From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Wed, 15 Feb 2023 10:18:38 +0000 (+0100)
Subject: dnsdist: Fix a use-after-free in the incoming DoH path
X-Git-Tag: dnsdist-1.8.0-rc1~14^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6605f63d688220b6d608b4b832592f58567df16b;p=thirdparty%2Fpdns.git

dnsdist: Fix a use-after-free in the incoming DoH path

During the recent addition of the concurrent connection checks for
incoming DoH connections, I introduced a bug by using the connection
object just after it has been released.
---

diff --git a/pdns/dnsdistdist/doh.cc b/pdns/dnsdistdist/doh.cc
index 1210837d63..ef31e2c6c3 100644
--- a/pdns/dnsdistdist/doh.cc
+++ b/pdns/dnsdistdist/doh.cc
@@ -304,8 +304,9 @@ static void on_socketclose(void *data)
       conn->d_acceptCtx->d_cs->updateTCPMetrics(conn->d_nbQueries, diff.tv_sec * 1000 + diff.tv_usec / 1000);
     }
 
-    t_conns.erase(conn->d_desc);
     dnsdist::IncomingConcurrentTCPConnectionsManager::accountClosedTCPConnection(conn->d_remote);
+    // you can no longer touch conn, or data, after this call
+    t_conns.erase(conn->d_desc);
   }
 }