Checks returned queries from forwarder source.

git-svn-id: file:///svn/unbound/trunk@193 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/daemon/worker.c b/daemon/worker.c
index 593de374550d3c1c3d113a9e8a19ed603bc949cd..03497f43361c1523d41417f51ebef35f645cfb86 100644 (file)
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@ -115,12 +115,17 @@ worker_handle_reply(struct comm_point* c, void* arg, int error,
        struct msgreply_entry* e;
        verbose(VERB_DETAIL, "reply to query with stored ID %d", 
                worker->query_id);
-       LDNS_ID_SET(ldns_buffer_begin(worker->query_reply.c->buffer),
-               worker->query_id);
        if(error != 0) {
                replyerror(LDNS_RCODE_SERVFAIL, worker);
                return 0;
        }
+       /* sanity check. */
+       if(!LDNS_QR_WIRE(ldns_buffer_begin(c->buffer)))
+               return 0; /* not a reply. */
+       if(LDNS_OPCODE_WIRE(ldns_buffer_begin(c->buffer)) != LDNS_PACKET_QUERY)
+               return 0; /* not a reply to a query. */
+       if(LDNS_QDCOUNT(ldns_buffer_begin(c->buffer)) > 1)
+               return 0; /* too much in the query section */
        /* woohoo a reply! */
        rep = (struct reply_info*)malloc(sizeof(struct reply_info));
        if(!rep) {

diff --git a/doc/Changelog b/doc/Changelog
index aaa246ed360245a1d16fb0737f7c05ea4fc3692b..0031d40a00d13301ffef5039b4482b766d02a092 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -2,6 +2,7 @@
        - review of yesterday's commits.
        - covered up memory leak of the entry locks.
        - answers from the cache correctly. Copies flags correctly.
+       - sanity check for incoming query replies.
 
 22 March 2007: Wouter
        - AIX configure check.

diff --git a/testdata/fwd.rpl b/testdata/fwd.rpl
index 40f35a84ac8d66c29a5de77b8eebc3de5cc7a939..0f2b6848d333102a1a30c44cbfef217d68dc8c5d 100644 (file)
--- a/testdata/fwd.rpl
+++ b/testdata/fwd.rpl
@@ -5,6 +5,7 @@ RANGE_BEGIN 0 100
        ENTRY_BEGIN
        MATCH opcode qtype qname
        ADJUST copy_id
+       REPLY QR RD RA NOERROR
        SECTION QUESTION
 www.example.com. IN A
        SECTION ANSWER

diff --git a/testdata/fwd_two.rpl b/testdata/fwd_two.rpl
index 29223fccf4cac4a220af08b1a4fef618e67ed5bd..530f388d2a71f9418ef54c72cfe9f3f8c563910a 100644 (file)
--- a/testdata/fwd_two.rpl
+++ b/testdata/fwd_two.rpl
@@ -5,6 +5,7 @@ RANGE_BEGIN 0 100
 ENTRY_BEGIN
        MATCH opcode qtype qname
        ADJUST copy_id
+       REPLY QR RD RA NOERROR
        SECTION QUESTION
 www.example.net. IN A
        SECTION ANSWER
@@ -44,6 +45,7 @@ STEP 5 REPLY
 ENTRY_BEGIN
        MATCH opcode qtype qname
        ADJUST copy_id
+       REPLY QR RD RA NOERROR
        SECTION QUESTION
 www.example.com. IN A
        SECTION ANSWER

diff --git a/util/data/msgreply.c b/util/data/msgreply.c
index e006c5247eacbd140f8f7cb02a0d277029b64c40..874685b329d0bcf3845894b581c60b28153c7cdb 100644 (file)
--- a/util/data/msgreply.c
+++ b/util/data/msgreply.c
@@ -173,7 +173,7 @@ void reply_info_answer(struct reply_info* rep, uint16_t qflags,
        ldns_buffer_skip(buffer, 2); /* ID */
        flags = ldns_read_uint16(rep->reply);
        flags |= (qflags & 0x0100); /* copy RD bit */
-       log_info("flags %x", flags);
+       log_assert(flags & 0x8000); /* QR bit must be on in our replies */
        ldns_buffer_write_u16(buffer, flags);
        ldns_buffer_write(buffer, rep->reply+2, rep->replysize-2);
        ldns_buffer_flip(buffer);