- Fix #1190: Do not echo back EDNS options in local-zone error response.

- iana portlist update git-svn-id: file:///svn/unbound/trunk@3972 be551aaa-1e26-0410-a405-d3ace91eadb9
2025-12-20 23:00:56 -05:00 · 2016-12-23 11:46:54 +00:00 · 2016-12-23 11:46:54 +00:00 · b4b2c18909
commit b4b2c18909
parent 95d5334783
3 changed files with 29 additions and 9 deletions
--- a/doc/Changelog
+++ b/doc/Changelog
@ -1,3 +1,7 @@
+23 December 2016: Ralph
+	- Fix #1190: Do not echo back EDNS options in local-zone error response.
+	- iana portlist update
+
 21 December 2016: Ralph
 	- Fix #1188: Unresolved symbol 'fake_dsa' in libunbound.so when built
 	  with Nettle
--- a/services/localzone.c
+++ b/services/localzone.c
@ -1214,6 +1214,24 @@ local_encode(struct query_info* qinfo, struct module_env* env,
 	return 1;
 }

+/** encode local error answer */
+static void
+local_error_encode(struct query_info* qinfo, struct module_env* env,
+	struct edns_data* edns, sldns_buffer* buf, struct regional* temp,
+	int rcode, uint16_t flags)
+{
+	edns->edns_version = EDNS_ADVERTISED_VERSION;
+	edns->udp_size = EDNS_ADVERTISED_SIZE;
+	edns->ext_rcode = 0;
+	edns->bits &= EDNS_DO;
+
+	if(!inplace_cb_reply_local_call(env, qinfo, NULL, NULL,
+		rcode, edns, temp))
+		edns->opt_list = NULL;
+	error_encode(buf, flags, qinfo, *(uint16_t*)sldns_buffer_begin(buf),
+		sldns_buffer_read_u16_at(buf, 2), edns);
+}
+
 /** find local data tag string match for the given type in the list */
 static int
 find_tag_datas(struct query_info* qinfo, struct config_strlist* list,
@ -1414,9 +1432,8 @@ lz_zone_answer(struct local_zone* z, struct module_env* env,
 		return 1;
 	} else if(lz_type == local_zone_refuse
 		|| lz_type == local_zone_always_refuse) {
-		error_encode(buf, (LDNS_RCODE_REFUSED|BIT_AA), qinfo,
-			*(uint16_t*)sldns_buffer_begin(buf),
-		       sldns_buffer_read_u16_at(buf, 2), edns);
+		local_error_encode(qinfo, env, edns, buf, temp,
+			LDNS_RCODE_REFUSED, (LDNS_RCODE_REFUSED|BIT_AA));
 		return 1;
 	} else if(lz_type == local_zone_static ||
 		lz_type == local_zone_redirect ||
@ -1433,9 +1450,8 @@ lz_zone_answer(struct local_zone* z, struct module_env* env,
 		if(z->soa)
 			return local_encode(qinfo, env, edns, buf, temp, 
 				z->soa, 0, rcode);
-		error_encode(buf, (rcode|BIT_AA), qinfo, 
-			*(uint16_t*)sldns_buffer_begin(buf), 
-			sldns_buffer_read_u16_at(buf, 2), edns);
+		local_error_encode(qinfo, env, edns, buf, temp, rcode,
+			(rcode|BIT_AA));
 		return 1;
 	} else if(lz_type == local_zone_typetransparent
 		|| lz_type == local_zone_always_transparent) {
@ -1451,9 +1467,8 @@ lz_zone_answer(struct local_zone* z, struct module_env* env,
 		if(z->soa)
 			return local_encode(qinfo, env, edns, buf, temp, 
 				z->soa, 0, rcode);
-		error_encode(buf, (rcode|BIT_AA), qinfo, 
-			*(uint16_t*)sldns_buffer_begin(buf), 
-			sldns_buffer_read_u16_at(buf, 2), edns);
+		local_error_encode(qinfo, env, edns, buf, temp, rcode,
+			(rcode|BIT_AA));
 		return 1;
 	}

--- a/util/iana_ports.inc
+++ b/util/iana_ports.inc
@ -4849,6 +4849,7 @@
 8793,
 8800,
 8804,
+8808,
 8873,
 8880,
 8883,