]> git.ipfire.org Git - thirdparty/pdns.git/commitdiff
projects / thirdparty / pdns.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7fc0b51)
dnsdist: Fix a use-after-free in the incoming DoH path 12551/head
authorRemi Gacogne <remi.gacogne@powerdns.com>
Wed, 15 Feb 2023 10:18:38 +0000 (11:18 +0100)
committerRemi Gacogne <remi.gacogne@powerdns.com>
Wed, 15 Feb 2023 10:18:38 +0000 (11:18 +0100)
During the recent addition of the concurrent connection checks for
incoming DoH connections, I introduced a bug by using the connection
object just after it has been released.

pdns/dnsdistdist/doh.cc patch | blob | blame | history

diff --git a/pdns/dnsdistdist/doh.cc b/pdns/dnsdistdist/doh.cc
index 1210837d631173a91e3670f73f58720df99860d3..ef31e2c6c39c9a8e03fcab6d88597c3c886130af 100644 (file)
--- a/pdns/dnsdistdist/doh.cc
+++ b/pdns/dnsdistdist/doh.cc
@@ -304,8 +304,9 @@ static void on_socketclose(void *data)
       conn->d_acceptCtx->d_cs->updateTCPMetrics(conn->d_nbQueries, diff.tv_sec * 1000 + diff.tv_usec / 1000);
     }
 
-    t_conns.erase(conn->d_desc);
     dnsdist::IncomingConcurrentTCPConnectionsManager::accountClosedTCPConnection(conn->d_remote);
+    // you can no longer touch conn, or data, after this call
+    t_conns.erase(conn->d_desc);
   }
 }
 
Unnamed repository; edit this file 'description' to name the repository.