From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Thu, 1 Sep 2016 14:34:45 +0000 (+0000)
Subject: - Fix #826: Fix refuse_non_local could result in a broken response.
X-Git-Tag: release-1.5.10~24
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0143885a413eadc25a728d79b20168ff749f06e2;p=thirdparty%2Funbound.git

- Fix #826: Fix refuse_non_local could result in a broken response.


git-svn-id: file:///svn/unbound/trunk@3841 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/daemon/worker.c b/daemon/worker.c
index 860ba8f0a..79bec4c5b 100644
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@ -773,6 +773,7 @@ deny_refuse(struct comm_point* c, enum acl_access acl,
 		LDNS_QR_SET(sldns_buffer_begin(c->buffer));
 		LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), 
 			LDNS_RCODE_REFUSED);
+		sldns_buffer_flip(c->buffer);
 		return 1;
 	}
 
diff --git a/doc/Changelog b/doc/Changelog
index b5ce4e72d..01dc175aa 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,6 +1,7 @@
 1 September 2016: Wouter
 	- RFC 7958 is now out, updated docs for unbound-anchor.
 	- Fix for compile without warnings with openssl 1.1.0.
+	- Fix #826: Fix refuse_non_local could result in a broken response.
 
 29 August 2016: Wouter
 	- Fix #777: OpenSSL 1.1.0 compatibility, patch from Sebastian A.