dns-stream: only read DNS packet data if we identified the peer properly

poettering · bluca · commit 1be5bf86881d · 2025-03-06T11:43:10.000Z
If we use TCP fastopen to connect to a DNS server via TCP, and it responds really quickly between our connection attempt and our immediate check back, then we have not identified the peer yet, and will not be able to use the peer metadata to fill in our packet info. Let's fix that, and simply not read from the socket until identification is complete. Fixes: #34956 (cherry picked from commit facc943) (cherry picked from commit 11da527) (cherry picked from commit 9bf15a2) (cherry picked from commit e22b61d) (cherry picked from commit 8398ac6) (cherry picked from commit e6e2c36)
diff --git a/src/resolve/resolved-dns-stream.c b/src/resolve/resolved-dns-stream.c
@@ -359,7 +359,8 @@ static int on_stream_io(sd_event_source *es, int fd, uint32_t revents, void *use
                 }
         }
 
-        while ((revents & (EPOLLIN|EPOLLHUP|EPOLLRDHUP)) &&
+        while (s->identified && /* Only read data once we identified the peer, because we cannot fill in the DNS packet meta info otherwise */
+               (revents & (EPOLLIN|EPOLLHUP|EPOLLRDHUP)) &&
                (!s->read_packet ||
                 s->n_read < sizeof(s->read_size) + s->read_packet->size)) {
 

Original file line number	Diff line number	Diff line change
`@@ -359,7 +359,8 @@ static int on_stream_io(sd_event_source es, int fd, uint32_t revents, void use`
`359`	`359`	`}`
`360`	`360`	`}`
`361`	`361`
`362`		`- while ((revents & (EPOLLIN\|EPOLLHUP\|EPOLLRDHUP)) &&`
	`362`	`+ while (s->identified && /* Only read data once we identified the peer, because we cannot fill in the DNS packet meta info otherwise */`
	`363`	`+ (revents & (EPOLLIN\|EPOLLHUP\|EPOLLRDHUP)) &&`
`363`	`364`	`(!s->read_packet \|\|`
`364`	`365`	`s->n_read < sizeof(s->read_size) + s->read_packet->size)) {`
`365`	`366`