Fix sigabrt on TCP query (https://github.com/PowerDNS/pdns/issues/6712)

2018-06-06 11:02:43 +02:00 · 2018-06-06 11:02:43 +02:00 · fbaf1b1431
parent 266af43a91
commit fbaf1b1431
2 changed files with 42 additions and 1 deletions
--- a/dnsdist.spec
+++ b/dnsdist.spec
@ -4,12 +4,13 @@

 Name: dnsdist
 Version: 1.3.0
-Release: 1%{?dist}
+Release: 2%{?dist}
 Summary: Highly DNS-, DoS- and abuse-aware loadbalancer
 Group: System Environment/Daemons
 License: GPLv2
 URL: https://dnsdist.org
 Source0: http://downloads.powerdns.com/releases/%{name}-%{version}.tar.bz2
+Patch0: fix-sigabrt.patch

 BuildRequires: boost-devel
 BuildRequires: gcc-c++
@ -46,6 +47,7 @@ legitimate users while shunting or blocking abusive traffic.

 %prep
 %setup -q -n %{name}-%{version}
+%patch0 -p2

 # run as dnsdist user
 sed -i '/^ExecStart/ s/dnsdist/dnsdist -u dnsdist -g dnsdist/' dnsdist.service.in
@ -111,6 +113,9 @@ exit 0


 %changelog
+* Wed Jun 06 2018 Ruben Kerkhof <ruben@rubenkerkhof.com> - 1.3.0-2
+- Fix sigabrt on TCP query (https://github.com/PowerDNS/pdns/issues/6712)
+
 * Thu May 31 2018 Ruben Kerkhof <ruben@rubenkerkhof.com> - 1.3.0-1
 - Upstream released new version
 - Enable DNS over TLS
--- a/fix-sigabrt.patch
+++ b/fix-sigabrt.patch
@ -0,0 +1,36 @@
+From 60a518c8c246f43c53694160ebb7ca8b8b5c6346 Mon Sep 17 00:00:00 2001
+From: Remi Gacogne <remi.gacogne@powerdns.com>
+Date: Wed, 6 Jun 2018 00:10:13 +0200
+Subject: [PATCH] dnsdist: Don't access the TCP buffer vector past its size
+
+The required memory has been reserve()'d, but we are not allowed to
+access it directly, and it breaks when compiled with the following
+flag, checking any access to containers as if .at() were used:
+
+-D_GLIBCXX_ASSERTIONS
+---
+ pdns/dnsdist-tcp.cc | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/pdns/dnsdist-tcp.cc b/pdns/dnsdist-tcp.cc
+index 0eb7ea1396..ab2bda916c 100644
+--- a/pdns/dnsdist-tcp.cc
+++ b/pdns/dnsdist-tcp.cc
+@@ -315,7 +315,7 @@ void* tcpClientThread(int pipefd)
+         bool ecsAdded = false;
+         /* allocate a bit more memory to be able to spoof the content,
+            or to add ECS without allocating a new buffer */
+-        queryBuffer.reserve(qlen + 512);
+        queryBuffer.resize(qlen + 512);
+ 
+         char* query = &queryBuffer[0];
+         handler.read(query, qlen, g_tcpRecvTimeout, remainingTime);
+@@ -358,7 +358,7 @@ void* tcpClientThread(int pipefd)
+ 	uint16_t qtype, qclass;
+ 	unsigned int consumed = 0;
+ 	DNSName qname(query, qlen, sizeof(dnsheader), false, &qtype, &qclass, &consumed);
+-	DNSQuestion dq(&qname, qtype, qclass, &dest, &ci.remote, dh, queryBuffer.capacity(), qlen, true, &queryRealTime);
+	DNSQuestion dq(&qname, qtype, qclass, &dest, &ci.remote, dh, queryBuffer.size(), qlen, true, &queryRealTime);
+ 
+ 	if (!processQuery(holders, dq, poolname, &delayMsec, now)) {
+ 	  goto drop;