- Fix #836: unbound could echo back EDNS options in an error response.

git-svn-id: file:///svn/unbound/trunk@3870 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index e97fb510423ac1e92bcf4a3f3b9db49cade1f2af..678fa96be1e9b2f7c3f8f82a0a76e5b0476a68cb 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -3,6 +3,7 @@
        - trunk contains 1.5.11 in development.
        - Fix dnstap relaying "random" messages instead of resolver/forwarder
          responses, from Nikolay Edigaryev.
+       - Fix #836: unbound could echo back EDNS options in an error response.
 
 20 September 2016: Wouter
        - iana portlist update.

diff --git a/services/mesh.c b/services/mesh.c
index b0434b3ff0c34fab2544a12212af175a70b1a7f7..04912383c621cb8bcb3496a0e01519b502366ddb 100644 (file)
--- a/services/mesh.c
+++ b/services/mesh.c
@@ -878,6 +878,8 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
                comm_point_send_reply(&r->query_reply);
        } else if(rcode) {
                m->s.qinfo.qname = r->qname;
+               if(!edns_opt_inplace_reply(&r->edns, m->s.region))
+                       r->edns.opt_list = NULL;
                error_encode(r->query_reply.c->buffer, rcode, &m->s.qinfo,
                        r->qid, r->qflags, &r->edns);
                comm_point_send_reply(&r->query_reply);