resolved: enforce maximum limit on DNS transactions

given that DNSSEC lookups may result in quite a number of auxiliary transactions, let's better be safe than sorry and also enforce a limit on the number of total transactions, not just on the number of queries.
author: Lennart Poettering <lennart@poettering.net> 2016-01-18 23:15:35 +0100
committer: Lennart Poettering <lennart@poettering.net> 2016-01-18 23:31:29 +0100
commit: b214dc0f681d2f7a4f45bf5f2bdf9f5da60ae20a (patch)
tree: fab6be64d31aed1b6c0e48fd13cb5da516858306 /src/resolve/resolved-dns-transaction.c
parent: 8f4560c7b9ed72ceac2d094dc6a40ac6303d52c1 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index 434eab53e7..d4ccc86819 100644
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -31,6 +31,8 @@
 #include "resolved-llmnr.h"
 #include "string-table.h"
 
+#define TRANSACTIONS_MAX 4096
+
 static void dns_transaction_reset_answer(DnsTransaction *t) {
         assert(t);
 
@@ -153,6 +155,9 @@ int dns_transaction_new(DnsTransaction **ret, DnsScope *s, DnsResourceKey *key)
         if (key->class != DNS_CLASS_IN && key->class != DNS_CLASS_ANY)
                 return -EOPNOTSUPP;
 
+        if (hashmap_size(s->manager->dns_transactions) >= TRANSACTIONS_MAX)
+                return -EBUSY;
+
         r = hashmap_ensure_allocated(&s->manager->dns_transactions, NULL);
         if (r < 0)
                 return r;
author	Lennart Poettering <lennart@poettering.net>	2016-01-18 23:15:35 +0100
committer	Lennart Poettering <lennart@poettering.net>	2016-01-18 23:31:29 +0100
commit	b214dc0f681d2f7a4f45bf5f2bdf9f5da60ae20a (patch)
tree	fab6be64d31aed1b6c0e48fd13cb5da516858306 /src/resolve/resolved-dns-transaction.c
parent	8f4560c7b9ed72ceac2d094dc6a40ac6303d52c1 (diff)