From ee2163cdb1e0de07afa48d1f652285e3a61ebcd5 Mon Sep 17 00:00:00 2001
From: Peter van Dijk <peter.van.dijk@powerdns.com>
Date: Wed, 23 Jun 2021 12:42:20 +0200
Subject: [PATCH] auth SVCB additional processing: delay inserts to avoid
 invalidating iterator

---
 pdns/packethandler.cc | 12 +++++++++---
 pdns/packethandler.hh |  3 ++-
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index 26818a844f..c1d70bd5a8 100644
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -453,7 +453,7 @@ bool PacketHandler::getBestWildcard(DNSPacket& p, const DNSName &target, DNSName
   return haveSomething;
 }
 
-DNSName PacketHandler::doAdditionalServiceProcessing(const DNSName &firstTarget, const uint16_t &qtype, std::unique_ptr<DNSPacket>& r) {
+DNSName PacketHandler::doAdditionalServiceProcessing(const DNSName &firstTarget, const uint16_t &qtype, std::unique_ptr<DNSPacket>& r, vector<DNSZoneRecord>& extraRecords) {
   DNSName ret = firstTarget;
   size_t ctr = 5; // Max 5 SVCB Aliasforms per query
   bool done = false;
@@ -467,7 +467,7 @@ DNSName PacketHandler::doAdditionalServiceProcessing(const DNSName &firstTarget,
         case QType::SVCB: /* fall-through */
         case QType::HTTPS: {
           auto rrc = getRR<SVCBBaseRecordContent>(rr.dr);
-          r->addRecord(std::move(rr));
+          extraRecords.push_back(std::move(rr));
           ret = rrc->getTarget().isRoot() ? ret : rrc->getTarget();
           if (rrc->getPriority() == 0) {
             done = false;
@@ -490,6 +490,7 @@ void PacketHandler::doAdditionalProcessing(DNSPacket& p, std::unique_ptr<DNSPack
 {
   DNSName content;
   std::unordered_set<DNSName> lookup;
+  vector<DNSZoneRecord> extraRecords;
   const auto& rrs = r->getRRS();
 
   lookup.reserve(rrs.size());
@@ -512,7 +513,7 @@ void PacketHandler::doAdditionalProcessing(DNSPacket& p, std::unique_ptr<DNSPack
           if (content.isRoot()) {
             content = rr.dr.d_name;
           }
-          content = doAdditionalServiceProcessing(content, rr.dr.d_type, r);
+          content = doAdditionalServiceProcessing(content, rr.dr.d_type, r, extraRecords);
           break;
         }
         default:
@@ -523,6 +524,11 @@ void PacketHandler::doAdditionalProcessing(DNSPacket& p, std::unique_ptr<DNSPack
       }
     }
   }
+
+  for(auto& rr : extraRecords) {
+    r->addRecord(std::move(rr));
+  }
+  extraRecords.clear();
   // TODO should we have a setting to do this?
   for (auto &rec : r->getServiceRecords()) {
     // Process auto hints
diff --git a/pdns/packethandler.hh b/pdns/packethandler.hh
index ef18f7d602..01b4c403e9 100644
--- a/pdns/packethandler.hh
+++ b/pdns/packethandler.hh
@@ -77,7 +77,8 @@ private:
   bool addCDS(DNSPacket& p, std::unique_ptr<DNSPacket>& r);
   bool addNSEC3PARAM(const DNSPacket& p, std::unique_ptr<DNSPacket>& r);
   void doAdditionalProcessing(DNSPacket& p, std::unique_ptr<DNSPacket>& r);
-  DNSName doAdditionalServiceProcessing(const DNSName &firstTarget, const uint16_t &qtype, std::unique_ptr<DNSPacket>& r);
+  DNSName doAdditionalServiceProcessing(const DNSName &firstTarget, const uint16_t &qtype, std::unique_ptr<DNSPacket>& r, vector<DNSZoneRecord>& extraRecords);
+
   //! Get all IPv4 or IPv6 addresses (based on |qtype|) for |target|.
   vector<ComboAddress> getIPAddressFor(const DNSName &target, const uint16_t qtype);
   void addNSECX(DNSPacket& p, std::unique_ptr<DNSPacket>& r, const DNSName &target, const DNSName &wildcard, int mode);
-- 
2.47.3