CVE-2018-14629 dns: CNAME loop prevention using counter
[bbaumbach/samba-autobuild/.git] / source4 / dns_server / dns_query.c
index 923f7233eb995baaa524621567a75e981a0f32c5..65faeac3b6a4c89657e33122ebfe493d41b9efb7 100644 (file)
@@ -40,6 +40,7 @@
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_DNS
+#define MAX_Q_RECURSION_DEPTH 20
 
 struct forwarder_string {
        const char *forwarder;
@@ -419,6 +420,11 @@ static struct tevent_req *handle_dnsrpcrec_send(
        state->answers = answers;
        state->nsrecs = nsrecs;
 
+       if (talloc_array_length(*answers) >= MAX_Q_RECURSION_DEPTH) {
+               tevent_req_done(req);
+               return tevent_req_post(req, ev);
+       }
+
        resolve_cname = ((rec->wType == DNS_TYPE_CNAME) &&
                         ((question->question_type == DNS_QTYPE_A) ||
                          (question->question_type == DNS_QTYPE_AAAA)));