DNS: avoid overflow in cache TTL for negative entries. Bug 1395

author: Jeremy Harris <jgh146exb@wizmail.org> 2015-09-20 21:47:10 +0100
committer: Jeremy Harris <jgh146exb@wizmail.org> 2015-09-20 21:47:10 +0100
commit: e162fc9757d4b8cb41aca74214e968622d6c3dee (patch)
tree: e549bdcbc743444d67f611c770be581964fce5d6
parent: fd62ba8251dc4bcfda1ab71b3465379ff95a1e96 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/src/src/verify.c b/src/src/verify.c
index cb88f28a9..435570bc8 100644
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -3600,7 +3600,7 @@ cache the result in permanent memory. */
 
 else
   {
-  uint ttl = UINT_MAX;
+  uint ttl = 3600;
 
   store_pool = POOL_PERM;
 
@@ -3633,7 +3633,10 @@ else
 
   Quite apart from one A6 RR generating multiple addresses, there are DNS
   lists that return more than one A record, so we must handle multiple
-  addresses generated in that way as well. */
+  addresses generated in that way as well.
+
+  Mark the cache entry with the "now" plus the minimum of the address TTLs,
+  or some suitably far-future time if none were found. */
 
   if (cb->rc == DNS_SUCCEED)
     {
author	Jeremy Harris <jgh146exb@wizmail.org>	2015-09-20 21:47:10 +0100
committer	Jeremy Harris <jgh146exb@wizmail.org>	2015-09-20 21:47:10 +0100
commit	e162fc9757d4b8cb41aca74214e968622d6c3dee (patch)
tree	e549bdcbc743444d67f611c770be581964fce5d6
parent	fd62ba8251dc4bcfda1ab71b3465379ff95a1e96 (diff)