[9.16][CVE-2024-1737] Add a limit to the number of RRs in RRSets (!9170) · Merge requests · ISC Open Source Projects / BIND

Nicki Křížek requested to merge 3405-limit-the-number-of-resource-records-in-rrset-9.16 into bind-9.16 Jul 24, 2024

Previously, the number of RRs in the RRSets were internally unlimited. As the data structure that holds the RRs is just a linked list, and there are places where we just walk through all of the RRs, adding an RRSet with huge number of RRs inside would slow down processing of said RRSets.

Add a configurable limit to cap the number of the RRs in a single RRSet. This is enforced at the database (rbtdb, qpzone, qpcache) level and configured with new max-records-per-rrset configuration option that can be configured globally, per-view and per-zone.

(cherry picked from commit c5c4d00c38530390c9e1ae4c98b65fbbadfe9e5e)

Not a backport, closes #3405 (closed) for 9.16

[9.16][CVE-2024-1737] Add a limit to the number of RRs in RRSets

Merge request reports