- Copy query and correctly set flags on REFUSED answers when cache snooping is

  not allowed.

git-svn-id: file:///svn/unbound/trunk@4436 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/daemon/worker.c b/daemon/worker.c
index b4e09558dc43be36c56fd9ae92c24cf5cbfded00..233ae38e76fb692a8e1746df6f0caf8cceb06ef2 100644 (file)
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@ -1266,13 +1266,9 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
         * ACLs allow the snooping. */
        if(!(LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) &&
                acl != acl_allow_snoop ) {
-               sldns_buffer_set_limit(c->buffer, LDNS_HEADER_SIZE);
-               sldns_buffer_write_at(c->buffer, 4, 
-                       (uint8_t*)"\0\0\0\0\0\0\0\0", 8);
-               LDNS_QR_SET(sldns_buffer_begin(c->buffer));
-               LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), 
-                       LDNS_RCODE_REFUSED);
-               sldns_buffer_flip(c->buffer);
+               error_encode(c->buffer, LDNS_RCODE_REFUSED, &qinfo,
+                       *(uint16_t*)(void *)sldns_buffer_begin(c->buffer),
+                       sldns_buffer_read_u16_at(c->buffer, 2), NULL);
                regional_free_all(worker->scratchpad);
                server_stats_insrcode(&worker->stats, c->buffer);
                log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from",

diff --git a/doc/Changelog b/doc/Changelog
index 2fc0238344cce7bfdd3f1fbd2f8680e268afcae1..7209297dbd149c9e4c21ebd3dd0e4d79ee8748e9 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+4 January 2018: Ralph
+       - Copy query and correctly set flags on REFUSED answers when cache
+         snooping is not allowed.
+
 3 January 2018: Ralph
        - Fix queries being leaked above stub when refetching glue.