[ISC-support #20671] DNS_EDNSOPTIONS macro
https://support.isc.org/Ticket/Display.html?id=20671
A support customer has reported a potential issue with the value defined for DNS_EDNSOPTIONS, which is used in several INSISTs. From the Support ticket:
In BIND 9.16.23, DNS_EDNSOPTIONS is defined in lib/dns/include/dns/message.h as:
/*%< The number of EDNS options we know about. */ #define DNS_EDNSOPTIONS 8
whereas message.h lists more options:
/*%< EDNS0 extended OPT codes / #define DNS_OPT_LLQ 1 /%< LLQ opt code / #define DNS_OPT_NSID 3 /%< NSID opt code / #define DNS_OPT_CLIENT_SUBNET 8 /%< client subnet opt code / #define DNS_OPT_EXPIRE 9 /%< EXPIRE opt code / #define DNS_OPT_COOKIE 10 /%< COOKIE opt code / #define DNS_OPT_TCP_KEEPALIVE 11 /%< TCP keepalive opt code / #define DNS_OPT_PAD 12 /%< PAD opt code / #define DNS_OPT_KEY_TAG 14 /%< Key tag opt code / #define DNS_OPT_EDE 15 /%< Extended DNS Error opt code / #define DNS_OPT_CLIENT_TAG 16 /%< Client tag opt code / #define DNS_OPT_SERVER_TAG 17 /%< Server tag opt code */
#define DNS_OPT_PROTOSS 20292 /*%< Cisco/OpenDNS umbrella */
The DNS_EDNSOPTIONS macro is used in assertions in mutiple places. While the current usage may not be vulnerable (I haven't checked every case), the macro value probably has to be adjusted.
9.16.23 actually shows 7, but this was later changed to 8. ./lib/dns/include/dns/message.h:#define DNS_EDNSOPTIONS 7