From 576744f44f8e471861743cb6f3dc985b8763f697 Mon Sep 17 00:00:00 2001
From: Charles-Henri Bruyand <charleshenri.bruyand+github@gmail.com>
Date: Wed, 22 Jun 2022 14:27:01 +0200
Subject: [PATCH] Make sure that we do not read past our buffer in any case

Co-authored-by: Remi Gacogne <github@coredump.fr>
---
 pdns/dnsdistdist/doh.cc | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/pdns/dnsdistdist/doh.cc b/pdns/dnsdistdist/doh.cc
index 1d206b3047..1ec3a2c7e9 100644
--- a/pdns/dnsdistdist/doh.cc
+++ b/pdns/dnsdistdist/doh.cc
@@ -620,9 +620,11 @@ static void processDOHQuery(DOHUnitUniquePtr&& du)
       if (du->response.empty()) {
         du->response = std::move(du->query);
       }
-      auto dh = const_cast<struct dnsheader*>(reinterpret_cast<const struct dnsheader*>(du->response.data()));
+      if (du->response.size() >= sizeof(dnsheader) && du->contentType.empty()) {
+        auto dh = reinterpret_cast<const struct dnsheader*>(du->response.data());
 
-      handleResponseSent(qname, QType(qtype), 0., du->ids.origDest, ComboAddress(), du->response.size(), *dh, dnsdist::Protocol::DoH);
+        handleResponseSent(qname, QType(qtype), 0., du->ids.origDest, ComboAddress(), du->response.size(), *dh, dnsdist::Protocol::DoH);
+      }
       sendDoHUnitToTheMainThread(std::move(du), "DoH self-answered response");
       return;
     }
-- 
2.47.2