]> git.ipfire.org Git - thirdparty/unbound.git/commitdiff
projects / thirdparty / unbound.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a50ddd7)
- Fix RPZ IP responses with trigger rpz-drop on cache entries, that
authorW.C.A. Wijngaards <wouter@nlnetlabs.nl>
Mon, 1 May 2023 07:26:17 +0000 (09:26 +0200)
committerW.C.A. Wijngaards <wouter@nlnetlabs.nl>
Mon, 1 May 2023 07:26:17 +0000 (09:26 +0200)
  they are dropped.

daemon/worker.c patch | blob | blame | history
doc/Changelog patch | blob | blame | history
testdata/rpz_respip.rpl patch | blob | blame | history

diff --git a/daemon/worker.c b/daemon/worker.c
index 5c373b79b09161ad2519df1e2d32df4eae51089c..e73ae1d94e8df709b8b7b0d3cddbe9acb8807e3b 100644 (file)
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@ -566,9 +566,10 @@ apply_respip_action(struct worker* worker, const struct query_info* qinfo,
 
        /* xxx_deny actions mean dropping the reply, unless the original reply
         * was redirected to response-ip data. */
-       if((actinfo.action == respip_deny ||
+       if(actinfo.action == respip_always_deny ||
+               ((actinfo.action == respip_deny ||
                actinfo.action == respip_inform_deny) &&
-               *encode_repp == rep)
+               *encode_repp == rep))
                *encode_repp = NULL;
 
        /* If address info is returned, it means the action should be an
diff --git a/doc/Changelog b/doc/Changelog
index e6ec25b1ba69c189a168dde902111cd300d281b1..bec4ab742df3525230589dfe4c1f4428fdc0dbff 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+1 May 2023: Wouter
+       - Fix RPZ IP responses with trigger rpz-drop on cache entries, that
+         they are dropped.
+
 26 April 2023: Philip
        - Fix issue #860: Bad interaction with 0 TTL records and serve-expired
 
diff --git a/testdata/rpz_respip.rpl b/testdata/rpz_respip.rpl
index 894a7cc5fca3b220554cbec423e252653089a1e3..795bb25c8a4c182f7a43bedd8bb8a68910880329 100644 (file)
--- a/testdata/rpz_respip.rpl
+++ b/testdata/rpz_respip.rpl
@@ -458,14 +458,29 @@ e.        IN      AAAA
 ENTRY_END
 STEP 29 TIME_PASSES ELAPSE 12
 
+; should be dropped, with cache entry too.
 STEP 30 QUERY
 ENTRY_BEGIN
 REPLY RD
 SECTION QUESTION
+e.     IN      A
+ENTRY_END
+STEP 31 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+e.     IN      AAAA
+ENTRY_END
+STEP 32 TIME_PASSES ELAPSE 12
+
+STEP 33 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
 y.     IN      A
 ENTRY_END
 
-STEP 31 CHECK_ANSWER
+STEP 34 CHECK_ANSWER
 ENTRY_BEGIN
 MATCH all
 REPLY QR TC RD RA NOERROR
Mirror of https://github.com/NLnetLabs/unbound.git