From 60a518c8c246f43c53694160ebb7ca8b8b5c6346 Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Wed, 6 Jun 2018 00:10:13 +0200 Subject: [PATCH] dnsdist: Don't access the TCP buffer vector past its size The required memory has been reserve()'d, but we are not allowed to access it directly, and it breaks when compiled with the following flag, checking any access to containers as if .at() were used: -D_GLIBCXX_ASSERTIONS --- pdns/dnsdist-tcp.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pdns/dnsdist-tcp.cc b/pdns/dnsdist-tcp.cc index 0eb7ea1396..ab2bda916c 100644 --- a/pdns/dnsdist-tcp.cc +++ b/pdns/dnsdist-tcp.cc @@ -315,7 +315,7 @@ void* tcpClientThread(int pipefd) bool ecsAdded = false; /* allocate a bit more memory to be able to spoof the content, or to add ECS without allocating a new buffer */ - queryBuffer.reserve(qlen + 512); + queryBuffer.resize(qlen + 512); char* query = &queryBuffer[0]; handler.read(query, qlen, g_tcpRecvTimeout, remainingTime); @@ -358,7 +358,7 @@ void* tcpClientThread(int pipefd) uint16_t qtype, qclass; unsigned int consumed = 0; DNSName qname(query, qlen, sizeof(dnsheader), false, &qtype, &qclass, &consumed); - DNSQuestion dq(&qname, qtype, qclass, &dest, &ci.remote, dh, queryBuffer.capacity(), qlen, true, &queryRealTime); + DNSQuestion dq(&qname, qtype, qclass, &dest, &ci.remote, dh, queryBuffer.size(), qlen, true, &queryRealTime); if (!processQuery(holders, dq, poolname, &delayMsec, now)) { goto drop;