From: Remi Gacogne Date: Tue, 5 Jun 2018 22:10:13 +0000 (+0200) Subject: dnsdist: Don't access the TCP buffer vector past its size X-Git-Tag: dnsdist-1.3.1~40^2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=60a518c8c246f43c53694160ebb7ca8b8b5c6346;p=pdns dnsdist: Don't access the TCP buffer vector past its size The required memory has been reserve()'d, but we are not allowed to access it directly, and it breaks when compiled with the following flag, checking any access to containers as if .at() were used: -D_GLIBCXX_ASSERTIONS --- diff --git a/pdns/dnsdist-tcp.cc b/pdns/dnsdist-tcp.cc index 0eb7ea139..ab2bda916 100644 --- a/pdns/dnsdist-tcp.cc +++ b/pdns/dnsdist-tcp.cc @@ -315,7 +315,7 @@ void* tcpClientThread(int pipefd) bool ecsAdded = false; /* allocate a bit more memory to be able to spoof the content, or to add ECS without allocating a new buffer */ - queryBuffer.reserve(qlen + 512); + queryBuffer.resize(qlen + 512); char* query = &queryBuffer[0]; handler.read(query, qlen, g_tcpRecvTimeout, remainingTime); @@ -358,7 +358,7 @@ void* tcpClientThread(int pipefd) uint16_t qtype, qclass; unsigned int consumed = 0; DNSName qname(query, qlen, sizeof(dnsheader), false, &qtype, &qclass, &consumed); - DNSQuestion dq(&qname, qtype, qclass, &dest, &ci.remote, dh, queryBuffer.capacity(), qlen, true, &queryRealTime); + DNSQuestion dq(&qname, qtype, qclass, &dest, &ci.remote, dh, queryBuffer.size(), qlen, true, &queryRealTime); if (!processQuery(holders, dq, poolname, &delayMsec, now)) { goto drop;