dnsdist: Fix a crash on a invalid protocol in DoH forwarded-for header

(cherry picked from commit f84fbd58b150fe6b69a7af27e23502f58f68eee5)
rgacogne · May 16, 2022 · bcdb279 · bcdb279
1 parent 86ec2ab
commit bcdb279
Showing 1 changed file with 22 additions and 9 deletions.
diff --git a/pdns/dnsdistdist/doh.cc b/pdns/dnsdistdist/doh.cc
@@ -697,21 +697,34 @@ static void processDOHQuery(DOHUnitUniquePtr&& du)
       ids->destHarvested = false;
     }
 
+    bool failed = false;
     if (du->downstream->d_config.useProxyProtocol) {
-      size_t payloadSize = 0;
-      if (addProxyProtocol(dq, &payloadSize)) {
-        du->proxyProtocolPayloadSize = payloadSize;
+      try {
+        size_t payloadSize = 0;
+        if (addProxyProtocol(dq, &payloadSize)) {
+          du->proxyProtocolPayloadSize = payloadSize;
+        }
+      }
+      catch (const std::exception& e) {
+        vinfolog("Adding proxy protocol payload to DoH query from %s failed: %s", ids->origDest.toStringWithPort(), e.what());
+        failed = true;
       }
     }
 
-    int fd = du->downstream->pickSocketForSending();
-    ids->backendFD = fd;
     try {
-      /* you can't touch du after this line, unless the call returned a non-negative value,
-         because it might already have been freed */
-      ssize_t ret = udpClientSendRequestToBackend(du->downstream, fd, du->query);
+      if (!failed) {
+        int fd = du->downstream->pickSocketForSending();
+        ids->backendFD = fd;
+        /* you can't touch du after this line, unless the call returned a non-negative value,
+           because it might already have been freed */
+        ssize_t ret = udpClientSendRequestToBackend(du->downstream, fd, du->query);
+
+        if (ret < 0) {
+          failed = true;
+        }
+      }
 
-      if (ret < 0) {
+      if (failed) {
         /* we are about to handle the error, make sure that
            this pointer is not accessed when the state is cleaned,
            but first check that it still belongs to us */