From e410760a49ee3d1179a7c9f8771d0d5a0301940b Mon Sep 17 00:00:00 2001
From: kadern0 <kaderno@gmail.com>
Date: Fri, 10 Apr 2020 04:26:28 +1000
Subject: [PATCH] plugin/forward: crash if using https (#3817)

Signed-off-by: kadern0 <kaderno@gmail.com>
---
 plugin/forward/setup.go      | 5 +++++
 plugin/forward/setup_test.go | 1 +
 2 files changed, 6 insertions(+)

diff --git a/plugin/forward/setup.go b/plugin/forward/setup.go
index 8070369c9..b5eeab912 100644
--- a/plugin/forward/setup.go
+++ b/plugin/forward/setup.go
@@ -99,8 +99,13 @@ func parseStanza(c *caddy.Controller) (*Forward, error) {
 	}
 
 	transports := make([]string, len(toHosts))
+	allowedTrans := map[string]bool{"dns": true, "tls": true}
 	for i, host := range toHosts {
 		trans, h := parse.Transport(host)
+
+		if !allowedTrans[trans] {
+			return f, fmt.Errorf("'%s' is not supported as a destination protocol in forward: %s", trans, host)
+		}
 		p := NewProxy(h, trans)
 		f.proxies = append(f.proxies, p)
 		transports[i] = trans
diff --git a/plugin/forward/setup_test.go b/plugin/forward/setup_test.go
index 0949e0935..6864136e4 100644
--- a/plugin/forward/setup_test.go
+++ b/plugin/forward/setup_test.go
@@ -37,6 +37,7 @@ func TestSetup(t *testing.T) {
 		{"forward . 127.0.0.1 {\nblaatl\n}\n", true, "", nil, 0, options{hcRecursionDesired: true}, "unknown property"},
 		{`forward . ::1
 		forward com ::2`, true, "", nil, 0, options{hcRecursionDesired: true}, "plugin"},
+		{"forward . https://127.0.0.1 \n", true, ".", nil, 2, options{hcRecursionDesired: true}, "'https' is not supported as a destination protocol in forward: https://127.0.0.1"},
 	}
 
 	for i, test := range tests {