[9.11][CVE-2024-1737] Add a limit to the number of RRs in RRSets (!9169) · Merge requests · ISC Open Source Projects / BIND

Nicki Křížek requested to merge 3405-limit-the-number-of-resource-records-in-rrset-9.11 into bind-9.11 Jul 24, 2024

Previously, the number of RRs in the RRSets were internally unlimited. As the data structure that holds the RRs is just a linked list, and there are places where we just walk through all of the RRs, adding an RRSet with huge number of RRs inside would slow down processing of said RRSets.

The fix for end-of-life branches make the limit compile-time only for simplicity and the limit can be changed at the compile time by adding following define to CFLAGS:

-DDNS_RDATASET_MAX_RECORDS=<limit>

Backport of https://gitlab.isc.org/isc-private/bind9/-/merge_requests/698

See #3405 (closed)

[9.11][CVE-2024-1737] Add a limit to the number of RRs in RRSets

Merge request reports