From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Thu, 9 Dec 2021 10:14:57 +0000 (+0100)
Subject: dnsdist: Account for the proxy protocol payload when checking the query size
X-Git-Tag: auth-4.7.0-alpha1~112^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F11079%2Fhead;p=thirdparty%2Fpdns.git

dnsdist: Account for the proxy protocol payload when checking the query size
---

diff --git a/pdns/dnsdistdist/doh.cc b/pdns/dnsdistdist/doh.cc
index 268e6f97d3..aa1fad141e 100644
--- a/pdns/dnsdistdist/doh.cc
+++ b/pdns/dnsdistdist/doh.cc
@@ -1320,7 +1320,10 @@ static void on_dnsdist(h2o_socket_t *listener, const char *err)
       continue;
     }
 
-    if (!du->tcp && du->truncated && du->query.size() > sizeof(dnsheader)) {
+    if (!du->tcp &&
+        du->truncated &&
+        du->query.size() > du->proxyProtocolPayloadSize &&
+        (du->query.size() - du->proxyProtocolPayloadSize) > sizeof(dnsheader)) {
       /* restoring the original ID */
       dnsheader* queryDH = reinterpret_cast<struct dnsheader*>(du->query.data() + du->proxyProtocolPayloadSize);
       queryDH->id = du->ids.origID;