Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2026-06-15 21:50:11 -04:00
Code Issues Packages Projects Releases Wiki Activity

plugin/proxyproto: Prevent nil pointer dereference when dropping malformed PROXY packets (#8154)

Browse Source 
Avoid a potential nil pointer dereference in PacketConn.ReadFrom() when malformed PROXY protocol headers cause readFrom() to return a nil address.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This commit is contained in:
Yong Tang
2026-06-08 16:26:32 -07:00
committed by GitHub
parent b6e5859ee7
commit 60a439dd4f
2 changed files with 61 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
plugin/pkg/proxyproto/proxyproto.go
View File

@@ -70,6 +70,7 @@ func (c *PacketConn) ReadFrom(p []byte) (n int, addr net.Addr, err error) {
if err != nil {
return n, addr, err
}
peer := addr
n, addr, err = c.readFrom(p[:n], addr)
if err != nil {
if errors.Is(err, errHeaderOnly) {
@@ -80,7 +81,7 @@ func (c *PacketConn) ReadFrom(p []byte) (n int, addr net.Addr, err error) {
}
// drop invalid packet as returning error would cause the ReadFrom caller to exit
// which could result in DoS if an attacker sends intentional invalid packets
clog.Warningf("dropping invalid Proxy Protocol packet from %s: %v", addr.String(), err)
clog.Warningf("dropping invalid Proxy Protocol packet from %s: %v", peer.String(), err)
continue
}
return n, addr, nil