summaryrefslogtreecommitdiffstats
path: root/mDNSResponder/mDNSCore/DNSCommon.h
diff options
context:
space:
mode:
authorSebastian Huber <sebastian.huber@embedded-brains.de>2020-06-18 13:10:44 +0200
committerSebastian Huber <sebastian.huber@embedded-brains.de>2020-06-23 18:17:22 +0200
commit4af311eaa716c382b6e84dd30b211258b07924ce (patch)
tree47ddc305a359b50a5cda86e527b11764783e3b8c /mDNSResponder/mDNSCore/DNSCommon.h
parentmDNSResponder: Update to v878.230.2 (diff)
downloadrtems-libbsd-4af311eaa716c382b6e84dd30b211258b07924ce.tar.bz2
mDNSResponder: Update to v878.240.1
The sources can be obtained via: https://opensource.apple.com/tarballs/mDNSResponder/mDNSResponder-878.240.1.tar.gz Update #4010.
Diffstat (limited to 'mDNSResponder/mDNSCore/DNSCommon.h')
-rw-r--r--mDNSResponder/mDNSCore/DNSCommon.h7
1 files changed, 7 insertions, 0 deletions
diff --git a/mDNSResponder/mDNSCore/DNSCommon.h b/mDNSResponder/mDNSCore/DNSCommon.h
index b100a400..48dfe102 100644
--- a/mDNSResponder/mDNSCore/DNSCommon.h
+++ b/mDNSResponder/mDNSCore/DNSCommon.h
@@ -110,6 +110,13 @@ extern mDNSu32 mDNSRandom(mDNSu32 max); // Returns pseudo-random result from
#define mDNSIsUpperCase(X) ((X) >= 'A' && (X) <= 'Z')
#define mDNSIsLowerCase(X) ((X) >= 'a' && (X) <= 'z')
#define mDNSIsLetter(X) (mDNSIsUpperCase(X) || mDNSIsLowerCase(X))
+
+// We believe we have adequate safeguards to protect against cache poisoning.
+// In the event that someone does find a workable cache poisoning attack, we want to limit the lifetime of the poisoned entry.
+// We set the maximum allowable TTL to one hour.
+// With the 25% correction factor to avoid the DNS Zeno's paradox bug, that gives us an actual maximum lifetime of 75 minutes.
+
+#define mDNSMaximumTTLSeconds (mDNSu32)3600
#define mDNSValidHostChar(X, notfirst, notlast) (mDNSIsLetter(X) || mDNSIsDigit(X) || ((notfirst) && (notlast) && (X) == '-') )
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-04 13:47:58 +0000