From e162fc9757d4b8cb41aca74214e968622d6c3dee Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 20 Sep 2015 21:47:10 +0100 Subject: [PATCH] DNS: avoid overflow in cache TTL for negative entries. Bug 1395 --- src/src/verify.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/src/verify.c b/src/src/verify.c index cb88f28a9..435570bc8 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -3600,7 +3600,7 @@ cache the result in permanent memory. */ else { - uint ttl = UINT_MAX; + uint ttl = 3600; store_pool = POOL_PERM; @@ -3633,7 +3633,10 @@ else Quite apart from one A6 RR generating multiple addresses, there are DNS lists that return more than one A record, so we must handle multiple - addresses generated in that way as well. */ + addresses generated in that way as well. + + Mark the cache entry with the "now" plus the minimum of the address TTLs, + or some suitably far-future time if none were found. */ if (cb->rc == DNS_SUCCEED) { -- 2.25.1