git.ipfire.org Git - thirdparty/pdns.git/commit

author	Remi Gacogne <remi.gacogne@powerdns.com>
	Wed, 4 May 2022 16:38:22 +0000 (18:38 +0200)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Wed, 1 Jun 2022 13:40:18 +0000 (15:40 +0200)
commit	44261f4d82ac2170bf8a6d11498112955d965142
tree	ae972484649ed7e6b7bf32b2334bfb5eebcacba6	tree
parent	34d2cb7b2e4307d4e63507a11f10c8be77872e88	commit \| diff

dnsdist: Fix invalid proxy protocol payload on a DoH TC to TCP retry

dnsdist forwards incoming DoH queries to its backend over UDP, and
retry over TCP if the response is truncated (TC=1).
When the proxy protocol is used between dnsdist and its backend, the
second query, over TCP, needs to take into account that the proxy
protocol payload has already been handled. This was not properly done
in that exact case because the proxy protocol payload length was not
propagated to the code handling the TCP communication, leading to
the query ID being edited at the wrong offset in the packet and thus
to an invalid proxy protocol payload.

(cherry picked from commit 1c9c001cbe327023e5d490e5bc044d67ecae9cf2)

pdns/dnsdist-tcp.cc		diff \| blob \| blame \| history
pdns/dnsdistdist/dnsdist-tcp-downstream.cc		diff \| blob \| blame \| history
pdns/dnsdistdist/dnsdist-tcp.hh		diff \| blob \| blame \| history
pdns/dnsdistdist/doh.cc		diff \| blob \| blame \| history
regression-tests.dnsdist/dnsdistdohtests.py	[new file with mode: 0644]	blob
regression-tests.dnsdist/test_DOH.py		diff \| blob \| blame \| history
regression-tests.dnsdist/test_ProxyProtocol.py		diff \| blob \| blame \| history