing large configurations. Write buffer multiple is in MiB units; queue
+	// multiple is applied to 10,000 messages. See plugin README for parameter semantics.
+	maxMultipleTcpWriteBuf = 1024 // up to 1 GiB write buffer per TCP connection
+	maxMultipleQueue       = 4096 // up to 40,960,000 enqueued messages
+)
+
 func parseConfig(c *caddy.Controller) ([]*Dnstap, error) {
 	dnstaps := []*Dnstap{}
 
@@ -37,11 +45,26 @@ func parseConfig(c *caddy.Controller) ([]*Dnstap, error) {
 		endpoint := args[0]
 
 		if len(args) >= 3 {
-			d.MultipleTcpWriteBuf, _ = strconv.Atoi(args[2])
+			tcpWriteBuf := args[2]
+			if v, err := strconv.Atoi(tcpWriteBuf); err == nil {
+				if v < 1 || v > maxMultipleTcpWriteBuf {
+					return nil, c.Errf("dnstap: MultipleTcpWriteBuf must be between 1 and %d (MiB units): %d", maxMultipleTcpWriteBuf, v)
+				}
+				d.MultipleTcpWriteBuf = v
+			} else {
+				return nil, c.Errf("dnstap: invalid MultipleTcpWriteBuf %q: %v", tcpWriteBuf, err)
+			}
 		}
-
 		if len(args) >= 4 {
-			d.MultipleQueue, _ = strconv.Atoi(args[3])
+			qSize := args[3]
+			if v, err := strconv.Atoi(qSize); err == nil {
+				if v < 1 || v > maxMultipleQueue {
+					return nil, c.Errf("dnstap: MultipleQueue must be between 1 and %d (x10k messages): %d", maxMultipleQueue, v)
+				}
+				d.MultipleQueue = v
+			} else {
+				return nil, c.Errf("dnstap: invalid MultipleQueue %q: %v", qSize, err)
+			}
 		}
 
 		var dio *dio