From fbaf1b14314d47d12c451e6bdb2e84235dcd3fe9 Mon Sep 17 00:00:00 2001 From: Ruben Kerkhof Date: Jun 06 2018 09:02:43 +0000 Subject: Fix sigabrt on TCP query (https://github.com/PowerDNS/pdns/issues/6712) --- diff --git a/dnsdist.spec b/dnsdist.spec index d6baecc..91637f5 100644 --- a/dnsdist.spec +++ b/dnsdist.spec @@ -4,12 +4,13 @@ Name: dnsdist Version: 1.3.0 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Highly DNS-, DoS- and abuse-aware loadbalancer Group: System Environment/Daemons License: GPLv2 URL: https://dnsdist.org Source0: http://downloads.powerdns.com/releases/%{name}-%{version}.tar.bz2 +Patch0: fix-sigabrt.patch BuildRequires: boost-devel BuildRequires: gcc-c++ @@ -46,6 +47,7 @@ legitimate users while shunting or blocking abusive traffic. %prep %setup -q -n %{name}-%{version} +%patch0 -p2 # run as dnsdist user sed -i '/^ExecStart/ s/dnsdist/dnsdist -u dnsdist -g dnsdist/' dnsdist.service.in @@ -111,6 +113,9 @@ exit 0 %changelog +* Wed Jun 06 2018 Ruben Kerkhof - 1.3.0-2 +- Fix sigabrt on TCP query (https://github.com/PowerDNS/pdns/issues/6712) + * Thu May 31 2018 Ruben Kerkhof - 1.3.0-1 - Upstream released new version - Enable DNS over TLS diff --git a/fix-sigabrt.patch b/fix-sigabrt.patch new file mode 100644 index 0000000..3e65eea --- /dev/null +++ b/fix-sigabrt.patch @@ -0,0 +1,36 @@ +From 60a518c8c246f43c53694160ebb7ca8b8b5c6346 Mon Sep 17 00:00:00 2001 +From: Remi Gacogne +Date: Wed, 6 Jun 2018 00:10:13 +0200 +Subject: [PATCH] dnsdist: Don't access the TCP buffer vector past its size + +The required memory has been reserve()'d, but we are not allowed to +access it directly, and it breaks when compiled with the following +flag, checking any access to containers as if .at() were used: + +-D_GLIBCXX_ASSERTIONS +--- + pdns/dnsdist-tcp.cc | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/pdns/dnsdist-tcp.cc b/pdns/dnsdist-tcp.cc +index 0eb7ea1396..ab2bda916c 100644 +--- a/pdns/dnsdist-tcp.cc ++++ b/pdns/dnsdist-tcp.cc +@@ -315,7 +315,7 @@ void* tcpClientThread(int pipefd) + bool ecsAdded = false; + /* allocate a bit more memory to be able to spoof the content, + or to add ECS without allocating a new buffer */ +- queryBuffer.reserve(qlen + 512); ++ queryBuffer.resize(qlen + 512); + + char* query = &queryBuffer[0]; + handler.read(query, qlen, g_tcpRecvTimeout, remainingTime); +@@ -358,7 +358,7 @@ void* tcpClientThread(int pipefd) + uint16_t qtype, qclass; + unsigned int consumed = 0; + DNSName qname(query, qlen, sizeof(dnsheader), false, &qtype, &qclass, &consumed); +- DNSQuestion dq(&qname, qtype, qclass, &dest, &ci.remote, dh, queryBuffer.capacity(), qlen, true, &queryRealTime); ++ DNSQuestion dq(&qname, qtype, qclass, &dest, &ci.remote, dh, queryBuffer.size(), qlen, true, &queryRealTime); + + if (!processQuery(holders, dq, poolname, &delayMsec, now)) { + goto drop;