dhcp/backport-CVE-2022-2795.patch

Reference:http://downloads.isc.org/isc/bind/9.16.33/patches/0001-CVE-2022-2795.patch
---
 bind/bind-9.11.14/lib/dns/resolver.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/bind/bind-9.11.14/lib/dns/resolver.c b/bind/bind-9.11.14/lib/dns/resolver.c
index 45faf19..8334005 100644
--- a/bind/bind-9.11.14/lib/dns/resolver.c
+++ b/bind/bind-9.11.14/lib/dns/resolver.c
@@ -173,6 +173,13 @@
 #define DEFAULT_MAX_QUERIES 75
 #endif
 
+/*
+ * IP address lookups are performed for at most NS_PROCESSING_LIMIT NS RRs in
+ * any NS RRset encountered, to avoid excessive resource use while processing
+ * large delegations.
+ */
+#define NS_PROCESSING_LIMIT 20
+
 /* Number of hash buckets for zone counters */
 #ifndef RES_DOMAIN_BUCKETS
 #define RES_DOMAIN_BUCKETS	523
@@ -3273,6 +3280,7 @@ fctx_getaddresses(fetchctx_t *fctx, bool badcache) {
 	dns_rdata_ns_t ns;
 	bool need_alternate = false;
 	bool all_spilled = true;
+	unsigned int ns_processed = 0;
 
 	FCTXTRACE5("getaddresses", "fctx->depth=", fctx->depth);
 
@@ -3452,6 +3460,11 @@ fctx_getaddresses(fetchctx_t *fctx, bool badcache) {
 
 		dns_rdata_reset(&rdata);
 		dns_rdata_freestruct(&ns);
+
+		if (++ns_processed >= NS_PROCESSING_LIMIT) {
+			result = ISC_R_NOMORE;
+			break;
+		}
 	}
 	if (result != ISC_R_NOMORE)
 		return (result);
-- 
2.33.0