Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?

CVE-2015-7547 mitigation script

In response to CVE-2015-7547, we are developing this Lua script which should protect your users, at a slight risk of disrupting specific queries which naturally deliver very large responses.

Run the script below by setting: lua-dns-script=stop-cve-2015-7547.lua - or use rec_control reload-lua-script stop-cve-2015-7547.lua at runtime.

Please continue to check this page for updates.

function postresolve ( remoteip, domain, qtype, records, origrcode )
        local len=0
        for key,val in ipairs(records)
        do
                len = len + #val.qname + #val.content + 16
        end
        if(len < 2048) then
                return -1,{}
        else
                -- pdnslog("Protected "..remoteip.." against an overly large response of "..len.." bytes")
                return -2,{}
        end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment