upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-08 15:52:53 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

rpz: fix forged messages

Browse source
This commit is contained in:
mb 2020-11-24 12:02:59 +01:00
parent b178cf34b6
commit afc73e28d8
3 changed files with 9 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
iterator/iterator.c
View file

@ -2474,9 +2474,10 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
{ /* apply rpz triggers at query time */
struct dns_msg* forged_response = rpz_iterator_module_callback(qstate, iq);
if(forged_response != NULL) {
iq->response = forged_response;
next_state(iq, FINISHED_STATE);
qstate->ext_state[id] = module_finished;
qstate->return_rcode = forged_response->rep->flags;
qstate->return_msg = forged_response;
next_state(iq, FINISHED_STATE);
return 0;
}
}

6
services/rpz.c
View file

@ -1440,7 +1440,7 @@ rpz_patch_nodata(struct rpz* r, struct module_qstate* ms)
if(msg == NULL) { return msg; }
msg->qinfo = ms->qinfo;
msg->rep = construct_reply_info_base(ms->region,
LDNS_RCODE_NOERROR|BIT_QR|BIT_AA|BIT_RA,
BIT_RD|BIT_QR|BIT_AA|BIT_RA,
1, //qd
0, //ttl
0, //prettl
@ -1450,6 +1450,7 @@ rpz_patch_nodata(struct rpz* r, struct module_qstate* ms)
0, //ar
0, //total
sec_status_secure);
FLAGS_SET_RCODE(msg->rep->flags, LDNS_RCODE_NOERROR);
return msg;
}
@ -1460,7 +1461,7 @@ rpz_patch_nxdomain(struct rpz* r, struct module_qstate* ms)
if(msg == NULL) { return msg; }
msg->qinfo = ms->qinfo;
msg->rep = construct_reply_info_base(ms->region,
LDNS_RCODE_NXDOMAIN|BIT_QR|BIT_AA|BIT_RA,
BIT_RD|BIT_QR|BIT_AA|BIT_RA,
1, //qd
0, //ttl
0, //prettl
@ -1470,6 +1471,7 @@ rpz_patch_nxdomain(struct rpz* r, struct module_qstate* ms)
0, //ar
0, //total
sec_status_secure);
FLAGS_SET_RCODE(msg->rep->flags, LDNS_RCODE_NXDOMAIN);
return msg;
}

4
testdata/rpz_nsip.rpl vendored
View file

@ -346,7 +346,7 @@ ENTRY_END
STEP 11 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NXDOMAIN
REPLY QR AA RD RA NXDOMAIN
SECTION QUESTION
gotham.aa. IN A
SECTION ANSWER
@ -362,7 +362,7 @@ ENTRY_END
STEP 21 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
REPLY QR AA RD RA NOERROR
SECTION QUESTION
gotham.bb. IN A
SECTION ANSWER