From 82924686d93e9de9cbcf531b74d39be69d605f23 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Mon, 9 Sep 2019 00:36:17 +0200
Subject: [PATCH] Check the peer address

Just for paranoia, as it is redundant with the connect() call, but
cheap enough and the connect() call may eventually be removed.
---
 src/main.rs | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index 6fe6c44..2c6f103 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -112,9 +112,10 @@ async fn handle_client_query(
     let mut response;
     loop {
         response = vec![0u8; DNS_MAX_PACKET_SIZE];
-        let response_len = ext_socket.recv(&mut response[..]).await?;
+        let (response_len, response_addr) = ext_socket.recv_from(&mut response[..]).await?;
         response.truncate(response_len);
-        if response_len >= DNS_HEADER_SIZE
+        if response_addr == globals.upstream_addr
+            && response_len >= DNS_HEADER_SIZE
             && dns::tid(&response) == tid
             && dns::qname(&packet)? == dns::qname(&response)?
         {