From 9b17fd447c684a84b2f5fbfb04ad6e890ae2078c Mon Sep 17 00:00:00 2001
From: Mukund Sivaraman <muks@isc.org>
Date: Wed, 11 Nov 2015 09:55:25 +0530
Subject: [PATCH] Limit rndc query message sizes to 32 KiB (#41073)

---
 CHANGES                 | 5 +++++
 bin/named/controlconf.c | 4 ++++
 2 files changed, 9 insertions(+)

diff --git a/CHANGES b/CHANGES
index 7c02d40f4c..704edc9293 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,8 @@
+4258.	[bug]		Limit rndc query message sizes to 32 KiB. This should
+			not break any legitimate rndc commands, but will
+			prevent a rogue rndc query from allocating too
+			much memory. [RT #41073]
+
 4257.	[cleanup]	Python scripts reported incorrect version. [RT #41080]
 
 4256.	[bug]		Allow rndc command arguments to be quoted so as
diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c
index 9d9075b398..5af34b4504 100644
--- a/bin/named/controlconf.c
+++ b/bin/named/controlconf.c
@@ -565,6 +565,10 @@ newconnection(controllistener_t *listener, isc_socket_t *sock) {
 
 	conn->sock = sock;
 	isccc_ccmsg_init(listener->mctx, sock, &conn->ccmsg);
+
+	/* Set a 32 KiB upper limit on incoming message. */
+	isccc_ccmsg_setmaxsize(&conn->ccmsg, 32768);
+
 	conn->ccmsg_valid = ISC_TRUE;
 	conn->sending = ISC_FALSE;
 	conn->buffer = NULL;