From 8a19ff3baf0d65ba53ec0c793508a8f5b4463363 Mon Sep 17 00:00:00 2001
From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Tue, 27 Sep 2016 12:22:56 +0000
Subject: [PATCH] - Fix #836: unbound could echo back EDNS options in an error
 response.

git-svn-id: file:///svn/unbound/trunk@3870 be551aaa-1e26-0410-a405-d3ace91eadb9
---
 doc/Changelog   | 1 +
 services/mesh.c | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/doc/Changelog b/doc/Changelog
index e97fb5104..678fa96be 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -3,6 +3,7 @@
 	- trunk contains 1.5.11 in development.
 	- Fix dnstap relaying "random" messages instead of resolver/forwarder
 	  responses, from Nikolay Edigaryev.
+	- Fix #836: unbound could echo back EDNS options in an error response.
 
 20 September 2016: Wouter
 	- iana portlist update.
diff --git a/services/mesh.c b/services/mesh.c
index b0434b3ff..04912383c 100644
--- a/services/mesh.c
+++ b/services/mesh.c
@@ -878,6 +878,8 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
 		comm_point_send_reply(&r->query_reply);
 	} else if(rcode) {
 		m->s.qinfo.qname = r->qname;
+		if(!edns_opt_inplace_reply(&r->edns, m->s.region))
+			r->edns.opt_list = NULL;
 		error_encode(r->query_reply.c->buffer, rcode, &m->s.qinfo,
 			r->qid, r->qflags, &r->edns);
 		comm_point_send_reply(&r->query_reply);