git.ipfire.org Git - thirdparty/pdns.git/commit

author	Remi Gacogne <remi.gacogne@powerdns.com>
	Mon, 3 Jul 2023 12:06:05 +0000 (14:06 +0200)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Mon, 3 Jul 2023 12:23:55 +0000 (14:23 +0200)
commit	ba79efcf46023d94f514018e73d38f9374cba334
tree	fdf0138c05d827584c799f780c7df6cdcaa40afa	tree
parent	4c5d8e86a9a5b8c379c6349a0e6c5191f1cb132e	commit \| diff

dnsdist: Fix a crash when X-Forwarded-For overrides the initial source IP

When both the processing of X-Forwarded-For DNS-over-https headers
(`trustForwardedForHeader=true`) and a maximum number of concurrent
TCP connections per client (`setMaxTCPConnectionsPerClient()`) are
enabled, dnsdist could crash because of an uncaught exception:
```
dnsdist[X]: terminate called after throwing an instance of 'std::runtime_error'
dnsdist[X]: what(): DOH thread failed to launch: map::at
```
This was caused by the TCP connection being first accounted for with the
initial source IP (from the upstream HTTP proxy) but later released using
the IP extracted from the X-Forwarded-For header, leading to an unexpected
failure to locate the corresponding entry in the map.

We might not actually want to enforce the maximum number of concurrent
TCP connections per client when X-Forwarded-For processing is enabled,
though, because we usually want to rate limit the actual client and
not the HTTP proxy, but X-Forwarded-For being set per HTTP query, instead
of per-connection, makes that pretty much impossible at our level since
the same connection from the HTTP proxy can be reused for several clients.
The proxy protocol would be a better option to enforce that limit.

(cherry picked from commit 9b703b51ca25838eeec19449a1c49cb926aef52a)

pdns/dnsdistdist/doh.cc		diff \| blob \| blame \| history
regression-tests.dnsdist/test_DOH.py		diff \| blob \| blame \| history