Fix crash on SERVFAIL when --conntrack in use.

diff --git a/CHANGELOG b/CHANGELOG
index 93aaf1878e4b4d36e55296f5dc83f22d12381229..6cb1b516ced874306609f84bda81714d37d60bba 100644 (file)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,9 @@
+version 2.67
+           Fix crash if upstream server returns SERVFAIL when
+           --conntrack in use. Thanks to Giacomo Tazzari for finding
+           this and supplying the patch. 
+       
+
 version 2.66
             Add the ability to act as an authoritative DNS
             server. Dnsmasq can now answer queries from the wider 'net

diff --git a/src/forward.c b/src/forward.c
index 77d684929fc19e8b6a7d4ea5091cfa6f28cd0943..78495ca0b84cb9176e7c91848bf6ef9eae2bdac6 100644 (file)
--- a/src/forward.c
+++ b/src/forward.c
@@ -328,8 +328,8 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
       struct server *firstsentto = start;
       int forwarded = 0;
       
-      if (udpaddr && option_bool(OPT_ADD_MAC))
-       plen = add_mac(header, plen, ((char *) header) + PACKETSZ, udpaddr);
+      if (option_bool(OPT_ADD_MAC))
+       plen = add_mac(header, plen, ((char *) header) + PACKETSZ, &forward->source);
       
       while (1)
        { 
@@ -372,7 +372,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
                  if (option_bool(OPT_CONNTRACK))
                    {
                      unsigned int mark;
-                     if (get_incoming_mark(udpaddr, dst_addr, 0, &mark))
+                     if (get_incoming_mark(&forward->source, &forward->dest, 0, &mark))
                        setsockopt(fd, SOL_SOCKET, SO_MARK, &mark, sizeof(unsigned int));
                    }
 #endif