From: Remi Gacogne Date: Tue, 5 Jun 2018 22:10:13 +0000 (+0200) Subject: dnsdist: Don't access the TCP buffer vector past its size X-Git-Tag: dnsdist-1.3.1~40^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F6716%2Fhead;p=thirdparty%2Fpdns.git dnsdist: Don't access the TCP buffer vector past its size The required memory has been reserve()'d, but we are not allowed to access it directly, and it breaks when compiled with the following flag, checking any access to containers as if .at() were used: -D_GLIBCXX_ASSERTIONS --- diff --git a/pdns/dnsdist-tcp.cc b/pdns/dnsdist-tcp.cc index 0eb7ea1396..ab2bda916c 100644 --- a/pdns/dnsdist-tcp.cc +++ b/pdns/dnsdist-tcp.cc @@ -315,7 +315,7 @@ void* tcpClientThread(int pipefd) bool ecsAdded = false; /* allocate a bit more memory to be able to spoof the content, or to add ECS without allocating a new buffer */ - queryBuffer.reserve(qlen + 512); + queryBuffer.resize(qlen + 512); char* query = &queryBuffer[0]; handler.read(query, qlen, g_tcpRecvTimeout, remainingTime); @@ -358,7 +358,7 @@ void* tcpClientThread(int pipefd) uint16_t qtype, qclass; unsigned int consumed = 0; DNSName qname(query, qlen, sizeof(dnsheader), false, &qtype, &qclass, &consumed); - DNSQuestion dq(&qname, qtype, qclass, &dest, &ci.remote, dh, queryBuffer.capacity(), qlen, true, &queryRealTime); + DNSQuestion dq(&qname, qtype, qclass, &dest, &ci.remote, dh, queryBuffer.size(), qlen, true, &queryRealTime); if (!processQuery(holders, dq, poolname, &delayMsec, now)) { goto drop;