diff options
| author | Lennart Poettering <lennart@poettering.net> | 2016-01-18 23:15:35 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2016-01-18 23:31:29 +0100 |
| commit | b214dc0f681d2f7a4f45bf5f2bdf9f5da60ae20a (patch) | |
| tree | fab6be64d31aed1b6c0e48fd13cb5da516858306 | |
| parent | 8f4560c7b9ed72ceac2d094dc6a40ac6303d52c1 (diff) | |
resolved: enforce maximum limit on DNS transactions
given that DNSSEC lookups may result in quite a number of auxiliary transactions, let's better be safe than sorry and
also enforce a limit on the number of total transactions, not just on the number of queries.
| -rw-r--r-- | src/resolve/resolved-dns-transaction.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c index 434eab53e7..d4ccc86819 100644 --- a/src/resolve/resolved-dns-transaction.c +++ b/src/resolve/resolved-dns-transaction.c @@ -31,6 +31,8 @@ #include "resolved-llmnr.h" #include "string-table.h" +#define TRANSACTIONS_MAX 4096 + static void dns_transaction_reset_answer(DnsTransaction *t) { assert(t); @@ -153,6 +155,9 @@ int dns_transaction_new(DnsTransaction **ret, DnsScope *s, DnsResourceKey *key) if (key->class != DNS_CLASS_IN && key->class != DNS_CLASS_ANY) return -EOPNOTSUPP; + if (hashmap_size(s->manager->dns_transactions) >= TRANSACTIONS_MAX) + return -EBUSY; + r = hashmap_ensure_allocated(&s->manager->dns_transactions, NULL); if (r < 0) return r; |