From 60a518c8c246f43c53694160ebb7ca8b8b5c6346 Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Wed, 6 Jun 2018 00:10:13 +0200
Subject: [PATCH] dnsdist: Don't access the TCP buffer vector past its size

The required memory has been reserve()'d, but we are not allowed to
access it directly, and it breaks when compiled with the following
flag, checking any access to containers as if .at() were used:

-D_GLIBCXX_ASSERTIONS
---
 pdns/dnsdist-tcp.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pdns/dnsdist-tcp.cc b/pdns/dnsdist-tcp.cc
index 0eb7ea1396..ab2bda916c 100644
--- a/pdns/dnsdist-tcp.cc
+++ b/pdns/dnsdist-tcp.cc
@@ -315,7 +315,7 @@ void* tcpClientThread(int pipefd)
         bool ecsAdded = false;
         /* allocate a bit more memory to be able to spoof the content,
            or to add ECS without allocating a new buffer */
-        queryBuffer.reserve(qlen + 512);
+        queryBuffer.resize(qlen + 512);
 
         char* query = &queryBuffer[0];
         handler.read(query, qlen, g_tcpRecvTimeout, remainingTime);
@@ -358,7 +358,7 @@ void* tcpClientThread(int pipefd)
 	uint16_t qtype, qclass;
 	unsigned int consumed = 0;
 	DNSName qname(query, qlen, sizeof(dnsheader), false, &qtype, &qclass, &consumed);
-	DNSQuestion dq(&qname, qtype, qclass, &dest, &ci.remote, dh, queryBuffer.capacity(), qlen, true, &queryRealTime);
+	DNSQuestion dq(&qname, qtype, qclass, &dest, &ci.remote, dh, queryBuffer.size(), qlen, true, &queryRealTime);
 
 	if (!processQuery(holders, dq, poolname, &delayMsec, now)) {
 	  goto drop;