dnsdist: Fix a use-after-free in case of a network error in the middle of a XFR query

author Remi Gacogne <remi.gacogne@powerdns.com>

Thu, 17 Feb 2022 10:22:44 +0000 (11:22 +0100)

committer Remi Gacogne <remi.gacogne@powerdns.com>

Thu, 17 Feb 2022 10:22:44 +0000 (11:22 +0100)
author Remi Gacogne <remi.gacogne@powerdns.com>
Thu, 17 Feb 2022 10:22:44 +0000 (11:22 +0100)
committer Remi Gacogne <remi.gacogne@powerdns.com>
Thu, 17 Feb 2022 10:22:44 +0000 (11:22 +0100)
diff --git a/pdns/dnsdistdist/dnsdist-tcp-downstream.cc b/pdns/dnsdistdist/dnsdist-tcp-downstream.cc

index 9c636d227c177b16a640142eb63592d9ce6af38d..e9879687d637c5ad598525cd73d0a01480187df3 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-tcp-downstream.cc
+++ b/pdns/dnsdistdist/dnsdist-tcp-downstream.cc
@@ -355,7 +355,10 @@ void TCPConnectionToBackend::handleIO(std::shared_ptr<TCPConnectionToBackend>& c
                conn->d_currentQuery = std::move(query);
              }
  
-            for (auto& pending : conn->d_pendingResponses) {
+            /* if we notify the sender it might terminate us so we need to move these first */
+            auto pendingResponses = std::move(conn->d_pendingResponses);
+            conn->d_pendingResponses.clear();
+            for (auto& pending : pendingResponses) {
                --conn->d_ds->outstanding;
  
                if (pending.second.d_query.isXFR() && pending.second.d_query.d_xfrStarted) {
@@ -375,7 +378,6 @@ void TCPConnectionToBackend::handleIO(std::shared_ptr<TCPConnectionToBackend>& c
                  conn->d_pendingQueries.push_back(std::move(pending.second));
                }
              }
-            conn->d_pendingResponses.clear();
              conn->d_currentPos = 0;
  
              if (conn->d_state == State::sendingQueryToBackend) {
author	Remi Gacogne <remi.gacogne@powerdns.com>
	Thu, 17 Feb 2022 10:22:44 +0000 (11:22 +0100)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Thu, 17 Feb 2022 10:22:44 +0000 (11:22 +0100)