upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Scrub NS records from NODATA responses as well.

Browse source 
git-svn-id: file:///svn/unbound/trunk@4964 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2018-11-21 06:37:00 +00:00
parent 7acf6a4a66
commit 7458729d28
2 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
doc/Changelog
View file

@ -1,3 +1,6 @@
21 November 2018: Wouter
- Scrub NS records from NODATA responses as well.
20 November 2018: Wouter 20 November 2018: Wouter
- Scrub NS records from NXDOMAIN responses to stop fragmentation - Scrub NS records from NXDOMAIN responses to stop fragmentation
poisoning of the cache. poisoning of the cache.

9
iterator/iter_scrub.c
View file

@ -502,7 +502,14 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg,
* from. eg. fragmentation attacks, inserted after * from. eg. fragmentation attacks, inserted after
* long RRSIGs in the packet get to the packet * long RRSIGs in the packet get to the packet
* border and such */ * border and such */
if(FLAGS_GET_RCODE(msg->flags) == LDNS_RCODE_NXDOMAIN) { /* also for NODATA answers
* (nodata has an empty answer section, ie. the
* first rr is from the next section */
if(FLAGS_GET_RCODE(msg->flags) == LDNS_RCODE_NXDOMAIN ||
(FLAGS_GET_RCODE(msg->flags) == LDNS_RCODE_NOERROR
&& (msg->rrset_first->section == LDNS_SECTION_AUTHORITY
|| msg->rrset_first->section == LDNS_SECTION_ADDITIONAL)
)) {
remove_rrset("normalize: removing irrelevant " remove_rrset("normalize: removing irrelevant "
"RRset:", pkt, msg, prev, &rrset); "RRset:", pkt, msg, prev, &rrset);
continue; continue;