summaryrefslogtreecommitdiff
path: root/compat/time32/pselect_time32.c
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2023-07-04 23:11:17 -0400
committerRich Felker <dalias@aerifal.cx>2023-07-04 23:36:05 -0400
commita4ecaf89a9b88df76e8bf9f28e1cc6cb89e4bfa8 (patch)
tree3fd645280ddaef4a75b3eefce52ea054e6d0b55b /compat/time32/pselect_time32.c
parent40834f6c1e30cc25c608678c372db498a3d9dbc3 (diff)
downloadmusl-a4ecaf89a9b88df76e8bf9f28e1cc6cb89e4bfa8.tar.gz
dns stub resolver: increase buffer size to handle chained CNAMEs
in the event of chained CNAMEs, the answer to a query will contain the entire CNAME chain, not just one CNAME record. previously, the answer buffer size had been chosen to admit a maximal-length CNAME, but only one. a moderate-length chain could fill the available 768 bytes leaving no room for an actual address answering the query. while the DNS RFCs do not specify any limit on the length of a CNAME chain, or any reasonable behavior is the chain exceeds the entire 64k possible message size, actual recursive servers have to impose a limit, and a such, for all practical purposes, chains longer than this limit are not usable. it turns out BIND has a hard-coded limit of 16, and Unbound has a default limit of 11. assuming the recursive server makes use of "compression" (pointers), each maximal-length CNAME record takes at most 268 bytes, and thus any chain up to length 16 fits in at most 4288 bytes. this patch increases the answer buffer size to preserve the original intent of having 512 bytes available for address answers, plus space needed for a maximal CNAME chain, for a total of 4800 bytes. the resulting size of 9600 bytes for two queries (A+AAAA) is still well within what is reasonable to place in automatic storage.
Diffstat (limited to 'compat/time32/pselect_time32.c')
0 files changed, 0 insertions, 0 deletions