upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Copy query and correctly set flags on REFUSED answers when cache snooping is

Browse source 
not allowed.


git-svn-id: file:///svn/unbound/trunk@4436 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Ralph Dolmans 2018-01-04 15:16:19 +00:00
parent 7e8d3423cd
commit b2943670ca
2 changed files with 7 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
daemon/worker.c
View file

@ -1266,13 +1266,9 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
* ACLs allow the snooping. */ * ACLs allow the snooping. */
if(!(LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) && if(!(LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) &&
acl != acl_allow_snoop ) { acl != acl_allow_snoop ) {
sldns_buffer_set_limit(c->buffer, LDNS_HEADER_SIZE); error_encode(c->buffer, LDNS_RCODE_REFUSED, &qinfo,
sldns_buffer_write_at(c->buffer, 4, *(uint16_t*)(void *)sldns_buffer_begin(c->buffer),
(uint8_t*)"\0\0\0\0\0\0\0\0", 8); sldns_buffer_read_u16_at(c->buffer, 2), NULL);
LDNS_QR_SET(sldns_buffer_begin(c->buffer));
LDNS_RCODE_SET(sldns_buffer_begin(c->buffer),
LDNS_RCODE_REFUSED);
sldns_buffer_flip(c->buffer);
regional_free_all(worker->scratchpad); regional_free_all(worker->scratchpad);
server_stats_insrcode(&worker->stats, c->buffer); server_stats_insrcode(&worker->stats, c->buffer);
log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from", log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from",

4
doc/Changelog
View file

@ -1,3 +1,7 @@
4 January 2018: Ralph
- Copy query and correctly set flags on REFUSED answers when cache
snooping is not allowed.
3 January 2018: Ralph 3 January 2018: Ralph
- Fix queries being leaked above stub when refetching glue. - Fix queries being leaked above stub when refetching glue.