This commit is contained in:
Ruben Kerkhof 2018-06-06 11:02:43 +02:00
parent 266af43a91
commit fbaf1b1431
2 changed files with 42 additions and 1 deletions

View File

@ -4,12 +4,13 @@
Name: dnsdist
Version: 1.3.0
Release: 1%{?dist}
Release: 2%{?dist}
Summary: Highly DNS-, DoS- and abuse-aware loadbalancer
Group: System Environment/Daemons
License: GPLv2
URL: https://dnsdist.org
Source0: http://downloads.powerdns.com/releases/%{name}-%{version}.tar.bz2
Patch0: fix-sigabrt.patch
BuildRequires: boost-devel
BuildRequires: gcc-c++
@ -46,6 +47,7 @@ legitimate users while shunting or blocking abusive traffic.
%prep
%setup -q -n %{name}-%{version}
%patch0 -p2
# run as dnsdist user
sed -i '/^ExecStart/ s/dnsdist/dnsdist -u dnsdist -g dnsdist/' dnsdist.service.in
@ -111,6 +113,9 @@ exit 0
%changelog
* Wed Jun 06 2018 Ruben Kerkhof <ruben@rubenkerkhof.com> - 1.3.0-2
- Fix sigabrt on TCP query (https://github.com/PowerDNS/pdns/issues/6712)
* Thu May 31 2018 Ruben Kerkhof <ruben@rubenkerkhof.com> - 1.3.0-1
- Upstream released new version
- Enable DNS over TLS

36
fix-sigabrt.patch Normal file
View File

@ -0,0 +1,36 @@
From 60a518c8c246f43c53694160ebb7ca8b8b5c6346 Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Wed, 6 Jun 2018 00:10:13 +0200
Subject: [PATCH] dnsdist: Don't access the TCP buffer vector past its size
The required memory has been reserve()'d, but we are not allowed to
access it directly, and it breaks when compiled with the following
flag, checking any access to containers as if .at() were used:
-D_GLIBCXX_ASSERTIONS
---
pdns/dnsdist-tcp.cc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pdns/dnsdist-tcp.cc b/pdns/dnsdist-tcp.cc
index 0eb7ea1396..ab2bda916c 100644
--- a/pdns/dnsdist-tcp.cc
+++ b/pdns/dnsdist-tcp.cc
@@ -315,7 +315,7 @@ void* tcpClientThread(int pipefd)
bool ecsAdded = false;
/* allocate a bit more memory to be able to spoof the content,
or to add ECS without allocating a new buffer */
- queryBuffer.reserve(qlen + 512);
+ queryBuffer.resize(qlen + 512);
char* query = &queryBuffer[0];
handler.read(query, qlen, g_tcpRecvTimeout, remainingTime);
@@ -358,7 +358,7 @@ void* tcpClientThread(int pipefd)
uint16_t qtype, qclass;
unsigned int consumed = 0;
DNSName qname(query, qlen, sizeof(dnsheader), false, &qtype, &qclass, &consumed);
- DNSQuestion dq(&qname, qtype, qclass, &dest, &ci.remote, dh, queryBuffer.capacity(), qlen, true, &queryRealTime);
+ DNSQuestion dq(&qname, qtype, qclass, &dest, &ci.remote, dh, queryBuffer.size(), qlen, true, &queryRealTime);
if (!processQuery(holders, dq, poolname, &delayMsec, now)) {
goto drop;