diff options
author | Jeremy Harris <jgh146exb@wizmail.org> | 2015-09-20 21:47:10 +0100 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2015-09-20 21:47:10 +0100 |
commit | e162fc9757d4b8cb41aca74214e968622d6c3dee (patch) | |
tree | e549bdcbc743444d67f611c770be581964fce5d6 /src | |
parent | fd62ba8251dc4bcfda1ab71b3465379ff95a1e96 (diff) |
DNS: avoid overflow in cache TTL for negative entries. Bug 1395
Diffstat (limited to 'src')
-rw-r--r-- | src/src/verify.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/src/verify.c b/src/src/verify.c index cb88f28a9..435570bc8 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -3600,7 +3600,7 @@ cache the result in permanent memory. */ else { - uint ttl = UINT_MAX; + uint ttl = 3600; store_pool = POOL_PERM; @@ -3633,7 +3633,10 @@ else Quite apart from one A6 RR generating multiple addresses, there are DNS lists that return more than one A record, so we must handle multiple - addresses generated in that way as well. */ + addresses generated in that way as well. + + Mark the cache entry with the "now" plus the minimum of the address TTLs, + or some suitably far-future time if none were found. */ if (cb->rc == DNS_SUCCEED) { |