mirror of
https://github.com/coredns/coredns.git
synced 2026-07-10 17:50:12 -04:00
The DoH (HTTP/2) and DoH3 (HTTP/3) handlers wrote the raw parse error
returned by doh.RequestToMsgWire directly into the HTTP 400 response
body via http.Error(w, err.Error(), ...).
When the request body read fails mid-stream (for example the server's
ReadTimeout firing on a slow client, or a connection reset),
io.ReadAll(http.MaxBytesReader(...)) returns a *net.OpError whose text
embeds the server's own listen socket, e.g.
read tcp 10.0.0.1:5443->10.0.0.2:48418: i/o timeout
That discloses the server's internal bind address and port to any
unauthenticated remote caller who can trigger a body-read error.
Log the underlying error at debug level and return a generic
"invalid request" body to the client instead, matching the fixed-string
responses already used for the 404 and 500 cases in the same handlers.
Add tests asserting the response body no longer contains the raw read
error or an internal address.
Signed-off-by: zongqi-wang <wangzongqi@msn.com>