From 6605f63d688220b6d608b4b832592f58567df16b Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Wed, 15 Feb 2023 11:18:38 +0100
Subject: [PATCH] dnsdist: Fix a use-after-free in the incoming DoH path

During the recent addition of the concurrent connection checks for
incoming DoH connections, I introduced a bug by using the connection
object just after it has been released.
---
 pdns/dnsdistdist/doh.cc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pdns/dnsdistdist/doh.cc b/pdns/dnsdistdist/doh.cc
index 1210837d63..ef31e2c6c3 100644
--- a/pdns/dnsdistdist/doh.cc
+++ b/pdns/dnsdistdist/doh.cc
@@ -304,8 +304,9 @@ static void on_socketclose(void *data)
       conn->d_acceptCtx->d_cs->updateTCPMetrics(conn->d_nbQueries, diff.tv_sec * 1000 + diff.tv_usec / 1000);
     }
 
-    t_conns.erase(conn->d_desc);
     dnsdist::IncomingConcurrentTCPConnectionsManager::accountClosedTCPConnection(conn->d_remote);
+    // you can no longer touch conn, or data, after this call
+    t_conns.erase(conn->d_desc);
   }
 }
 
-- 
2.47.2