From 76a72b6b57397d15a217eae0d9936e704b3f4cf2 Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Thu, 17 Feb 2022 11:22:44 +0100
Subject: [PATCH] dnsdist: Fix a use-after-free in case of a network error in
 the middle of a XFR query

---
 pdns/dnsdistdist/dnsdist-tcp-downstream.cc | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/pdns/dnsdistdist/dnsdist-tcp-downstream.cc b/pdns/dnsdistdist/dnsdist-tcp-downstream.cc
index 9c636d227c..e9879687d6 100644
--- a/pdns/dnsdistdist/dnsdist-tcp-downstream.cc
+++ b/pdns/dnsdistdist/dnsdist-tcp-downstream.cc
@@ -355,7 +355,10 @@ void TCPConnectionToBackend::handleIO(std::shared_ptr<TCPConnectionToBackend>& c
               conn->d_currentQuery = std::move(query);
             }
 
-            for (auto& pending : conn->d_pendingResponses) {
+            /* if we notify the sender it might terminate us so we need to move these first */
+            auto pendingResponses = std::move(conn->d_pendingResponses);
+            conn->d_pendingResponses.clear();
+            for (auto& pending : pendingResponses) {
               --conn->d_ds->outstanding;
 
               if (pending.second.d_query.isXFR() && pending.second.d_query.d_xfrStarted) {
@@ -375,7 +378,6 @@ void TCPConnectionToBackend::handleIO(std::shared_ptr<TCPConnectionToBackend>& c
                 conn->d_pendingQueries.push_back(std::move(pending.second));
               }
             }
-            conn->d_pendingResponses.clear();
             conn->d_currentPos = 0;
 
             if (conn->d_state == State::sendingQueryToBackend) {
-- 
2.47.2