CVSROOT: /cvs
Module name: src
Changes by: flor...@cvs.openbsd.org 2020/11/05 09:22:59
Modified files:
sbin/unwind : frontend.c resolver.c unwind.c unwind.h
Log message:
Handle DNS answers that are larger than the maximum imsg size (about
16k) by splitting them up.
Previously unwind would send meta-data about the finished query from
the resolver process to the frontend process and then silently fail to
send the actual answer because it was too big for imsg.
When receiving the meta-data for the next query the frontend process
would then exit via fatal() because it was still expecting an answer.
This likely fixes rare crashes observed by Leo Unglaub.
Note that even with DNSSEC signatures, answers this big are very rare.
OK tb, benno
