- Fix #1249: unbound doesn't return FORMERR to bogus ECS.

git-svn-id: file:///svn/unbound/trunk@4110 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index 79aa018e1cef718e62fb0b81032d435a584a1f38..0b09222b1a6df7dbbf2f1abc04751e0cb90f9a4c 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -2,6 +2,7 @@
        - Fix #1247: unbound does not shorten source prefix length when
          forwarding ECS.
        - Properly check for allocation failure in local_data_find_tag_datas.
+       - Fix #1249: unbound doesn't return FORMERR to bogus ECS.
 
 11 April 2017: Ralph
        - Display ECS module memory usage.

diff --git a/edns-subnet/subnetmod.c b/edns-subnet/subnetmod.c
index 5afbd2fc5d3a3f631b26c259d40d937b85d6a00a..4008004e4a3200052972d42b032b93054981f6fe 100644 (file)
--- a/edns-subnet/subnetmod.c
+++ b/edns-subnet/subnetmod.c
@@ -661,9 +661,14 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event,
                if((ecs_opt = edns_opt_list_find(
                        qstate->edns_opts_front_in,
                        qstate->env->cfg->client_subnet_opcode))) {
-                       if(parse_subnet_option(ecs_opt, &sq->ecs_client_in)) {
-                               sq->subnet_downstream = 1;
+                       if(!parse_subnet_option(ecs_opt, &sq->ecs_client_in)) {
+                               /* Wrongly formatted ECS option. RFC mandates to
+                                * return FORMERROR. */
+                               qstate->return_rcode = LDNS_RCODE_FORMERR;
+                               qstate->ext_state[id] = module_finished;
+                               return;
                        }
+                       sq->subnet_downstream = 1;
                }
                else if(qstate->mesh_info->reply_list) {
                        subnet_option_from_ss(