resolved: enforce maximum limit on DNS transactions

given that DNSSEC lookups may result in quite a number of auxiliary transactions, let's better be safe than sorry and also enforce a limit on the number of total transactions, not just on the number of queries.
2016-01-18 23:15:35 +01:00 · 2016-01-18 23:15:35 +01:00 · b214dc0f68
parent 8f4560c7b9
commit b214dc0f68
1 changed files with 5 additions and 0 deletions
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@ -31,6 +31,8 @@
 #include "resolved-llmnr.h"
 #include "string-table.h"

+#define TRANSACTIONS_MAX 4096
+
 static void dns_transaction_reset_answer(DnsTransaction *t) {
        assert(t);

@ -153,6 +155,9 @@ int dns_transaction_new(DnsTransaction **ret, DnsScope *s, DnsResourceKey *key)
        if (key->class != DNS_CLASS_IN && key->class != DNS_CLASS_ANY)
                return -EOPNOTSUPP;

+        if (hashmap_size(s->manager->dns_transactions) >= TRANSACTIONS_MAX)
+                return -EBUSY;
+
        r = hashmap_ensure_allocated(&s->manager->dns_transactions, NULL);
        if (r < 0)
                return r;