fix(grpc): enforce DNS message size limits (#7490)

Add DNS wire size validation for requests/replies. Limit gRPC recv/send via default call options, accounting necessary framing/protobuf overhead. An error is returned for oversized messages. Add test. Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
2025-12-07 02:45:11 -05:00 · 2025-09-12 08:21:33 +03:00
parent 39abf5aeba
commit 8817d8f2f9
2 changed files with 72 additions and 1 deletions
--- a/plugin/grpc/proxy_test.go
+++ b/plugin/grpc/proxy_test.go
@@ -5,6 +5,7 @@ import (
 	"errors"
 	"net"
 	"path"
+	"slices"
 	"testing"

 	"github.com/coredns/caddy"
@@ -61,6 +62,33 @@ func TestProxy(t *testing.T) {
 	}
 }

+func TestProxy_RejectsOversizedReply(t *testing.T) {
+	p := &Proxy{}
+	oversized := make([]byte, maxDNSMessageBytes+1)
+	p.client = testServiceClient{dnsPacket: &pb.DnsPacket{Msg: oversized}, err: nil}
+	_, err := p.query(context.TODO(), new(dns.Msg))
+	if !errors.Is(err, ErrDNSMessageTooLarge) {
+		t.Fatalf("expected %v, got %v", ErrDNSMessageTooLarge, err)
+	}
+}
+
+func TestProxy_RejectsOversizedRequest(t *testing.T) {
+	p := &Proxy{}
+	p.client = testServiceClient{dnsPacket: &pb.DnsPacket{Msg: []byte("ok")}, err: nil}
+
+	oversizedMsg := &dns.Msg{}
+	oversizedMsg.SetQuestion("example.org.", dns.TypeA)
+	oversizedMsg.Extra = slices.Repeat([]dns.RR{&dns.TXT{
+		Hdr: dns.RR_Header{Name: "example.org.", Rrtype: dns.TypeTXT, Class: dns.ClassINET, Ttl: 300},
+		Txt: []string{"very long text record to make the message oversized when packed"},
+	}}, 2000)
+
+	_, err := p.query(context.TODO(), oversizedMsg)
+	if !errors.Is(err, ErrDNSMessageTooLarge) {
+		t.Fatalf("expected %v, got %v", ErrDNSMessageTooLarge, err)
+	}
+}
+
 type testServiceClient struct {
 	dnsPacket *pb.DnsPacket
 	err       error