mirror of
https://github.com/coredns/coredns.git
synced 2026-07-18 05:30:13 -04:00
Merge commit from fork
DoH, DoQ, and DNS-over-gRPC unpack messages without the acceptance checks used by UDP and TCP. An unauthenticated request with a large QDCOUNT can therefore force excessive allocations while names are decoded and exhaust server memory. Enforce the same request policy across all server transports. Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
This commit is contained in:
@@ -9,6 +9,7 @@ import (
|
||||
|
||||
"github.com/coredns/caddy"
|
||||
"github.com/coredns/coredns/pb"
|
||||
"github.com/coredns/coredns/plugin/pkg/dnsutil"
|
||||
"github.com/coredns/coredns/plugin/pkg/reuseport"
|
||||
"github.com/coredns/coredns/plugin/pkg/transport"
|
||||
|
||||
@@ -177,8 +178,7 @@ func (s *ServergRPC) Query(ctx context.Context, in *pb.DnsPacket) (*pb.DnsPacket
|
||||
if len(in.GetMsg()) > dns.MaxMsgSize {
|
||||
return nil, fmt.Errorf("dns message exceeds size limit: %d", len(in.GetMsg()))
|
||||
}
|
||||
msg := new(dns.Msg)
|
||||
err := msg.Unpack(in.GetMsg())
|
||||
msg, err := dnsutil.UnpackRequest(in.GetMsg())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user