From dcb11b2ee408577fc53bad414930d45c4d2c0e29 Mon Sep 17 00:00:00 2001
From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Thu, 10 Sep 2009 10:01:36 +0000
Subject: [PATCH] Fixup TTL too large bug for bogus responses.

git-svn-id: file:///svn/unbound/trunk@1822 be551aaa-1e26-0410-a405-d3ace91eadb9
---
 doc/Changelog           |   6 ++++++
 services/cache/dns.c    |   2 ++
 testdata/fwd_bogus.tpkg | Bin 0 -> 4442 bytes
 validator/validator.c   |   2 +-
 4 files changed, 9 insertions(+), 1 deletion(-)
 create mode 100644 testdata/fwd_bogus.tpkg
diff --git a/doc/Changelog b/doc/Changelog
index a272e4adf..bd281e5c0 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,9 @@
+9 September 2009: Wouter
+	- Fix bug where DNSSEC-bogus messages were marked with too high TTL.
+	  The RRsets would still expire at the normal time, but this would
+	  keep messages bogus in the cache for too long.
+	- regression test for that bug.
+
 8 September 2009: Wouter
 	- fixup printing errors when load_cache, they were printed to the
 	  SSL connection which broke, now to the log.
diff --git a/services/cache/dns.c b/services/cache/dns.c
index 3712486d1..a152fa726 100644
--- a/services/cache/dns.c
+++ b/services/cache/dns.c
@@ -673,6 +673,8 @@ dns_cache_store(struct module_env* env, struct query_info* msgqinf,
 	rep = reply_info_copy(msgrep, env->alloc, NULL);
 	if(!rep)
 		return 0;
+	/* ttl must be relative ;i.e. 0..86400 not  time(0)+86400. 
+	 * the env->now is added to message and RRsets in this routine. */
 
 	if(is_referral) {
 		/* store rrsets */
diff --git a/testdata/fwd_bogus.tpkg b/testdata/fwd_bogus.tpkg
new file mode 100644
index 0000000000000000000000000000000000000000..0dede419c059869ffd554bbcebf7b3427b557f1c
GIT binary patch
literal 4442
zc-jG45vA@QiwFQi&ZtTN1ME6$ciPC3`D*=&4)K}H94??Y$QfrNBmn{>K)l)AlhF$y
z5R%XX0kiYpw<W*^$4Tz&$#~Aa>rM<(RdrQ&Rd+qQnJ30)&9maLXxKsN&0o?`*ve(<
z_)U{n->3El!*B}6$TCWyZ%~ZDDe4WN{+i)jw>XT{0Dw1%7e{9Bb-M52|3%yU%KndU
zy64V+l#JBC^b@;Z*dN14;%t8!#b{`M8bgUU0R2$|_*VOWZvW5>wq|gL+`v!G3+-rs
z2XN%(9dP4yAzB2cYJ_(HLvDO8i0;6rZbun>LT=*FEQI^e@vJ-GddLl2Jf<Fb0qmX2
zL1NpO+l~oeVpsEG*C;{=gzJmI^P(dSWD&UP+C07)UcvRE!X`F@eZlc`)meC9bYva{
z&`1T<)fZj>sm-0b_8k*0(RJ~Lpi%TjlyCU{4S`k|22cP42C2;%12-{rP8(&qLZSwV
zn{$f62o%RvO*c?&PGNWs3Cy(@nFYAoqrh|S5O8WIK*4lXEuF{S3{$0?!L|$6!d%rM
z2E)rm6#m1$g1@_im^1vOM6M$blurBeNts6*6jtWGaILk^M@$i7at~y>8AM;9^UZbc
zQP?y5PN);ZGvRX_&y*R<xfdjAU=$9XYr>^+vRV<cIAc`9NKNygj8C5iooseF1o^v{
z_-p${`<nkZLj8xy_>TWaNg6--e*&jr;72j4Owh0X|0P;g4NW=Q&kwdoMrIJ&o(p|j
z5k+`2)C1d(GC=LP-GS;FKwp^p3S>RNV9*A(3!;SybQL0s2nQoa+J{#o$a}DeLErQN
zhQj}M7<osP0Vnha07p><kyPj};UA1czzB+9T;z%@{IZv>r9yEb!a*)p7F`g|Tl>%r
zxzQcMtqtDvO*f5D$m3JPbo@J{8(hw*=m#d!%_7PL489`+^BNezcZ7|1HRumhZe2AD
zP2&!!skReCp8sa<>}&f!Rf8M;7#ZK&|K&3MkpIEIH2<S8>~;UYMEd~JXnxEeKx%Z5
zCIZN9M-l6y3@&pm<Tl;rX~KmdAAn_VO%S`GZMkOZ5W)m{jkkyZGn?t>ssKA95<B1;
z!1Hy_Fu^9;`|vZBhA2X}Jq0}luq==}f}(U3gyow<=n!<z-+#6Zq%Uv-u_J@t5V{HY
zfPBibJh|TzrVmI~?vDipc|IY`NN;e81_VqB*<QCtV){a1c%c!MRPi9z*p2FHyrayW
zrl*9|{(voOp{Iz0vN4{cLB4D9v6&dVRd|pabm9)lUc2JYTQy}tb;aqZ+HMix!|%2M
z?!htn{P_^Be)$Io?SlznFvHaTIB7(XdE~ECPLd?)oY|+EIm2%-w1}fc0xgp0<$%7u
z|9{jP`(FK5rimx@KaG*(>;8X<_71!&6rO}XP$;}Z-ht4I1KrGm`dSU)<iQqdDs>Ma
zS(q-cqxWHog^~3?L17Mx#ZocyS5^^{6;D0>8~pUsnb9+NC<T^*;1PWEKwgk#6X`Pq
z+Gz;}d>Dsq*E)&1?r<gL3WXqDMYzwUqG7oL#Ti~Up$uojf)eCD0>icd+$qINKaxXI
z=%<HD6cl`LJCv)Pq0DD>+ZR2+|3I!LfXgKFpl9Z~8Ua`)r?4=Gq;F8!MF;`e%eg*=
zfX6ObW_5I_xzrHQJI`VIQAF%HumYGz<@$m$s<C1_cb4}dotBH-9C>tFImC2A^ZYJ*
z5lCS-=FW~_H9xmgUASIyl68@|-9m+xPNO>4#h{>rSj*0YfDy0#&lxTFc<hrx(vfAR
zxcv`Ma7}<-kLM}BbT(#oAOKbH$mBe{%b`E*>aB98;cKdK><eHv80?{zy;TStdzG$P
zJA@SL@Jqu27}Z!n;1z}j7)ZSiRi^3V3qS#iTn`C}BIo|Mqtc&YmwP0I_E(b?c>lW}
zz;qVemj8JF+tH+H*t~^&(h)&-12hwaYt?bmh`UhTQw|LYfHwy;T6|Py3M*I<ps{Ox
z9`$#ZagIC>Xtwn>_pJI-iq!I{$}%*1oxpz0|HFLwhxwTA_<sT?9?$<sjL7Ogvi$1*
zU!pzr|IqILPTpTRdF%VzpMM6o3M=y+3FHAqP$c-}7v$2R-`}2zk=ppN*8>!G!(f-o
zv%9Bw9O94L?waxCTMm5u_;i@ZK95q*PhY3K9>wL`bA3{C!d0H>Hm%>G>Y)fhxpxdV
zEF4R{2dDEkRdMdOWMS(IaGTNnmOHzjW4F@6TbrfhjworiTe{=}J<YLK7BbIM0Z&Uy
z@bMf6@sB@Y;HRU~MgIQw?WI0a!0F*DGh3_B;isVq#_KHd!g3uHOz=J|WvA8u^{Mp!
z$^!38@6Y(-A!SB!9_R)3Qmq-yB_O5y6<lAKz=(JXlMfm{g|GAJh^Fc*D@Y+%iOFTq
z1qI_W-hRBu5YDQ4n9ZfSu7DRW&#EmAa$l-4QSIaYJJ*9Ausjg^|H$?q`1O>>q-DxS
z@M{>sKxd^yi5lsPkH|cB_4Ldq<8wNb{v7*1{{ntTZX|Z{dD#67OOJaDN0FN`D-J#n
z8j8@rC(!I58Ne+H<M=%aKBV8^*L!gL*y{+)=i#=6kA{cb+?-b|T(7rS>ICM;IDL!f
zQozTOVQx!q>^SGudvgkkh6hs=IL=hcE&Rx(C@nD6)d%<l7w{wR6b;wI=5i=c+4Yaw
zf+mJi4OkAkFx|=&_cr64D*G18=(7O*6(N=hZXdPsC?s^u^yuu=DIGiV$Cb4nc6DkC
zn3TY}+|L$ZW}o+M8#-GzeS}j^Zy?^MLxr|1BG-m`$V_uzbje)_Jg?Me#r3mw4>OsR
zudSP3m3FzXbK#R-ulEKo)2{QsFYldxgp4fzBfnn%Q*`;9|G~sB&Hu_MNxkNOFVPBV
z%TA<#(q}<e5l8Gm04-sfVGv0axp5*^S+-TRdK^(JH^VI+qnO`rGeON=hSIPks$6X-
z9!fM$^13Qi$QfxZC5Kv#S%gq`J$(~9SmGr8Kx-v|=kD_cvuKp^(gclW$=0bPL}$HN
zcUW8P<@*gT6ywfvl=PMpG(?nkmBzXUD&J-8(bny%OjDdzsb0{c`H>Lr#Ky8Bb#$uP
z>L`IL^urpzp!cR^_C%iTu~mfi>MR?Ny?WIT1|7CCtj`^)y_v35dDkDu>u@^RwWZpU
ztBkpDDPyu0^>{wOVm9%N{;ZGC@$#^p<Y$A1>&?URo+c+;WkryUL5Jh<gEKC#?B!S+
zRHjR1S{u?HQ=<;UI?pJa>Y_%7griU&;C|TdALd55uCcndcI(D&x|*!;E{D|`k-8Cf
zJ981JPJPJrdc3{~EGF)?CeET~BNJBb29>@&-bTtAR~b=~W-Dbr9M5#8+t|=^ZY;+`
zmE-gJK#j<RjW_1XWe)@~61*@Wkolw@daF{2T?s5!Uy6-M(9!#jKOZ$US~fe?*jg&l
ztUTifl%++k)Mq>m-MCR}M2D){MmTxhOk$qt5tG%BT4MRQv7OetxO~u?2F@)PNt5M9
z=t6czlF1~@ys@pxWIdtBn#7FkE`oY}dKxs<`BWan)V4mGjCO5LcH3l3$WxV8yTf%n
zn=Iv|+MYKnb84h{v+kT$AY)NBaKxLk6|HZV*fK>)6LPcm4vjJykhL8q#~W(c7_2Kw
z!kZ<uscv_bT4~8hW4}3NoEb0F2nP{es$*(hwIuIFx4#~jAm>@!WmLsQUB0?%OanWg
z$JnyGUrBbe<TlVXFL0W>$|t)W+DF>SMl_@9Vy9KiULsi}mABbOnQO38uTt&BwUS#C
zXw!?V`+FqYK7!0Yzpei6ZU4}o_x~5S|35&+_xwNhc>a6#|2T@i`u~?`7yh3Ulz~_i
zIk-?Ce1FwDa2(r9IIhRj6IG^bhjEGIS-EPhHj9;AXA-o^_J%c<XZw=ECcHJ}N6>!>
ziGd;7y16yR)Jm$76Mn#w62IC>1D1l{s8sVHOoXuEzVir6>PulNRi||p8wv=!le&<B
ztr4Sm#$ihhr%-*(gpydFODtOF`kQ)R)Cj&Oq@!S2vM#ecSG9X-wBmV$<~>X1!oDe}
zSj;eax;q?c^}|v+988;$#1<VgWd5N0e!0VTs%miPvgp>?$8t0b1(`rLN!MHVdcC!1
zX@hcSvN~{Bva!8gqS7d{^V$_}ToTJBLC}G)-!}RKx|s|O(L&n?t2FE*%?f4?63IPG
z`vzI{!%e`LU4n=;RVmjOCE6>~j@Rxu`YBvJofc9(&a2ASYwTpL_8M``Vq=|dj26>b
z(-?TWc6Bk|)qO7_y_vk!HH<U71JP*{q%_2;2qRE_xWv1Dy(`+4l9G6vYQ#1h&3u#6
z$FAj}gh$TSM$(e|2X*K87>ON9L@<nM8=)a^h~1&BE;k^CWh0`cJy#Csts!mpV_J2L
zF2O|!k6OKh-C`wgnIEuoR^L4Ozb}^6-@W8t+eQ1f|Nk)s!2cot$FbM*-xq2BO#VM%
z&-p*k|5=BMJoTu5)}bO#J?fuzs9FAB8xSTzNuni^G2d)fCa5xR__)k<@b=Im2Q6)E
z>#9@Y&@r=h6s)wXpmod_Faw_<V=vk?N8>@z+0bUy+hH)Vx1zR%C*AsriFq2&GktzQ
zlo#f><_tN(8E+`m@73uQGg#Plgy;AEYPO%1C_K*_<Glv!oaQQS(H&~jo5V63jhd2g
zEn>3nHdrCe|HIgKXTu)vtNtNC$QnmV{Z$*!vshP&Xp0;zpd0V_&57EWkK6`bE3?Tk
z?zH8kZYUJD-Ih^*-YhpaR;7)vk=AbSP+CVx^M8~HT!NhTP`}YM8n&T1_)2uecse+s
zOn%TI+T%oZv9c@n8;q(>w<A74d}fDL$=)GhHv8Rx@f@doFiVt@l*$~z_LgL?$qw);
zuI9ChwzAksH6&|V5Vwh-;qgri>EgBCr0<V9<00u-c-sl%+H}iDLuoYBW=7k0RChU>
z=&%AJrpy={YPgj5O``%CPkVA6Q5D}Z%lojrO~j;JCFrV0s2x|Y<@@^7%-2>DHCUHL
zvD9n`-h5D=!4$oVZQY&d^jDT<BGc`7BUfpakU55F+bgfvtg;e0T=0fs(ZnF2MPs$6
zxt`i6l}ZOzF1u{doX_X2`nYB!48pg9u`h47(^)hr>2skO>n&a3*3`6J;aat+*4vXK
zkJ}A(;a@cWzy599kCO4d-+$3K`uO`#6w7}9LA;*-yh!`v{?B{i-+x?4IbZpGOU6Ha
z_4n@hV~;&VLdI%fc!>)#Mi8;G9VeYM96|PYzG6CGCxtPjyTV-DCS<oT4_r<u(~0`x
z-sKry7uYZOJ$E_(0_~gUzdxq@|9<^XeNq3T`0M_Ek@mg%f1TC;y|n%h<t8><`wO9V
z_zUZQVJY+^Snr<e|Hec859@mO3&}!_g=yxp$0pWv#aUB<jdtc<YcoM4t9@i&Qg<`5
z%-6d6y0sW_QYjzBEKy%{J9SeO4^4Acvt&FRHd=vi=uKVN;QO#eH!E9rK2=IcX<1|1
zW4%qyCHdfcv!x}jSKZYj3Apys!*oH!n6}VQ%xF-_&zFhlXw(7U_WO0#9Jcl`Vqr>K
z>Q~7U&%2#|f4Nfsw;j7zP7nxy0NnE`6hZkB%7Y*W62=3JaGi+C??E&YhNn;3%%o4V
z-y7_9yZY?jZKhowqM@xrzFb1mKMMVcbz_7}R-|+ybfbqByiNN=?uF^-y;ZdB)=x`y
z?bl&*RhC;m`iEkhQ6oFKcgu^oeelfd#gn=h;}~b65bsIR`T9^YEt@@V)gsT0kI$p3
zJg1F8r(rkBjIYkBW+-JDo6+f6ogGRgzDZ<Ogjp@$*8!=<{jhMSv1u2-D)qdORlj3t
gPzC(g?}^<H00000000000Pvr_0ZI{I9RN@O05d4wiU0rr

literal 0
Hc-jL100001

diff --git a/validator/validator.c b/validator/validator.c
index 2e33fd007..27f3fea93 100644
--- a/validator/validator.c
+++ b/validator/validator.c
@@ -1825,7 +1825,7 @@ processFinished(struct module_qstate* qstate, struct val_qstate* vq,
 	/* if the result is bogus - set message ttl to bogus ttl to avoid
 	 * endless bogus revalidation */
 	if(vq->orig_msg->rep->security == sec_status_bogus) {
-		vq->orig_msg->rep->ttl = *qstate->env->now + ve->bogus_ttl;
+		vq->orig_msg->rep->ttl = ve->bogus_ttl;
 		if(qstate->env->cfg->val_log_level >= 1) {
 			log_query_info(0, "validation failure", &qstate->qinfo);
 		}
-- 
2.47.3

