From b2943670ca01cb83224f555a539f635bab52cfbd Mon Sep 17 00:00:00 2001
From: Ralph Dolmans <ralph@nlnetlabs.nl>
Date: Thu, 4 Jan 2018 15:16:19 +0000
Subject: [PATCH] - Copy query and correctly set flags on REFUSED answers when
 cache snooping is   not allowed.

git-svn-id: file:///svn/unbound/trunk@4436 be551aaa-1e26-0410-a405-d3ace91eadb9
---
 daemon/worker.c | 10 +++-------
 doc/Changelog   |  4 ++++
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/daemon/worker.c b/daemon/worker.c
index b4e09558d..233ae38e7 100644
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@ -1266,13 +1266,9 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
 	 * ACLs allow the snooping. */
 	if(!(LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) &&
 		acl != acl_allow_snoop ) {
-		sldns_buffer_set_limit(c->buffer, LDNS_HEADER_SIZE);
-		sldns_buffer_write_at(c->buffer, 4, 
-			(uint8_t*)"\0\0\0\0\0\0\0\0", 8);
-		LDNS_QR_SET(sldns_buffer_begin(c->buffer));
-		LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), 
-			LDNS_RCODE_REFUSED);
-		sldns_buffer_flip(c->buffer);
+		error_encode(c->buffer, LDNS_RCODE_REFUSED, &qinfo,
+			*(uint16_t*)(void *)sldns_buffer_begin(c->buffer),
+			sldns_buffer_read_u16_at(c->buffer, 2), NULL);
 		regional_free_all(worker->scratchpad);
 		server_stats_insrcode(&worker->stats, c->buffer);
 		log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from",
diff --git a/doc/Changelog b/doc/Changelog
index 2fc023834..7209297db 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+4 January 2018: Ralph
+	- Copy query and correctly set flags on REFUSED answers when cache
+	  snooping is not allowed.
+
 3 January 2018: Ralph
 	- Fix queries being leaked above stub when refetching glue.