From 000f916edd10b69a42fbe5f1a310ed85e7241e6a Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Mon, 24 Jun 2019 14:31:01 +0200
Subject: [PATCH] dnsdist: Add checks for invalid position / buffer size on
 try*

---
 pdns/tcpiohandler.hh | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/pdns/tcpiohandler.hh b/pdns/tcpiohandler.hh
index 33fc402a7..bc4a85f41 100644
--- a/pdns/tcpiohandler.hh
+++ b/pdns/tcpiohandler.hh
@@ -200,8 +200,8 @@ public:
   */
   IOState tryRead(std::vector<uint8_t>& buffer, size_t& pos, size_t toRead)
   {
-    if (buffer.size() < (pos + toRead)) {
-      throw std::out_of_range("Calling tryRead() with a too small buffer (" + std::to_string(buffer.size()) + ") for a read of " + std::to_string(toRead) + " bytes starting at " + std::to_string(pos));
+    if (buffer.size() < toRead || pos >= toRead) {
+      throw std::out_of_range("Calling tryRead() with a too small buffer (" + std::to_string(buffer.size()) + ") for a read of " + std::to_string(toRead - pos) + " bytes starting at " + std::to_string(pos));
     }
 
     if (d_conn) {
@@ -237,6 +237,9 @@ public:
   */
   IOState tryWrite(std::vector<uint8_t>& buffer, size_t& pos, size_t toWrite)
   {
+    if (buffer.size() < toWrite || pos >= toWrite) {
+      throw std::out_of_range("Calling tryWrite() with a too small buffer (" + std::to_string(buffer.size()) + ") for a write of " + std::to_string(toWrite - pos) + " bytes starting at " + std::to_string(pos));
+    }
     if (d_conn) {
       return d_conn->tryWrite(buffer, pos, toWrite);
     }
-- 
2.40.0